Sunday, 26 March 2017

Fake GPS Location - Everything you need to know..!


You all might be wondering about how to fake your GPS Location. There may be many situations arising when you might need this thing to be done..! Suppose you are roaming out with your friends and your parents ask you to send your location in order to prove that you are studying. Or else when you are at home but you want to avoid someone to come at our home, saying that you are outside. You can easily do this by sending Fake GPS locations on WhatsApp.

Overview :

You might have read my previous articles and you might be knowing that I believe in explaining the deepest part of the tricks. So let us see the overview of the things you will learn in this article.
  • What is GPS?
  • How does GPS work?
  • The process called Trilalertation.
  • Applications providing Fake GPS services.
  • How these applications work?
  • Doing the task with/without ROOT permissions.
  • Setting Fake Locations in Android, iPhone and on your PC.

 

The GPS :

The Global Positioning System (GPS) is a network of about 30 satellites orbiting the Earth at an altitude of 20,000 km. The system was originally developed by the US government for military navigation but now anyone with a GPS device, be it a SatNav, mobile phone or handheld GPS unit, can receive the radio signals that the satellites broadcast.

Wherever you are on the planet, at least four GPS satellites are ‘visible’ at any time. Each one transmits information about its position and the current time at regular intervals. These signals, travelling at the speed of light, are intercepted by your GPS receiver, which calculates how far away each satellite is based on how long it took for the messages to arrive.

Once it has information on how far away at least three satellites are, your GPS receiver can pinpoint your location using a process called trilateration.

Trilateration


Imagine you are standing somewhere on Earth with three satellites in the sky above you. If you know how far away you are from satellite A, then you know you must be located somewhere on the mobile icon. If you do the same for satellites B and C, you can work out your location by seeing where the three circles intersect. This is just what your GPS receiver does, although it uses overlapping spheres rather than circles.

The more satellites there are above the horizon the more accurately your GPS unit can determine where you are.

How to send Fake GPS location on Whatsapp?

You might have seen this trick before. But most of the time, the app which allows you to set fake location requires root permissions. Here, I am going to introduce you with method that doesn't require root permission. That means NO ROOT REQUIRED. Also, there are many methods to send fake location on whatsapp. I am going to explain only one of them.

Send Fake location on Android :

Step 1: First, Install Fake GPS App in your Phone from here: Download

Fake GPS Location

Step 2: Then go to Phone Settings>About Phone.

Step 3: Go on tapping on `Build Number` until you get a New Settings of Developer options.

Step 4: Open your Phone’s Settings again, and Select the option of Developer Options.

Step 5: In Developer Options, select `Allow Mock Locations` Button.

Step 6: Now Open Fake GPS app from your Android Phone, and search the location of your choice.

Step 7: After Searching the Location, simply click on `Set Location` and you are done.

Step 8: Now Open Whatsapp, and Send Location to anyone. It will send the location which you have set in Fake GPS app. Enjoy...! 

How this application does the task?

Actually, you can't fake GPS. What you can do is tell your Android to tell apps that you're in a different location than you really are.

This is useful for development. If I need to test that my app can tell what speed I'm traveling, I can do one of two things:
  1. Run around outside.
  2. Tell the Operating System to simulate my location.
The advantage of #2 is that you can be sitting inside your office debugging your app.

The thing is you still have to simulate your travels. For this, Android has a "fake my location" API which lets you write an app which will feed your app (as well as all others) fake location.

This is the reason the the app tells you to enable "enable mock locations" (and is also why this feature is in "Developer options", as it's mainly written for them).

Your app doesn't get GPS signals. The OS does. The OS only passes the coordinates (along with some other data) to the app. Fake GPS tells the OS to fake the location it's sending to the app.


Because of limited length of my article, the two topics are left to get covered.
  • Fake GPS on iPhone.
  • Fake GPS on PC.
These will be covered in my next article. Till then, enjoy..! And if you have any queries regarding this article, post your comments below. Thank you..

Special thanks to : Pikachuu..

Friday, 24 March 2017

Steganography - How to hide Files behind Images..!


Overview:

Here, you are going to see :
  • What is Steganography?
  • Using Stegosploit.
  • How to hide Files behind an Image?
  • What is the Importance of Steganography in Hacking?
  • How to prevent yourself from this attack?
  • How can you extract Hidden files behind the Image?
  • Some real time examples.
  • And much more..

Introduction:

Before going forward to the trick, let me tell you what Steganography really is..!

Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video.

And now let me introduce you to Stegosploit.


Next time when someone sends you a photo of a cute cat or a hot chick than be careful before you click on the image to view — it might hack your machine.
Yes, the normal looking images could hack your computers — thanks to a technique discovered by security researcher Saumil Shah from India.

And yes, this is really true. A situation happened with me about 6 months ago. Here, we were asked to post a picture of cute cat on our facebook timeline and when you did, it blocked your facebook account. At that time, many people called it as a bug in facebook but was is really a malicious code or some abusive file hidden behind the image. If you want to get more details, search Google for it.

Just look at the Image and you are Hacked..! 

Shah demonstrated the technique during a talk titled, "Stegosploit: Hacking With Pictures," he gave on Thursday at the Amsterdam hacking conference Hack In The Box.
According to Shah, "a good exploit is one that is delivered in style."
Keeping this in mind, Shah discovered a way to hide malicious code directly into an image, rather than hiding it in email attachments, PDFs or other types of files that are typically used to deliver and spread malicious exploits.
To do so, Shah used Steganography — a technique of hiding messages and contents within a digital graphic image, making the messages impossible to spot with the naked eye.


There are various fields in which steganography is useful. Some of them are listed below:
  • Hack into someone's PC.
  • Share your secret documents with others Securely.
  • Hide your any type of Files.
  • Spread Virus over social media through an Image.
  • And much more..
Here, my main aim to make you learn this is to hide your secret data. We all have secret files that we don’t want anyone to look at. Most common way of hiding important files was either creating a folder inside a folder or some people change the folder type to hidden. But both of these ways are not safe and anyone with little intelligent can easily find the folder you wish to hide.  Today I will show you how you can store a folder inside an image so that who ever wants to find your folder will have a really hard time finding it.

How to hide Documents inside a simple Image?

To do this a basic knowledge of command prompt is sufficient. Even if you don’t have it, I will make sure the steps are very easy for you to follow.

Step 1: First select an Image beneath which you want to hide you Secret data.

Step 2: Now, select the file you want to hide and convert it into .rar format using Winrar. (Compress the files you want to hide to .rar using Winrar Archiver.)

Step 3: Now paste both the files (the image and the rar you created) on the desktop.

Step 4: Now, open command prompt on your desktop. Follow these simple steps to open cmd on Desktop. 
  • Press `windows key + R` and the enter cmd.
  • Now, use command `cd desktop` and press enter.
CD stands for change directory. By typing the above mentioned command you redirect the directory to desktop.

Step 5: Now type : 
copy /b name.jpg + filename.rar image.jpg
  • Replace name.jpg with the name of image you want your file to be hidden behind. Don’t forget to add image format like  .jpg,.png,.gif etc.
  • Replace filename with the name of the file that you choose to hide (the rar file we created above). It must be in .rar format.
  • Finally Replace image.jpg with the name you want. This will be the name of the final image that will be created like the image we selected but it will contain hidden files.
Step 6: The newly created image just looks like an image from all sides. But it will contain the files that you wanted to hide. You can confirm it seeing to the size of newly created image. It will be the sum of the size of image and the size of rar created.

How can we prevent ourselves?

As we saw that this trick/hack can be used for bad purposes too, it becomes necessary for us to prevent ourselves from such attacks. This can be done by seeing to the size of any file before we open it.

Take the case of some Image. If the image contains some malicious application, the image size would increase as the size of malicious file is added to the original size of image.

However, this method doesn't always help us to prevent ourselves. But it works good..! But we can perform reverse engineering to protect ourself. The method is given below.

How to Extract hidden files from the Image?

So now, let us see how to reverse the task we performed earlier. The steps are very simple.

Step 1: Change the type of the image to .rar from .jpg or .png or any other.

Step 2: Now, use Winrar to extract the contents of this rar created. Many a times, this step doesn't work. If this step doesn't work, follow the next step.

OR

Step 2: Install 7-zip archive on your PC and then try to extract the rar created in step 1.


If there are any queries in this process, post it in the comment box provided below.

Wednesday, 22 March 2017

DoubleAgent - Can hijack your Windows as well as your Antivirus


What this article includes :

Here is an overview of the knowledge this article will provide you.
  • About DoubleAgent
  • About Cybellum
  • About Application Verifier in Windows
  • About Protected Processes
  • Source Code of the DoubleAgent Tool
  • Proof about its working
  • How this works?
  • What can be done using this tool?
  • List of Hacked Antiviruses
  • And a lot more..

Overview :

Are you using Windows OS on your PC..! Then you are at risk.

Dubbed DoubleAgent, the new injecting code technique works on all versions of Microsoft Windows operating systems, starting from Windows XP to the latest release of Windows 10.

What's worse? DoubleAgent exploits a 15-years-old undocumented legitimate feature of Windows called "Application Verifier," which cannot be patched.
Application Verifier is a runtime verification tool that loads DLLs (dynamic link library) into processes for testing purpose, allowing developers quickly detect and fix programming errors in their applications.

The attack begins when the attacker injects code into the antivirus by exploiting a new Zero-Day vulnerability. Once inside, the attacker can fully control the antivirus. They named this attack DoubleAgent, as it turns your antivirus security agent into a malicious agent, giving an illusion that the antivirus protects you while actually it is abused in order to attack you.

How does DoubleAgent work?

We know that to hack any system, there should lie a vulnerability in it. Here,




Here is what Cybellum Researchers say about this attack to get worked :

Using DoubleAgent to get Full Control of Anti-Virus :





  • Avast (CVE-2017-5567)
  • AVG (CVE-2017-5566)
  • Avira (CVE-2017-6417)
  • Bitdefender (CVE-2017-6186)
  • Trend Micro (CVE-2017-5565)
  • Comodo
  • ESET
  • F-Secure
  • Kaspersky
  • Malwarebytes
  • McAfee
  • Panda
  • Quick Heal
  • Norton



Monday, 20 March 2017

McDonalds India is leaking 2.2 million users data



The McDonald’s India app, McDelivery is leaking personal data for more than 2.2 million of its users which includes name, email address, phone number, home address, accurate home co-ordinates and social profile links. We contacted McDelivery on 7th Feb and received an acknowledgement from a Senior IT Manager on 13th Feb (33 days ago). The issue has not been fixed yet and our continued effort to get an update for the fix after the initial acknowledgement has failed.

UPDATE1: McDonald’s India has replied to us that they have fixed the issue and would be releasing an official statement urging their users to upgrade the app.
UPDATE2: The McDonald’s fix is incomplete and the endpoint is still leaking data. We have communicated this again to them and are waiting for their response.

An unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access to all users personal information.

The lack of strong data protection and privacy laws or penalties in India, unlike the European Union , United States or Singapore has led to companies ignoring user data protection. There is a similar lack of push from non-government organisations to improve this scenario. We have in the past discovered more than 50 instances of data leaks in several Indian organisations. In fact, we are pleasantly surprised when we find Indian companies without a personal or payment data leak vulnerability in their APIs.


A sample response to Curl request :

Click to view full size image

Disclosure Timeline:
  • 4th Feb’17 — Fallible reported the issue to McDelivery
  • 13th Feb’17 — Issue acknowledged by McDelivery IT Manager.
  • 7th March’17 — Fallible sent an email asking about the status, no reply from McDelivery.
  • 17th March’17 — Fallible sent another email; No response from McDelivery;
  • 18th March’17 — No response yet. McDelivery users are still vulnerable. Public disclosure.

Now it depends on users what actions they take. The company is still trying to solve the issues. Till then, take care... 

Source : HackerNoon

Football Club Hacked for Hiring a GoalKeeper..!


The ever so popular hacktivist Anonymous with the help of its counterparts in Brazil has hacked the official website of the Boa Esporte which is a second division football club in state of Minas Gerais. Their website was defaced not just once but twice, the hackers left a deface page along with a message explaining why they have done the attack on them.

The reason for targeting the Boa Esporte is its recent initiative of hiring a goalkeeper named Bruno Fernandes das Dores de Souza who was sent to prison for only brutally murdering his ex-girlfriend and his mother of his kid Eliza Samudio in 2010 but also feeding her to his dogs.

This Fernandes is more famous by his first name Bruno and was sentenced to prison for about 22 years, but due to the legal technicality, he was released last month. After this, Boa Esporte hired him. Bruno still claims to be innocent of the crime but the hacker community thought otherwise and they decided to hack Esporte’s website and present some messages like “Has Bruno told where is Eliza’s body?”.

The site is then hacked for the second time in one day with messages against domestic violence against the women in Brazil. The hackers have also left pictures of Bruno and Eliza as a deface page along with statistics of women in Brazil killed since 2013.

Click to view full size image

The picture of Bruno is a magazine cover in which he’s urging people to “Let him play” while the picture of Eliza is a result of photoshop in which she’s shown saying “I would like to see my son grow.”


In must be noted that hackers are not the only community criticizing the hiring of Bruno. In fact, people on social media in Brazil also opposed the decision urging companies to stop sponsoring Boa Esporte. As a result, the food supplementing company Nutrends broke off its sponsorship of the club.

Click here to view full size image

Here, one can notice that Hacking is not only used for Good or Bad technical stuffs. But it can also be used to fight against injustice and corruption and making the society clean. Many such cases have previously happened where Hackers proved that they can change the society and they were successful doing it either legally or illegally.

Friday, 17 March 2017

Ubuntu Linux, Safari, Adobe Reader, And Edge Hacked At Pwn2Own 2017


At the Trend Micro-sponsored Pwn2Own 2017 competition, the security researchers were able to hack many popular software and applications like Ubuntu, Safari, Microsoft Edge, and Adobe Reader. This year’s hacking event features 11 contestant teams and 30 attempts in total. Linux OS which is famous in the world for its security, is now hacked because of some vulnerability. Also many other softwares were Hacked Yesterday..!

Before going further, I would tell you about Pwn2Own. Many of you might not be knowing it, I bet.
Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference, beginning in 2007. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited, a cash prize, and a "Masters" jacket celebrating the year of their win. The name "Pwn2Own" is derived from the fact that contestants must "pwn" or hack the device in order to "own" or win it. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

This year’s event marks the 10th year of this annual hacking competition. It’s also special as for the first time Linux was made a target. Specifically, Ubuntu Linux 16.10 was hacked along with other software like Microsoft Edge, Adobe Reader, and Apple Safari. This is the 10th anniversary of the Pwn2Own hacking contest, it was arranged by Trend Micro and the Zero Day Initiative (ZDI) that introduced new exploit categories.

11 Groups vie for a prize pool of $1 million, the products to hack are organized into five categories, virtual machine (VM) escapes, web browsers and plugins, local privilege escalation, enterprise applications, and server side.

On the first day, the participants earned a total of $233,000 to have disclosed exploits.

Adobe Reader Hacked..!

The day started with the success of a success the researcher @mj011sec from Chinese security firm Qihoo360 who earned $50,000 for hacking Adobe Reader on Windows and his team win 6 points towards Master of Pwn.

The hacker and his team exploited a jpeg2000 heap overflow in Adobe Reader, a Windows kernel info leak, and an RCE through an uninitialized buffer in the Windows kernel to take down Adobe Reader. In the process, they have earned themselves $50,000 USD and 6 points towards Master of Pwn.

Adobe Reader was also successfully hacked by components of the Team Sniper from Tencent Security. The hackers exploited use-after-free and information disclosure flaws to achieve code execution, and a use-after-free in the kernel to obtain SYSTEM-level permissions. The team earned $25,000 for its exploits and 6 Master of Pwn points.

Apple Safari Hacked..!

Mid-morning researchers Samuel Groß (@5aelo) and Niklas Baumstark (_niklasb) partially hacked Apple Safari with an escalation to root on macOS. The duo used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They were prized with earn style points for displaying a special message on the targeted Mac’s touch bar, they earned $28,000 USD and 9 Master of Pwn points.macOS.

They were prized with earn style points for displaying a special message on the targeted Mac’s touch bar, they earned $28,000 USD and 9 Master of Pwn points.macOS.

Hacked Ubuntu and Safari..!

In the afternoon the Chaitin Security Research Lab (@ChaitinTech) hacked Ubuntu Desktop exploiting a Linux kernel heap out-of-bound access, they earned $15,000 and 3 Master of Pwn points. This is the first time for an Ubuntu Linux hack at the Pwn2Own.

The same group reached another success at the end of the day hacking Apple Safari with an escalation to root on macOS.

The attack chained a total of six bugs, including an info disclosure in Safari, four different type confusions bugs in the browser, and a UAF in WindowServer.  The team earned $35,000 and 11 points towards Master of Pwn.Master of Pwn.

Hacked Microsoft Edge..!

The highest reward,$80,000, was assigned to the Tencent Security’s Team Ether for hack Microsoft’s Edge browser leveraging an arbitrary write bug in Chakra and a logic bug to escape the sandbox. The team of hackers earned $80,000 and 10 points for Master of Pwn.

Of course, there were also some failed attempts at the Pwn2Own 2017, the Tencent Security – Team Sniper (Keen Lab and PC Mgr) that targeted Google Chrome with a SYSTEM-level escalation were not able to complete their exploit chain within the allotted time.

The researchers Richard Zhu (fluorescence) targeting Apple Safari with an escalation to root on macOS did not complete the exploit chain within the allotted time too.did not complete the exploit chain within the allotted time too.

Team Ether had signed up to hack Windows as well, but they withdrew the entry as well as the researcher Ralf-Philipp Weinmann, who attempted the Edge hack.


Wednesday, 15 March 2017

Command Line - Man Pages


You might have read my previous posts on Linux System and now we are going to start with some real commands used in the command line of Linux. As you are just new with the Linux commands, I would prefer starting with the Linux man command.

First of all, a question that strikes to your mind must be : Why starting with this command? ; and the other question is very common : What does this command do? The answer to both these questions are inter-related.

Let me take an example. Suppose that you brought some new electronic gadget. You may see many buttons on that gadget but you don't know how to use them. So, what will you do? Obviously, you will read the user manual provided with that gadget which will guide you through steps on how to use the device.

Similarly, man in Linux is similar to user manual. It helps us to learn using different commands on Linux. Man Pages are the short form of Manual Pages. Most Unix files and commands have pretty good man pages to explain their use. Man pages also come in handy when you are using multiple flavours of Unix or several Linux distributions since options and parameters sometimes vary.

When you use the man command to access a manual to some particular keyword, the manual that you see on your screen seems somewhat hard to understand. However, users typically find them to be increasingly useful as they become more familiar with them and gain experience in the use of Unix-like operating systems.

The man command itself is very easy to use. The syntax of man command is :
man [option(s)] keyword(s)

man is most commonly used without any options and with only one keyword. The keyword is the exact name of the command or other item for which information is desired.

For example, the following provides information about the ls command (which is used to list the contents of any specified directory):
man ls

 As another example, the following displays the manual guide (man page) about the man pages:
man man

Man Sections :

Each man page is a self-contained article that is divided into a number of sections, the headers for which are labeled with upper case letters. The sections for commands are typically something like NAME, SYNOPSIS, DESCRIPTION, OPTIONS, AUTHOR, BUGS, COPYRIGHT, HISTORY and SEE ALSO, although there may be some differences according to the particular command. Some of these might be broken down into subsections, particularly OPTIONS in the case of a command that has numerous options. 

The manual writes a colon at the bottom of the screen to indicate the end of the on-screen page. The user can move to the next page by pushing the space bar and can return to the previous page by pressing the b key. Pressing the q exits the man pages and returns the user to the shell program.

There are many different types of commands, files, functions, system processes, etc. for which a user manual is required for understanding the things. On the other hand, man is a single command which provides a manual for all these. Hence, proper sub-divisions of these data became important.

The man pages as a whole are organized into sections, each containing pages about a specific category of topics as shown below. The section to which an article belongs is indicted in parenthesis in the top line, before the NAME header.
1. executable programs or shell commands
2. system calls
3. library routines
4. special files (i.e., devices in the /dev directory)
5. file formats
6. games
7. macro packages
8. system administration commands
9. kernel routines
n. Tcl/Tk (a programming language)

Some topic names will have multiple articles, depending on context. For instance, there are two articles for mount, one corresponding to its use as a command in system management (i.e., to logically attach partition or other devices to the main filesystem) and the other for use in the C programming language. Generally, the most commonly used topic is displayed by default, and there are references to any other topics with the same name in the SEE ALSO section at the bottom of the final on-screen page.

The syntax to specify an article from a particular section is:
man section_number keyword
Thus, for example, the following would display the article about mount from Section 2 instead of from the default Section 8:
man 2 mount

Commands similar to/used with man :

There are many commands which are used along with man command, or they perform a task which can also be performed by man command. Some of them are explained below :

whatis :

To see just the description of a manual page, use whatis followed by a string. For example, whatis route shows the description of route command. The syntax is :
whatis string

For example,
whatis route

whereis :

You can find the location of a man page for a particular command, file or keyword in general. The location of a manpage can be revealed with whereis. The syntax is :
whereis -m keyword(s)
Here, -m is an argument which refers to manual. One can interpret the syntax as : where is the manual for the given keyword.

For example,
where -m ls
This will provide you the location of manual of ls command.

Unix-like operating systems often also have an additional built-in manual referred to as the Info documents, the content of which is largely identical to that of the man pages. These documents can be accessed with the info command.


For a reason that I have to maintain size of my article, I cannot provide you with screenshots of each and every command. So better try to run the commands by yourself and if any queries, kindly comment your queries below.

Monday, 13 March 2017

Wikileaks documents: Here's how the CIA was hacking your smart devices


If you are reading this article, definitely you will be knowing what CIA is..! If not, just google it first and then read this article.

Documents leaked by Wikileaks have made the world aware of the hacking tools the CIA possesses, to hack your smartphones, Smart TVs, PCs and Mac OS PCs.

American intelligence has once again been caught misusing the technology it possess, this time by Wikileaks (Known for publishing secret and classified information). On 8th March, Wikileaks published a huge data of CIA documents, calling them Vault7, detailing how the security agency hacks smartphones, tablets and even smart televisions.  

Before we begin with what the headline suggests this story is about, it is worth noting that most of the smartphone hacks mentioned in the documents, date back to between 2015 and 2016. This means they may have been plugged by companies already, although in the same way, the CIA may also have improved its techniques by now.

Android Devices :

 
Phones and tablets are obvious targets for security agencies like the CIA as they are the most used devices now-a-days for storing personal data. Given their massive penetration into various markets, and the treasure trove of information they carry on a person, these make for the perfect tools for surveillance. The Wikileaks documents detail 25 exploits for Android-based smartphones, while there are 14 for iOS-based devices. 

Amongst these are techniques that allow the CIA “root” access to your phone, on Android. This means a hacker can gain superuser access to your phone, and access every bit of information on it. That includes your personal photos, files and even the cameras on your phone or tablet. References to “root” appear seven times amongst the Android exploits. 

Further, six Android exploits grant the attacker (the CIA) remote access to users’ device(s), meaning there needs to be no physical contact for the hack. Various versions of Google Chrome, Opera browser and Samsung’s mobile browser are listed amongst the hack, suggesting that the holes are through these apps. Versions 32-39 of Chrome browser are listed, along with version 28.0.1500.94.

Moving on, you’ll find two exploits, called LugiaLight and Nightmonkey, affect MSM devices on 4.4. That’s presumably a reference to Qualcomm’s SoCs, which usually have MSM on their model numbers. 4.4 most likely refers to the version of Android KitKat. In fact, Livestrong, the exploit listed right above LugiaLight and Nightmonkey, has Android 4.4 KitKat mentioned, explicitly. The same is true for Flameskimmer, but that seems to affects devices with Broadcom’s WiFi chipsets only.  (Broadcom chipsets are famous for WiFi Hacking via Android.)

You will also see references to various Samsung devices, including SM-N910 and SM-910S, which are different versions of the Galaxy Note 4 smartphone. The Samsung Galaxy S5, Galaxy S4, Note 3, Galaxy Tab 2 and many others are also mentioned in other exploits.  

An exploit called Dugtrio, evidently named after the Pokemon, affects “newer Samsung devices”, but it isn’t guaranteed. Chronos and Creatine are two exploits that affect Adreno 225 and 320 GPUs on the Nexus 7 tablet, running Android 4.4.2. 

The last Android hack, called T2 (presumably a reference to Terminator 2), compromises operating systems before June 2014.

Still Google hasn't responded to the exploits mentioned in the Wikileaks articles.

iOS Devices :

Much like the Android hacks, none of the iOS hacks reference iOS 10, Apple’s newest operating system, running on over 70% of its devices right now. In fact, we spotted only two instances of iOS 9 (iOS 9.1 and 9.2) in Wikileaks’ documents. In addition, none of the iPhone hacks seem to grant superuser/root access to the attacker. However, it is possible that combined usage of these exploits will give an attacker complete control of an iPhone or iPad.

One of the iOS exploits also points towards granting remote access to attackers. The exploit, called Earth/Eve, was purchased by the NSA and ported by the GCHQ.

Another exploit, called Rhino, “reads KEXT info”. While we aren’t quite sure yet, KEXT does refer to kernel extension files on Apple’s devices, which gives some indication to where the attack is aimed at. 

Looking at the documents, they seem to reinforce the fact that Apple’s devices are tougher to hack into, than Android. To its credit, Apple has already clarified that many of the exploits mentioned in the Wikileaks document have been patched in its latest OS, while the company is working to plug the remaining holes as well. 
"Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates," said Apple.

Samsung Smart TVs :

Hacking smart TVs seems limited to Samsung’s smart televisions right now. The documents specifically reference the Samsung F8000 smart TV, an older television, running one of Samsung’s in-house operating systems. It is unclear whether this is an older version of Tizen, which powers the company’s current Smart TVs. 

A particular hack, called Weeping Angel, talks about a “fake-off” mode, which turns off the LEDs on the TV, thereby making it look like the TV is off. However, it continues to record audio in the background, effectively turning it into a huge bug to listen in on conversations. Samsung’s open source, SamyGo project has also been mentioned in the documents. 
“There are several utilities that may be useful in the SamyGo toolset (i.e. tcpdump),” says one of the Weeping Angel documents.
“This is actually a physical attack,” explained Rahul Tyagi. 

The “fake-off” mode requires the attacker to press certain keys on the remote, like Mute+182+Power Off, which turns the screen off. Pressing these keys will turn off the “auto-updates” option on these TVs, and the audio recorded will no longer be encrypted, Tyagi said. 

Thereon, the CIA can send this audio to its servers, since the TV is already connected to the Internet. Tyagi is a security expert and VP of Lucideus, an IT Risk Management and Digital Security Services provider.

It is worth noting that Weeping Angel is applicable only to devices from 2012 and 2013, that too, if they haven’t been updated yet. Tyagi says if your TV is amongst the model numbers listed below, you should check the auto-updates option. If it is turned off, then you’re most likely compromised already. Samsung hasn't yet responded to our queries. 

Model Numbers: UNF7500 series, UNF7000 series, UNF8000 series, UNF8500 series, UNES8000F series, E8000GF and UNES7550F.
Firmware Numbers: 1111, 1112, 1116

PCs and Macs :

While the information on PCs and Macs is very less in comparison to what the CIA is doing with phones and TVs, there’s still something there. The Vault7 press release says the the CIA runs “substantial efforts” to infect and compromise Microsoft Windows users. The agency’s arsenal includes viruses that infect USBs, CDs and DVDs, and ways to hide information in “covert disk areas”.

The agency also has malware attacks for Apple’s macOS. However, much like it was with phones and TVs, none of the information pertains to current devices. However, Windows, macOS, OS X, Solaris and Linux and others are within the agency’s purview. We found references to a BIOS attack for the Mac, while there’s a list of libraries that can be used for Windows attacks, as well.

The PC hacks are of course underscored by the sizeable list of anti-virus software mentioned in the documents. The CIA can apparently compromise big names like AVG, Avast, F-Secure, Norton and more.

According to the information I got, this leaked data was also published on torrent. But I am still not sure of it.

Source : digit.in

Sunday, 12 March 2017

GTU Website Hacked...!


The Website got Hacked yesterday. It was not so late when I received a message in my group that GTU Website got Hacked..! At first I didn't believe as when I opened the site, it seemed to work well. But then I started geetting links and found that this was true. But still I had some doubts so I didn't post the NEWS yesterday. But as I got to read about this in newspaper, I thought of writing about it.

UPDATE: GTU website was hacked another time recently. But this is different... As it is me who performed the hack and no worries as I reported them and applied the patch. This time I got into GTU Exams site which contained all exam related stuffs. You can read it here..

Yesterday, I received a message in my group about this. At first I didn't believe that it was true. Then after some time, I received a screenshot from my friend who notified me about it. I was so curious that I started searching on the internet about it.

Click to view full size image

The screenshot I received is here...

Click to view full size image

After this thing happened, I started searching on the internet about the whole matter. I saw only one link which reported about the website getting hacked. But when I tried to open it, it blocked me saying I was unauthorized to access that site.

The link which reported about this is : http://www.zone-h.org/mirror/id/28829271 You can too try to access it, but it will block you saying that you are unauthorized. This link will also be soon removed from Google Results.

Also, I was able to get a YouTube video which showed the website got Hacked. But this was too removed from YouTube's Server. It seemed like all the traces were removed. I don't know who removed these traces, either the Hacker - to prevent from getting caught OR the GTU - to maintain its respect in the society.

The YouTube video link was : https://www.youtube.com/watch?v=aR1RBf2nzus

Click to view full size image

Click to view full size image

Then I started searching on Web-Crawlers to get the idea whether the site was really Hacked..! Or was it Just a scam. But no data was available by the Internet Archives. It seemed like the data was removed from Internet Archives.

But as we know, Google always helps in this kind of tasks. As it records each task that happens online. I then tried accessing the blocked link from the Google Server's Cached Data. And I didn't believe that I was successful. And then I was able to see the webpage that was blocked earlier.

Click to view full size image

And then I was sure that the website was Hacked. But still I waited for the Offical NEWS to come. And then, today I got the Official NEWS in our local NewsPaper (Its in Gujarati Language).

Click to view full size image

It is not so late when GTU has achieved an International Reputation in the society. Also, GTU is working on many projects, one of which is CyberSecurity. Therefore, at this time it became very hard for the officials to maintain the Hack. The site was Hacked at about 1:00 PM IST. And was recovered within a few hours. The Hacker notified the University to upgrade its security and warned that he/she will return soon.

You can see the projects on which GTU is carrying the research work here : http://www.gturesearchcentres.edu.in

Also, the media is saying that a Pakastani Hacker did this job. But still it is hard to believe till the cyberforce don't catch the real culprit. Its the Indian nature that we blame Pakistan for all the shits that happen here.. 

I will be notifying you all about the updates I get on this topic. Till then, stay connected. And share your views in the comment box provided below. Thank you..

Saturday, 11 March 2017

Concept of SuperUser in Linux


You might have read my last article which explained the steps of installing Linux with the help of VirtualBox. Now, we are going to see some tricky stuff on Linux. Linux is mainly used in creating servers and building different OS like Android. But before we go that deep, our concepts about an Operating System must be clear. Don't worry as we are not going so hard with Operating Systems but the clearance of basics is must..!

You might have heard about rooting your Android device gives you much extra features on your device. Also, after installing Linux on your PC, one might have a question about how to install Linux on Android device. To learn all these, the knowledge about the concept of superuser is important. So, let's start.

You might have seen the phrase - "Install (as superuser)" written on top-left of the screen when installing Linux. That means that when you are installing an OS, the OS is first installed as superuser mode and then you create separate accounts as per your use. You might be aware about the word "administrator" when using windows OS. The admin account is the one, which has a complete control over the system and files in the system. Though Windows doesn't permit a total control to an admin account too as it is not an open-source project. But this is not the case with Linux.

In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of the account is not the determining factor; on Unix-like systems, for example, the user with a user identifier (UID) of zero is the superuser, regardless of the name of that account. That means, in Unix-like systems, we can rename a superuser account name (generally named root) to the name we want. Its because, the name of account is not of prime importance. The system identifies a user account by a unique identification number called UID. Hence, renaming the account will not change its ID.

The word root also has several additional, related meanings when used as part of other terms, and thus it can be a source of confusion to people new to Unix-like systems.

One of these is the root directory, which is the top level directory on a system. That is, it is the directory in which all other directories, including their subdirectories, and files reside. The root directory is designated by a forward slash ( / )

Another is /root (pronounced slash root), which is the root user's home directory. A home directory is the primary repository of a user's files, including that user's configuration files, and it is usually the directory in which a user finds itself when it logs into a system. /root is a subdirectory of the root directory, as indicated by the forward slash that begins its name, and should not to be confused with that directory. Home directories for users other than root are by default created in the /home directory, which is another standard subdirectory of the root directory.

Click to view full size image

After trying to open the root user's home directory, you might be having a question that why aren't you able to open the directory even if you are logged in as the administrator. As I said before, admin and root are two different terms with same meaning. Hence, you should be able to open the /root subdirectory, but it is not happening. This is because, linux also cares about its security when providing you control over it. Messing with the files inside /root directory may be harmful for the system and leave a negative impact. That is why Linux has blocked you from accessing the /root directory. You will know about it more when we study shell scripting in Linux. There are two commands namely "su" (SuperUser) and "sudo" (Superuser Do). The su command is used by the root users having access to /root directory while the sudo command is used by the admin who hasn't granted root privileges.

Root privileges are the powers that the root account has on the system. The root account is the most privileged on the system and has absolute power over it (i.e., complete access to all files and commands). Among root's powers are the ability to modify the system in any way desired and to grant and revoke access permissions (i.e., the ability to read, modify and execute specific files and directories) for other users, including any of those that are by default reserved for root. 

The root account with root privileges assigned has the power to access /root directory. Here, the whole case is similar to admin account in Windows. Though you are the admin, you will be prompted to open any file with admin privileges. Or else, you have to right-click on the file and select "run as administrator" to grant the file administrator privileges. But when you activate a separate administrator account in windows (it is always hidden by default for the case of security), you will never be prompted or you never have to grant any file administrator permission. This is because, the system trust all the tasks performed by the administrator. There is always a difference between your account type "admin" and the administrator account itself.

Click to view full size image

A rootkit is a set of software tools secretly installed by an intruder into a computer that allows such intruder to use that computer for its own, usually nefarious, purposes when desired. Well designed rootkits are able to obtain root access (i.e., access to the root account rather than just to a user account) and to hide most or all traces of their presence and activities. 

The use of the term root for the all-powerful administrative user may have arisen from the fact that root is the only account having write permissions (i.e., permission to modify files) in the root directory. The root directory, in turn, takes its name from the fact that the filesystems (i.e., the entire hierarchy of directories that is used to organize files) in Unix-like operating systems have been designed with a tree-like (although inverted) structure in which all directories branch off from a single directory that is analogous to the root of a tree.

These things aren't easily understandable. You might be still having doubts like difference between gaining root access and having an administrator (root) account. Also, you might be wondering about how to gain root privileges by activating the hidden root account. All such questions will be cleared in my next article where I will show you how to activate the root account to get root pemissions. And then we will try to open the /root directory with that account.

Still having questions..! Ask your questions in the comment box provided below..

Tuesday, 7 March 2017

Footprinting and Reconnaissance - Monitoring target using Alerts, Groups, Forums and Blogs


We have seen many methods of gathering information about the target system. But still some of them are left. Here, we are going to discuss about two new methods to spy on target in a complete legitimate way.

The first method includes spying on target system using alert services while the second one includes spying using online groups, forums and blogs.

Monitoring Target using Online Alert Service :

Before going into deep, I will tell you what actually an alert service means.! An alert service works the same way as a subscription service. Suppose that you have subscribed my blog for free articles (see the subscription box on the right side on window), then you will get daily updates of my posts in this blog. But the thing is, you will not get instant updates all the time.

An alert service works the same. You can see an alert in the way you place reminders in your mobile. When the time comes, it provides you with a reminder (alert) about whatever the task is to be done. An alert service provides you instant update when the server data gets modified in any way. Suppose that admin posted new data on the website, then you will get an immediate alert about the change.

In short, we can say that :
Alerts are content monitoring services that provide up-to-date information based on your preference, usually via email or SMS in an automated manner.

So, now as you know what is an alert, let us see how to use such services. Generally, an alert service works differently depending on the server that provides the service. That means, if we have two services available, one from Google and other from Yahoo, there is a lot of difference between the way they provide us with service. Also, some of the alert providing services are charged while the others are free.

Here are a few examples of Alert Services :

Information Gathering using Groups, Forums and Blogs :

Gorups, Forums and Blog provide sensitive information about a target such as public network information, system information, personal information, etc. Hence, it also becomes a part of Information Gathering though of a very little importance.

So, you need to gather this type of information. For that, Register with fake profiles in Google groups, Yahoo groups, etc. and try to join target organisation's employee groups when they share personal and company information.

Search for information like Fully Qualified Domain Names (FQDNs), IP addresses and usernames in groups, forums or blogs.

Cisco's Research : Malware uses DNS Queres to receive PowerShell Commands



The latest example of such attack is DNSMessenger – a new Remote Access Trojan (RAT) that uses DNS queries to conduct malicious PowerShell commands on compromised computers – a technique that makes the RAT difficult to detect onto targeted systems.
The Trojan came to the attention of Cisco's Talos threat research group by a security researcher named Simpo, who highlighted a tweet that encoded text in a PowerShell script that said 'SourceFireSux.' SourceFire is one of Cisco's corporate security products.

DNSMessenger attack is completely Fileless...!


Click to view full size image


When opened, the document launches a Visual Basic for Applications (VBA) macro to execute a self-contained PowerShell script in an attempt to run the backdoor onto the target system.

What's interesting? Everything, until this point, is done in memory, without writing any malicious files to the system's disk.

Next, the VBA script unpacks a compressed and sophisticated second stage of PowerShell, which involves checking for several parameters of the target environment, like the privileges of the logged-in user and the version of PowerShell installed on the target system.

This information is then used to ensure persistence on the infected host by changing the Windows Registry and installing a third stage PowerShell script that contains a simple backdoor.

The backdoor is being added to the Windows Management Instrumentation (WMI) database, if the victim does have administrative access, allowing the malware backdoor to stay persistent on the system even after a reboot.

The backdoor is an additional script that establishes a sophisticated 2-way communications channel over the Domain Name System (DNS) – usually used to look up the IP addresses associated with domain names, but has support for different types of records.

The DNSMessenger malware backdoor uses DNS TXT records that, by definition, allows a DNS server to attach unformatted text to a response.

The backdoor periodically sends DNS queries to one of a series of domains hard-coded in its source code. As part of those requests, it retrieves the domain's DNS TXT record, which contains further PowerShell commands that are executed but never written to the local system.

Now, this "fourth stage" Powershell script is the actual remote control tool used by the malware attacker.

This script queries the command-and-control servers via DNS TXT message requests to ask what commands to execute. Any command received is then executed, and the output is communicated back to the C&C server, allowing the attacker to execute any Windows or application commands on the infected system.

All attackers need to do is leave malicious commands and instructions inside the TXT records of their domains, which, when queried, is executed via the Windows Command Line Processor, and the output is sent back as another DNS query.

The domains registered by the DNSMessenger RAT are all down, so till now, it is not known that what types of commands the attackers relayed to infected systems. However, the researchers say this particular RAT was used in a small number of targeted attacks. 

Popular Posts