los verdaderos reyes de la noche vampiros demonios o angeles de la noche: 08/01/2020

lunes, 31 de agosto de 2020

Vulnerable-AD - Create A Vulnerable Active Directory That'S Allowing You To Test Most Of Active Directory Attacks In Local Lab

Create a vulnerable active directory that's allowing you to test most of active directory attacks in local lab.

Main Features

Randomize Attacks
Full Coverage of the mentioned attacks
you need run the script in DC with Active Directory installed
Some of attacks require client workstation

Supported Attacks

Abusing ACLs/ACEs
Kerberoasting
AS-REP Roasting
Abuse DnsAdmins
Password in AD User comment
Password Spraying
DCSync
Silver Ticket
Golden Ticket
Pass-the-Hash
Pass-the-Ticket
SMB Signing Disabled

Example

# if you didn't install Active Directory yet , you can try 
Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\\Windows\\NTDS" -DomainMode "7" -DomainName "cs.org" -DomainNetbiosName "cs" -ForestMode "7" -InstallDns:$true -LogPath "C:\\Windows\\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\\Windows\\SYSVOL" -Force:$true
# if you already installed Active Directory, just run the script !
IEX((new-object net.webclient).downloadstring("https://raw.githubusercontent.com/wazehell/vulnerable-AD/master/vulnad.ps1"));
Invoke-VulnAD -UsersLimit 100 -DomainName "cs.org"

TODO

Add More realistic scenarios
Click close issue button on github

Download vulnerable-AD

via KitPloitMore info

domingo, 30 de agosto de 2020

How To Hack And Trace Any Mobile Phone With A Free Software Remotly

Hello Everyone, Today I am Going To Write a very interesting post for You ..hope you all find this valuable.. :
What is The cost to hire a spy who can able to spy your girlfriend 24X7 days..???? it's around hundreds of dollars Or Sometimes Even Thousands of dollars

But you are on Hacking-News & Tutorials so everything mentioned here is absolutely free.
would you be happy if I will show you a Secret Mobile Phone trick by which you can Spy and trace your girlfriend, spouse or anyone's mobile phone 24 X 7 which is absolutely free?The only thing you have to do is send an SMS like SENDCALLLOG To get the call history of your girlfriend's phone.isn't it Sounds Cool...

Read also;- Top 5 best TV Series Based On Hacking and Technology 2018

Without Taking Much Of Your Time…
let's Start The trick…

STEP 1: First of all go to android market from your Girlfriend, spouse, friends or anyone's phone which you want to spy or download the app mentioned below.

STEP 2: Search for an android application named "Touch My life "

STEP 3: download and install that application on that phone.

STEP 4: Trick is Over

Now you can able to spy that phone anytime by just sending SMS to that phone.

Now give back that phone to your girlfriend.
and whenever you want to spy your girlfriend just send SMS from your phone to your Girlfriend phone Which are mentioned in Touch My Life manage to book.

Read also;- How To Make a Simple and powerful keylogger using python

I am mentioning some handy rules below…

1) Write "CALL ME BACK" without Quotes and Send it to your girlfriend's mobile number for an Automatic call back from your girlfriend's phone to your phone.

2)Write "VIBRATENSEC 30" without Quotes and send it to your girlfriend's mobile number to Vibrate your Girlfriend's Phone for 30 seconds.You can also change Values from 30 to anything for the desired Vibrate time.

3)Write "DEFRINGTONE" without Quotes and Send it to your girlfriend's mobile number..this will play the default ringtone on your girlfriend's phone.

4)Write "SEND PHOTO youremail@gmail.com" without Quotes and Send it to your girlfriend's mobile number.it will take the photo of the current location of your girlfriend and send it to the email address specified in the SMS as an attachment.it will also send a confirmation message to your number.

5)Write "SENDCALLLOG youremail@gmail.com" without Quotes and Send it to your girlfriend's mobile number ..it will send all the call details like incoming calls, outgoing calls, missed calls to the email address specified in the SMS.

6)Write "SENDCONTACTLIST youremail@gmail.com" without Quotes and Send it to your girlfriend's mobile number ..it will send all the Contact list to the email address specified in the SMS.

So Guys Above all are only some Handy features of touch my life…You can also view more by going to touch my life application and then its manage rules...

Enjoy..:)
Stay tuned with IemHacker …

More information

Hackable - Secret Hacker | Vulnerable Web Application Server

Continue reading

WiFiJammer: Amazing Wi-Fi Tool

The name sounds exciting but really does it jam WiFi networks? Yes, it is able to do the thing which it's name suggests. So today I'm going to show you how to annoy your friend by cutting him/her short of the WiFi service.

Requirements:

A computer/laptop with WiFi capable of monitoring (monitor mode).
A Linux OS (I'm using Arch Linux with BlackArch Repos)
And the most obvious thing wifijammer (If you're having BlackArch then you already have it).

How does it work? You maybe thinking!, it's quite simple it sends the deauth packets from the client to the AP (Access Point) after spoofing its (client's) mac-address which makes AP think that it's the connected client who wants to disconnect and Voila!

Well to jam all WiFi networks in your range its quite easy just type:

sudo wifijammer

but wait a minute this may not be a good idea. You may jam all the networks around you, is it really what you want to do? I don't think so and I guess it's illegal.

We just want to play a prank on our friend isn't it? So we want to attack just his/her AP. To do that just type:

sudo wifijammer -a <<AP-MAC-ADDRESS>>

here -a flag specifies that we want to jam a particular AP and after it we must provide the MAC-ADDRESS of that particular AP that we want to jam.

Now how in the world am I going to know what is the MAC-ADDRESS of my friend's AP without disturbing the other people around me?

It's easy just use the Hackers all time favorite tool airodump-ng. Type in the following commands:

sudo airmon-ng

sudo airodump-ng

airmon-ng will put your device in monitor mode and airodump-ng will list all the wifi networks around you with their BSSID, MAC-ADDRESS, and CHANNELS. Now look for your friend's BSSID and grab his/her MAC-ADDRESS and plug that in the above mentioned command. Wooohooo! now you are jamming just your friend's wifi network.

Maybe that's not what you want, maybe you want to jam all the people on a particular channel well wifijammer can help you even with that just type:

sudo wifijammer -c <<CHANNEL-NUMBER>>

with -c we specify to wifijammer that we only want to deauth clients on a specified channel. Again you can see with airodump-ng who is on which channel.

wifijammer has got many other flags you can check out all flags using this command that you always knew:

sudo wifijammer -h

Hope you enjoyed it, good bye and have fun :)

Related word

sábado, 29 de agosto de 2020

Gridcoin - The Bad

In this post we will show why Gridcoin is insecure and probably will never achieve better security. Therefore, we are going to explain two critical implementation vulnerabilities and our experience with the core developer in the process of the responsible disclosure.

In our last blog post we described the Gridcoin architecture and the design vulnerability we found and fixed (the good). Now we come to the process of responsibly disclosing our findings and try to fix the two implementation vulnerabilities (the bad).

Update (15.08.2017):
After the talk at WOOT'17 serveral other developers of Gridcoin quickly reached out to us and told us that there was a change in responsibility internally in the Gridcoin-Dev team. Thus, we are going to wait for their response and then change this blog post accordingly. So stay tuned :)

Update (16.08.2017):
We are currently in touch with the whole dev team of Gridcoin and it seems that they are going to fix the vulnerabilities with the next release.

TL;DR
The whole Gridcoin currency is seriously insecure against attacks and should not be trusted anymore; unless some developers are in place, which have a profound background in protocol and application security.

What is Gridcoin?

Gridcoin is an altcoin, which is in active development since 2013. It claims to provide a high sustainability, as it has very low energy requirements in comparison to Bitcoin. It rewards users for contributing computation power to scientific projects, published on the BOINC project platform. Although Gridcoin is not as widespread as Bitcoin, its draft is very appealing as it attempts to eliminate Bitcoin's core problems. It possesses a market capitalization of $13,530,738 as of August the 4th 2017 and its users contributed approximately 5% of the total scientific BOINC work done before October 2016.

A detailed description of the Gridcoin architecture and technical terms used in this blog post are explained in our last blog post.

The Issues

Currently there are 2 implementation vulnerabilities in the source code, and we can mount the following attacks against Gridcoin:

We can steal the block creation reward from many Gridcoin minters
We can efficiently prevent many Gridcoin minters from claiming their block creation reward (DoS attack)

So why do we not just open up an issue online explaining the problems?

Because we already fixed a critical design issue in Gridcoin last year and tried to help them to fix the new issues. Unfortunately, they do not seem to have an interest in securing Gridcoin and thus leave us no other choice than fully disclosing the findings.

In order to explain the vulnerabilities we will take a look at the current Gridcoin source code (version 3.5.9.8).

WARNING: Due to the high number of source code lines in the source files, it can take a while until your browser shows the right line.

Stealing the BOINC block reward

The developer implemented our countermeasures in order to prevent our attack from the last blog post. Unfortunately, they did not look at their implementation from an attacker's perspective. Otherwise, they would have found out that they conduct not check, if the signature over the last block hash really is done over the last block hash. But we come to that in a minute. First lets take a look at the code flow:

In the figure the called-by-graph can be seen for the function VerifyCPIDSignature.

CheckBlock → DeserializeBoincBlock [Source]

Here we deserialize the BOINC data structure from the first transaction

CheckBlock → IsCPIDValidv2 [Source]

Then we call a function to verify the CPID used in the block. Due to the massive changes over the last years, there are 3 possible verify functions. We are interested in the last one (VerifyCPIDSignature), for the reason that it is the current verification function.

IsCPIDValidv2 → VerifyCPIDSignature [Source]
VerifyCPIDSignature → CheckMessageSignature [Source, Source]

In the last function the real signature verification is conducted [Source]. When we closely take a look at the function parameter, we see the message (std::string sMsg) and the signature (std::string sSig) variables, which are checked. But where does this values come from?

If we go backwards in the function call graph we see that in VerifyCPIDSignature the sMsg is the string sConcatMessage, which is a concatenation of the sCPID and the sBlockHash.
We are interested where the sBlockHash value comes from, due to the fact that this one is the only changing value in the signature generation.
When we go backwards, we see that the value originate from the deserialization of the BOINC structure (MiningCPID& mc) and is the variable mc.lastblockhash [Source, Source]. But wait a second, is this value ever checked whether it contains the real last block hash?

No, it is not....

So they just look if the stored values there end up in a valid signature.

Thus, we just need to wait for one valid block from a researcher and copy the signature, the last block hash value, the CPID and adjust every other dynamic value, like the RAC. Consequently, we are able to claim the reward of other BOINC users. This simple bug allows us again to steal the reward of every Gridcoin researcher, like there was never a countermeasure.

Lock out Gridcoin researcher
The following vulnerability allows an attacker under specific circumstances to register a key pair for a CPID, even if the CPID was previously tied to another key pair. Thus, the attacker locks out a legit researcher and prevent him from claiming BOINC reward in his minted blocks.

Reminder: A beacon is valid for 5 months, afterwards a new beacon must be sent with the same public key and CPID.

Therefore, we need to take a look at the functions, which process the beacon information. Every time there is a block, which contains beacon information, it is processed the following way (click image for higher resolution):

In the figure the called-by-graph can be seen for the function GetBeaconPublicKey.

We now show the source code path:

ProcessBlock → CheckBlock [Source]
CheckBlock → LoadAdminMessages [Source]
LoadAdminMessages → MemorizeMessages [Source]
MemorizeMessages → GetBeaconPublicKey [Source]

In the last function GetBeaconPublicKey there are different paths to process a beacon depending on the public key, the CPID, and the time since both were associated to each other.
For the following explanation we assume that we have an existing association (bound) between a CPID A and a public key pubK_A for 4 months.

First public key for a CPID received [Source]

The initial situation, when pubK_A was sent and bind to CPID A (4 months ago)

Existing public key for a CPID was sent [Source]

The case that pubK_A was resent for a CPID A, before the 5 months are passed by

Other public key for a CPID was sent [Source]

The case, if a different public key pubK_B for the CPID A was sent via beacon.

The existing public key for the CPID is expired

After 5 months a refresh for the association between A and pubK_A is required.

When an incoming beacon is processed, a look up is made, if there already exists a public key for the CPID used in the beacon. If yes, it is compared to the public key used in the beacon (case 2 and 3).
If no public key exists (case 1) the new public key is bound to the CPID.

If a public key exists, but it was not refreshed directly 12.960.000 seconds (5 months [Source]) after the last beacon advertisement of the public key and CPID, it is handled as no public key would exist [Source].

Thus, case 1 and 4 are treated identical, if the public key is expired, allowing an attacker to register his public key for an arbitrary CPID with expired public key. In practice this allows an attacker to lock out a Gridcoin user from the minting process of new blocks and further allows the attacker to claim reward for BOINC work he never did.

There is a countermeasure, which allows a user to delete his last beacon (identified by the CPID) . Therefore, the user sends 1 GRC to a special address (SAuJGrxn724SVmpYNxb8gsi3tDgnFhTES9) from an GRC address associated to this CPID [Source]. We did not look into this mechanism in more detail, because it only can be used to remove our attack beacon, but does not prevent the attack.

The responsible disclosure process

As part of our work as researchers we all have had the pleasure to responsible disclose the findings to developer or companies.

For the reasons that we wanted to give the developer some time to fix the design vulnerabilities, described in the last blog post, we did not issue a ticket at the Gridcoin Github project. Instead we contacted the developer at September the 14th 2016 via email and got a response one day later (2016/09/15). They proposed a variation of our countermeasure and dropped the signature in the advertising beacon, which would result in further security issues. We sent another email (2016/09/15) explained to them, why it is not wise to change our countermeasures and drop the signature in the advertising beacon.
Unfortunately, we did not receive a response. We tried it again on October the 31th 2016. They again did not respond, but we saw in the source code that they made some promising changes. Due to some other projects we did not look into the code until May 2017. At this point we found the two implementation vulnerabilities. We contacted the developer twice via email (5th and 16th of May 2017) again, but never received a response. Thus, we decided to wait for the WOOT notification to pass by and then fully disclose the findings. We thus have no other choice then to say that:

The whole Gridcoin cryptocurrency is seriously insecure against attacks and should not be trusted anymore; unless some developers are in place, which have a profound background in protocol and application security.

Further Reading

A more detailed description of the Gridcoin architecture, the old design issue and the fix will be presented at WOOT'17. Some days after the conference the paper will be available online.

los verdaderos reyes de la noche vampiros demonios o angeles de la noche