Hacking Mafia

Learn Ethical Hacking,Ethical hacking Training,Hacking Forum,CEH Training

Thursday, July 14, 2016

Bug allows to Hack any version of Microsoft Windows


Critical Print Spooler Bug allows Attackers to Hack any version of Microsoft Windows

Microsoft's July Patch Tuesday offers 11 security bulletins with six rated critical resolving almost 50 security holes in its software.


The company has patched a security flaw in the Windows Print Spooler service that affects all supported versions of Windows ever released, which if exploited could allow an attacker to take over a device via a simple mechanism.

The "critical" flaw (CVE-2016-3238) actually resides in the way Windows handles printer driver installations as well as the way end users connect to printers.

The flaw could allow an attacker to install malware remotely on victim machine that can be used to view, modify or delete data, or create new accounts with full user rights; Microsoft said in MS16-087 bulletin posted Tuesday.

Users who are logged in with fewer user rights on the system are less impacted than users who operate with administrative user rights, such as some home accounts and server users.

Microsoft said the critical flaw could be exploited to allow remote code execution if an attacker can conduct a man-in-the-middle (MiTM) attack on a system or print server or set up a rogue print server on a target network.

The critical flaw was discovered and reported by the researchers at security firm Vectra Networks, who disclosed some details on the vulnerability, but didn't publish their proof-of-concept (POC) code.

You can watch the video that shows the hack in action:

In corporate networks, by default network administrators allow printers to deliver the necessary drivers to workstations or systems connected to the network. These drivers are silently installed without user interaction and run with full privileges under the SYSTEM user.

According to researchers, attackers can replace these drivers on the printer with malicious files that could allow them to execute code of their choice.

More worrisome: If the printer is behind a firewall, attackers can even hack other device or computer on that particular network, and then use it to host their malicious files.

Watering Hole Attacks via Printers
Like servers, multiple computers are also connected to printers in an effort to print documents as well as download drivers. So, this flaw allows a hacker to execute watering hole attacks technically using printers.

Watering hole attacks, or drive-by downloads, are used to target businesses and organizations by infecting them with malware to gain access to the network.

    "Rather than infecting users individually, an attacker can effectively turn one printer into a watering hole that will infect every Windows device that touches it," said Vectra chief security officer Gunter Ollmann.

    "Anyone connecting to the printer share will download the malicious driver. This moves the attack vector from physical devices to any device on the network capable of hosting a virtual printer image."

This flaw (CVE-2016-3238) is by far the most dangerous vulnerability of the year, which is easy to execute, provides different ways of launch attacks, and affects a huge number of users.

A second related vulnerability, CVE-2016-3239, in MS16-087 bulletin is a privilege escalation flaw that could allow attackers to write to the file system.

A security bulletin for Microsoft Office, MS16-088, includes patches for seven remote code execution (RCE) vulnerabilities, 6 of them are memory corruption flaws, which affects Microsoft Office, SharePoint Server as well as Office Web Apps.

The flaws can be exploited by specially crafted Office files, allowing attackers to run arbitrary code with same privileges as the logged in user.

Bulletin MS16-084 addresses flaws in Internet Explorer and MS16-085 in Microsoft Edge. The IE flaws include RCE, privilege escalation, information disclosure and security bypass bugs.

Edge flaws include a handful of RCE and memory corruption flaws in the Chakra JavaScript engine, as well as an ASLR bypass, information disclosure, browser memory corruption, and spoofing bugs.

Bulletin MS16-086 addresses a vulnerability in the JScript and VBScript engines in Windows, which could allow an attacker to execute remote code execution flaw, affecting VBScript 5.7 and JScript 5.8.

Rest five bulletins rated as important address flaws in Windows Secure Kernel Mode, Windows Kernel-Mode Drivers, the .NET framework, the Windows Kernel, and Secure Boot process.

Users are advised to patch their system and software as soon as possible.

You can watch the video that shows the hack in action: https://youtu.be/DuMk-yxZApA

 

Source : thehackernews.com
Posted by pypiyu at 12:51 AM 7 comments:

Chinese businessman sentenced to four years in prison

LOS ANGELES -- A Chinese businessman was sentenced to nearly four years in prison Wednesday for conspiring to export sensitive military information to China after accessing the computer systems of U.S. defense contractors, including Boeing.

Su Bin was sentenced to 46 months in prison in federal court in Los Angeles. He had faced 30 years in prison before reaching a plea agreement with prosecutors in March. His attorneys were requesting two and a half years.

The 51-year-old Bin admitted to conspiring with two unnamed hackers in China to export U.S. military information to the communist nation between 2008 and 2014, according to Bin's plea agreement.

The men targeted fighter jets such as the F-22 and the F-35, as well as Boeing's C-17 military cargo aircraft program, according to court records.

    China probably hacked the FDIC for three years

Su, described by prosecutors as a China-based businessman in the aviation and aerospace fields, was arrested in British Columbia, Canada, in July 2014 and brought to the U.S. in February.

As part of the conspiracy, prosecutors say Su would email the hackers in China explaining what people, companies and technology to target. Once data was stolen, prosecutors say Su would translate it from English to Chinese, and email the value of the information to those who benefited from its theft.

A report by the U.S.-China Economic and Security Review Commission last year found that China's increasing use of cyber espionage has already cost U.S. companies tens of billions of dollars in lost sales and expenses in repairing the damage from Hacking In many cases, the report by the federal commission says stolen trade secrets have been turned over to Chinese government-owned companies.

Source: cbsnews.com
Posted by pypiyu at 12:35 AM 13 comments:

Troubleshooting using Ping and Traceroute

Link
https://www.sevenmentor.com/troubleshooting-using-ping-and-traceroute.php
Posted by pypiyu at 12:33 AM 3 comments:

Monday, February 22, 2016

Apple vs. FBI iPhone encryption Case

iphone_hack-580x3861.jpeg


The Apple vs. FBI controversy going on right now is quite the techno-political drama. At the core of it is a topic that isn’t so simple — encryption — and it’s all unfolding very rapidly and from many corners of the Internet.
Some people have come up with a snarky shorthand for the case: FBiOS, a portmanteau of FBI and iOS that represents a version of the Apple operating system that would meet the needs of the FBI. Unfortunately, this encapsulation hides the complexity of the situation.
The outcome of the case may have staggering implications. It affects Apple, currently the most valuable company in the world, and it could change the way millions of people view their iPhones: trusted smartphone or potential government surveillance tool?
To help you stay on top of the story, we’ve put together a breakdown of the important players in the case and their actions so far. We’ll update this post as events unfold, so you’ll never miss a beat.

Tuesday, February 16

The issue came alive as Reuters reported that U.S. Magistrate Judge Sheri Pym of the U.S. District Court’s Central District of California had ordered Apple to help the Federal Bureau of Investigation (FBI) unlock the Apple 5c formerly owned by Syed Rizwan Farook, one of the two killers in the San Bernardino mass shooting in December.
The news came a week after FBI director James Comey told the Senate Intelligence Committee that the FBI was still in possession of the phone and that the device remained encrypted, according to USA Today.
One of the key issues the FBI sought help with, as reported by Reuters, was in getting around the iPhone’s authentication safeguard, which disables access after a certain number of incorrect passcodes have been attempted.

Wednesday, February 17

Apple CEO Tim Cook came out swinging in response the court order. He issued a defiant letter on the Apple homepage entitled: “A Message to Our Customers.” The FBI had asked Apple “to build a backdoor to the iPhone,” Cook wrote.
The rhetoric was ominous. Cook’s use of the word “backdoor” harked back to former National Security Agency contractor Edward Snowden, whose leaked documents described the NSA’s apparent backdoors into Apple, Facebook, Google, and Microsoft services. Each of those companies had denied the allegations of illegal government access immediately after initial reports of the NSA’s PRISM program surfaced. “We do not provide any government agency with direct access to our servers and any government agency requesting customer data must get a court order,” Apple said in a statement at that time.
In the case of the San Bernardino shooter, as Cook wrote in his letter, the FBI was actually trying to force Apple to create a new version of iOS. In complying with the order, Apple would allow the FBI to attempt millions of passcodes — ultimately circumventing encryption — and then run the new OS on the now-deceased Farook’s iPhone, Cook wrote.
“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor,” Cook wrote. “And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
Cook ended the letter by clearly conveying that Apple would not comply with the judge’s order. “Ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect,” he wrote.
President Obama was surprisingly silent on the whole issue. But White House spokesperson Josh Earnest did tell reporters that the U.S. Department of Justice (DOJ) was “not asking Apple to redesign its product or to create a new backdoor,” despite the claims in Cook’s letter, as Reuters reported. What Obama did personally do on February 17, reported by UPI, was name former National Security Advisor Tom Donilon and former IBM CEO Sam Palmisano as the chair and vice chair, respectively, of a new Commission on Enhancing Cybersecurity.
Jan Koum, CEO of Facebook-owned WhatsApp, took to Facebook to show his support for Apple and Cook.
It took about 15 hours, but Google CEO Sundar Pichai finally came to Apple’s side with a five-tweet comment. “We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders,” he wrote. “…But that’s wholly different than requiring companies to enable hacking of customer devices & data. Could be a troubling precedent.”
Later that same day, the industry group Reform Government Surveillance — which comprises AOL, Apple, Dropbox, Evernote, Facebook, Google, LinkedIn, Microsoft, Twitter, and Yahoo — published a statement affirming that “technology companies should not be required to build in backdoors to the technologies that keep their users’ information secure.”
At the same time, a number of politicians began to rally behind the FBI and its call for Apple’s help in decrypting the phone. Sen. Dianne Feinstein (D-California), for instance, told CNN that if Apple doesn’t comply with the FBI’s request, she and Sen. Richard Burr (R-North Carolina) are “prepared to put forward a law which would essentially require that [it do so].” Sen. Tom Cotton (R-Arkansas) issued a similar statement: “Regrettably, the position Tim Cook and Apple have taken shows that they are unwilling to compromise and that legislation is likely the only way to resolve this issue.”
Sen. Ron Wyden (D-Oregon), on the other hand, came to Apple’s defence: “Companies should comply with warrants to the extent they are able to do so, but no company should be forced to deliberately weaken its products,” he wrote in a statement.

Thursday, February 18

Twitter cofounder and CEO Jack Dorsey tweeted out his support for Apple and Cook.
Facebook showed its support for Apple in a statement that it provided to VentureBeat:
We condemn terrorism and have total solidarity with victims of terror. Those who seek to praise, promote, or plan terrorist acts have no place on our services. We also appreciate the difficult and essential work of law enforcement to keep people safe. When we receive lawful requests from these authorities we comply. However, we will continue to fight aggressively against requirements for companies to weaken the security of their systems. These demands would create a chilling precedent and obstruct companies’ efforts to secure their products.
Even Michael Hayden, former director of the NSA and the Central Intelligence Agency (CIA), came out in support of Apple, The Week pointed out. “America is simply more secure with unbreakable end-to-end encryption,” he told Wall Street Journal editor John Bussey on February 17.

John McAfee, founder of antivirus software company McAfee Software and a Libertarian presidential candidate, made a public offer to decrypt the iPhone 5c in question, free of charge.
But Democratic presidential candidates Hillary Clinton and Bernie Sanders both avoided taking sides with either Apple or the FBI in the case. Clinton described the controversy as a “difficult dilemma,” while Sanders said that he was sympathetic to “both” sides, according to the The Intercept.

Friday, February 19

The case became even more interesting as DOJ attorneys filed a motion (PDF) to compel Apple to comply with the FBI’s orders. The attorneys argued that Apple’s unwillingness to work with the FBI “appears to be based on its concern for its business model and public brand marketing strategy,” as Reuters reported.
The attorneys pointed to a 1977 Supreme Court case pitting the U.S. against the New York Telephone Co. “The conviction that private citizens have a duty to provide assistance to law enforcement officials when it is required is by no means foreign to our traditions,” the justices noted in a footnote to the ruling.
“Apple is not above the law in that regard, and it is perfectly capable of advising consumers that compliance with a discrete and limited court order founded on probable cause is an obligation of a responsible member of the community,” the DOJ attorneys wrote in their filing. “It does not mean the end of privacy.”
Apple countered this filing by getting on the phone with reporters midway through the day and explaining that the password of the Apple ID for the iPhone had been changed within a day of the government obtaining it, as reported by TechCrunch and others. That action blocked Apple from using certain approaches to getting around the device encryption, the executives said, speaking on background. For instance, running an iCloud data backup after the password change was not possible. Additionally, the executives reportedly pointed out that the encryption workaround the FBI wanted would affect more recent iPhones, even those with the Secure Enclave (PDF) coprocessor on the chip, not just older iPhones without Touch ID, like the 5c.
That night, a tweet from a Twitter account associated with San Bernardino County indicated that the county was actually “working cooperatively with the FBI” when it reset the password to Farook’s iPhone 5c, as Gizmodo noted.
Meanwhile, in court, Judge Pym disclosed in a filing that Apple had sought relief in order to prepare formal opposition to the order and now has until February 26 to comply.
Apple disclosed in its own filing that it was enlisting the representation of prominent information security attorney Marc Zwillinger. Also representing Apple are Nicola Hanna, Eric Vandevelde, Theodore Boutrous Jr., and Theodore Olson (private counsel to former presidents Ronald Reagan and George W. Bush).
Republican presidential candidate Donald Trump entered the Apple-FBI debate by encouraging people to boycott Apple.
And Comey and Cook were called to testify in front of the House Subcommittee on Oversight and Investigations, as Re/code reported.

Saturday, February 20

The FBI came forward and admitted — in a statement it emailed to Ars Technica writer Cyrus Farivar — that “the FBI worked with San Bernardino County to reset the iCloud password on December 6th, as the county owned the account and was able to reset the password in order to provide immediate access to the iCloud backup data.” The bureau stated its position that “the reset of the iCloud account does not impact Apple’s ability to assist with the court order under the All Writs Act.”
The statement went on to say that, in any case, assistance from Apple could prove more fruitful than a backup through iCloud. “Through previous testing, we know that direct data extraction from an iOS device often provides more data than an iCloud backup contains,” the FBI wrote. “Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible without Apple’s assistance as required by the All Writs Act order, since the iCloud backup does not contain everything on an iPhone.”

Sunday, February 21

The FBI will get the support of some victims of the San Bernardino shootings when a lawyer files a brief on their behalf in March, Reuters is reporting.
Posted by pypiyu at 3:27 AM 1 comment:

Wednesday, February 10, 2016

Google offering extra free 2GB of data storage until Feb. 11 if you do Security Checkup

 www.sevenmentor.com


Tomorrow is apparently "Safer Internet Day," which you most likely didn't mark on your calendar. Google remembered Safer Internet Day, though. To celebrate, it has brought back the free data reward for completing a security audit of your account. A few minutes of your time gets you an extra 2GB of Drive storage for free.
The security checkup is painless and only takes a few minutes. You'll review your account recovery options, connected devices, services with permissions on your account, and 2-step verification settings. The 2GB of storage might not show up in your account immediately, but when it does, it will be there permanently.
2016-02-08 10_57_42-Secure Account - Account Settings
Google did the same thing last year for Safer Internet Day, and it sure would be nice if they kept at it. We don't yet know when this offer will expire, but last year you had a week to complete the checkup. There might be a Google blog post at some point with details.
Posted by pypiyu at 12:27 PM 1 comment:

If You Use These Simple Passwords, Stop It

Now may be the time to rethink your passwords.
Once again, "123456" and "password" were the worst passwords of 2015, according to stats from SplashData, a company that makes password management software. The company found that the two worst passwords are also the most-used passwords, and therefore easily cracked by malicious hackers.
Every January, SplashData releases its list of the worst passwords, based on analysis of over 2 million leaked passwords it has found. Since the company started compiling data in 2011, "123456" and "password" have consistently topped the list.
While standard passwords, including "qwerty," remain on SplashData's list, passwords inspired by Star Wars: The Force Awakens also emerged. No. 25 in the list of the worst passwords was actually "starwars," but the company also found references to "solo" and "princess."
"As we see on the list, using common sports and pop culture terms is also a bad idea," SplashData CEO Morgan Slain said in a statement.
Malicious hackers use a wide range of tools, including bots, to crack passwords. But more often than not, they start with simple codes, like "123456." As SplashData's report suggests, some hackers will hit pay dirt with those terms.
For that reason, companies urge people to use alphanumeric passwords with special characters. Users can also use password managers, which create random passwords for different accounts. In that case, they're only required to remember one password; account credentials are populated by the app.
Here is the full list of the worst passwords of 2015-16:
1.123456
2. password 
3. 12345678 
4. qwerty 
5. 12345 
6. 123456789 
7. football 
8. 1234 
9. 1234567 
10. baseball 
11. welcome 
12. 1234567890 
13. abc123 
14. 111111 
15. 1qaz2wsx 
16. dragon 
17. master 
18. monkey 
19. letmein 
20. login 
21. princess 
22. qwertyuiop 
23. solo
24. passw0rd 
25. starwars

  •  

  •  

  •  

  •  

Posted by pypiyu at 12:15 PM 1 comment:

Best Hacking Tools 2016

Here are the Top Best Ethical Hacking Tools 2016:

#1 Nmap

I think everyone has heard of this one, Nmap (Network Mapper) is a free open source utility for network exploration or security auditing. It was designed to Nmap rapidly scan large networks, although it works fine against single hosts.Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use,and dozens of other characteristics. It may be used to discover computers and services on a computer network, thus creating a “map” of the network.Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.Can be used by beginners (-sT) or by pros alike (packet_trace). A very versatile tool, once you fully understand the results.

#2 Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework.Nessus is the worlds Nessus Remote Security Scanner most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the worlds largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

#3 Wireshark

Wireshark is a GTK+-based Wiresharknetwork protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers. Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams.

#4 SuperScan

Effective TCP port scanner, pinger, resolver. SuperScan 4 is an upgrade of the extremely popular Windows port scanning tool, SuperScan. If you require an option for nmap on Windows with a good user interface, I recommend you check this out, it’s rather good. You can also use Angry IP Scanner which is a respectable replacement for it.

#5 Cain and Abel

The swiss knife of hacking tools..Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

#6 Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with Kismetany wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. A good wireless tool as long as your card supports rfmon.

#7 NetStumbler

Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a NetStumbler nice interface, good for the basics of war-driving. NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
  1. Verify that your network is set up the way you intended.
  2. Find locations with poor coverage in your WLAN.
  3. Detect other networks that may be causing interference on your network.
  4. Detect unauthorized rogue access points in your workplace.
  5. Help aim directional antennas for long-haul WLAN links.
  6. Use it recreationally for WarDriving.

#8 Metasploit is another cryptographic tool that is hugely popular with hackers, whether they are black hat or white hat. It helps hackers gain knowledge about known security vulnerabilities. Its evasion tools are one of the many applications of Metaspoilt.

metasoloit





#9 ANGRY IP SCANNER

A hacker can track people and snoop for their data using their IP address. Angry IP Scanner also goes by the name of ”ipscan” and helps someone scan IP addresses and ports to look for doorways into a user’s system. It is an open source and cross-platform software and one of the most efficient hacking tools present in the market. Network administrators, as well as system engineers, are known to use Angry IP Scanner quite frequently.
angry-ip-scanner-7

 

Posted by pypiyu at 11:33 AM 7 comments:
Older Posts Home
Subscribe to: Posts (Atom)

Blog Archive

  • ▼  2016 (16)
    • ▼  July (3)
      • Bug allows to Hack any version of Microsoft Windows
      • Chinese businessman sentenced to four years in pr...
      • Troubleshooting using Ping and Traceroute
    • ►  February (13)
  • ►  2011 (1)
    • ►  January (1)
  • ►  2009 (1)
    • ►  January (1)
  • ►  2008 (78)
    • ►  December (5)
    • ►  November (11)
    • ►  October (2)
    • ►  September (17)
    • ►  August (43)

Live Traffic

Users Online Now

Disclimer

The information provided on http://hackmafia.blogspot.in/ is to be used for educational purposes only. The website creator is in no way responsible for any misuse of the information provided. All of the information in this website is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly.
Simple theme. Powered by Blogger.