Want everything in black!? Go to the link below and check out the products.
Use the code ROML3N to get 20% off everything

💲 matteblackeverythin.com

SHOULD I ROOT MY FON?
.
Rooting your phone gives you access to more features. But most importantly it voids your warranty. This means that if the FON is new, you can't return it for a new one after you brick it.
So lets be realistic
.
Google does not allow us to use Android with ROOT by default because they are trying to protect the users. We here are hackers. We need ROOT. We don't need protection. In fact it's the others ;) who need protection. You probably bought your FON from someone else or stole it like me. Bottom line is even if you plan to return it, you don't have a receipt right now. So forget about warranties and seriously ROOT UR DEVICE. u are doomed anyways.
.
Anyway install termux a Linux shell for Android. We will install a c compiler along with nmap for port scanning, netcat and ssh for connecting to our target.
So uh, I hope ur serious this time. A new series where I teach a little c (Jack has already taught the majority of it) will come up.
Stay tuned...
~halo

Are you a prankster? Do you want to become one?

Here are some cool techy pranks you could perform on your friends, and finally get to do the maniacal evil laughter you've always wanted to do. Come on, everyone has that evil laughter. 😈

http://telegra.ph/Techy-Pranks-to-Try-on-your-Friends---or-Frenemies-05-16

If a class was filled with every programming language, who would each programming language be? 😅
Assembly: He’s the nerd. He speaks very quickly and uses short sentences. Very few people talk to him. He’s considered to be an autist asperger by a majority of the class because he finishes the exams so quickly it’s insane and he faces a lot of difficulties in speaking with others. He’s at school but already dressed like an engineer.
Ada: She’s a foureyes nerd. When she gets the answer she’s doesn’t make any mistake. Ada often corrects the teacher when she writes a line a little ambiguous. She’s building a rocketship in her backyard and she’s always speaking about this weird hobby.
Python: He’s Mr Popular. He likes skate, brags about all the parties he’s invited to. He’s good in all the subjects taught in class but he’ll do them a bit slower than the others. Everyone loves him because he explains things so well, sometimes the teacher herself asks Python to explain some part of the course. He’s dressed with a hoodie, a baggy and glasses on the top of the head ;)
Java: She is one of the toppers of the class and very popular. She’s very good in all the topics. The teacher loves her but she’s a very talkative person.
Scala/Kotlin: They are twin sisters and the best friends of Java. Unfortunately, they are not as popular and it’s often Java who takes the lead in the group. It’s very difficult to distinguish one from another. Both are far less talkative than Java but Scala speaks a bit differently than Kotlin and Java.
C: He’s the topper of the class. He’s so fast in completing the exams that the teacher really thinks he’s copying Assembly’s work. He has a little brother C++ and they share a lot in common together. He’s the chess major and often plays chess with Assembly and his big brother.
Go: He’s the new kid on the bloc. He doesn’t like C++ and his friends and he wants to prove he can do better than them. Of course, he prefers playing Go over Chess.
APL: He’s a lonely guy. No one understands him when he speaks. Even the teacher is surprised when APL shows a correct answer after several lines of incomprehensible pictograms. People think that he was born in a foreign country… or a foreign planet ?
HTML/CSS: These twin brothers are very different. One is dressed in black and white and the other is dressed with everything except black and white. HTML is very talkative and annoying and the CSS is very artistic. CSS is the best student in Art lessons and HTML performs well in written expression.
LaTeX: She’s friend of HTML. The teacher likes her because she has a gift of writing. LaTeX likes the mathematical courses because she can draw fancy greek letters. The teacher knows this well and she is often asked to write a formula on the black board.
VBA: He’s in the back, looking through the windows. Not really interested in the courses taught in class. In the exams, he answers always with a table.
C#: He’s in the back playing yet another game on his smartphone. He likes being next to the windows also.
JavaScript: People often mix up Java and JavaScript because they have a similar name. But they are definitly not the same. Javascript spends a lot of time with HTML and CSS. He’s as artistic as CSS but he prefers things that move. He likes actions and movies. CSS dreams to be a painter wheras JavaScript wants to be a film-maker.
Haskell: He’s a goth. Dressed up in dark. Doesn’t talk to anyone. He doesn’t understand why others write pages when he can write a couple of lines to answer the same question.
Julia: She’s the newest student here. She doesn’t have any friends yet but her secret aim is to be as popular as Python and as fast as C.
Lua: Little Johnny.
And there is ++++[++++>---<]>-.---[----->+<]>-.+++[->+++<]>++.++++++++.+++++.--------.-[--->+<]>--.+[->+++<]>+.++++++++.
I hope I didn’t gone too far! It was really fun to write
By : Udobad Mikado Edidiong

paypal loading running for 50% minimum $50 for $25 Worth BTC/LTC @anonyguy

i) Defense is more difficult than offense. For defense you have to find and close 100 doors which an attacker can use to get into the Server, For offense the attacker has to find one single way to get in.

ii) WebApplications now days have became extremely complex with new features being added on daily basis. It's almost impossible to achieve complexity and Security at the same time.

iii) Automated Scanners and Web Application Firewalls won't necessarily protect your Webapplications. As both of them do not understand Business Logic of the Application. Defense in depth principle should be followed where Security should be ensured at all layers. Independent Securtiy Researcher Rafay Baloch

Are you wondering about all the data that google stores? Are you tired of copy pasting all of your gmail's messages to add to a offline drive? Or do you want to download all files from google drive? It even includes google maps data, history, locations, bookmarks, and whatnot.
https://takeout.google.com
Google, always taking your stuff. Atleast now you know how to get it back..

Marques Brownlee (t.co/MKBHD) explains the Google ban on Huawei. Watch his video

https://youtu.be/qZGpmWrVSaU

Check the above picture .The paypal Vuln Going Order Order Order @anonyguy

Got together with a group of other hackers where we hacked a site using sqli
We found out the passwords in the dB were salted before hashing cos even when we shared them amongst ourselves to brute force, it took a lot of time
Then one of the guys had a brilliant suggestion
Instead of wasting time cracking the admin password, we should just change the reset email
We did that and went to forgot password
The reset link was sent to my email which we used to 'take ctrl from da admin'
Now we could deface the site but that's not what we came for anyway, so we grabbed the loot (booty) and got out if there
;)
Working in a team can speed things up
#for_teh_lulz
this is jhonny

Your PC doesn't have enough juice yo run Photoshop? Or maybe you don't have a PC to make cool Photoshop edits? Worry no more. Visit the link below to edit your photos with ease online, without the need to pay a single dollar, or a PC.

https://www.photopea.com/

Send me @romL3N your email address and I'll recommend you to get 2 free months of premium skillshare, with unlimited access to 17000+ online courses on anything. You can cancel anytime.

Alternatively, you can use my link: https://skl.sh/2G8Zj3r

TODAYS MESSAGE
.
.
I am currently trying "something" on a bank ;)
And I didn't know where to start
So for a while, I just walked away
But today all of a sudden, I went back.
.
.
ETERNAL BLUE
The eternal exploits include eternal blue, eternal synergy, eternal romance, eternal champion etc.
These were zero day exploits used by the NSA. Zero day means no one knew about them yet. Now these exploits can hack any windows pc (excluding windows 10) that has port 139 or 445 (NetBIOS or smb) open to the internet. I know on a corporate network, these posts will be open. But on a standalone machine I am not sure. I however port scanned my win7 beta os with netcat and weird enough it was open. If you guys could please portscan your machines (use the IP address localhost or 127.0.0.1) and send me the results, I would be very grateful. Anyways back to business. So I can find a machine on that network with that port open, I could use eternal blue to hack it!
Note: I have not done this yet
.
.
My message for today is this:
Some of you are learning to code and use Linux efficiently. And over here, we appreciate such skills.
Now I just want to add a little to the knowledge you already have.
When you are a hacker, you need to be in touch with the latest exploits. Because I have been doing this, I know windows has an rce(remote code execution) called eternal blue, Linux has sambacry and even android has blue borne. This knowledge helped me to find vulnerable servers by scanning the subnet for machines with port 445 open so that I could exploit it directly. Androids blue borne vulnerability can be used to hack any Android phone <7. So apart from android 8 to 10, any Android phone with Bluetooth on can be hacked.
It just helps to keep in touch with the infosec community
For example, do you know that Canonical (the company that "is" Ubuntu) got hacked some time last month? Or that a female hacker stole 106million credit cards from a US bank?
These are all things you need to know
i am jack
Stay happy
And don't forget to
#hack_teh_world
After all, we do it
#for_the_children and #for_teh_lulz
.
.

~halo

Google gets rids of Android version codenames. Android Q is now officially Android 10

Porsche just unveiled the new all-electric Taycan. Starting at $152,250, it's a fuckin' expensive Tesla alternative.

Doing Paid Facebook Promotion For Ethiopians Only!
@anonyguy

HOW I HACKED INTO A BANK
By jhonny
Back again my people. This time I talk about how I HACKED INTO a bank. First of all banks have very secure networks so its not easy to just hack them. Secondly what inspired this hack was from a movie I had watched. The concept of using proxies and pivoting is also discussed here.
**************
My mom had set out to the bank that morning and I knew she would be there. I had always wanted to hack into a bank just for the thrill of it mainly cos all my past hacks had to do with internet cafes and scammers etc. but this time a bank? Yep! That was my next target on the list.
My phone run the arm version of Kali nethunter, a popular Android based Kali Linux operating system with all the hacking tools one would need.
.
.
KRACK
I came across krack a while back in 2017. The key reinstallation attack or simply krack.
This was the latest exploit at that time that allowed you to connect to any WiFi network without a password. You can check it out on Google if you like. So I just went to github to grab poc code and modified it then I compiled it.
I wrote a bash script in my phone to keep connecting to any WiFi networks it found and because of the crack exploit it wouldn't need a password.
What I wanted to achieve was to get an IP address on the network which I could use to attack the other machines.
.
.
THE HACK
Early that morning, I put my phone on and connected it with a powerbank( I didn't want a low battery to stop my precious hack) and dropped it inside her bag just before she left. Once she got to the bank, the phone should connect to the WiFi network and immediately send back a connection to my machine at home.
I had already placed the scripts there along with my IP address which it should connect to. I did this by using the ssh application to create a reverse socks proxy on my phone which will connect to my pc anytime it had a connection (just like a backdoor).
So she left the house and 1hr, 2hrs still no connection. What could be wrong?
I thought of calling her yet I simply discarded the idea.
If this hack goes through I could be a millionaire or maybe one of the richest men in Africa since that Nigerian guy took first place for over 10yrs now.
I got up to go get my special bread with butter and when I got back, a prompt was waiting for me!
I just threw the bread somewhere and rushed behind my pc. I was inside the network. All I could think of was "well, halo you've only got one shot at this. And if you waste it, you can at anytime male money disappear in the house so your mom goes to the bank again" ;)
.
.
FINDING THE TARGETS
All my students should know this:
First things you do in a hack is a ping sweep or portscan. And here nmap was there to help
.
nmafor92.168.0.0/16 -A -O
.
Here is what the command means
Nmap is the name of the app that we are using to scan the network
192.168.0.0/16 is the cidr of the network we are scanning
The IP addresses in a WiFi network always begins with 192.168 so that's why we are starting from 0.0 to 255.255 which is what the /16 stands for
-A tells nmap to detect the versions of the software it finds and finally -O tells nmap to give us the name of the operating system of all the users
.
Scanning through the output I realised a lot of the machines in the network were windows 10. This wasn't really good news. The fact that I was in a network meant that I could get into any machine if only I had the admin username and password.
This was getting tough. I didn't know what to do. I kept scrolling up through the output trying to find another target when a windows7 machine in the list caught my attention. As many of you may already know, windows 7 is one of my favourite when hacking because of the fact that it has an RCE bug (remote code execution) called eternal blue that allows you to hack the machine without needing prior authorization
Now all I had to do was to pray that it works.
Then I started metasploit using the command
.
msfconsole
.
Within a few seconds, there was the metasploit splash screen. I don't really remember what I typed but I'll try to

come up with something.
.
> search eternal
> use exploit/smb/eternalblue
(exploit/smb/eternalblue)> show options
(exploit/smb/eternalblue/)> set rhosts 192.168.20.45
(exploit/smb/eternalblue) > set command "powershell -ep bypass -w hidden -encodedcommamd ..."
(exploit/smb/eternalblue) > exploit
.
If you look closely you'll see me setting the IP address of that windows 7 machine (it ends in 45) and setting the command it should run to powershell in a hidden window so that the person behind that pc doesn't see what's going on. The encoded command was a base64 powercat payload (powercat is netcat written in jacks favourite powershell)
All that while a listener was waiting on my machine
And again I got a connection from the windows 7 machine.
Now however two things ran through my mind.
My first prayer was that my mom shouldn't leave the premises before I finished the hack else I would lose the connection the next was that if the windows 7 machine got rebooted, I will have to start again
So just to make sure I run the command
.
cmd.exe /k tasklist
.
To see what software was currently running. If something like chrome was running I would know the person was online etc. What I saw startled me. I started seeing things like php, MySQL and the other stuff you programmers use.
Hm, what's all this fuss about? Could there be a database?
So I run a command to search for databases
.
cmd.exe /k "dir /s *.db C:"
.
This is supposed to search the c drive which is the hard disk for files that end in .db which is commonly what database files end with. And I got results like pensioners.db and accounts.db which are the database files for the pensioners and the accounts in the bank. Now before any stroke of bad luck got me, I set the bitsadmin tool to upload it to a server where I can download it from the internet in casey mom left the bank or worse, it will still keep uploading. After this, I would have the accounts, usernames and everyone in the bank and now I was in the bank, I could add myself as anyone with any amount of money and withdraw it anytime as long as the hard disk said I had an account in the bank.
Now for the favourite part, I put the powercat backdoor payload in the startup folder so that anytime the pc was started I would have access. It regularly checks the IP address of my dynamic DNS hostname to see where it should connect to.
Whatever I did to that machine after that is nobody's business
Don't ask me about any money etc
I will deny it :)
4 hours later and my mom was still not back.
Then I started thinking: what if they caught her?
What if they were watching my every move?
After a few minutes I heard a knock on the door and it was so firm that I asked myself again:
.
What if...she is :O with the police?
.
.
Analysis
As we saw, the windows7 machine was no ordinary pc. In fact it was a server. But one may ask "why is all the other pcs running win10 and the main admin is running win 7?". The reason is because perhaps not all of the apps like the php MySQL etc was able to run on windows10
By default win7 is able to run most windows software so the IT admin thought it was to keep using win7 so that the system could still be stable without crashing after upgrading to a new os.
Yet still he/she should have updated regularly to patch eternal blue
That's all I have for you guys and if I was absent during the past weeks, this is the story.
And there you have it folks my full confession.
.
.
Keep coming back for more stories
And remember we do it
#for_the_children
#for_teh_lulz
#occupy_the_web

from Jhon
THE LAW FIRM HACK
So I got called up on IRC (the "group" I now belong to :) ) about a hack. What we had to do was simple. A lawyer had been hacked. They were able to get a Trojan on the guys pc. All we now had to do was to pivot from his machine to access the rest of the network. Just as a test, I was to work on this with another girl(or guy?) called raven.
We had to dump all the data on their server and upload it to mediafire where the rest of the team could download it. I was curious as to how they were able to get the rat on the lawyers pc but well, these guys never tell.
I scaned the network but nothing!
All the packets were dropped by the firewall. It looked like the firewall blocks incoming connections and only allows out going connection.
In simple terms its like a phone that can only be used to make a call. That's why me scanning didn't work. Raven said the rat had socks capabilities and all I had to do was to wait for her to configure the rat to open a "reverse socks proxy" to my pc.
I'm sure you have heard of a socks proxy.A proxy is software that allows you to browse the net using another pcs identity. Criminals use it to hide when doing illegal stuff on the net.
A reverse proxy is a proxy that connects to you instead of waiting for you to connect to it.
So in my case i started using the identity of the first hacked machine
This machine was already instde the network so all i had to do was to configure proxychains (an app for linux that allows you to use many proxies at a time to beore secure) to add that machine to my list of proxies.
Remember the machine is now my proxy so anything I do, it will look as if that machine is the one doing it
Then i used nmap to scan its subnet (the network the machine is in) and noticed something unusual
Right in the scan results a printer was running. I guess that's what they use to print their law stuff but that was still something that wasn't just exposed to the net.
Raven told me when she was given access to the rat, she realised that the pc was logging all the IP addresses it connected to. That was a smart move by the sys admin so that in case of a hack, they could trace it back.
But these guys are so damn smart that they use the online azure cloud. This is like a vm but online! Azure, I think belongs to Microsoft so even if the IP address is looked up, it will look as if the windows pc is just connecting to its mother (Microsoft) sub domain. The nmap scan had showed us where the main server was. But we now needed to somehow connected to it. I know you guys will probably say "Lets use eternal blue man" But eternal blue doesn't work on windows10 or the latest version of Windows server. This time we had to do something "legit"
*********************"
Mimikatz
Mimikatz is a tool written by @gentil_kiwi that is used to recover windows passwords and hashes
Following the large use of mimikatz, Microsoft made win8.1 and 10 stop keeping clear text passwords in memory. Thus just means that we can only use it to get the passwords of win7 and 8.
But we can still get the hashes!
Mimikatz can be downloaded as an exe or a powershell script. Well, I chose the powershell script. Then from remote scripting within the app, I run
.
powershell.exe -nop -exec bypass
.
And got a powershell prompt
I then uploaded an run mimikatz
Using
.
lsadump::hashes
.
I got the hashes to the system
My old readers will know if a "pass the hash" attack where an attacker doesn't need your password to connect to your pc.
I Used this same attack in mimikatz to connect to that windowsserver infecting it too with a rat.
***********************
The goods
Powershell can zip stuff up like folders etc. So we used that to compress everything into one big file.
The problem now was that if we tried to steal all that data directly from the pc, the heavy traffic will congest the network and we would get caught.
What we needed was an efficient way to pass all that data out an make it look "legit"
Then just like a flash, I said "to raven, what if we use the printer to exfil the data. The server sends the data to

the printer, and the printer uploads it?" on IRC. That may work she said "lets try it. But remember no messing up. This could be our one and only chance in the network so don't get caught". Ah words of inspiration. Like music to my ears ;)
****************
Hacking the printer
This was the easiest part since a printer is an iot (internet of things) device. As usual the user and pass were "admin". I don't know why these manufactures would make a device with ssh and make the password something so easy. Anyways back to my hack.
With a quick powershell script which logged onto a mediafire account and attempted to upload the stolen data, the printer was once again used as a proxy. To someone reading the network it looks like the win server machine is printing a huge document. The printer is however relaying all that data and uploading it to mediafire.
After three hours, all was done.
The rest on the team congratulated raven and I for a job well done.
***************
I also had my thrills
From lulz of course
Infact apart from it being for experience to become better at what I do lulz is next
Well time for me to put my head down for refreshing sleep so I can wake up at dawn ;)
#for_teh_lulz