Saturday, May 30, 2020

Unleash your body’s Rapid Healing Response (3 minutes a day) Yahoo/Spam

 
Dear Friend,
 
I’ve got a complimentary ebook for you that’s going to completely change your life!
 
If you’ve been struggling with fatigue and lack of energy…
 
Or if you have adrenal fatigue, fibromyalgia, or chronic fatigue syndrome…
 
Or even if you’re someone who’s looking to max-out the day and get a lot done…
 
Then this free energy-boosting ebook is going to be an absolute game changer for you!
 
It’s called ‘The 2pm Refresher’- Your secret weapon against afternoon fatigue!
 
The next time your energy levels hit-the-wall, simply apply these simple but highly effective energy boosting techniques – and feel not only turbocharged energy, but laser focused attention and concentration.
 
This is life-transforming training, so don’t put this off thinking you’ll come back to it later.
 
 
 
 
 
You’ll be so glad you did.
 
 
 
Kind regards,
Jezz Canuy
 
 
P.S. If Unable to Click the Link just Copy & Paste -> http://chillbai.elpaseo.trade/covid19
 
 
 
 
 
 
 
 
 



























 

Friday, May 22, 2020

How To Bind Payload Any Software Using Shellter

Related links


  1. El Mejor Hacker
  2. Aprender Seguridad Informatica
  3. Blog Hacking
  4. House Hacking
  5. Hacker Seguridad Informática
  6. Escuela Travel Hacking

DOWNLOAD BLACK STEALER V2.1 FULL

BLACK STEALER V2.1 FULL

Black Stealer v2.1 is an advanced keylogger that can steal even saved passwords from the browsers and sends through Email and FTP. It's really easy to the crypt. Keylogger is a computer program that is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard by the user, especially in order to gain unauthorized access to the passwords and other confidential information. It's also called a keystroke logger or system monitor. Download black stealer v2.1 full.

DOWNLOAD BLACK STEALER V2.1 FULL

More information


  1. Hacker En Español
  2. Libros Hacking
  3. Hacking Course

Thursday, May 21, 2020

goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain


When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:
  • List Permission
  • Write Permission
  • Region the Bucket exists in
  • If the bucket has all access disabled

Installation
go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>
Usage of ./goGetBucket:
-d string
Supplied domain name (used with mutation flag)
-f string
Path to a testfile (default "/tmp/test.file")
-i string
Path to input wordlist to enumerate
-k string
Keyword list (used with mutation flag)
-m string
Path to mutation wordlist (requires domain flag)
-o string
Path to output file to store log
-t int
Number of concurrent threads (default 100)
Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:
www.domain.com
mail.domain.com
dev.domain.com
The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

Continue reading


  1. Hacker Etico
  2. Escuela Travel Hacking
  3. Master Growth Hacking
  4. Hacking Definition
  5. Hacking Informatico
  6. Hacking Madrid
  7. Curso De Ciberseguridad Y Hacking Ético
  8. Curso De Growth Hacking
  9. Como Aprender A Hackear Desde Cero
  10. Hacking Academy
  11. Ethical Hacking Course
  12. Fake Hacking
  13. Wargames Hacking
  14. Foro Hacking

CEH Practical: Gathering Target Information: Reconnaissance And Competitive Intelligence

CEH Exam Objectives:

Describe Reconnaissance. 

Describe aggressive/competitive intelligence.


Reconnaissance

 Reconnaissance is the process of gathering informative data about a particular target of a malicious hack by exploring the targeted system. Basically two types of Reconnaissance exist i.e. Active and Passive. Active reconnaissance typically related to port scanning and observing the vulnerabilities about the targeted system (i.e., which ports are left vulnerable and/or if there are ways around the firewall and routers). Passive reconnaissance typically you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.

Understand Aggressive Intelligence 

Competitive intelligence means information gathering about competitors' products, marketing, and technologies. Most competitive intelligence is non intrusive to the company being investigated and is benign in nature. It's used for product comparison or as a sales and marketing tactic to better understand how competitors are positioning their products or services.

Online tools to gather competitive intelligence

Exercise 1.1

Using KeywordSpy 

To use the KeywordSpy online tool to gather competitive intelligence information:  
  • Go to the www.keywordspy.com website and enter the website address of the target in the search field 

  • Review the report and determine valuable keywords, links, or other information.

 

Exercise 1.2

Using spyfu

  • Go to your browser and type www.spyfu.com and enter the website address of the target in the search field.

Exercise 1.3

Using the EDGAR Database to Gather Information

1. Determine the company's stock symbol using Google.

2. Open a web browser to www.sec.gov.


3. On the right side of the page, click the link EDGAR Filers. 


4. Click the Search For Filings menu and enter the company name or stock  symbol to search the filings for information. You can learn, for example, where the company is registered and who reported the filing.

5. Use the Yahoo! yellow pages ( http://yp.yahoo.com ) to see if an address or phone number is listed for any of the employee names you have located.

More articles

Wednesday, May 20, 2020

LEGALITY OF ETHICAL HACKING

Why ethical hacking?
Legality of Ehical Hacking
 
Ethical hacking is legal if the hacker abides by the rules stipulated in above section on the definition of ethical hacking.

Ethical hacking is not legal for black hat hackers.They gain unauthorized access over a computer system or networks for money extortion.

More info


  1. Como Aprender A Ser Hacker
  2. Ultimate Hacking Keyboard
  3. White Hacking
  4. Drupal Hacking
  5. Best Hacking Books
  6. Android Hacking
  7. Hacking Growth Sean Ellis
  8. Hacking Course
  9. Brain Hacking
  10. Pagina Hacker
  11. Hacking Madrid
  12. Escuela De Hacking
  13. Wifi Hacking
  14. Hacking Roblox

Spaghetti: A Website Applications Security Scanner


About Spaghetti
   Author: m4ll0k   Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations. Spaghetti is built on Python 2.7 and can run on any platform which has a Python environment.

Spaghetti Installation:

Spaghetti's Features:
   Fingerprints:
  • Server:
  • Web Frameworks (CakePHP,CherryPy,...)
  • Web Application Firewall (Waf)
  • Content Management System (CMS)
  • Operating System (Linux,Unix,..)
  • Language (PHP,Ruby,...)
  • Cookie Security
   Discovery:
  • Bruteforce:Admin Interface
    Common Backdoors
    Common Backup Directory
    Common Backup File
    Common Directory
    Common FileLog File
  • Disclosure: Emails, Private IP, Credit Cards
   Attacks:
  • HTML Injection
  • SQL Injection
  • LDAP Injection
  • XPath Injection
  • Cross Site Scripting (XSS)
  • Remote File Inclusion (RFI)
  • PHP Code Injection
   Other:
  • HTTP Allow Methods
  • HTML Object
  • Multiple Index
  • Robots Paths
  • Web Dav
  • Cross Site Tracing (XST)
  • PHPINFO
  • .Listing
   Vulns:
  • ShellShock
  • Anonymous Cipher (CVE-2007-1858)
  • Crime (SPDY) (CVE-2012-4929)
  • Struts-Shock
Spaghetti Example:
python spaghetti --url example.com --scan 0 --random-agent --verbose


Related links
  1. Escuela De Hacking
  2. Hacking System
  3. Hacking Wifi
  4. Como Convertirse En Hacker

New Printers Vulnerable To Old Languages

When we published our research on network printer security at the beginning of the year, one major point of criticism was that the tested printers models had been quite old. This is a legitimate argument. Most of the evaluated devices had been in use at our university for years and one may raise the question if new printers share the same weaknesses.

35 year old bugs features

The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:
  • Capture print jobs of other users if they used PostScript as a printer driver; This is done by first infecting the device with PostScript code
  • Manipulate printouts of other users (overlay graphics, introduce misspellings, etc.) by infecting the device with PostScript malware
  • List, read from and write to files on the printers file system with PostScript as well as PJL functions; limited to certain directories
  • Recover passwords for PostScript and PJL credentials; This is not an attack per se but the implementation makes brute-force rather easy
  • Launch denial of Service attacks of various kinds:

Now exploitable from the web

All attacks can be carried out by anyone who can print, which includes:
Note that the product was tested in the default configuration. To be fair, one has to say that the HP PageWide Color Flow MFP 586 allows strong, Kerberos based user authentication. The permission to print, and therefore to attack the device, can be be limited to certain employees, if configured correctly. The attacks can be easily reproduced using our PRET software. We informed HP's Software Security Response Team (SSRT) in February.

Conclusion: Christian Slater is right

PostScript and PJL based security weaknesses have been present in laser printers for decades. Both languages make no clear distinction between page description and printer control functionality. Using the very same channel for data (to be printed) and code (to control the device) makes printers insecure by design. Manufacturers however are hard to blame. When the languages were invented, printers used to be connected to a computer's parallel or serial port. No one probably thought about taking over a printer from the web (actually the WWW did not even exist, when PostScript was invented back in 1982). So, what to do? Cutting support for established and reliable languages like PostScript from one day to the next would break compatibility with existing printer drivers. As long as we have legacy languages, we need workarounds to mitigate the risks. Otherwise, "The Wolf" like scenarios can get very real in your office…

More articles


  1. Hacking Iphone
  2. Fake Hacking
  3. Hacking Movies
  4. Hacking Web Sql Injection
  5. Hacking Prank
  6. Hacking Wireless 101 Pdf
  7. Tecnicas De Hacking
  8. Hacking Hardware
  9. Hacking Live
  10. Etica Hacker
  11. Hacking Smart Tv
  12. Hacking Wallpaper
  13. Hacking Usb

12 Ways To Hack Facebook Account Passwords And Its Proeven Tion Techques 2020

        12 Ways to hack facebook accounts         

"Hack Facebook" is one of the most searched and hot topics around the Internet, like Gmail hacker. We have prepared a detailed list of how hackers can hack someone's Facebook account easily in just a few minutes and how can we prevent the same.

Being a FB white hat hacker, I get following questions frequently from people:

  • Can you refer any reliable Facebook hacker? (After me denying their hacking request 😛 )
  • Is there any online FB cracker tool?
  • Where can I get FB hacking software?
  • Is there any free password finder?
  • How can I hack someone's Facebook account easily?

To the best of my knowledge, there is no hacking tool. You won't be able to find it anywhere. However, you will find many websites claiming that they are providing free hack tool (either online or offline), but you cannot download the password file without completing a survey. Even after going through a tiresome process of completing a survey, you would have got nothing in the endThese things are posted only with the intention of making money. Don't waste your precious time in searching such hack tool.


If you want to know how hackers can hack someone's FB account, please go ahead and read the techniques listed below. The most successful method among all of these techniques is phishing. Phishing enables someone with no or little technical knowledge to hack account's password easily in just a few minutes.

Some of the techniques listed below are not applicable only to FB but also to all daily used internet websites, such as Google, Twitter, Yahoo etc.

You won't be vulnerable to hacking if you understand how hacking works

This article is written with the aim of educating people about how hacking works and how should they prevent it. Please don't use these techniques for malicious purposes.

1 Phishing

Phishing is the most common technique used for hacking FB passwords. It is very easy for someone who is having little technical knowledge to get a phishing page done. That is why phishing is so popular. Many people have become a victim of Phishing page due to its trustworthy layout and appearance.

How does phishing work?

In simple words, phishing is a process of creating a duplicate copy of the reputed website's page with the intention of stealing user's password, or other sensitive information like credit card details. In our topic, it means creating a page which perfectly looks like FB login page but in a different URL like fakebook.com, or faecbook.com, or any URL that pretends to be legit. When a user lands on such a page, he/she may think that is the real Facebook login page, asking him/her to provide his/her username and password. So, the people who do not find phishing page suspicious are going to enter their username & password. The password information will be sent to the hacker who created the phishing page. At the same time, the victim gets redirected to original FB page.

 

Example: John is a programmer. He creates an FB login page with some scripts that enable him to get the username and password information. John puts this fake login page in https://www.facebouk.com/make-money-online-tricks. Peter is a friend of John. John sends a message to Peter, "Hey Peter, I have found a free trick to make money online, you should definitely take a look at https://www.facebouk.com/make-money-online-tricks-free". Peter navigates to the link and see a FB login page. As usual, Peter enters his username and password on it.

The hacking part

The username and password of Peter is sent to John and Peter is redirected to a money making tips page https://www.facebouk.com/make-money-online-tricks-tips-free.htmlThat's all; Peter's Facebook account is hacked.

Please note that phishing is done by a third person through emails; that is how it happens most of the time. So always beware of phishing emails, else you may lose your Facebook account, or credit card details, or any other sensitive data. Learn more about phishing.

How can you protect yourself against online FB phishing?

Hackers can reach you in many ways; email, personal messages, FB messages, website ads etc. Clicking any links from these messages will lead you to a FB login page. Whenever you find an FB login page, you should note only one thing which is URL. Because nobody can spoof/use Facebook URL except when there are some XSS zero-day vulnerabilities, but that's very rare.

  1. What is the URL you see in browser address bar? 
  2. Is that really https://www.facebook.com/ (Trailing slash is very important since it is the only separator in Google chrome to distinguish domain and subdomain. Check out the below examples to know the difference)? 
  3. Is there a green color secure symbol (HTTPS) provided in the address bar?

Bearing these questions in mind should prevent you from the hacking of online phishing pages. Also, see the below examples of phishing pages.

Some super perfect phishing pages

Facebook Perfect Phishing Page
Phishing Page – Note the misleading URL

Most of the people won't suspect this page (snapshot given above) since there is an https prefix with a green color secure icon and also there is no mistake in www.facebook.com. But, this is a phishing page. How? Note the URL correctly. It is https://www.facebook.com.infoknown.com. So, www.facebook.com is a sub-domain of infoknown.com. Google Chrome does not differentiate the sub-domain and domain, unlike Firefox does.

One can obtain SSL Certificates (HTTPS) from many online vendors. A few vendors give SSL Certificate for Free for 1 year. It is not a big deal for a novice to create a perfect phishing page like the one given above. So, beware of it.

Phishing Someone's Facebook Account Password
Phishing Page – Note the misleading URL.

This is a normal FB Phishing page with some modification in the word Facebook.


2 Social Engineering

This is the second most common technique for hacking Facebook accounts. In fact, this method shouldn't come under Hacking, since much knowledge is not required for this method. I am listing this method under hacking to ensure the list of most common techniques used for FB account hacking in their respective order. Social engineering is basically a process of gathering information about someone, whose account you need to hack. The information may be his/her date of birth, mobile number, boyfriend/girlfriend's mobile number, nickname, mother's name, native place etc.

How does Social Engineering work?

Security Question

Facebook-Social-Engineering-Security-Question
FB-Social-Engineering-Security-Question

Many websites have a common password reset option called Security Question. Most common security questions are :

What is your nickname?

Who is your first-grade teacher?

What is your native place?

or


Any custom questions defined by the user.

Obtaining such information from the respective people may let us hack into their account. So, if anyone comes to know the answer to it, they will be able to hack your account using forgot password option.

Most Common and Weak Passwords

Security Question does not let you get into others FB account easily. But, setting a weak password could easily allow any of your friends to hack your account.

What is a weak password? 

A password that is easily guessable by a third person is known as a weak password.

Most common passwords
  • Mobile Number
  • Nickname / Name and Date of Birth Conjunction
  • Boy Friend's Mobile Number / Girl Friend's Mobile Number – Most of the lovers 😛
  • Girl Friend's / Boy Friend's Name – Most of the lovers 😛
  • Boy or Girl Friend Name Combination
  • Bike Number
  • Unused / Old Mobile Number
  • Pet Name
  • Closest Person Name (can be friends too)

Now, be honest and comment here if you are one of the people who have any one of the common passwords mentioned above. Please don't forget to change your password before making a comment 😉

How can you protect yourself from Social Engineering? 

Security Question

Don't have a weak or familiar security question/answer. Therefore, it should be known only to you. You can set your security question here. Fortunately, Facebook has a lockout period of 24 hours before giving access to the one who successfully answered the security question, meaning that the hacker cannot enter into your account until 24 hours. So you can prevent the hacking attempt by logging in to your account in the 24 hours lockout period.

Additionally, FB provides an option called "Login Alerts" under Facebook Security Settings. You should add your mobile or email there to get notified whenever your account is logged in to a new or unknown device.

Most Common and Weak Passwords

It is very simple. Change your password now if you have any one of the weak passwords stated above.


You might also be interested in hacking facebook fan page article

3 Plain Password Grabbing

insecure-plain-password-grabbing
This is another common method used to steal Facebook user's password. Most people are unaware of this method, but traditional hackers use this method to hack user accounts.

How does Plain Password Grabbing works? 

In this method, the Facebook hacker targets a particularly low-quality website, where the victim is a member and hacks their database to get the stored plain username & password of victim.

How could the hacker/attacker get access to Facebook?

Many of us use the same password for FB and also for some poor xyz.com. So, it is easy for a hacker to get your password through the low-quality poorxyz.com.

In another scenario, the hacker/attacker creates a website with the intention of getting victim's password, so when the victim registers his/her account using email and creates a password, those details will get stored in the database of the hacker/attacker. Thus hacker gets access to victim's account.

Common people, who use same email and password for these kinds of low-quality websites, may end up losing their Facebook account.

How can you protect yourself from Facebook Plain Password Grabbing? 

You should never trust the third party low-quality websites. Even passwords of popular websites, like LinkedIn, are insecure and vulnerable to hacking. So, never and ever trust the third party low-quality websites.


Most of the website developers are storing plain passwords in their database without even thinking about encryption or security. This makes Facebook hackers' job easy since the password is in plain text format.

Best way to prevent this method is to have a unique password at least for websites that you really trust. Don't use your FB password for any other website/portal, so your password will be safe .


4 Key Logger

Facebook-Hacking-Key-Loggers
A keylogger is a software tool used to record keystrokes on a computer or mobile device. This, in turn, records everything you type using your keyboard and store it for use. Generally, keyloggers are installed as application software in operating systems to track keystrokes, but there are hardware keyloggers as well.

Hardware keyloggers also are known as physical keyloggers attached to a computer in a USB port records everything before it sends the keyboard data to the computer. There are various mobile keyloggers, that perform the same action on various operating systems.

How Key Logging works?

All keyloggers run in the background (except trial versions) and won't be viewable to users until you know the keylogger password and shortcut used to view it. It will record all the keys pressed and give you a detailed report of when and what keys are used for what application – Simply, a clean report to identify passwords.

Anyone who is reading the keylogger logs is able to see the Facebook password or any passwords and sensitive information typed, like credit cards, bank username, password etc. Whenever you log in to a public computer, there are chances to lose your Facebook password to someone else.

Hardware keyloggers are identifiable in case of your personal computer but are hard in case of public computers.

In another scenario, your friend/colleague/neighbor could ask you to log in using their computer as a help. If their intention is to get your password, then you are most likely to lose your Facebook account to the hacker.

Nowadays, many people are using mobile keyloggers. It enables to track the keypad of mobile. So, any sensitive information typed on the mobile keypad is vulnerable to hacking.

How can you protect yourself from Key Logging?

You need not be afraid of keyloggers when you use your personal computer since you are the only one who is going to access it. But, whenever you use any public computer or your friend's computer, you should not trust it.

I always suggest my friends use On-Screen Keyboard whenever they are in need to type a password. Also, please make sure that nobody is checking your screen when you type your password because your screen would expose what you had typed. In windows, there is an inbuilt tool called On-Screen Keyboard that helps us to select keys using the mouse.

You can open OSK by using the Run dialog box. Winkey + R to open Run dialog box, type OSK and then press Enter. Nowadays, many banking portals provide a screen keyboard in the browser itself. So, please make use of it whenever you are surfing on public computers. On-Screen Keyboard helps even when hardware keyloggers are installed.

Never use third-party mobile keypad apps unless you really trust the publisher because the app may track all of your keystrokes and send it to the publisher.


5 Browser Extension Hacker

This method doesn't let the Facebook hacker/attacker gain complete access to your Facebook account, however, gives some power to control your account indirectly. I've seen multiple Google Chrome and Firefox add-ons, which secretly perform actions, like following a person, like a page on behalf of your Facebook profile, etc.

How Browser extension hack works?

When you visit some malicious websites or web pages, you will be prompted to install a browser add-on. Once you install the add-on, it will perform all the tasks described by the hacker or attacker who created it. Some primary actions are posting status updates on your wall, liking an FB page, following a person, adding you to some Facebook groups, inviting your friends to like a page, or join a Facebook group etc. You may not know these things happening on your FB account until you check your Facebook activity log periodically.

How can you prevent browser extension Facebook hack?

You should monitor your activities using Activity Log. You must not trust any third party websites prompting you to add a browser extension. Install add-on only from the browser store, that too only from trusted publishers. Why should you risk your account if you don't know the publisher or intention of the add-on? Therefore, always stay away from these malicious browser extensions.


6 Malicious Application Hack

Always remember that all the apps you use on Facebook are owned by third-party publishers and not by Facebook. Of course, there are a few exceptions like Instagram. A malicious application, which is requesting your permission, will do almost all kind of spam stuff on your Facebook profile.

How malicious application hack works?

Whenever you find Login using the Facebook option on any website, you should come to know that it is a third party Facebook application not owned by Facebook. When you click Login using Facebook, you will be shown a permission dialog box with the requested permission details. Once you click okay button, the requested personal details can be accessed from FB or the requested actions can be performed in your FB account on your behalf.

What could a third party application do on your Facebook account?

  • Post photos and status update
  • Share link to your timeline or to any group you belong
  • Manage your page
  • Post on behalf of you on the Facebook pages you own
  • Access your personal information
  • Access your photos including "Only me" privacy photos; sometimes they can further access your mobile photos using a Facebook vulnerability like the one I found (Don't worry, it's completely fixed now 😉 ).

These are just examples of what can be done. What if the application you are using is malicious? It could spam your Facebook account with a bunch of worthless contents.

How can you prevent yourself from malicious application hack?

You should always beware of what permissions you give to a Facebook application even though FB is reviewing application's permission requests. Don't give permission to an application if you don't trust the website or application.

Facebook-third-party-application-dialog-box
FB Application Permission Dialog Box

You can edit the information that you give to an application in the permission dialog box (snapshot given above). Also, you should review the applications that have access to your Facebook account here if you think you had given access to malicious applications.


7 Facebook Account Hacker Software 

You might have seen or downloaded many Facebook account hacker software, but none of them could truly hack Facebook password. Hacking your Facebook password instead of the target user is what it actually does.

How does Facebook account hacker software work?

People who try to hack Facebook account usually download software that is available on various websites. The software will collect the victim's password (the one who downloaded this software) as soon as it is opened or installed. Some software prompt you to enter Facebook username and password. They will store your password in their database collection of passwords. Few other software gain administrative privilege from you to install background keylogger to get your keystrokes including the Facebook password.

How can you prevent yourself from Facebook hacking software?

Don't trust Facebook hacking software. There is no real hacking software available on the Internet as I had said earlier.


8 Malicious Mobile Application 

There are a lot of mobile applications that secretly steal Facebook access token from your mobile device. Facebook mobile app functions through API, where access-token stored in your mobile's internal memory is used for authentication.  It is more like your username and password. So, if someone steals your access-token, then he/she is likely to have full access to your Facebook account.

How malicious mobile application software works?

Facebook Application Interface do not require username or password every time to get user data. It just needs secret access-token to retrieve user's data. Facebook mobile app stores the access token in mobile's memory. The app's part of the memory is accessible only to the respective application. Mobile apps that have administrative privilege can access other app's data. For example, gaining admin privilege in a rooted android phone could allow an application to steal your access token. A hacker can do a lot of malicious things if he/she gets your access token.

How can you prevent yourself from malicious mobile applications?

  • Install mobile apps only from trusted publishers.
  • Don't root your mobile device.
  • Logout Facebook from your mobile device frequently to get your access token expired.
  • Change your Facebook password frequently.

9 Browser Vulnerabilities 

browser-vulnerabilities-fb-facebook-hack
Browser Vulnerabilities are security bugs, which exist in older versions of mobile and desktop browsers.

How does browser vulnerabilities work on Facebook hacking?

Most browser vulnerabilities are exploited through an older version of the browser since all the zero days are patched by browser vendor once it is reported by researchers around the world. For example, Browser Same Origin Policy Vulnerability could allow a hacker/attacker to read the response of any Page like facebook.com and could be able to perform any action on your Facebook account since they are able to read the response by accessing the Facebook origin. Android Chrome SOP bypass by Rafay Baloch is one such vulnerability that is affecting Android web-view in Android < 4.4.

How can you prevent yourself from browser vulnerabilities?

You should always update your browser and operating system once there is an update available. Keeping an older version always has many risk factors involved.

Self XSS is also known as Self Cross Site Scripting. XSS is basically a web security vulnerability, which enables hackers to inject scripts into web pages used by other users. What is self XSS then? Self XSS is a kind of social engineering attack, where a victim accidentally executes a script, thus exploiting it to the hacker.

How does self XSS scam work?

In this method, hacker promises to help you hack somebody else's FB account. Instead of giving you access to someone else's account, the hacker tricks you into running malicious Javascript in your browser console that gives a hacker the ability to manipulate your account. Facebook hackers use this technique to add you in groups, add your friends to the group, post on your wall, add your friends in comments etc.

How can you prevent yourself from self XSS?

Self XSS is something that you let hackers to hack your account. So never and ever copy & paste the code given by someone in your browser, otherwise, you will get your Facebook account hacked.


11 Trojan Horses 

Trojan Horse is a malicious program, which is used to spy and control a computer by misleading users of its true intent. Malware Trojan can also be called as Remote Key Logger since it records keystrokes of all the applications of our computer and sends it to the hacker online.

How do Trojan Horses work?

software you think legit might be a trojan. A PDF you don't suspect might contain a trojan. An AVI media file given by someone might be a trojan. The Trojan horse runs in the background process, collects information and send it to the hacker. Trojan Horse can be sent in any form through any medium, like pen drive, iPod, website, or email. In our topic, Trojan records FB password that you have typed in your browser and sends it to the Facebook hacker using the Internet.

How can you prevent yourself from Trojan?

  • Do not
    • install programs from unknown online sources
    • play media files received from an unknown source
    • open any kind of files downloaded from untrusted sources
    • insert pen drive from any suspicious people.
  • Do have an updated anti-virus software installed on your computer.

Keeping your anti-virus software up to date does not guarantee you to stay safe from hacking. Basically, an anti-virus software is a collection of detected malware and viruses. Its job is to compare each and every file with the database of viruses. There are many numbers of software, which enable us to create undetectable Trojans. But, it is very unlikely to target a common man with undetectable Trojanware. So, keeping an antivirus program up to date is protective to large extent. Don't forget to update your anti-virus software once an update is available.


12 FB Zero Day

Zero Day is a security vulnerability that is unknown to the respective software vendor. In our context, undiscovered Facebook vulnerabilities are called FB Zero Day.

How does Zero Day hacking work?

FB Zero Day vulnerabilities are very rare since Facebook has a bug bounty program, where security researchers around the world participate and report zero-day vulnerabilities. Zero-day is basically a security loophole that is unknown to the software vendor.

There are two types of people who find Zero Day vulnerabilities. The first case is Security Researchers and Bug hunters, who make a responsible disclosure about the vulnerability to the software vendor; FB in our context. Another case falls on the evil side. Blackhat hackers who find Zero Day vulnerabilities don't disclose it to Facebook and they will use it for their personal benefit of hacking.

@EVERYTHING NT

More articles


British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers' Data

British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled "highly sophisticated," exposing email addresses and travel details of around 9 million of its customers. In an official statement released today, EasyJet confirmed that of the 9 million affected users, a small subset of customers, i.e., 2,208 customers, have also had their

via The Hacker News

Related news


  1. Rom Hacking Pokemon
  2. Hacking Web Sql Injection
  3. Growth Hacking Cursos
  4. Mind Hacking
  5. Ultimate Hacking Keyboard
  6. Hacking Hardware
  7. Sdr Hacking
  8. Password Hacking
  9. Como Hacker
  10. Hacking Kali Linux
  11. Tools Hacking

Tuesday, May 19, 2020

"I Am Lady" Linux.Lady Trojan Samples



Bitcoin mining malware for Linux servers - samples
Research: Dr. Web. Linux.Lady

Sample Credit:  Tim Strazzere

MD5 list:

0DE8BCA756744F7F2BDB732E3267C3F4
55952F4F41A184503C467141B6171BA7
86AC68E5B09D1C4B157193BB6CB34007
E2CACA9626ED93C3D137FDF494FDAE7C
E9423E072AD5A31A80A31FC1F525D614



Download. Email me if you need the password.
Related articles
  1. Ingeniería Social. El Arte Del Hacking Personal Pdf
  2. Hacking Games
  3. Rom Hacking Pokemon
  4. Etica Definicion
  5. Hacker Definicion
  6. Hacking Books
  7. Penetration Testing A Hands-On Introduction To Hacking
  8. Hacking Etico Que Es
  9. Hacking Language
  10. Curso De Ciberseguridad Y Hacking Ético
  11. Master Hacking Etico
  12. Hacking Apps
  13. Hacking Academy
  14. Curso Hacking Etico
  15. Mind Hacking
  16. Curso De Hacking

OWASP ZAP RELEASES V2.8.0 WITH THE HEADS UP DISPLAY

OWASP ZAP RELEASES V2.8.0 WITH THE HEADS UP DISPLAY
Heads Up Display simplifies and improves vulnerability testing for developers

London, England, 20 June 2019. OWASP™ ZAP (Open Web Application Security Project™  Zed Attack Proxy) has released a new version of its leading ZAP Project which now includes an innovative Heads Up Display (HUD) bringing security information and functionality right into the browser. Now software developers can interactively test the reliability and security of their applications in real time while controlling a wide variety of features designed to test the quality of their software.

ZAP is a free, easy to use integrated penetration testing tool. With the addition of the Heads Up Display, ZAP can be used by security professionals and developers of all skill levels to quickly and more easily find security vulnerabilities in their applications. Given the unique and integrated design of the Heads Up Display, developers and functional testers who might be new to security testing will find ZAP an indispensable tool to build secure software.

The latest version of ZAP can be downloaded from https://www.owasp.org/index.php/ZAP  The full release notes are available at https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_8_0.

In addition to being the most popular free and open source security tools available, ZAP is also one of the most active with hundreds of volunteers around the globe continually improving and enhancing its features. ZAP provides automated scanners as well as a set of tools that allows new users and security professionals to manually identify security vulnerabilities. ZAP has also been translated into over 25 languages including French, Italian, Dutch, Turkish and Chinese. 

Simon Bennetts, OWASP ZAP Project Leader commented: "This is a really important release for the project team and developers who want to build great and secure applications. The HUD is a completely new interface for ZAP and one that is unique in the industry. It shows that open source projects continue to create high-quality, new and exciting tools that deliver real value to the market - and at no cost to users." 

"ZAP is the Foundation's most popular software tool," said Mike McCamon interim executive director of the OWASP Foundation. McCamon continued, "For nearly two decades OWASP continues to be a great destination for innovators to host, develop, and release software that will secure the web. Simon and the entire ZAP community deserves great recognition for their continued devotion to open source excellence."

For further information please contact:
Simon Bennetts, OWASP ZAP Project Leader: simon.bennetts@owasp.org  or Mike McCamon, Interim Executive Director, mike.mccamon@owasp.com

More info


  1. Hacking Madrid
  2. Hacking Etico
  3. Hacking With Arduino