Windows XP ATM Machine “Hacked” by Simply Pressing Shift Five Times in a Row

We’ve known for a while that ATM machines running Windows XP (Embedded version or not) are exposed to attacks, but when we mix the lack of updates with bad configuration from IT admins what we get is a vulnerability that’s worryingly easy to exploit.


One of the users of Russian blogging platform
Habrahabr discovered that an ATM machine operated by state-owned bank Sberbank runs Windows XP and suffers from a security hole that makes it possible for pretty much anyone to completely hack it.


While it’s not hard to figure out what hacking of an ATM machine means, it appears that the full-screen lock system that prevented the ATM interface from accessing other parts of the operating system could be bypassed by simply invoking Sticky Keys.


This is a feature that’s part of Windows XP and which can be easily enabled by pressing Shift for five times in a row, in its turn providing access to Windows settings and bringing up the taskbar and the Start menu.



Bank not in a rush to fix the problem


As you can see in the video demonstration below, “hackers” could be able to easily reach other parts of the operating system using only the touch screen, which obviously opens the door to a series of malicious activities that can be performed, such as deploying software and modifying boot scripts.


The worst thing is that Sberbank appears to be aware of this problem, but it hasn’t moved a single finger to take care of it. German site
WinFuture writes that the bank was informed of the vulnerability more than two weeks ago, and although it promised an emergency fix to address it, the same exploit still worked earlier this week.



While this isn’t an issue related to Windows XP no longer receiving security updates, it’s also worrying that there still are many banks out there running the operating system launched in 2001.

For what it’s worth, the last updates for Windows XP were shipped in April 2014 (except for one emergency patch blocking the WannaCry ransomware released earlier this year).

Follow -

Facebook Security-Get Back Your hacked facebook Account

New security feature reveals if Facebook mails are legit


By Scott Dickens


We're always looking for new ways to help people take control of the security of their Facebook accounts. That's why today, you'll see in your security settings an option to view “Recent emails about security and login”.

Facebookmail.com is a common domain that Facebook uses to send notifications when we detect an attempt to log in to your account or change a password. If you're unsure if an email you received was from Facebook, you can check its legitimacy by visiting


facebook.com/settings to view a list of security-related emails that have been recently sent.
If you've checked this tool and determined that an email you received is fake, we encourage you to report it to phish@facebook.com, and if you believe your account has been compromised due to a phishing attempt, you may attempt to regain access to your account at:
facebook.com/hacked .

Facebook wants you to know when someone is trying to steal your data. The social network unveiled on Wednesday a security feature that lets you see a list of recent emails sent by Facebook. Hackers often send emails disguised as messages from companies like Facebook to trick users into giving them login and password information. The tactic, called phishing, is common among cybercriminals. Now, if you receive an email from an address that appears to be Facebook (FB) -- but don't recognize the activity or the alert -- a tool in its Security and Login section in Settings will tell you if it's legit. If the email claiming to be from Facebook isn't listed there, you'll know it's fraudulent. Facebook sends security emails from the domain "Facebookmail.com," offering another way to check its authenticity. But if you don't recognize the domain or sender, you can report the issue directly to Facebook. In a blog post, product manager Scott Dickens urged users to report fraudulent emails pretending to be Facebook to "phish@fb.com." Successful phishing campaigns can be costly for consumers and companies. According to security firm Trend Micro, global losses from compromised business email scams, which often originate via phishing, will exceed $9 billion next year.

Edward Snowden’s ‘Haven’ app turns smartphone into surveillance device

Edward Snowden launches anti-espionage smartphone app Haven: Here's where to get it

Edward Snowden, former National Security Agency contractor, known for his explosive disclosure of the US government's citizen surveillance, has come up with an intuitive smartphone app dubbed as Haven that promises to offer ultimate surveillance security from physical espionage.

Introduce haven app by Edward snowden:-

https://youtu.be/x4leeOZfSis


Haven is created by Snowden in collaboration with open-source global security app developers, Freedom of Press Foundation and the Guardian Project with prime focus of protecting human rights activists, investigative journalists and people at risk of forced disappearance to create a new kind of herd immunity, the project team said.




Haven is a simple, but an intelligent app, which makes use of the critical sensors found on all basic Android phones such as accelerometers (detect motion), camera (capture intruder image), microphone (listens change in noise), light (change in light ambience) and power (detect device being unplugged or power loss) and turn it in to an all-in-one surveillance device and if any untoward things get detected, it will register the details and keep it in the phone's secured folder. There is also an option to pass the information to the owner's primary device via encrypted messages.


Pic:-

"By combining the array of sensors found in any smartphone, with the world's most secure communications technologies, like Signal and Tor, Haven prevents the worst kind of people from silencing citizens without getting caught in the act," Project Team states on Google Play store.


Here's how Haven will guard you against espionage:

Once the Haven is installed on your secondary device, be sure to activate it, if you intend to leave the room or go to sleep. Once that is done, the Haven will keep all aforementioned sensors of the phone active and monitors the surroundings for any changes in light, sound, vibrations and movements.
If triggered, it sends an alert to the owners primary device over a secured connection on Telegram or Tor. If anybody touches the phone, it will snap the picture of the intruder and pass on the image to the owner.




As of now, Haven app is available only for Android phones. Interested users can download Haven Beta on Google Play store.

https://play.google.com/store/apps/details?id=org.havenapp.main

System requirements for Haven app:


App Developers OS compatibility 

Haven Freedom of Press Foundation (Edward Snow is also a member) and the Guardian Project Android 4.1 or later Free

Wireless Wi-Fi Hacking Commands in Windows 7 (Part 2)

How to Detect list of available Wireless Networks

Click Start, click Run , type cmd, and then click
OK , to open a command prompt.

At the command prompt, type

   netsh wlan show networks mode=bssid 

  How to Connects to a Wireless Network

netsh wlan connect name=MTNL

Replace MTNL with your own profile name

How to disconnect to a Wireless Network



netsh wlan disconnect

How to show available Wireless Network profiles your PC


netsh wlan show profile

How to Saves wlan profiles as XML files to the specified location


netsh wlan export profile name=MTNL

How to Block a Wireless Connection

netsh wlan add filter permission=block ssid=netgear networktype=infrastructure

If you want to block this computer from accessing all wireless network use denyall option in the command.


netsh wlan add filter permission=denyall networktype=adhoc



How to show the blocked network


      netsh wlan show blockednetworks

How to show the installed Wireless drivers
  
       netsh wlan show drivers

Beware of Cryptocurrency Mining Virus Spreading Through Facebook Messenger

Be Aware!!!


If you receive a video file (packed in zip archive) sent by someone (or your friends ) on your Facebook messenger — just don’t click on it.

Researchers from security firm Trend Micro are warning users of a new cryptocurrency mining bot which is spreading through Facebook Messenger and targeting Google Chrome desktop users to take advantage of the recent surge in cryptocurrency prices.

Dubbed Digmine, the Monero-cryptocurrency mining bot disguises as a non-embedded video file, under the name video_xxxx.zip (as shown in the screenshot), but is actually contains an AutoIt executable script.


Once clicked, the malware infects victim’s computer and downloads its components and related configuration files from a remote command-and-control (C&C) server


Once clicked, the malware infects victim’s computer and downloads its components and related configuration files from a remote command-and-control (C&C) server.


Digimine primarily installs a cryptocurrency miner, i.e. miner.exe—a modified version of an open-source Monero miner known as XMRig —which silently mines the Monero cryptocurrency in the background for hackers using the CPU power of the infected computers.

Besides the cryptocurrency miner, Digimine bot also installs an autostart mechanism and launch Chrome with a malicious extension that allows attackers to access the victims’ Facebook profile and spread the same malware file to their friends' list via Messenger.

Since Chrome extensions can only be installed via official Chrome Web Store, "the attackers bypassed this by launching Chrome (loaded with the malicious extension) via command line."

"The extension will read its own configuration from the C&C server. It can instruct the extension to either proceed with logging in to Facebook or open a fake page that will play a video" Trend Micro researchers say.

"The decoy website that plays the video also serves as part of their C&C structure. This site pretends to be a video streaming site but also holds a lot of the configurations for the malware’s components."

It's noteworthy that users opening the malicious video file through the Messenger app on their mobile devices are not affected.

Since the miner is controlled from a C&C server, the authors behind Digiminer can upgrade their malware to add different functionalities overnight.

Digmine was first spotted infecting users in South Korea and has since spread its activities to Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, and Venezuela. But since Facebook Messenger is used worldwide, there are more chances of the bot being spread globally.

When notified by Researchers, Facebook told it had taken down most of the malware files from the social networking site.

Facebook Spam campaigns are quite common. So users are advised to be vigilant when clicking on links and files provided via the social media site platform.

                                 

                                                                             Hacker news

Detect if your username has been hacked

Every day it seems like another web page or online service has been hacked. If you use the same password on more than one web page, make sure your account details have not been compromised by entering your e-mail address into the breachalarm.com website. This website has a database of several hundred thousand publicly posted hacked accounts and will report if your e-mail address is contained in its database.








2017 worst password    👇👇

https://techgyanmantra007.blogspot.in/2017/12/worst-passwords-of-2017-123456-tops.html?m=1

Worst Passwords of 2017: 123456 Tops Again

Source :getty image.

For 2017, the world's most-hacked password is still "123456," followed by "Password."

Splashdata has released its annual ranking of the worst passwords of 2017, using data from more than 5 million leaked passwords. For 2017, the world's most-hacked password is still "123456," followed by "Password."

Between them, these two passwords have ruled the ranking sine 2011, and that's no surprise, since they're the easiest and most predictable passwords to hack.

Users can improve password security by finding a series of letters, numbers and symbols that's relatively complex, but which can be easily remembered. Try using the first letters of a phrase or a song title, for example. Finally, it's important never to use the same password twice and to make sure you change passwords regularly, once per quarter, for example.

Top 20 most-hacked passwords of 2017:

1. 123456 
2. password 
3. 12345678 
4. qwerty 
5. 12345 
6. 123456789 
7. letmein 
8. 1234567 
9. football 
10. iloveyou 
11. admin 
12. welcome 
13. monkey 
14. login 
15. abc123 
16. starwars 
17. 123123 
18. dragon 
19. passw0rd 
20. master

SESSION HIJACKING ANY ACCOUNT [ANDROID] Login Session Hijacking Of Any Account Using Android Smartphone.

Disclaimer: Login Session Hijacking is illegal without mutual consent. This tutorial is just for educational purposes. Tech gyan will not be responsible for anything you do.



Understanding Session Hijacking/Cookie Hijacking



Session hijacking , sometimes also known as cookie hijacking is the exploitation of a valid account Login session—sometimes also called a session key —to gain access to the account.


What are Cookies? – A cookie is a data packet sent from a website and stored on the web browser while the user is browsing. Cookies store data such as items added in the shopping cart in an online store or to record the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to store data that the user previously entered such as names, addresses, passwords, and credit card numbers.

Session Side Hijacking – Using packet sniffing to read data between the browser and website to
steal the session cookie . Here in this tutorial, we will use this method to hijack login sessions.


Session Hijacking Using Android Smartphone



Prerequisites: Attacker and Victim Must Be In Same WiFi Network // Prior to anything connect to the WiFi network, on which you want to do session hijacking of other peoples

• First Of All You Will Have To Download A Tool Named “ Interceptor-NG ” (    http://sniff.su/download.html)

• Once you Have installed the app, tap it open and give necessary permissions.

• Once inside the app, Tap on the ” Radar” on top left corner to start scanning all the connected devices in the network.

• After scanning it will show up a list of all connected devices (tap any device you want to hijack and Hit The Arrow on top right)

Scan Devices, Select Device, Hit The Arrow

On the next screen you will see a “Settings Gear” on top right, tap it and tick “Ressurection” and “SSL Strip” (as shown in the image down below)

settings menu

Tap The Nuclear Icon on top left and hit “Play Triangle” Beneath it (This Will Initiate Interception)

initializing the interception

Now Hit The “Shark Fin Icon” on the right of Nuclear icon, inside it Tap the “Play Triangle” To Start Capturing The Data Packets.

start capturing data packets

Let’s Hunt For Session Cookies Now.

Now we are all set to start cookie capturing, For the demonstration purpose, I will show it to you by stealing a session cookie from my Windows PC to Android.

Okay so now I will login into my account in a website in my Windows PC and let’s see how does that work.

Now Head Over To The Globe Icon in Interceptor-NG, there you will the list of captured cookies.. Hit on the Web Link (near the IP Address) to break inside the account using session key.

captured session cookies

Once You have tap on the web link, an in-app web browser will open up and you will be logged in into the victim’s account. 

Over 400 Popular Sites Record Your Every Keystroke and Mouse Movement

Web-tracking is not new.


Most of the websites log its users' online activities, but a recent study from Princeton University has suggested that hundreds of sites record your every move online, including your searches, scrolling behavior, keystrokes and every movement.



Researchers from Princeton University's Centre for Information Technology Policy (CITP) analyzed the Alexa top 50,000 websites in the world and found that 482 sites, many of which are high profile, are using a new web-tracking technique to track every move of their users.


Dubbed "Session Replay," the technique is used even by most popular websites, including The Guardian, Reuters, Samsung, Al-Jazeera, VK, Adobe, Microsoft, and WordPress, to record every single movement a visitor does while navigating a web page, and this incredibly extensive data is then sent off to a third party for analysis.



"Session replay scripts" are usually designed to gather data regarding user engagement that can be used by website developers to improve the end-user experience.

Watch video:-   👇👇👇

https://youtu.be/U9y3As01lSg


However, what's particularly concerning is that these scripts record beyond the information you purposely give to a website—which also includes the text you type out while filing a form and then delete before hitting ' Submit. '


"More and more sites use "session replay" scripts. These scripts record your keystrokes, mouse movements, and scrolling behaviour, along with the entire contents of the pages you visit, and send them to third-party servers," Princeton researcher Steven Englehardt wrote in a
blog post under the No Boundaries banner.



"Collection of page content by third-party
replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behaviour."


Most troubling part is that the information collected by session replay scripts cannot "reasonably be expected to be kept anonymous." Some of the companies that provide session replay software even allow website owners to explicitly link recordings to a user's real identity.



Services Offering Session Replay Could Capture Your Passwords

The researchers looked at some of the leading companies, including FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar, and Yandex, which offer session replay software services, and found that most of these services directly exclude password input fields from recording.

However, most of the times mobile-friendly login forms that use text inputs to store unmasked passwords are not redacted on the recordings, which ends up revealing your sensitive data, including passwords, credit card numbers, and even credit card security codes.

This data is then shared with a third party for analysis, along with other gathered information.


"We found at least one website where the password entered into a registration form leaked to SessionCam, even if the form is never submitted," the researcher said.
The researchers also shared a video which shows how much detail these session recording scripts can collect on a website's visitor.

World's Top Websites Record Your Every Keystroke

There are a lot of significant firms using session replay scripts even with the best of intentions, but since this data is being collected without the user's knowledge or visual indication to the user, these websites are just downplaying users' privacy.
Also, there is always potential for such data to fall into the wrong hands.


Besides the fact that this practice is happening without people's knowledge, the people in charge of some of the websites also did not even know that the script was implemented, which makes the matter a little scary.


Companies using such software included The Guardian, Reuters, Samsung, Al-Jazeera, VK, Adobe, Microsoft, WordPress, Samsung, CBS News, the Telegraph, Reuters, and US retail giant Home Depot, among many others.

So, if you are logging in one of these websites, you should expect that everything you write, type, or move is being recorded.















                                                                        Hacker news

Google Collects Android Location Data Even When Location Service Is Disabled

Do you own an Android smartphone?


If yes, then you are one of those billions of users whose smartphone is secretly gathering location data and sending it back to Google.

Google has been caught collecting location data on every Android device owner since the beginning of this year (that's for the past 11 months)—even when location services are entirely disabled, according to an investigation
conducted by Quartz.

This location-sharing practice doesn't want your Android smartphone to use any app, or turn on location services, or even have a SIM card inserted.


All it wants is to have your Android device to be connected to the Internet.




The investigation revealed that Android smartphones have been collecting the addresses of nearby cellular towers, and this data could be used for "Cell Tower Triangulation"—a technique widely used to identify the location of a phone/device using data from three or more nearby cell towers.

Each time your Android device comes within the range of a new cell tower, it gathers the cell tower address and sends this data back to Google when the device is connected to a WiFi network or has a cellular data enabled.

Since the component responsible for collecting location data resides in Android's core Firebase Cloud Messaging service that manages push notifications and messages on the operating system, it cannot be disabled and doesn't rely on what apps you have installed—even if you factory reset your smartphone or remove the SIM card.


When Quartz contacted the tech giant about this location-sharing practice, Google spokesperson replied: "We began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery."


Although it is still unknown how cell-tower data that helps identify a specific cell tower could have been helped Google improve message delivery, the fact that the company's mobile operating system is collecting location data is a complete violation of user's privacy.

Even in its privacy policy about location sharing, Google mentions that it will collect location information from devices that use its services, but has not indicated whether the company will collect data from Android devices when all location services are disabled.

"When you use Google services, we may collect and process information about your actual location," Google's privacy policy reads.

"We use various technologies to determine location, including IP address, GPS, and other sensors that may, for example, provide Google with information on nearby devices, Wi-Fi access points, and cell towers."

Moreover, this location-sharing practice is not limited to any particular Android phone model or manufacturer, as the tech giant was apparently collecting cell tower data from all modern Android devices before being contacted by Quartz.

Although the company said that it never used or stored this location data it collected on its users and that it is now taking steps to end this practice, this data could be used to target location-based advertisement when the user enters any store or restaurant.

According to Google, Android phones will no longer gather and send cell-tower location data back to Google by the end of this month.





 

                             Hacker news

Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable

In past few months, several research groups have uncovered vulnerabilities in the Intel remote administration feature known as the Management Engine (ME) which could allow remote attackers to gain full control of a targeted computer.

Now, Intel has admitted that these security vulnerabilities could "potentially place impacted platforms at risk."

The popular chipmaker released a security advisory on Monday admitting that its Management Engine (ME), remote server management tool Server Platform Services (SPS), and hardware authentication tool Trusted Execution Engine (TXE) are vulnerable to multiple severe security issues that place millions of devices at risk.


The most severe vulnerability (CVE-2017-5705) involves multiple buffer overflow issues in the operating system kernel for Intel ME Firmware that could allow attackers with local access to the vulnerable system to " load and execute code outside the visibility of the user and operating system. "



Systems using Intel Manageability Engine Firmware version 11.0.x.x, 11.5.x.x, 11.6.x.x, 11.7.x.x, 11.10.x.x and 11.20.x.x are impacted by these vulnerabilities.


For those unaware, Intel-based chipsets come with ME enabled for local and remote system management, allowing IT administrators to remotely manage and repair PCs, workstations, and servers within their organization.


As long as the system is connected to a line power and a network cable, these remote functions can be performed out of band even when the computer is turned off as it operates independently of the operating system.


Since ME has full access to almost all data on the computer, including its system memory and network adapters, exploitation of the ME flaws to execute malicious code on it could allow for a complete compromise of the platform.

"Based on the items identified through the comprehensive security review, an attacker could gain unauthorised access to the platform, Intel ME feature, and third party secrets protected by the ME, Server Platform Service (SPS), or Trusted Execution Engine (TXE)," Intel said.

Besides running unauthorized code on computers, Intel has also listed some attack scenarios where a successful attacker could crash systems or make them unstable.

Another high-severity vulnerability involves a buffer overflow issue (CVE-2017-5711) in Active Management Technology (AMT) for the Intel ME Firmware that could allow attackers with remote Admin access to the system to execute malicious code with AMT execution privilege.

High Severity Flaws in Server Platform Service (SPS)AMT for Intel ME Firmware versions 8.x, 9.x, 10.x, 11.0.x.x, 11.5.x.x, 11.6.x.x, 11.7.x.x, 11.10.x.x and 11.20.x.x are impacted by this vulnerability.

The worst part is that it's almost impossible to disable the ME feature to protect against possible exploitation of these vulnerabilities.

"The disappointing fact is that on modern computers, it is impossible to completely disable ME," researchers from Positive Technologies noted in a detailed blog post published late August. "This is primarily due to the fact that this technology is responsible for initialization, power management, and launch of the main processor."

Other high severity vulnerabilities impact TXE version 3.0 and SPS version 4.0, leaving millions of computers with the feature at risk. These are described as:



High Severity Flaws in Server Platform Service (SPS)

• CVE-2017-5706: This involves multiple buffer overflow issues in the operating system kernel for Intel SPS Firmware that could allow attackers with local access to the system to execute malicious code on it.

• CVE-2017-5709: This involves multiple privilege escalation bugs in the operating system kernel in Intel SPS Firmware that could allow an unauthorized process to access privileged content via an unspecified vector.

Both the vulnerabilities impact Intel Server Platform Services Firmware 4.0.x.x.


High Severity Flaws in Intel Trusted Execution Engine (TXE)

• CVE-2017-5707: This issue involves multiple buffer overflow flaws in the operating system kernel in Intel TXE Firmware that allow attackers with local access to the system to execute arbitrary code on it.

• CVE-2017-5710: This involves multiple privilege escalation bugs in the operating system kernel in Intel TXE Firmware that allow an unauthorized process to access privileged content via an unspecified vector.

Both the vulnerabilities impact Intel Trusted Execution Engine Firmware 3.0.x.x.


Affected Intel Products

Below is the list of the processor chipsets which include the vulnerable firmware:

• 6th, 7th and 8th Generation Intel Core processors
• Xeon E3-1200 v5 and v6 processors
• Xeon Scalable processors
• Xeon W processors
• Atom C3000 processors
• Apollo Lake Atom E3900 series
• Apollo Lake Pentiums
• Celeron N and J series processors

Intel has issued patches across a dozen generations of CPUs to address these security vulnerabilities that affect millions of PCs, servers, and the internet of things devices, and is urging affected customers to update their firmware as soon as possible.

The chipmaker has also published a Detection Tool to help Windows and Linux administrators check if their systems are exposed to any threat.











                                                                                                      Hacker news

A Hackers Search Engine Shodan

You might hear of Shodan before. Ever think how it actually works? Shodan is the search engine of
banner grabbing which was launched by John Matherly in 2003 as a search engine for finding linked devices to the internet. And today it is known as the most powerful search engine and named as hackers search engine.



Shodan shows the results by capturing banners from different various devices like Webcams, Routers, Servers, and SCADA . It captures the meta-data received in response from servers and this meta-data are called service banners. This information includes different important information like ISP's, Web servers (Apache, Nginx, IIS ....), location, encoding, compression and more ....


Even, It provides all of the information that could be very useful depending on how you want to use it. As scanning all 65536 ports takes a lot time which could slow down the process, shodan search for common ports like HTTP(80), FTP(21), SSH(22), TELNET(23), HTTPS(443), Sharing(445),
SIP (5060) .... on the target and then grab banners from the responses in return of actions performed on ports.




What you can use shodan for ?


Shodan can be used to find vulnerable systems, servers, routers with default username/password, Webcams, IP cams, SCADA systems, Databases, traffic lights, Vulnerable websites and more. Shodan maps are easy to navigate and provides higher accuracy. Also, shodan maps are more attractive than Google maps.


Shodan provides full services to its paid users. Anyway, it also provides its facilities to signed up users.

How to use shodan??👇

First thing you need to do is to go through Shodan Sign up form. Fill in the requirements and create a new user account here:👇👇👇

https://account.shodan.io/register


Uses

Go to shodan search menu and try to search something like apache, nginx etc. Here are some of the results for query: linksys

Now if i click on first result. It show me all of the grabbed results. What it is showing me is that it is somewhere located in the sea, maybe on a ship, it has two ports open 500 and 5060 and some classical information in the left column.

FILTERS


Shodan have different filters to apply for more accurate search results, though you can simply search for something like webcamxp in the search field. But it will give you different results depending on the situation. Filters could apply in case you want to find some specific service like Apache server in Bolivia , or like Default username/password cameras in US/Russia or even traffic lights in the USA. If you are already familiar with Google hacking Dorks , then this will be more straightforward to you. Let's see what filters we have in our dictionary:

• product: Value will be a service like apache and MySQL
• city: Value will be a city name
• country: Country to search
• hostname: Grab banners with given hostname
• net : Value will be an ip address
• geo: pass the coordinates of location
• os: search for specific operating system
• port: port to search
• before/after: search for specific timeframes

Examples (Google support shellvod)


The below filters will search for apache service in
pakistant

product:apache country:PK


geo filter search for devices according to the provided coordinates. Shodan maps provide you the facility of finding geo coordinates of a place. Open Shodan maps, select a place and then click on it. Coordinates will display as html title.

geo:'31.5497, 74.3436'

This will search of windows 7 operating system with port 445 open.

os:'windows 7' port:445

Now, lets try a big one. The following filter search for nginx server on port 80 in Dallas, USA

product:nginx city:'dallas' country:US port:8080 os:linux



Result

These are some of the examples.


 You can do more. Shodan allows users to share their results which help others know how to search for something on shodan. You can use Explore tab on shodan to get familiar with shodan.



Enhancements

Some awesome features of shodan are:

Firefox and Chrome extensions to directly
search through OMNI bar instead of first coming to shodan and then search

Data Export: You can directly export search results in a format for further analyzing.
More Features for paid users. Specific for Developers and Cyber Researchers


Maps: You can search directly for something on Shodan maps.



This is just the intro of Shodan and its basic usage. Its like whats happening at the back of hackers mind. One important thing to note is shodan works on banners which are received as responses from servers and other devices when some kind of request made to them. These responses could be changed, modified and faked and thus, in result providing False information.

How To Randomly Hack A w!-f! Router (wifi hacking part 1)

Source:-  Getty image. Support shellvod


Most of the routers used either in homes and offices left as they came with their default settings. Most importantly people often don't change username and password because they think all they need to secure their network is to change WPA passphrase and set the security to
WPA-2 maximum which is a totally wrong concept.



What are Routers?(Acc. To Wikipedia)

👉 Routers are intelligent devices that utilize algorithms to define the best route for the transmission of data. For more on Router:





Many Vendors are still producing these devices with default username/passwords. However many famous companies now configured their routers to set up a new password on its initial start and some companies put a randomly generated passcode at the back of device on a white sticker. But the actual fact is thousands of these devices are still vulnerable.


Routers are the part of the Internet. Hence, they can be scanned just like any other device which has an IP address or connected to the Internet. All you have to do is to put a scan range in your port scanner and find a vulnerable device with port 80 left opened. I'll use NMAP port scanner. Because NMAP likely provides the best results as compared to other scanners. Also, it is a hacker-friendly tool. Let's see the practical way.


METHOD

• Download NMAP
• Generate an IP Range or You can use Shodan
• Scan Your Target with a port scanner
• Login to Router

STEP 1

DOWNLOAD AND START NMAP

Download and Install NMAP from official website:

NMAP. NMAP stands for network mapper and comes with various scan techniques including stealth scan and Connectionless scan.

If you are using Kali, NMAP is already installed. You can start it from Applications -> Vulnerability Analysis -> nmap . We will use Zenmap, the graphical interface of nmap. After starting, its first look will be this:

STEP 2

SCAN FOR A TARGET

Now you can select your own range for scanning or you can generate one from browserling . Enter the range and click Generate.

If i say personally, this could take a lot of time to find out routers with open ports. You can use

shodan search engine. If you are not familiar with shodan. I encourage you to read this first:

Shodan link here

https://techgyanmantra007.blogspot.in/2017/11/a-hackers-search-engine-shodan.html?m=1

STEP 3

SCAN THE TARGETS

Open Zenmap and scan the targets. Enter the range in the target field with this format:

e.g. 244.137.150.10-233

Now Note down those IP addresses that have port 80 opened. These are the routers which we can access from our browser.

STEP 4

LOG IN

Open your favorite browser and type the IP address in the Omni and press [Enter]. After some time, you will see the router login page. Try the default credentials from the Vendor. In 60% cases, default credentials are used Or you can Crack the password with dictionary attack through Hydra. These are some of the Vendors with Router default username/password:

Dlink : admin/[blank]

Netgear: admin/password

Linksys : admin/admin

Tp-Link : admin/admin

Belkin: [blank]/[blank]

With a bit knowledge of default passwords, hacker could able to login to admin settings.

Want to read deleted messages on WhatsApp? Loophole discovered to access deleted texts

 Last month WhatsApp rolled out a feature to delete or recall the sent message within seven minutes of sending. This feature is useful when you send a wrong message to someone mistakenly in a hurry. So by this way sender can recall or delete the message before recipient reads.




But it seems some techies have found a way to read the deleted message on the recipient end. As per the report, Spanish Android blog Android Jefe has found a way to read the deleted messages on the recipient end.


new loophole will let any WhatsApp user see the deleted texts through the notification log that still exists on the receiver's smartphone. There are certain limitations to the loophole but any person aware of the loophole can exploit it to see the texts.



The notifications, even after being deleted on WhatsApp, are stored on the Android system. To access these notifications, the user can download a third party application called Notification History from Google's Play Store

      Download this app 👇👇👇

https://play.google.com/store/apps/details?id=com.androidsxlabs.bluedoublecheck





How to delete whatsapp messages after 7 minute????

  http://techgyanmantra007.blogspot.com/2017/11/how-to-delete-whatsapp-messages-7-minute.html

Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices

Remember BlueBorne?



A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo.
As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne.


BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks.


What's worse? Triggering the BlueBorne exploit doesn't require victims to click any link or open any file—all without requiring user interaction. Also, most security products would likely not be able to detect the attack.


What's even scarier is that once an attacker gains control of one Bluetooth-enabled device, he/she can infect any or all devices on the same network.


These Bluetooth vulnerabilities were patched by Google for Android in September, Microsoft for Windows in July, Apple for iOS one year before disclosure, and Linux distributions also shortly after disclosure.

However, many of these 5 billion devices are still unpatched and open to attacks via these flaws.



20 Million Amazon Echo & Google Home Devices Vulnerable to BlueBorne Attacks
     

                  👇 Watch video 👇

https://youtu.be/g6ivGislWWo

IoT security firm Armis, who initially discovered this issue, has now disclosed that an estimated 20 million Amazon Echo and Google Home devices are also vulnerable to attacks leveraging the BlueBorne vulnerabilities.



If I split, around 15 million Amazon Echo and 5 million Google Home devices sold across the world are potentially at risk from BlueBorne.



Amazon Echo is affected by the following two vulnerabilities:

• A remote code execution vulnerability in the Linux kernel (CVE-2017-1000251)

• An information disclosure flaw in the SDP server (CVE-2017-1000250)

Since different Echo's variants use different operating systems, other Echo devices are affected by either the vulnerabilities found in Linux or Android.
Whereas, Google Home devices are affected by one vulnerability:


Information disclosure vulnerability in Android's Bluetooth stack (CVE-2017-0785)
This Android flaw can also be exploited to cause a denial-of-service (DoS) condition.



Since Bluetooth cannot be disabled on either of the voice-activated personal assistants, attackers within the range of the affected device can easily launch an attack.
Armis has also published a proof-of-concept (PoC) video showing how they were able to hack and manipulate an Amazon Echo device.



The security firm notified both Amazon and Google about its findings, and both companies have released patches and issued automatic updates for the Amazon Echo and Google Home that fixes the BlueBorne attacks.


Amazon Echo customers should confirm that their device is running v591448720 or later, while Google has not made any information regarding its version yet.














                                                                    Hacker news