mardi 30 juin 2020

18 Best Hacking Websites to Learn Ethical Hacking From Basic

  • Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
  • SecurityFocus: Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
  • Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
  • Hackaday: A hardware hack every day.
  • Offensive Security Training: Developers of Kali Linux and Exploit DB, and the creators of the Metasploit Unleashed and Penetration Testing with Kali Linux course.
  • SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
  • KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
  • NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
  • HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
  • Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
  • Makezine: Magazine that celebrates your right to tweak, hack, and bend any technology to your own will.
  • Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
  • Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
  • Hack Forums: Emphasis on white hat, with categories for hacking, coding and computer security.
  • The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
  • DEFCON: Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as links and other details.
  • Black Hat: The Black Hat Briefings have become the biggest and the most important security conference series in the world by sticking to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.
  • Phrack Magazine: Digital hacking magazine.

jeudi 11 juin 2020

NcN 2015 CTF - theAnswer Writeup


1. Overview

Is an elf32 static and stripped binary, but the good news is that it was compiled with gcc and it will not have shitty runtimes and libs to fingerprint, just the libc ... and libprhrhead
This binary is writed by Ricardo J Rodrigez

When it's executed, it seems that is computing the flag:


But this process never ends .... let's see what strace say:


There is a thread deadlock, maybe the start point can be looking in IDA the xrefs of 0x403a85
Maybe we can think about an encrypted flag that is not decrypting because of the lock.

This can be solved in two ways:

  • static: understanding the cryptosystem and programming our own decryptor
  • dynamic: fixing the the binary and running it (hard: antidebug, futex, rands ...)


At first sight I thought that dynamic approach were quicker, but it turned more complex than the static approach.


2. Static approach

Crawling the xrefs to the futex, it is possible to locate the main:



With libc/libpthread function fingerprinting or a bit of manual work, we have the symbols, here is the main, where 255 threads are created and joined, when the threads end, the xor key is calculated and it calls the print_flag:



The code of the thread is passed to the libc_pthread_create, IDA recognize this area as data but can be selected as code and function.

This is the thread code decompiled, where we can observe two infinite loops for ptrace detection and preload (although is static) this antidebug/antihook are easy to detect at this point.


we have to observe the important thing, is the key random?? well, with the same seed the random sequence will be the same, then the key is "hidden" in the predictability of the random.

If the threads are not executed on the creation order, the key will be wrong because is xored with the th_id which is the identify of current thread.

The print_key function, do the xor between the key and the flag_cyphertext byte by byte.


And here we have the seed and the first bytes of the cypher-text:



With radare we can convert this to a c variable quickly:


And here is the flag cyphertext:


And with some radare magics, we have the c initialized array:


radare, is full featured :)

With a bit of rand() calibration here is the solution ...



The code:
https://github.com/NocONName/CTF_NcN2k15/blob/master/theAnswer/solution.c





3. The Dynamic Approach

First we have to patch the anti-debugs, on beginning of the thread there is two evident anti-debugs (well anti preload hook and anti ptrace debugging) the infinite loop also makes the anti-debug more evident:



There are also a third anti-debug, a bit more silent, if detects a debugger trough the first available descriptor, and here comes the fucking part, don't crash the execution, the execution continues but the seed is modified a bit, then the decryption key will not be ok.





Ok, the seed is incremented by one, this could be a normal program feature, but this is only triggered if the fileno(open("/","r")) > 3 this is a well known anti-debug, that also can be seen from a traced execution.

Ok, just one byte patch,  seed+=1  to  seed+=0,   (add eax, 1   to add eax, 0)

before:


after:



To patch the two infinite loops, just nop the two bytes of each jmp $-0



Ok, but repairing this binary is harder than building a decryptor, we need to fix more things:

  •  The sleep(randInt(1,3)) of the beginning of the thread to execute the threads in the correct order
  •  Modify the pthread_cond_wait to avoid the futex()
  • We also need to calibrate de rand() to get the key (just patch the sleep and add other rand() before the pthread_create loop
Adding the extra rand() can be done with a patch because from gdb is not possible to make a call rand() in this binary.

With this modifications, the binary will print the key by itself. 

Read more

Indian IT Company Was Hired To Hack Politicians, Investors, Journalists Worldwide

A team of cybersecurity researchers today outed a little-known Indian IT firm that has secretly been operating as a global hackers-for-hire service or hacking-as-a-service platform. Based in Delhi, BellTroX InfoTech allegedly targeted thousands of high-profile individuals and hundreds of organizations across six continents in the last seven years. Hack-for-hire services do not operate as a

via The Hacker News

Related links


How To Control Android Phone From Another Phone Remotely

How to control Android phone From another phone Remotely

If you wish to remotely control Android phone from another phone, then you have come to the right place. It might sound surprising, but now you can easily control Android from Android by using the right kinds of applications. This can let you keep a strict eye on your kids, spouse, or anyone else remotely. In this informative post, we will make you familiar with different Android to Android remote control apps. Also, we will provide a stepwise solution to use an Android tracking app as well. Let's uncover them by taking one step at a time.

Control Android Phone from Another Phone Remotely

There could be numerous reasons to control Android from Android remotely. In most of the cases, it is used by professionals to access a device over the air. Also, parents like to use an Android to Android remote control at times to get a complete access to their kid's smartphones. Sometimes, it can help us transfer files from one device to another. You can also use it to access your partner's or employee's phone at the time of needs too. In the next section, we will let you know how to remotely control Android phone from another phone.

Control android from another android

How to remotely control Android phone from another phone?

There are different readily available applications that can be used to remotely control Android phone from another phone. We have picked the 3 best tools here.

1. TeamViewer for Remote Control

TeamViewer is one of the most widely known solutions that can provide a remote access to computer and smartphone remotely. It has a dedicated solution for Android as well that can perform the same function without any trouble. You can try its free version and later buy the premium subscription if you wish to.

  • Smart screen sharing with a complete control of the device
  • Control Android from Android by bypassing a security access (a one-time code should be matched).
  • 256 Bit AES session encoding and 2048 Bit RSA key exchange supported for advanced security
  • File transfer is also supported

Compatibility; Android 4.0 and later versions

Get it here >>

Control android from android - TeamViewer for Remote Control

2. RemoDroid

RemoDroid is another smart and lightweight Android to Android remote control that you can use. Besides controlling an Android phone, you can also use this tool to control a TV and other smart devices from your Android device as well.

  • Easy screen sharing provision
  • You can remotely control Android phone from another phone and other smart devices (like a TV)
  • It supports screen sharing between multiple users
  • Password protected and supports one-time authentication
  • Advanced features require root access

Compatibility: Android 4.0 and up

Get it here >>

Control android from android - RemoDroid

3. Inkwire Screen Share and Assist

Inkwire is a highly useful app that every Android user should have installed on their device. This freely available tool can let you share your screen with another user. After sharing the screen, you can provide assistance by marking the screen as well. It is particularly used by users to guide other how to use a certain feature on the device.

  • Once connected, you can easily draw on the screen and guide the other user on a real-time basis.
  • It is extensively used to provide customer support for Android apps.
  • Voice chat option is also included

Compatibility: Android 5.0 and later versions

Get it here >>

Control android from android - Inkwire Screen Share and Assist


@£√£RYTHING NT

Related news


How To Connect Database With PHP | Cool Interface Software | Tutorial 2


Welcome to my 2nd tutorial of PHP and MYSQL. In the previous video I've discussed How to download and install a server PHP and also How to create databases and How to create tables in the databases in the form of rows and columns.

In this video I've discussed multiple ways to connect database with PHP such as by using variables etc. First of all you have need to install a cool interface software for coding. I suggested you to download any one of them such as Dreamweaver, Notepad++, Sublime Text Editor and Atom etc. I'm using sublime text editor in this series of tutorial.

Syntax of PHP

<?php

//type here the code

?>


How to save the PHP file

You should save your PHP file in the root directory of the server. In XAMPP the "htdocs" is the root directory of the server. In WAMPP "www" is the root directory. Now how to save the file?

Step 1:

Press CTRL + S button to safe the file.

Step 2:

Go to the server location where it has been installed. By default it is installed in Local Disk C. Got C drive.

Step 3:

Go to XAMPP directory.

Step 4:

Go to htdocs diretory.

Step 5:

Save a file there with extension ".php". You can create a different folders for different projects in htdocs directory. So first create the folder in htdocs and then save your files in the folder.

How to Run PHP Script

Step 1:

Open a XAMPP control panel and start Apache and Mysql services.

Step 2:

Open your web browser.

Step 3:

Type localhost/yourFolderName/yourFileName.php and hit enter. For example: localhost/myFolder/index.php.





You need to install compatible version of java , So that you can run BurpSuite.

More articles


The OWASP Foundation Has Selected The Technical Writer For Google Season Of Docs

The OWASP Foundation has selected the technical writer for Google Season of Docs by Fabio Cerullo


The OWASP Foundation has been accepted as the organization for the Google Seasons of Docs, a project whose goals are to give technical writers an opportunity to gain experience in contributing to open source projects and to give open-source projects an opportunity to engage the technical writing community.

During the program, technical writers spend a few months working closely with an open-source community. They bring their technical writing expertise to the project's documentation, and at the same time learn about open source and new technologies.

The open-source projects work with the technical writers to improve the project's documentation and processes. Together they may choose to build a new documentation set, or redesign the existing docs, or improve and document the open-source community's contribution procedures and onboarding experience. Together, we raise public awareness of open source docs, of technical writing, and of how we can work together to the benefit of the global open source community.

After a careful review and selection process, the OWASP Foundation has picked the primary technical writer who will work along the OWASP ZAP Team for the next 3 months to create the API documentation of this flagship project.

Congratulations to Nirojan Selvanathan!

Please refer to the linked document where you could look at the deliverables and work execution plan.



Read more

mardi 9 juin 2020

Ethical Hacking Platform For Penetration Testing | How To Hack The Invite Code: Join Hack The Box (HTB)

Hack The Box

Hack The Box (HTB) is a free platform available to ethical hackers to do a penetration testing for ethical hacking projects. It consist of different type of challenges that are updated constantly. Some of the challenges related to the real world scenarios and rest of the challenges related to learning towards a CTF style of challenges.
Before joining to HTB, there is a simple task for you to prove your skills after that you'll able to create an account, and then you'll be able to access to your HTB Lab, where several challenges await for you to hack them. That's the beginning step for all of us to joining this. If you got success while hacking then you'll get points.

Task For Joining The HTB

Before joining the HTB, there is a task to hack invite code and paste that code in the code box for further registration to your account. You can complete a simple challenge to prove your skills, if you don't hack that then here is a short video below this content about hacking the invite code. Watch the video and hack the code!


In this Video you'll learn about How to join Hack the box (HTB) in Kali Linux and other Linux Distributions.


Figura 3: Tu iPhone es tan (in)seguro como tu Windows
Para que veas como funciona esto, puedes hacer una prueba muy sencilla con tu terminal iPhone. Basta con que te bajes una aplicación para gestionar tus ficheros de iPhone. En este caso iMazing que hace el trabajo de conectarse a tu iPhone si estás en un equipo en el que hayas confiado. Como se puede ver, cuando conectas un iPhone a tu MacOS o tu Windows para extraer fotos, hacer backup, etcétera, estás dando acceso a tu terminal iPhone a todo programa que corra con privilegios en tu Windows o Mac.

Figura 4: iMazing te extrae todos los ficheros haciendo un backup sin cifrar

Esos programas, antiguamente, se conectaban al sistema de ficheros de tu iPhone o iPad, pero Apple fortifico esta característica, y ya no es posible. La sandbox de aplicaciones es buena, y no se puede meter  mucha mano a las apps tal y como se hacía antes, con programas como iFunBox, pero... ¿quiere decir que esto no se puede hacer?

Figura 5: Acceder a la SandBox de la app de WhatsApp ya no se puede directamente 

Pues no, lo que hacen aplicaciones como iMazing es aprovecharse del pareado de tu equipo de confianza para hacer un backup SIN CIFRAR de tu iPhone al equipo pareado. Es decir, fuerzan una copia de seguridad desde el equipo MacOS o Windows al que conectas tu iPhone y extrae todos los ficheros sin cifrar de tu iPhone para dejarlos en el disco duro del equipo. Y entre ellos tu base de datos de WhatsApp.

Figura 6: Ficheros de iOS copiados al Mac

Así que, desde cualquier equipo pareado en el que confíe tu iPhone se puede extraer todo el sistema de ficheros de iPhone sin cifrar. Una vez que se realice ese backup sin cifrar, tendremos en el disco duro del ordenador la base de datos de WhatsApp, que como he dicho al principio, está sin cifrar también. Encontrar el fichero, es bastante sencillo, ya que es un hash y se puede localizar navegando conocido que se genera a partir de la ubicación del fichero dentro del sistema de archivos de iOS, y ya se puede navegar fácilmente por los backups desde tu MacOS.

Figura 7: Con estos tres ingredientes, tenemos todo

Así que, una vez localizado ese fichero, y sabiendo que ese fichero, llamado ChatStorage.sqlite, es un almacén de base de datos SQLite, lo único que tiene que hacer cualquiera es usar un visor de ficheros SQLite y abrirlo. 

Figura 8: En las tablas de la base de datos están los mensajes

Una vez que abras ese fichero, podrás ver que los mensajes de tus chats de WhatsApp están en texto plano y se pueden ver los mensajes que has enviado y recibido en cada uno de los chats.

Figura 9: Y toda la base de datos de contactos

Lo que quiere decir que la seguridad de tu WhatsApp depende de la seguridad de tu iPhone y, en este ejemplo concreto, de la seguridad de tu Windows, tal y como en el mundo del cibercrimen, de los APTs y de la privacidad personal, hemos visto durante los últimos años.

¿Debería cifrar WhatsApp la base de datos de mensajes en el dispositivo?

Pues si seguimos los principios de fortificación de sistemas informáticos, que dependen de aplicar Mínimo Privilegio Posible, Mínima Superficie de Exposición y Defensa en Profundidad, mi opinión personal está clara: 

Debería haberlo hecho hace años.

Mientras tanto, debes tener un cuidado especial de a qué equipos conectas tu iPhone ya que, aunque tú hagas copias de seguridad cifrada, con programas con iMazing se pueden forzar las copias de seguridad sin cifrar y todos tus archivos - fotos ocultas incluidas - se irán para allá.

Saludos Malignos!

Autor: Chema Alonso (Contactar con Chema Alonso)

Related news