Telnet Exploit?
Telnet, being a protocol and itself insecure for the reasons we talked about earlier(https://t.me/geekcode/2347). It lacks encryption, so sends all communication over plaintext, and for the most part has poor access control. There are CVE’s for Telnet client and server systems, however, so when exploiting you can check for those on:
🔗https://www.cvedetails.com/
🔗https://cve.mitre.org/
A CVE short for Common Vulnerabilities and Exposures is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they usually mean the CVE ID number assigned to a security flaw.
However, you’re far more likely to find a misconfiguration in how telnet has been configured or is operating that will allow you to exploit it.
@geekcode
Telnet, being a protocol and itself insecure for the reasons we talked about earlier(https://t.me/geekcode/2347). It lacks encryption, so sends all communication over plaintext, and for the most part has poor access control. There are CVE’s for Telnet client and server systems, however, so when exploiting you can check for those on:
🔗https://www.cvedetails.com/
🔗https://cve.mitre.org/
A CVE short for Common Vulnerabilities and Exposures is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they usually mean the CVE ID number assigned to a security flaw.
However, you’re far more likely to find a misconfiguration in how telnet has been configured or is operating that will allow you to exploit it.
@geekcode
Cyber criminals compromised 1 million cards
Beware! New Android Malware Hacks Thousands of Facebook Accounts
Phishing sites targeting scammers and Theives
Security matters when the network is the internet
If you want this kind of cyber security latest news join @cyberagents
By the way this is our channel #supportus
@cyberagents
@geekcode
Beware! New Android Malware Hacks Thousands of Facebook Accounts
Phishing sites targeting scammers and Theives
Security matters when the network is the internet
If you want this kind of cyber security latest news join @cyberagents
By the way this is our channel #supportus
@cyberagents
@geekcode
OTP bypass and Account takeover using response manipulation
https://infosecwriteups.com/otp-bypass-and-account-takeover-using-response-manipulation-685ad4e1ea76
@geekcode
https://infosecwriteups.com/otp-bypass-and-account-takeover-using-response-manipulation-685ad4e1ea76
@geekcode
Medium
OTP bypass and Account takeover using response manipulation
Who is Krishnadev P Melevila?
What is SSH?
SSH (Secure Shell), is a remote administration protocol that allows users to control and modify their remote servers over the Internet. The service was created as a secure replacement for the unencrypted Telnet and uses cryptographic techniques to ensure that all communication to and from the remote server happens in an encrypted manner. It provides a mechanism for authenticating a remote user, transferring inputs from the client to the host, and relaying the output back to the client.
In next post we will discuss "How ssh works ?"
@geekcode
SSH (Secure Shell), is a remote administration protocol that allows users to control and modify their remote servers over the Internet. The service was created as a secure replacement for the unencrypted Telnet and uses cryptographic techniques to ensure that all communication to and from the remote server happens in an encrypted manner. It provides a mechanism for authenticating a remote user, transferring inputs from the client to the host, and relaying the output back to the client.
In next post we will discuss "How ssh works ?"
@geekcode
Hello my beautiful subscriber's
i hope you guys are doing well
Which topic should we cover in future ?
Leave a comment ❤️
We will make a detailed presentation about that topic❤️
#supportus 🙏
@geekcode
i hope you guys are doing well
Which topic should we cover in future ?
Leave a comment ❤️
We will make a detailed presentation about that topic❤️
#supportus 🙏
@geekcode
Bahamut Threat Group Targeting Users Through Phishing Campaign
https://blog.cyble.com/2021/08/10/bahamut-threat-group-targeting-users-through-phishing-campaign/
@geekcode
https://blog.cyble.com/2021/08/10/bahamut-threat-group-targeting-users-through-phishing-campaign/
@geekcode
Cyble
Cyble - Bahamut Threat Group Targeting Users Through Phishing Campaign
A phishing campaign from a Twitter post. The Threat Actor (TA) hosts malicious Android APK files on a counterfeit version of Jamaat websites.
How SSH Works?
If you’re Linux or Mac user, then using SSH is simple. If you use Windows, you will need to utilize an SSH client to open SSH connections. The most popular SSH client is PuTTY, which you can learn more about here.
For Mac and Linux users, head over to your terminal program and then follow the procedure below:
The SSH command consists of 3 distinct parts:
The SSH key command instructs your system that you want to open an encrypted Secure Shell Connection. {user} represents the account you want to access. For example, you may want to access the root user, which is basically synonymous for system administrator with complete rights to modify anything on the system. {host} refers to the computer you want to access. This can be an IP Address (e.g. 244.235.23.19) or a domain name (e.g. www.xyzdomain.com).
When you hit enter, you will be prompted to enter the password for the requested account. When you type it in, nothing will appear on the screen, but your password is, in fact being transmitted. Once you’re done typing, hit enter once again. If your password is correct, you will be greeted with a remote terminal window.
@geekcode
If you’re Linux or Mac user, then using SSH is simple. If you use Windows, you will need to utilize an SSH client to open SSH connections. The most popular SSH client is PuTTY, which you can learn more about here.
For Mac and Linux users, head over to your terminal program and then follow the procedure below:
The SSH command consists of 3 distinct parts:
ssh {user}@{host}The SSH key command instructs your system that you want to open an encrypted Secure Shell Connection. {user} represents the account you want to access. For example, you may want to access the root user, which is basically synonymous for system administrator with complete rights to modify anything on the system. {host} refers to the computer you want to access. This can be an IP Address (e.g. 244.235.23.19) or a domain name (e.g. www.xyzdomain.com).
When you hit enter, you will be prompted to enter the password for the requested account. When you type it in, nothing will appear on the screen, but your password is, in fact being transmitted. Once you’re done typing, hit enter once again. If your password is correct, you will be greeted with a remote terminal window.
@geekcode
What is Cookie theft?
Cookie theft also known as sidejacking or session
hacking, happens when cookies from the websites you
visit are stolen through an unsecure connection. The
cookie can then be used to allow the hacker to pretend
they are you. They can’t necessarily gain access to your
login credentials, but they can access the site as you
(using your session ID) and change your account settings
to hijack it.
How to avoid this technique:
• Make sure you’re always visiting a secure site https not http.
• Use a host VPN to encrypt your traffic.
@geekcode
Cookie theft also known as sidejacking or session
hacking, happens when cookies from the websites you
visit are stolen through an unsecure connection. The
cookie can then be used to allow the hacker to pretend
they are you. They can’t necessarily gain access to your
login credentials, but they can access the site as you
(using your session ID) and change your account settings
to hijack it.
How to avoid this technique:
• Make sure you’re always visiting a secure site https not http.
• Use a host VPN to encrypt your traffic.
@geekcode