The Hacking Library
356 subscribers
883 photos
19 videos
44 files
1.31K links
محتوي القناه هو عباره عن تجميع
القناه عباره عن ارشيف للهكرز الأخلاقيات وغير الأخلاقيين
استمتعوا😀👍
Download Telegram
#Google Confirms #Critical #Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat:--

#CVE-2019-2232 has been rated as the most severe of three critical #vulnerabilities addressed in the #December Android #Security #Bulletin. The official #NIST National Vulnerability #Database description of the vulnerability says that improper input validation in the "handleRun of TextLine.java" could create a "possible application crash." In other words, a maliciously-crafted message could cause a denial of service to your Android device. A permanent denial of service attack that could effectively kibosh your #smartphone. "User interaction is not needed for exploitation," the description continues, and the remote denial of service attack needs "no additional execution #privileges," for good measure.

The vulnerability applies to Android 8.0, Android 8.1, Android 9 and Android 10 versions.

#Link:-

https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/


#Google Confirms #Critical #Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat:--

#CVE-2019-2232 has been rated as the most severe of three critical #vulnerabilities addressed in the #December Android #Security #Bulletin. The official #NIST National Vulnerability #Database description of the vulnerability says that improper input validation in the "handleRun of TextLine.java" could create a "possible application crash." In other words, a maliciously-crafted message could cause a denial of service to your Android device. A permanent denial of service attack that could effectively kibosh your #smartphone. "User interaction is not needed for exploitation," the description continues, and the remote denial of service attack needs "no additional execution #privileges," for good measure.

The vulnerability applies to Android 8.0, Android 8.1, Android 9 and Android 10 versions.

#Link:-

https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/
wallet-core:-- Cross-platform, cross-blockchain #wallet library.

Trust Wallet Core is a cross-platform library that implements low-level #cryptographic wallet functionality for all supported #blockchains. Most of the code is C++ with a set of strict exported C interfaces. The library provides idiomatic interfaces for all supported #languages (currently #Swift for #iOS and #Java for #Android).

#Download #Link:-

https://github.com/trustwallet/wallet-core


wallet-core:-- Cross-platform, cross-blockchain #wallet library.

Trust Wallet Core is a cross-platform library that implements low-level #cryptographic wallet functionality for all supported #blockchains. Most of the code is C++ with a set of strict exported C interfaces. The library provides idiomatic interfaces for all supported #languages (currently #Swift for #iOS and #Java for #Android).

#Download #Link:-

https://github.com/trustwallet/wallet-core
Expo:-- An #opensource platform for making #universal #native apps with #React. Expo runs on #Android, #iOS, and the #web.

Expo is an open-source platform for making universal native apps that run on Android, iOS, and the web. It includes a universal runtime and libraries that let you build native apps by writing #React and #JavaScript. This repository is where the Expo client #software is #developed and includes the client apps, modules, apps, and more. The Expo #CLI repository contains the Expo #development #tools.

#Download #Link:-

https://github.com/expo/expo


Expo:-- An #opensource platform for making #universal #native apps with #React. Expo runs on #Android, #iOS, and the #web.

Expo is an open-source platform for making universal native apps that run on Android, iOS, and the web. It includes a universal runtime and libraries that let you build native apps by writing #React and #JavaScript. This repository is where the Expo client #software is #developed and includes the client apps, modules, apps, and more. The Expo #CLI repository contains the Expo #development #tools.

#Download #Link:-

https://github.com/expo/expo
Photos from National Cyber Security Services's post


ReconCobra:-- Complete #Automated #Pentest #Framework for #Information #Gathering.

The software has 82 Options with full #automation and #powerful information gathering.

#Reconcobra is #Footprinting software for Ultimate Information Gathering
#Kali, #Parrot OS, #BlackArch, #Termux, #Android Led TV.

Introduction:-
1. ReconCobra is useful in #Banks, Private #Organisations and #Ethical #hacker #personnel for legal #auditing.
2. It serves as a defense method to find as much information possible for gaining unauthorized access and intrusion.
3. With the emergence of more advanced #technology, cybercriminals have also found more ways to get into the system of many organizations.
4. ReconCobra #software can #audit, #firewall behavior, if it is leaking backend machines/server and replying pings, it can find internal and external networks where many software’s like #ERP, mail firewalls are installed, exposing servers so it does Footprinting, Scanning & #Enumeration as much as possible of target, to discover and collect most possible information like username, #web #technologies, files, endpoint, #API and much more.
5. It’s the first step to stop #cyber #criminals by securing your Infrastructural Information Gathering leakage. ReconCobra is false positive free when there is something it will show no matter what, if it is not, it will give blank results rather error.

#Download #Link:-

https://github.com/haroonawanofficial/ReconCobra
MifareClassicTool:-- An #Android #NFC app for reading, writing, #analyzing, etc. MIFARE Classic #RFID tags.

Features:--
1. Read MIFARE Classic tags
2. Save, edit and share the tag #data you read
3. Write to MIFARE Classic tags (block-wise)
4. Clone MIFARE Classic tags
(Write #dump of a tag to another tag; write 'dump-wise')
5. Key #management based on dictionary-attack
(Write the keys you know in a file (dictionary).
MCT will try to authenticate with these
keys against all sectors and read as much as possible.
See chapter Getting Started.)
6. Format a tag back to the factory/delivery state
7. Write the manufacturer block of special MIFARE Classic tags
8. Use external NFC readers like ACR 122U
(See the Help & Info section for more information.)
9. Create, edit, save and share key files (dictionaries)
10. Decode & Encode MIFARE Classic Value Blocks
11. Decode & Encode MIFARE Classic Access Conditions
12. Compare dumps (Diff Tool)
13. Display generic tag information
14. Display the tag data as highlighted hex
15. Display the tag data as 7-Bit US-ASCII
16. Display the MIFARE Classic Access Conditions as a table
17. Display MIFARE Classic Value Blocks as an integer
18. In-App (offline) help and #information
19. It's free #software (#opensource). ;)

#Download #Link:-

https://github.com/ikarus23/MifareClassicTool


MifareClassicTool:-- An #Android #NFC app for reading, writing, #analyzing, etc. MIFARE Classic #RFID tags.

Features:--
1. Read MIFARE Classic tags
2. Save, edit and share the tag #data you read
3. Write to MIFARE Classic tags (block-wise)
4. Clone MIFARE Classic tags
(Write #dump of a tag to another tag; write 'dump-wise')
5. Key #management based on dictionary-attack
(Write the keys you know in a file (dictionary).
MCT will try to authenticate with these
keys against all sectors and read as much as possible.
See chapter Getting Started.)
6. Format a tag back to the factory/delivery state
7. Write the manufacturer block of special MIFARE Classic tags
8. Use external NFC readers like ACR 122U
(See the Help & Info section for more information.)
9. Create, edit, save and share key files (dictionaries)
10. Decode & Encode MIFARE Classic Value Blocks
11. Decode & Encode MIFARE Classic Access Conditions
12. Compare dumps (Diff Tool)
13. Display generic tag information
14. Display the tag data as highlighted hex
15. Display the tag data as 7-Bit US-ASCII
16. Display the MIFARE Classic Access Conditions as a table
17. Display MIFARE Classic Value Blocks as an integer
18. In-App (offline) help and #information
19. It's free #software (#opensource). ;)

#Download #Link:-

https://github.com/ikarus23/MifareClassicTool
Lockwise-ios:-- #Firefox's #Lockwise #app for #iOS and #Android.

#Securely access the #passwords you’ve saved in Firefox from anywhere — even outside of the #browser.

Features:-
1. 256-bit #encryption protects you while synchronizing
2. Get to your passwords securely with Face or Touch ID
3. Your #privacy comes first. We keep your #data safe, never sold.

#Download #Link:-

https://www.mozilla.org/en-GB/firefox/lockwise/


Lockwise-ios:-- #Firefox's #Lockwise #app for #iOS and #Android.

#Securely access the #passwords you’ve saved in Firefox from anywhere — even outside of the #browser.

Features:-
1. 256-bit #encryption protects you while synchronizing
2. Get to your passwords securely with Face or Touch ID
3. Your #privacy comes first. We keep your #data safe, never sold.

#Download #Link:-

https://www.mozilla.org/en-GB/firefox/lockwise/
Rucky:-- A simple to use #USB #HID #Rubber #Ducky LaunchPad for #Android.

A USB HID Rubber Ducky Script All-In-One tool.

#Download #Link:-

https://github.com/mayankmetha/Rucky


Rucky:-- A simple to use #USB #HID #Rubber #Ducky LaunchPad for #Android.

A USB HID Rubber Ducky Script All-In-One tool.

#Download #Link:-

https://github.com/mayankmetha/Rucky
Photos from National Cyber Security Services's post


TheFatRat:-- Updated new version

#TheFatrat a massive #exploiting tool!

Easy tool to generate #backdoor and easy tool to post-exploitation attacks like #browser attack and etc. This tool compiles a #malware with popular #payload and then the compiled malware can be executed on #windows, #android, #mac. The malware that created with this tool also has an ability to #bypass most #AV #software.

Features:-
1. Fully Automating #MSFvenom & #Metasploit.
2. Local or remote listener Generation.
3. Easily Make Backdoor by category Operating System.
4. Generate #payloads in Various formats.
5. Bypass anti-virus backdoors.
6. File pumper that you can use for increasing the size of your files.
7. The ability to detect external #IP & Interface address.
8. Automatically creates AutoRun files for #USB / CDROM exploitation.

#Download #Link:-

https://github.com/Screetsec/TheFatRat
Photos from National Cyber Security Services's post


Onex v0.1:-- Onex is a #hacking #tool installer and package manager for #hackers. Onex is a library of all hacking tools for Termux and other #Linux distributions. onex can install any third-party tool or any hacking tool for you.

"onex a hacking tools library." Onex is a #kali Linux hacking tools installer for #termux and other Linux distribution. It's a package manager for hackers. onex manages large numbers of hacking tools that can be installed on a single click. Using onex, you can install all hacking tools in Termux and other Linux based distributions. onex can install more than 370+ kali Linux hacking tools. use onex install [tool_name] command to install any hacking tool.

onex works on any of the following operating systems:-
1. #Android (Using the Termux App)
2. Linux (Linux Based Systems)

#Download #Link:-

https://github.com/rajkumardusad/onex
InjuredAndroid:-- A #Vulnerable #Android #Application That Shows Simple Examples Of #Vulnerabilities In A #CTF Style.

Setup for a physical device:-
1. Download injuredandroid.apk from #Github
2. Enable #USB debugging on your Android test phone.
3. Connect your phone and your pc with a #USB cable.
4. Install via ADB. ADB install injuredandroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.

Setup for an Android #Emulator using Android Studio:-
1. Download the #APK file.
2. Start the emulator from Android Studio (I recommend downloading an emulator with #Google #APIs so #root adb can be enabled).
3. Drag and drop the .apk file on the emulator and injuredandroid.apk will install.

#Download #Link:-

https://github.com/B3nac/InjuredAndroid


InjuredAndroid:-- A #Vulnerable #Android #Application That Shows Simple Examples Of #Vulnerabilities In A #CTF Style.

Setup for a physical device:-
1. Download injuredandroid.apk from #Github
2. Enable #USB debugging on your Android test phone.
3. Connect your phone and your pc with a #USB cable.
4. Install via ADB. ADB install injuredandroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.

Setup for an Android #Emulator using Android Studio:-
1. Download the #APK file.
2. Start the emulator from Android Studio (I recommend downloading an emulator with #Google #APIs so #root adb can be enabled).
3. Drag and drop the .apk file on the emulator and injuredandroid.apk will install.

#Download #Link:-

https://github.com/B3nac/InjuredAndroid
Photos from National Cyber Security Services's post


Ghost Framework:-- #Android #post #exploitation #framework that uses an Android Debug Bridge to #remotely access an Android device. #Ghost Framework gives you the power and convenience of #remote Android #device #administration.

Why ghost framework?
1. Accessing device shell
INFO: Ghost Framework can be used to access the remote
Android device #shell without using #OpenSSH or other protocols.

2. Emulating device button presses
INFO: Ghost Framework can be used to emulate
button presses on the remote Android device.

3. Removing device password
INFO: Ghost Framework can be used to remove the
remote Android device #password if it was forgotten.

#Downlaod #Link:-

https://github.com/entynetproject/ghost
AMLIDS:-- #Android #Machine #Learning #Intrusion #Detection System is written in C#

Android App (written in C# with Xamarin Forms):-
1. Create the Android App to collect the hypothetical #information needed to create the model
2. Add LiteDb and syncing to the gRPC service
3. Add background service to do the #syncing automatically
4. Add ML detections from the background service

#Download #Link:-

https://github.com/jcapellman/AMLIDS


AMLIDS:-- #Android #Machine #Learning #Intrusion #Detection System is written in C#

Android App (written in C# with Xamarin Forms):-
1. Create the Android App to collect the hypothetical #information needed to create the model
2. Add LiteDb and syncing to the gRPC service
3. Add background service to do the #syncing automatically
4. Add ML detections from the background service

#Download #Link:-

https://github.com/jcapellman/AMLIDS
Pupy:-- #Pupy is an #opensource, #cross-platform (#Windows, #Linux, #OSX, #Android) #remote #administration and #post-#exploitation tool mainly written in #python.

Pupy is a cross-platform, multi-function #RAT and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint. Pupy can communicate using multiple modes of #transport, migrate into #processes using reflective #injection, and load remote python code, python packages and python C-extensions from #memory.

Features:-

1. Windows #payload can load the entire Python #interpreter from memory using a reflective #DLL.
2. Can be packed into a single .py file and run without any dependencies other than the python standard library on all OSes.
3. Reflectively migrate into other processes.
4. Easily extensible, modules are simple to write and are sorted by os and category.
5. Modules can directly access python objects on the remote client using rpyc.
6. Access remote objects interactively from the pupy shell and get auto-completion of remote attributes.
7. Communication transports are modular and stackable. Exfiltrate data using #HTTP over HTTP over #AES over #XOR, or any combination of the available transports.
8. Communicate using obfsproxy pluggable transports.
9. Execute non-interactive commands on multiple hosts at once.
10. Commands and scripts running on remote hosts are interruptible.
11. Auto-completion for #commands and arguments.
12. Custom config can be defined: command aliases, modules. automatically run at connection, etc.
13. Open interactive python shells with auto-completion on the all-in-memory remote python interpreter.
14. Interactive shells (cmd.exe, /bin/bash, etc) can be opened remotely.
15. Remotely import pure python packages (.py, .pyc) and compiled python C extensions (.pyd, .so) from memory.
16. Execute the PE executable remotely and from memory.
17. Generate payloads in various formats:

#Download #Link:--

https://github.com/n1nj4sec/pupy


Pupy:-- #Pupy is an #opensource, #cross-platform (#Windows, #Linux, #OSX, #Android) #remote #administration and #post-#exploitation tool mainly written in #python.

Pupy is a cross-platform, multi-function #RAT and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint. Pupy can communicate using multiple modes of #transport, migrate into #processes using reflective #injection, and load remote python code, python packages and python C-extensions from #memory.

Features:-

1. Windows #payload can load the entire Python #interpreter from memory using a reflective #DLL.
2. Can be packed into a single .py file and run without any dependencies other than the python standard library on all OSes.
3. Reflectively migrate into other processes.
4. Easily extensible, modules are simple to write and are sorted by os and category.
5. Modules can directly access python objects on the remote client using rpyc.
6. Access remote objects interactively from the pupy shell and get auto-completion of remote attributes.
7. Communication transports are modular and stackable. Exfiltrate data using #HTTP over HTTP over #AES over #XOR, or any combination of the available transports.
8. Communicate using obfsproxy pluggable transports.
9. Execute non-interactive commands on multiple hosts at once.
10. Commands and scripts running on remote hosts are interruptible.
11. Auto-completion for #commands and arguments.
12. Custom config can be defined: command aliases, modules. automatically run at connection, etc.
13. Open interactive python shells with auto-completion on the all-in-memory remote python interpreter.
14. Interactive shells (cmd.exe, /bin/bash, etc) can be opened remotely.
15. Remotely import pure python packages (.py, .pyc) and compiled python C extensions (.pyd, .so) from memory.
16. Execute the PE executable remotely and from memory.
17. Generate payloads in various formats:
Photos from National Cyber Security Services's post


Android Application Analyzer:-- The #tool is used to #analyze the content of the #android #application in local storage.

Install the dependency using following #command:-
1. chmod +x setup.sh
2. ./setup.sh
Use the following command to run the tool:
1. python3 main.py

In order to run "Fridump" and "Frida #universal #ssl unpinning" script, #Frida client must be installed on base machine

#Download #Link:-

https://github.com/NotSoSecure/android_application_analyzer