Affichage des articles dont le libellé est Video. Afficher tous les articles
Affichage des articles dont le libellé est Video. Afficher tous les articles

C Programming For Hackers - Part 4

Read more

by Malik korrich ~ jeudi 22 septembre 2016 0 commentaires

C Programming For Hackers - Part 3

Read more

by Malik korrich ~ samedi 17 septembre 2016 0 commentaires

C programming for Hackers - Part 2

Read more

by Malik korrich ~ jeudi 8 septembre 2016 0 commentaires

C Programming for Hackers - Part 1

Read more

by Malik korrich ~ 0 commentaires

Facebook Bomb using VB-script





Script :



' InputBoxes

Message = InputBox("What Is The Message?","WhatsApp DDos")

MsgBox "VBScript Written By Priyank Gada"

T = InputBox("How Many Times Needs It To Be Send?","WhatsApp DDos")

If MsgBox("You've Filled It In Correctely", 1024 + vbSystemModal, "WhatsApp DDos") = vbOk Then



' Go To WhatsApp

Set WshShell = WScript.CreateObject("WScript.Shell")

Return = WshShell.Run("https://www.facebook.com/messages", 1)



' Loading Time



If MsgBox("Search for the name and click on message section?" & vbNewLine & vbNewLine & "Press No To Cancel", vbYesNo + vbQuestion + vbSystemModal, "WhatsApp DDos") = vbYes Then



' The Loop For The Messages

For i = 0 to T

WScript.Sleep 5

WshShell.SendKeys Message

WScript.Sleep 5

WshShell.SendKeys "{ENTER}"

Next



' End Of The Script

WScript.Sleep 3000

MsgBox "Please Visit www.youtube.com/c/priyankgada"

Set WshShell = WScript.CreateObject("WScript.Shell")

Return = WshShell.Run("http://www.youtube.com/priyankgada", 1)





' Canceled Script

Else

MsgBox "Process Has Been Canceled", vbSystemModal, "DDos Canceled"

End If

Else

End If


Read more

by Malik korrich ~ mercredi 7 septembre 2016 0 commentaires

Whatsapp Bomb using VB-Script

Today , we are going to learn how to bomb messages on web whatsapp using VB-Script.




Explanation of the script.

' InputBoxes
This section is the data input. Here we are taking inputs from the user . Contact stores the name of the contact. Message stores the message , T stores the times.


' Go To WhatsApp
This section redirects the user to web whatsapp.

' Loading Time
This section will wait for you to load whatsapp web.

' Go To The WhatsApp Search Bar
This section will press tab key and pass the pointer from URL address bar to Whatsapp message bar.

' Go To The Contacts Chat
This section will type the contact name in the search bar.

' The Loop For The Messages
This section will type message and press enter till the amount of times we need to spam the message. ( T ).

' End Of The Script
This the popup that the script is completed

' Canceled Script
This section will popup the cancellation of the script.

Read more

by Malik korrich ~ 0 commentaires

Credit Card 101 - Part 1

Hello guys , we are back with another awesome article. In this series of articles ( credit card 101 ) we are going to learn about various credit cards , how credit cards work , how to hack credit cards and most important how to secure your personal credit card. So to start with credit card hacking we must first understand how credit cards are designed and how they work.


Credit Card Numbers :

So lets consider a random credit card for example ( This is not my credit card ).

4485 3151 5882 2849
Now the credit card number is divided into various parts which help the payment gateway to charge the original consumer of the credit card. 
1. The first number (4) is the MII
2. The next 5-6 numbers are the issuer ID
3. The next numbers leaving the last number are the user ID
4. The last number is the check number also known as check algorithm number.



What is MII ?

MII basically stands for major industry identifier . This is a constant number that is given to the consumer according to the needs of the consumer . For example in most cases a consumer uses his/ her credit card numbers for online transactions. This is the reasons most credit card numbers start from 4 and 5 which means banking and financial industry . This digit can range from 0 to 9. We will provide more information in the bottom of the article .


What is Issuer ID ?

The issuer ID basically stands for the card provider i.e. visa , mastercard , etc. For example if the digit is 4xxxx then it is a VISA card and the length of the card is 16. We have provided more information about in the bottom of the article.

What is User ID ?

This number is basically the Identity of the user and the bank to which the card was issued . It depends on the users account number and other details . This number can be reused if a particular card holder stops using the service.


What is check number ?

A check number is used to ensure the validity of the card. It is the last digit of the credit card. Credit cards follow luhn check algorithm.

Luhn's Credit Card Algorithm :


Original Number : 4485 3151 5882 2849

1. From the back , double every alternate number.
What we get : 8  (16)  6  (10)  (10)  (16)  4  8

2. If the doubled numbers are double-digit numbers then add them.
What we get  : 8   7   6   1   1   7   4   8

3. Write the alternate numbers that we deleted in the first step.
8475   6111   1872   4889

4. Add the new credit card number that we get.
8+4+7+5+6+1+1+1+1+8+7+2+4+8+8+9=80

5. If sum is a multiple of 10 then the credit card number is valid.
Since 80 is the multiple of 10 . We can conclude that 4485 3151 5882 2849 can be a valid credit card number.

MII / Digit Value Category
0 = other industry assignments 
1 = Airlines industry assignments.
2 = Airlines and other industry assignments
3 = Travel and entertainment 
4 = Banking and financial 
5 = Banking and financial 
6 = Merchandising and Banking 
7 = Petroleum 
8 = Telecommunications and other industry assignments 
9 = National assignment
Issuer ID                                  Card Number
  • Diner's Club/Carte Blanche   300xxx-305xxx, 36xxxx, 38xxxx
  • American Express                   34xxxx, 37xxxx                   
  • VISA                                        4xxxxx                               
  • Mastercard                              51xxxx-55xxxx
  • Discover                                  6011xx     





Check Next Article ( will be updated soon )




Read more

by Malik korrich ~ dimanche 4 septembre 2016 0 commentaires

EHC - 2.3 Advanced PING

2.3 PING – Foot-printing - Ethical Hacking Course ( EHC )



About :
In this practical, we are going to learn about ping utility .

Requirements :
Clean windows installation ( I will be using windows 8.1 )

Practical :

1. Open cmd ( check out last practicals to learn how ).

How ping works :
Whenever you ping an IP address , a request is sent to it. The IP responses with a result . This result is sent back to the host who pings.

2. Enter the command ping www.google.com
Over Here , we are trying to ping google.com . We will get some kind of result in return .
Output :
Reply from xx.xx.xx.xx : bytes= 32 Time=64ms TTL=46
Reply from xx.xx.xx.xx : bytes= 32 Time=64ms TTL=46
Reply from xx.xx.xx.xx : bytes= 32 Time=64ms TTL=46

Over here the IP address of google is shown as xx.xx.xx.xx
Bytes = 32 is the number of bytes sent in one ping which can me changed according to the requirement . More number of bytes means more traffic to the website.

Round Trip Time :
Round trip time is basically the time taken to ping a website and to get the response from the website . One complete cycle of ping and reply is known as round trip time ( RTT ) . RTT is basically in milliseconds .

3. enter the command ping -f -l 1500 www.google.com
Output :
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Over here we are trying to ping and send 1500 bytes of data at a time. We get a reply that the packets should be fragmented , which basically means packets are too large to be sent and should be fragmented . There is a certain limit of data that can be sent at a time .

Maximum Frame Size :
Maximum frame size is the amount of data that can be sent at a time to a host. If the maximum frame size is crossed , the request will be discarded . It is important to find maximum frame size . It helps us to find the amount of data to send during DOS attacks . Check video tutorial given below to learn how to find maximum frame size.

Time To Live :
TTL or time to live is the time when the host is live . If the TTL is set to 0 , all the packets are discarded . This prevents loss of packets and thus allows us to understand if the host is live or not and is live for how much time.





More :

You can access full course free on the following platforms :

Please note all the content is copyright (c) material of Priyank Gada. Using this without permissions should be prohibited .




Read more

by Malik korrich ~ samedi 13 août 2016 0 commentaires

OSTrICa - Open Source Threat Intelligence Collector

OSTrICa stands for Open Source Threat Intelligence Collector and is an Open Source plugin-oriented framework to collect and visualize Threat Intelligence Information. Furthermore, OSTrICa is also the Italian word for oyster: that's where the logo come from.
SOC analysts, incident responders, attack investigators or cyber-security analysts need to correlate IoCs (Indicator of Compromise), network traffic patterns and any other collected data in order to get a real advantage against cyber-enemies. This is where threat intelligence comes into play, but unfortunately, not all the companies have enough budget to spend on Threat Intelligence Platform and Programs (TIPP); this is the main motivation behind OSTrICa's development.

OSTrICa - Open Source Threat Intelligence Collector

OSTrICa is a free and open source framework that allows everyone to automatically collect and visualize any sort of threat intelligence data harvested (IoCs), from open, internal and commercial sources using a plugin based architecture. The collected intelligence can be analysed by analysts but it can also be visualized in a graph format, suitable for link analysis. The visualized information can be filtered dynamically and can show, for example, connections between multiple malware based on remote connections, file names, mutex and so on so forth.


Download and read more at
Read more

by Malik korrich ~ dimanche 31 juillet 2016 0 commentaires

Threats against the next billion devices

The Cyber attacks are not like the natural disaster or other forces of nature nor are they like diseases or other autonomously evolving and spreading agents yet. They are eventually driven by human actions. It depends on the intuition of human that how he uses the communication medium and technology. Since, the economics is the best way to view attacker and defender strategies that how it is affecting in term of money. The traditional approach to defense is to raise the cost for your attackers by making attacks as difficult as possible. This, unfortunately, has a tendency to raise costs for the defender and their users too and does not scale well. The most scalable strategy is to reduce the loss from the successful attacks.

What does this look like? The new strategies are already being implemented on many areas of interest and we will point out where it is being employed successfully. We will further examine the phases of intrusions that are financially motivated and state sponsored attacks to show how defenses based on lowering the value versus raising the cost affect both the attackers and defenders. Finally we will explore about the strategies for security threat against the next billion devices.



Read more

by Malik korrich ~ samedi 23 juillet 2016 0 commentaires

Exploring Vulnerabilities in HDMI

The HDMI (High Definition Multimedia Interface) standard has gained extensive market penetration. Nearly every piece of modern home theater equipment has HDMI support and most modern mobile devices actually have HDMI-capable outputs, though it may not be obvious. Lurking inside most modern HDMI-compatible devices is something called HDMI-CEC, or Consumer Electronics Control. This is the functionality that allows a media device to, for example, turn on your TV and change the TV’s input. That doesn’t sound interesting, but as we'll see in this presentation, there are some very surprising things an attacker can do by exploiting CEC software implementations. Then there's something called HEC or HDMI Ethernet Connection, which allows devices to establish an Ethernet connection of up to 100Mbit/s over their HDMI connections (newer HDMI standards raise the speed to 1Gbit/s).

Don't think your mobile phone implements CEC? You might be wrong. Most modern Android-based phones and tablets have a Slimport(r) connection that supports HDMI-CEC. Ever heard of MHL (Mobile High-Definition Link)? Think Samsung and HTC (among other) mobile devices, and many JVC, Kenwood, Panasonic, and Sony car stereos – as many as 750 million devices in the world so far. Guess what? MHL supports HDMI-CEC as well. Let's explore:




Read more

by Malik korrich ~ vendredi 1 juillet 2016 0 commentaires

New Developments in the BREACH Attack

2013 was the year when BREACH attack was introduced to Black Hat USA that is still a serious attack vector that exploited compression to compromise SSL connections.

In this talk, methods are proposed to practically extend the attack against the most commonly used encryption ciphers. Command-and-Control technique is described to exploit plain HTTP connections in a persistent manner. Statistical methods are also presented that can be used to bypass the noise present in block ciphers as well as noise present in web applications. Moreover, Parallelization and optimization techniques are also explored.

Furthermore, talk is closed by proposing novel mitigation techniques. Finally the tool implementation and experimental results on popular web services is shown.


Read more

by Malik korrich ~ mercredi 22 juin 2016 0 commentaires

EHC - 2.1 Basic PING Utility

2.1 PING – Foot-printing - Ethical Hacking Course ( EHC )

About :
In this practical, we are going to learn about ping utility . We will be starting from the basics to the core of hacking.

Requirements :
Clean windows installation ( I will be using windows 8.1 )

Practical :

1. You need a clean windows installation

PING utility is bundled with almost all operating systems to test network connections. There are various other tools bundled bydefault with the ping utility .

2. Open Command Prompt

Command prompt looks like a terminal application with black box and white text in it. Old MS-DOS commands can be executed in CMD .

Press windows + R key to open run window.



Type CMD and press OK

3. Enter Ping and press enter

We will study ping command in detail in other tutorials . For now you will get a output describing all the options of ping command. Keep trying all the options.

4. Basic Ping Commands

To ping a website you need to enter 'ping

stands for target IP or target host which includes websites.

Example : ping google.com
Note : we can ping target without stating any options.

Video Tutorial :




More :

You can access full course free on the following platforms :

Please note all the content is copyright (c) material of Priyank Gada. Using this without permissions should be prohibited .


Read more

by Malik korrich ~ lundi 20 juin 2016 0 commentaires

Linux Weaknesses Making It Easier To Get Exploited

Today we will discuss four weaknesses in current Linux and PaX ASLR design and implementation.

1) Too low entropy.
2) Non-uniform distribution.
3) Correlation between objects.
4) Inheritance.

The new technique for exploiting the correlation and weakness is presented, which can bypass full ASLR Linux in 64-bit architecture system in less then a second. A deep analysis of these weaknesses enabled to propose new ASLR design, a concept named as ASLR-NG. This will overcome all the current ASLR’s weaknesses including PaX solution.  Finally presents ASLRA, a tool to analyze the ASLR entropy of Linux.



Read more

by Malik korrich ~ jeudi 16 juin 2016 0 commentaires

Change IMEI - MEUI META 3G

Note :

Please read this post before proceeding - All About IMEI . It is important that you know what is database file , etc.

Pre-requests :

  • MEUI META 3G ( download link below )
  • Database File ( Read this post for More )
  • USB cable ( normal phone usb cable )
  • MTK device ( MT65xx+ processor is best. Tested on android one device and yu yureka )


How to change IMEI of an android device.

  1. Download and install latest version of MEUI META 3G tool ( download link given below )
  2. Launch the application as admin ( run as administrator )
  3. Select USB COM ( we are using USB cable so we need to select USB COM )
  4. Go to options 
  5. Select - Connect Smart Phone into META mode 
  6. Switch off your phone
  7. Select Reconnect ( Circle will blink in Green and Red )
  8. Connect your device in switch off mode ( Note : If your phone is not connected automatically withing 3 minutes then you need to turn your phone on with plugged USB cable )
  9. Circle will turn yellow ( this indicates phone is connected )
  10. Select IMEI Download ( Change Get Version to IMEI download )
  11. Select Upload from flash 
  12. Select Database File ( first select APDB file and then BPLGU file . All files will be in the stock rom of your device )
  13. Enter new IMEI ( use IMEI generator Tool to generate valid IMEI )
  14. Click Download to flash
  15. Close the box and remove USB 
  16. Turn phone ON

Download Links :



Full Video Tutorial ( watch both tutorial before trying it ) :

Tutorial 1

Tutorial 2 



******************
About Author :

Priyank Gada 

Read more

by Malik korrich ~ samedi 11 juin 2016 0 commentaires

Hack any website | Brute Force Attack Using Firefox

What is Brute Forcing ?

Brute force is a technique in which a hacker tries random passwords ( which are generated by application or via using password dictionary ). Brute force is sometimes known as brute force cracking. This attack is basically a trial and error attack . 


Passwords in Brute Force Attack : 

Brute force attacks mostly need a password file . This file  is a simple text file which contains passwords. Password file has randomly generated passwords. Some hackers also use dictionary as a password file . So it is always recommended that you don't use dictionary words.

How to Perform Brute Force Attack :

Pre-requisite :

Firefox browser

Attack :

  1. Download and install firefox browser ( links given below )
  2. Download fireforce plugin for firefox ( links given below )
  3. Install and activate fireforce plugin 
  4. Restart Firefox Browser ( close and reopen )
  5. Go to the login page 
  6. Enter random username and random password ( we need error message that appears if we enter wrong password )
  7. Copy error message ( copy and wait )
  8. Enter Username ( in most cases usernames are admin , administrator , user , superuser , etc )
  9. Right click on the password field 
  10. Go to Fireforce 
  11. Select attack type ( more information below ) eg. generate password , load dictionary , etc
  12. Wait until password is cracked.

Attack Types

Generate Passwords :

If you select generate password , you will be given randomly generated password combinations for eg. AA , AB , AC , AD , AE , ... AZ , etc. This type of attack takes time .

Load dictionary :

In this case you will have to select password file ( list of password ) which is a text file. Download links to all password files are given below.


Download Links :


Full Video Tutorial for Beginners :




+++++++++++++++++++++++

About Author :

Priyank Gada 

Read more

by Malik korrich ~ 0 commentaires

How to Deny TOR user Access your Website

Tor users become risk for our servers as they can implement unethical practice into your website, server wihtout tracing as they are using tor routing.This method will allow you to block major list of tor users to access your website basically, our method will target the exit node and block it.


You will have:

  • Automated generator that do up-to-date tor ip's
  • Enhance security using our customized .htaccess file
  • Refresh.php file that getting the up-to-date list from "Dan's" list.

Download

git clone https://github.com/zayedaljaberi/block-tor-users/

installation

- Using FTP, SSH
- Using Cpanel
  • FTP Admin website can upload the files using ftp server of his website
  • Cpanel Admin user can upload the files using the cpanel given by the hosting company.

Usage

1- Upload the our .htaccess file (Make sure you only have one .htaccess) it's always hidden so check your settings 2- Upload refresh.php file into directories that you the only one can access it (we advice to put it into multiple directories to enhance the security.) Example (www.domain.com/stop/tor/status/refresh.php
Markdown that admin website should visit refresh.php site every 30+ to get his list up-to-date. FYI. admin can create bash file to generate schedule for it.

Demo

Read more

by Malik korrich ~ vendredi 10 juin 2016 0 commentaires

Penetrating the Perimeter - Tales from the Battlefield

Phil Grimes is a Security Consultant versed in providing logistics, security assessments, & penetration testing services for nearly a decade. Small businesses, financial institutions & e-commerce providers, telecommunications, manufacturing, education & government agencies, as well as international corporations have engaged Phil to improve organizational security. A passion for the digital world led Phil to join the professional security industry in 2009 as a vulnerability researcher; eventually becoming a proficient penetration tester & accomplished exploit developer. Phils experience in application security, physical & digital penetration testing, mobile security, & social engineering have proven valuable in assessments for high profile customers both domestically & around the globe. A regular speaker & presenter, Phil has brought many topics to life for OWASP & ISSA, several security industry related conferences, & various other speaking appearances to a wide range of audiences.





Read more

by Malik korrich ~ mardi 3 mai 2016 0 commentaires

Empire pure PowerShell Post Exploitation Agent

Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework.

Why PowerShell?

PowerShell offers a multitude of offensive advantages, including full .NET access, application whitelisting, direct access to the Win32 API, the ability to assemble malicious binaries in memory, and a default installation on Windows 7+. Offensive PowerShell had a watershed year in 2014, but despite the multitude of useful projects, many pentesters still struggle to integrate PowerShell into their engagements in a secure manner.



A Wealth of Modules

Empire aims to solve this weaponization problem by bringing offensive PowerShell to the pentesting community. Existing modules cover everything from Mimikatz, to token manipulation, key logging, screenshots, lateral movement, network situational awareness, and more.

Download and learn more at
Read more

by Malik korrich ~ dimanche 1 mai 2016 0 commentaires

Website Fingerprinting on Tor: attacks and defenses

Tor project is know because of its anonymity, recently many researchers and the security agencies tried to find ways to get in the tor to find the suspected. These researches are going on; on Dec 2015, Cluadia Diaz presented this paper in Post-Snowden Cryptography Workshop Brussels.

It outlines the fingerprinting techniques to get in the tor project:






Read more

by Malik korrich ~ samedi 13 février 2016 0 commentaires

« Articles plus anciens