β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Faceboook #news :
Facebook sues a developer for stealing data from 5,500 users
1οΈβ£According to foreign media reports, according to court documents, Facebook is suing a developer, saying that the developer participated in a data collection activity and stolen personal information from thousands of people. The company asked the defendant to provide $75,000 in compensation in the lawsuit. The social networking company said on Thursday that they are suing Mohammad Zaghar and its website Massroot8, alleging that the website obtained Facebook users' data without permission.
2οΈβ£The act was alleged to violate the Computer Fraud and Abuse Act. The lawsuit filed in Northern California states that Zagharβs website provides customers with the ability to obtain data from Facebook friends, including phone numbers, genders, birth dates, and email addresses.
3οΈβ£All of this data is published publicly by Facebook users, but the automation provided by the Zaghar website is said to enable people to access this information at a faster rate and on a larger scale. Facebook also accused Zaghar of using a botnet to bypass Facebook's detection by pretending to be an Android device using social networks. In response to this lawsuit, Zaghar did not respond to requests for comment.
4οΈβ£Facebook said that data collection activities continued from April 23 to May 6, and about 5,500 people signed up for the service. The indictment alleges that in addition to the data collected from these 5,500 customers' friends on Facebook, Massroot8 also asked its customers to provide login credentials.
5οΈβ£Facebook stated that they had issued Zaghar several orders to stop, and temporarily blocked his Facebook and Instagram accounts and asked his customers to change their passwords for security reasons.
@UndercodeNews
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Faceboook #news :
Facebook sues a developer for stealing data from 5,500 users
1οΈβ£According to foreign media reports, according to court documents, Facebook is suing a developer, saying that the developer participated in a data collection activity and stolen personal information from thousands of people. The company asked the defendant to provide $75,000 in compensation in the lawsuit. The social networking company said on Thursday that they are suing Mohammad Zaghar and its website Massroot8, alleging that the website obtained Facebook users' data without permission.
2οΈβ£The act was alleged to violate the Computer Fraud and Abuse Act. The lawsuit filed in Northern California states that Zagharβs website provides customers with the ability to obtain data from Facebook friends, including phone numbers, genders, birth dates, and email addresses.
3οΈβ£All of this data is published publicly by Facebook users, but the automation provided by the Zaghar website is said to enable people to access this information at a faster rate and on a larger scale. Facebook also accused Zaghar of using a botnet to bypass Facebook's detection by pretending to be an Android device using social networks. In response to this lawsuit, Zaghar did not respond to requests for comment.
4οΈβ£Facebook said that data collection activities continued from April 23 to May 6, and about 5,500 people signed up for the service. The indictment alleges that in addition to the data collected from these 5,500 customers' friends on Facebook, Massroot8 also asked its customers to provide login credentials.
5οΈβ£Facebook stated that they had issued Zaghar several orders to stop, and temporarily blocked his Facebook and Instagram accounts and asked his customers to change their passwords for security reasons.
@UndercodeNews
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How build your owN RDP ?
> Remote Desktop Protocol in twisted python
2020 updated libs
π¦Dependencies
Dependencies are only needed for pyqt4 binaries :
rdpy-rdpclient
rdpy-rdpscreenshot
rdpy-vncclient
rdpy-vncscreenshot
rdpy-rssplayer
π¦FEATURES :
RDP Man In The Middle proxy which record session
RDP Honeypot
RDP screenshoter
RDP client
VNC client
VNC screenshoter
RSS Player
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£$ git clone https://github.com/citronneur/rdpy.git rdpy
2οΈβ£$ pip install twisted pyopenssl qt4reactor service_identity rsa pyasn1
3οΈβ£$ python rdpy/setup.py install
Or use PIP:
4οΈβ£$ pip install rdpy
For virtualenv, you will need to link the qt4 library to it:
5οΈβ£$ ln -s /usr/lib/python2.7/dist-packages/PyQt4/ $VIRTUAL_ENV/lib/python2.7/site-packages/
6οΈβ£$ ln -s /usr/lib/python2.7/dist-packages/sip.so $VIRTUAL_ENV/lib/python2.7/site-packages/
π¦RDPY comes with some very useful binaries. These binaries are linux and windows compatible.
1οΈβ£rdpy-rdpclient
rdpy-rdpclient is a simple RDP Qt4 client.
$ rdpy-rdpclient.py [-u username] [-p password] [-d domain] [-r rss_ouput_file] [...] XXX.XXX.XXX.XXX[:3389]
You can use rdpy-rdpclient in a Recorder Session Scenario, used in rdpy-rdphoneypot.
2οΈβ£rdpy-vncclient
rdpy-vncclient is a simple VNC Qt4 client .
3οΈβ£$ rdpy-vncclient.py [-p password] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpscreenshot
rdpy-rdpscreenshot saves login screen in file.
4οΈβ£$ rdpy-rdpscreenshot.py [-w width] [-l height] [-o output_file_path] XXX.XXX.XXX.XXX[:3389]
rdpy-vncscreenshot
rdpy-vncscreenshot saves the first screen update in file.
5οΈβ£$ rdpy-vncscreenshot.py [-p password] [-o output_file_path] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpmitm
rdpy-rdpmitm is a RDP proxy allows you to do a Man In The Middle attack on RDP protocol. Record Session Scenario into rss file which can be replayed by rdpy-rssplayer.
6οΈβ£$ rdpy-rdpmitm.py -o output_dir [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] [-r (for XP or server 2003 client)] target_host[:target_port]
Output directory is used to save the rss file with following format (YYYYMMDDHHMMSS_ip_index.rss) The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer If one of both parameters are omitted, the server use standard RDP as security layer.
7οΈβ£rdpy-rdphoneypot
rdpy-rdphoneypot is an RDP honey Pot. Use Recorded Session Scenario to replay scenario through RDP Protocol.
8οΈβ£$ rdpy-rdphoneypot.py [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] rss_file_path_1 ... rss_file_path_N
The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer. If one of both parameters are omitted, the server use standard RDP as security layer. You can specify more than one files to match more common screen size.
9οΈβ£rdpy-rssplayer
rdpy-rssplayer is use to replay Record Session Scenario (rss) files generates by either rdpy-rdpmitm or rdpy-rdpclient binaries.
$ rdpy-rssplayer.py rss_file_path
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How build your owN RDP ?
> Remote Desktop Protocol in twisted python
2020 updated libs
π¦Dependencies
Dependencies are only needed for pyqt4 binaries :
rdpy-rdpclient
rdpy-rdpscreenshot
rdpy-vncclient
rdpy-vncscreenshot
rdpy-rssplayer
π¦FEATURES :
RDP Man In The Middle proxy which record session
RDP Honeypot
RDP screenshoter
RDP client
VNC client
VNC screenshoter
RSS Player
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£$ git clone https://github.com/citronneur/rdpy.git rdpy
2οΈβ£$ pip install twisted pyopenssl qt4reactor service_identity rsa pyasn1
3οΈβ£$ python rdpy/setup.py install
Or use PIP:
4οΈβ£$ pip install rdpy
For virtualenv, you will need to link the qt4 library to it:
5οΈβ£$ ln -s /usr/lib/python2.7/dist-packages/PyQt4/ $VIRTUAL_ENV/lib/python2.7/site-packages/
6οΈβ£$ ln -s /usr/lib/python2.7/dist-packages/sip.so $VIRTUAL_ENV/lib/python2.7/site-packages/
π¦RDPY comes with some very useful binaries. These binaries are linux and windows compatible.
1οΈβ£rdpy-rdpclient
rdpy-rdpclient is a simple RDP Qt4 client.
$ rdpy-rdpclient.py [-u username] [-p password] [-d domain] [-r rss_ouput_file] [...] XXX.XXX.XXX.XXX[:3389]
You can use rdpy-rdpclient in a Recorder Session Scenario, used in rdpy-rdphoneypot.
2οΈβ£rdpy-vncclient
rdpy-vncclient is a simple VNC Qt4 client .
3οΈβ£$ rdpy-vncclient.py [-p password] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpscreenshot
rdpy-rdpscreenshot saves login screen in file.
4οΈβ£$ rdpy-rdpscreenshot.py [-w width] [-l height] [-o output_file_path] XXX.XXX.XXX.XXX[:3389]
rdpy-vncscreenshot
rdpy-vncscreenshot saves the first screen update in file.
5οΈβ£$ rdpy-vncscreenshot.py [-p password] [-o output_file_path] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpmitm
rdpy-rdpmitm is a RDP proxy allows you to do a Man In The Middle attack on RDP protocol. Record Session Scenario into rss file which can be replayed by rdpy-rssplayer.
6οΈβ£$ rdpy-rdpmitm.py -o output_dir [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] [-r (for XP or server 2003 client)] target_host[:target_port]
Output directory is used to save the rss file with following format (YYYYMMDDHHMMSS_ip_index.rss) The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer If one of both parameters are omitted, the server use standard RDP as security layer.
7οΈβ£rdpy-rdphoneypot
rdpy-rdphoneypot is an RDP honey Pot. Use Recorded Session Scenario to replay scenario through RDP Protocol.
8οΈβ£$ rdpy-rdphoneypot.py [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] rss_file_path_1 ... rss_file_path_N
The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer. If one of both parameters are omitted, the server use standard RDP as security layer. You can specify more than one files to match more common screen size.
9οΈβ£rdpy-rssplayer
rdpy-rssplayer is use to replay Record Session Scenario (rss) files generates by either rdpy-rdpmitm or rdpy-rdpclient binaries.
$ rdpy-rssplayer.py rss_file_path
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - citronneur/rdpy: Remote Desktop Protocol in Twisted Python
Remote Desktop Protocol in Twisted Python. Contribute to citronneur/rdpy development by creating an account on GitHub.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Detailed explanation of the connection setting method between the main control terminal and the client of shared file monitoring software and shared file permission management software :
π¦WHAT WE TALK ABOUT ?
In the case of enabling the advanced control function of the general trend to shared folder management software, that is, prohibiting copying of shared files, prohibiting sharing of shared files as local disks, prohibiting dragging and sharing of shared files, prohibiting printing of shared files, and prohibiting copying of shared file contents Requires the user's computer to run the client to the shared file management system,
> FileLockerMain.exe, in order to control the user's shared file access behavior described above. If the user is not running, the host will deny the user access to the shared file.
> However, for some reasons, users cannot connect to the management terminal normally after running FileLockerMain.exe. In this case, the following three methods can be used to solve this problem:
1οΈβ£ Make sure that the management terminal is still running. Remember to close the SharedFileMonitor on the management terminal, which will cause LAN users to be unable to access the share.
2οΈβ£Turn off the Windows firewall of the management computer. Specific method: Control Panel\System and Security\Windows Firewall
3οΈβ£If it is connected across network segments. That is, the file server where the management terminal is located is on one network segment, and the visitor is on another network segment. In this case, the IP address of the connection server needs to be manually set.
Specific method: alt+f5 calls the software hotkey (other hotkeys: alt+f6, alt+f7, alt+f8, alt+f9; if the above hotkeys are not working, you can try ctrl+f5, ctrl+f6, ctrl+ f7, ctrl+f8, ctrl+f9; if the above hotkey still does not work, you can try ctrl+alt+f5, and so on.)
4οΈβ£Then enter the default password dsz to enter, and then click "Operation Software", select "Manual Configuration", then enter the server's IP address, and then click "OK"
5οΈβ£If you are prompted to fail the test, you need to open the relevant ports from the firewall as prompted
In this case, it is usually caused by the firewall intercepting the port 19681 required by the client connection
6οΈβ£After the connection is successful, there will be a time prompt:
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Detailed explanation of the connection setting method between the main control terminal and the client of shared file monitoring software and shared file permission management software :
π¦WHAT WE TALK ABOUT ?
In the case of enabling the advanced control function of the general trend to shared folder management software, that is, prohibiting copying of shared files, prohibiting sharing of shared files as local disks, prohibiting dragging and sharing of shared files, prohibiting printing of shared files, and prohibiting copying of shared file contents Requires the user's computer to run the client to the shared file management system,
> FileLockerMain.exe, in order to control the user's shared file access behavior described above. If the user is not running, the host will deny the user access to the shared file.
> However, for some reasons, users cannot connect to the management terminal normally after running FileLockerMain.exe. In this case, the following three methods can be used to solve this problem:
Before this, you need to detect whether the management terminal can be pinged through the ping command on the client. If it can be pinged, then perform the following steps. If you can't ping, you need to solve the connection problem of the physical line first.If it can be pinged, it can be solved in the following ways.
1οΈβ£ Make sure that the management terminal is still running. Remember to close the SharedFileMonitor on the management terminal, which will cause LAN users to be unable to access the share.
2οΈβ£Turn off the Windows firewall of the management computer. Specific method: Control Panel\System and Security\Windows Firewall
3οΈβ£If it is connected across network segments. That is, the file server where the management terminal is located is on one network segment, and the visitor is on another network segment. In this case, the IP address of the connection server needs to be manually set.
Specific method: alt+f5 calls the software hotkey (other hotkeys: alt+f6, alt+f7, alt+f8, alt+f9; if the above hotkeys are not working, you can try ctrl+f5, ctrl+f6, ctrl+ f7, ctrl+f8, ctrl+f9; if the above hotkey still does not work, you can try ctrl+alt+f5, and so on.)
4οΈβ£Then enter the default password dsz to enter, and then click "Operation Software", select "Manual Configuration", then enter the server's IP address, and then click "OK"
5οΈβ£If you are prompted to fail the test, you need to open the relevant ports from the firewall as prompted
In this case, it is usually caused by the firewall intercepting the port 19681 required by the client connection
6οΈβ£After the connection is successful, there will be a time prompt:
( In this case, the shared file can be accessed normally)
@UndercodeTesting@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE SECURITY
CLONE ANY WEBSITE WITH HTTRACK.pdf
5.6 MB
Forwarded from UNDERCODE SECURITY
Content negotiation With CSRF.pdf
1.1 MB