Posts Tagged ‘Hacking’

In capsule:

  • New ransomware named DoubleLocker infects android devices
  • Discovered by security researchers in ESET antivirus
  • The ransomware not only encrypts data but also changes the pin
  • Ransomware is spread through fake adobe flash player app
  • A ransom amount of 0.0130 BTC is demanded to retrieve the data

Security researchers have discovered a new ransomware called DoubleLocker which infects Android devices.

The specialty of DoubleLocker ransomware is that it can change device’s PIN which prevents users from accessing their device and also encrypts the data found in the device.

According to researchers from ESET antivirus, the ransomware is spread via fake adobe flash player app using compromised websites.

After installation, the app request for activation of google play service for obtaining accessibility permissions. The app uses them to activate device administrator rights to make itself as the default home application.

ESET malware researcher Lukas Stefanko said that “Setting itself as a default home app – a launcher – is a trick that improves the malware’s persistence. Whenever the user clicks on the home button, the ransomware gets activated, and the device gets locked again. Thanks to using the accessibility service, the user doesn’t know that they launch malware by hitting Home.”

The new pin set by the attacker is of a ransom value which is neither stored or sent anywhere making it impossible to recover it. When the ransom is paid the attacker resets the pin remotely and unlock the device.

The files are encrypted using AES encryption algorithm through “.cryeye” extension. The attacker has implemented the encryption properly so without the decryption key it is impossible to recover the files said stefanko.

A ransom amount of 0.0130 BTC (approximately USD 74) is demanded to retrieve the data.The only option for the user to retrieve their device other than paying ransom is factory reset, but files will be lost if not backed up properly.

Researchers said there is a possibility to bypass the pin in rooted devices if the device was in debugging mode before getting infected.

“The user can connect to the device by ADB and remove the system file where the PIN is stored by Android. This operation unlocks the screen so that the user can access their device. Then, working in safe mode, the user can deactivate device administrator rights for the malware and uninstall it. In some cases, a device reboot is needed.”

To prevent your device from infection, do follow the instructions below:

  1. Always switch off “Allow installation from unknown sources” in security settings thereby restricting download apps from a third party and anonymous sources.
  2. Always backup your data regularly.
  3. Don’t download attachments from unknown sources.
  4. Always Use google play store to install apps, don’t use any third party app stores.
  5. Download apps from verified developers and check their app rating and download counts before installing an app.
  6. Verify app permission before installing an app.
  7. Install the best and updated antivirus/antimalware software which can detect and block these type of malware.
Advertisements

Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library, which could allow an attacker to remotely execute arbitrary code on the affected systems.

Discovered by security researchers at Cisco Talos group, the zero-day flaw, assigned as TALOS-2016-0193/CVE-2016-8332, could allow an out-of-bound heap write to occur that triggers the heap corruption and leads to arbitrary code execution.

OpenJPEG is an open-source JPEG 2000 codec. Written in C language, the software was developed for coding and encoding JPEG2000 images, a format that is often used for tasks like embedding image files within PDF documents through popular software including PdFium, Poppler, and MuPDF.Hackers can exploit the security vulnerability by tricking the victim into opening a specially crafted, malicious JPEG2000 image or a PDF document containing that malicious file in an email.
The hacker could even upload the malicious JPEG2000 image file to a file hosting service, like Dropbox or Google Drive, and then send that link to the victim.
Once downloaded to the system, it would create a way for hackers to remotely execute malicious code on the affected system.The flaw was caused “due to an error while parsing mcc records in the jpeg2000 file,…resulting in an erroneous read and write of adjacent heap area memory,” Cisco explained in its advisory.

Careful manipulation of heap layout and can lead to further heap metadata process memory corruption ultimately leading to code execution under attacker control.“The researchers successfully tested the JPEG 2000 image exploit on the OpenJPEG openjp2 version 2.1.1. The flaw was discovered by Aleksandar Nikolic from the Cisco Talos Security team.

The team reported the zero-day flaw to OpenJPEG developers in late July, and the company patched the flaw last week with the release of version 2.1.2.

The vulnerability has been assigned a CVSS score of 7.5, categorizing it as a high-severity bug.

tv-justice

Here is some help for you guys and gals that are looking for some forensic tools, they can also be good fun to mess around with.

1. Disk tools and data capture

————————————————————————————————————–
Arsenal Image Mounter :
Mounts disk images as complete disks in Windows, giving access to Volume Shadow Copies, etc.
https://www.arsenalrecon.com/apps/image-mounter/
————————————————————————————————————–
DumpIt :
Generates physical memory dump of Windows machines, 32 bits 64 bit. Can run from a USB flash drive.
http://www.moonsols.com/2011/07/18/moonsols-dumpit-goes-mainstream/
————————————————————————————————————–
EnCase :
Create EnCase evidence files and EnCase logical evidence files
http://www1.guidancesoftware.com/Order-Forensic-Imager.aspx
————————————————————————————————————–
Encrypted Disk Detector :
Checks local physical drives on a system for TrueCrypt, PGP, or Bitlocker encrypted volumes
http://info.magnetforensics.com/encrypted-disk-detector
————————————————————————————————————–
EWF MetaEditor :
Edit EWF (E01) meta data, remove passwords (Encase v6 and earlier)
http://www.4discovery.com/our-tools/
————————————————————————————————————–
FAT32 Format :
Enables large capacity disks to be formatted as FAT32
http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm
————————————————————————————————————–
Forensics Acquisition of Websites :
Browser designed to forensically capture web pages
http://www.fawproject.com/en/default.aspx
————————————————————————————————————–
FTK Imager :
Imaging tool, disk viewer and image mounter
http://www.accessdata.com/support/product-downloads
————————————————————————————————————–
Guymager :
Multi-threaded GUI imager under running under Linux
http://guymager.sourceforge.net/
————————————————————————————————————–
Live RAM Capturer :
Extracts RAM dump including that protected by an anti-debugging or anti-dumping system. 32 and 64 bit builds
http://forensic.belkasoft.com/en/ram-capturer
————————————————————————————————————–
NetworkMiner :
Network analysis tool. Detects OS, hostname and open ports of network hosts through packet sniffing/PCAP parsing
http://sourceforge.net/projects/networkminer/
————————————————————————————————————–
Nmap :
Utility for network discovery and security auditing
http://nmap.org/
————————————————————————————————————–
Magnet RAM :
Captures physical memory of a suspect’s computer. Windows XP to Windows 10, and 2003, 2008, 2012. 32 & 64 bit
http://www.magnetforensics.com/ram-capture/
————————————————————————————————————–
OSFClone :
Boot utility for CD/DVD or USB flash drives to create dd or AFF images/clones.
http://www.osforensics.com/tools/create-disk-images.html
————————————————————————————————————–
OSFMount :
Mounts a wide range of disk images. Also allows creation of RAM disks
http://www.osforensics.com/tools/mount-disk-images.html
————————————————————————————————————–
Wireshark :
Network protocol capture and analysis
https://www.wireshark.org/
————————————————————————————————————–
Disk2vhd :
Creates Virtual Hard Disks versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V VMs
https://technet.microsoft.com/en-gb/sysinternals/ee656415.aspx

————————————————————————————————————–
2. Email analysis

————————————————————————————————————–
EDB Viewer :
Open and view (not export) Outlook EDB files without an Exchange server
http://www.nucleustechnologies.com/exchange-edb-viewer.html
————————————————————————————————————–
Mail Viewer :
Viewer for Outlook Express, Windows Mail/Windows Live Mail, Mozilla Thunderbird message databases and single EML files
http://www.mitec.cz/mailview.html
————————————————————————————————————–
MBOX Viewer :
View MBOX emails and attachments
http://www.systoolsgroup.com/mbox-viewer.html
————————————————————————————————————–
OST Viewer  :
Open and view (not export) Outlook OST files without connecting to an Exchange server
http://www.nucleustechnologies.com/ost-viewer.html
————————————————————————————————————–
PST Viewer  :
Open and view (not export) Outlook PST files without needing Outlook
http://www.nucleustechnologies.com/pst-viewer.html
————————————————————————————————————–
3. General tools

————————————————————————————————————–
Agent Ransack :
Search multiple files using Boolean operators and Perl Regex
http://www.mythicsoft.com/page.aspx?type=agentransack&page=home
————————————————————————————————————–
Computer Forensic Reference Data Sets :
Collated forensic images for training, practice and validation
http://www.cfreds.nist.gov/
————————————————————————————————————–
EvidenceMover :
Copies data between locations, with file comparison, verification, logging
http://www.nuix.com/Nuix-evidence-mover
————————————————————————————————————–
FastCopy :
Self labelled ‘fastest’ copy/delete Windows software. Can verify with SHA-1, etc.
http://ipmsg.org/tools/fastcopy.html.en
————————————————————————————————————–
File Signatures :
Table of file signatures
http://www.garykessler.net/library/file_sigs.html
————————————————————————————————————–
HexBrowser :
Identifies over 1000 file types by examining their signatures
http://www.hexbrowser.com/
————————————————————————————————————–
HashMyFiles :
Calculate MD5 and SHA1 hashes
http://www.nirsoft.net/utils/hash_my_files.html
————————————————————————————————————–
MobaLiveCD :
Run Linux live CDs from their ISO image without having to boot to them
http://mobalivecd-en.mobatek.net/
————————————————————————————————————–
Mouse Jiggler :
Automatically moves mouse pointer stopping screen saver, hibernation etc.
http://mousejiggler.codeplex.com/
————————————————————————————————————–
Notepad ++ :
Advanced Notepad replacement
http://notepad-plus-plus.org/
————————————————————————————————————–
NSRL :
Hash sets of ‘known’ (ignorable) files
http://www.nsrl.nist.gov/Downloads.htm
————————————————————————————————————–
Quick Hash :
A Linux & Windows GUI for individual and recursive SHA1 hashing of files
http://sourceforge.net/projects/quickhash/
————————————————————————————————————–
USB Write Blocker :
Enables software write-blocking of USB ports
http://dsicovery.com/dsicovery-software/usb-write-blocker/
————————————————————————————————————–
Volix :
Application that simplifies the use of the Volatility Framework
http://www.it-forensik.fh-aachen.de/projekte/volix/13
————————————————————————————————————–
Windows Forensic Environment :
Guide by Brett Shavers to creating and working with a Windows boot CD
http://winfe.wordpress.com/
————————————————————————————————————–
4. File and data analysis

————————————————————————————————————–
Advanced Prefetch Analyser :
Reads Windows XP,Vista and Windows 7 prefetch files
http://www.ash368.com/
————————————————————————————————————–
analyzeMFT :
Parses the MFT from an NTFS file system allowing results to be analysed with other tools
https://github.com/dkovar/analyzeMFT
————————————————————————————————————–
bstrings :
Find strings in binary data, including regular expression searching.
https://binaryforay.blogspot.co.uk/2015/07/introducing-bstrings-better-strings.html
————————————————————————————————————–
CapAnalysis :
PCAP viewer
http://www.capanalysis.net/site/
————————————————————————————————————–
Crowd Reponse :
Windows console application to aid gathering of system information for incident response and security engagements.
http://www.crowdstrike.com/community-tools/
————————————————————————————————————–
Crowd Inspect :
Details network processes, listing binaries associated with each process. Queries VirusTotal, other malware repositories & reputation services to produce “at-a-glance” state of the system
http://www.crowdstrike.com/community-tools/
————————————————————————————————————–
DCode :
Converts various data types to date/time values
http://www.digital-detective.net/digital-forensic-software/free-tools/
————————————————————————————————————–
Defraser :
Detects full and partial multimedia files in unallocated space
http://sourceforge.net/projects/defraser/
————————————————————————————————————–
eCryptfs Parser :
Recursively parses headers of every eCryptfs file in selected directory. Outputs encryption algorithm used, original file size, signature used, etc.
http://sourceforge.net/projects/ecryptfs-p/
————————————————————————————————————–
Encryption Analyzer :
Scans a computer for password-protected & encrypted files, reports encryption complexity and decryption options for each file
http://www.lostpassword.com/encryption-analyzer.htm
————————————————————————————————————–
ExifTool :
Read, write and edit Exif data in a large number of file types
http://www.sno.phy.queensu.ca/~phil/exiftool/
————————————————————————————————————–
File Identifier :
Drag and drop web-browser JavaScript tool for identification of over 2000 file types
http://www.toolsley.com/
————————————————————————————————————–
Forensic Image Viewer :
View various picture formats, image enhancer, extraction of embedded Exif, GPS data
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
Ghiro :
In-depth analysis of image (picture) files
http://www.getghiro.org/
————————————————————————————————————–
Highlighter :
Examine log files using text, graphic or histogram views
http://www.mandiant.com/products/free_software/highlighter/
————————————————————————————————————–
Link Parser :
Recursively parses folders extracting 30+ attributes from Windows .lnk (shortcut) files
http://www.4discovery.com/our-tools/
————————————————————————————————————–
LiveContactsView :
View and export Windows Live Messenger contact details
http://www.nirsoft.net/utils/live_messenger_contacts.html
————————————————————————————————————–
PECmd :
Prefetch Explorer
https://binaryforay.blogspot.co.uk/2016/01/pecmd-v0600-released.html
————————————————————————————————————–
PlatformAuditProbe :
Command Line Windows forensic/ incident response tool that collects many artefacts. Manual
https://appliedalgo.com/
————————————————————————————————————–
RSA Netwitness Investigator :
Network packet capture and analysis
http://www.emc.com/security/rsa-netwitness.htm#!freeware
————————————————————————————————————–
Memoryze :
Acquire and/or analyse RAM images, including the page file on live systems
http://www.mandiant.com/products/free_software/memoryze/
————————————————————————————————————–
MetaExtractor :
Recursively parses folders to extract meta data from MS Office, OpenOffice and PDF files
http://www.4discovery.com/our-tools/
————————————————————————————————————–
MFTview :
Displays and decodes contents of an extracted MFT file
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
PictureBox :
Lists EXIF, and where available, GPS data for all photographs present in a directory. Export data to .xls or Google Earth KML format
http://www.mikesforensictools.co.uk/MFTPB.html
————————————————————————————————————–
PsTools :
Suite of command-line Windows utilities
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
————————————————————————————————————–
Shadow Explorer :
Browse and extract files from shadow copies
http://www.shadowexplorer.com/
————————————————————————————————————–
SQLite Manager :
Firefox add-on enabling viewing of any SQLite
https://addons.mozilla.org/en-US/firefox/addon/sqlite-manager/
————————————————————————————————————–
Strings :
Command-line tool for text searches
http://technet.microsoft.com/en-gb/sysinternals/bb897439.aspx
————————————————————————————————————–
Structured Storage Viewer :
View and manage MS OLE Structured Storage based files
http://www.mitec.cz/ssv.html
————————————————————————————————————–
Switch-a-Roo :
Text replacement/converter/decoder for when dealing with URL encoding, etc
http://www.mikesforensictools.co.uk/MFTSAR.html
————————————————————————————————————–
Windows File Analyzer :
Analyse thumbs.db, Prefetch, INFO2 and .lnk files
http://www.mitec.cz/wfa.html
————————————————————————————————————–
Xplico :
Network forensics analysis tool
http://www.xplico.org/
————————————————————————————————————–
5. Mac OS tools

————————————————————————————————————–
Audit :
Audit Preference Pane and Log Reader for OS X
https://github.com/twocanoes/audit
————————————————————————————————————–
ChainBreaker :
Parses keychain structure, extracting user’s confidential information such as application account/password, encrypted volume password (e.g. filevault), etc
http://forensic.n0fate.com/?page_id=412
————————————————————————————————————–
Disk Arbitrator :
Blocks the mounting of file systems, complimenting a write blocker in disabling disk arbitration
https://github.com/aburgh/Disk-Arbitrator
————————————————————————————————————–
Epoch Converter :
Converts epoch times to local time and UTC
https://www.blackbagtech.com/resources/freetools/epochconverter.html
————————————————————————————————————–
FTK Imager CLI for Mac OS :
Command line Mac OS version of AccessData’s FTK Imager
http://accessdata.com/product-download/digital-forensics/mac-os-10.5-and-10.6x-version-3.1.1
————————————————————————————————————–
IORegInfo :
Lists items connected to the computer (e.g., SATA, USB and FireWire Drives, software RAID sets). Can locate partition information, including sizes, types, and the bus to which the device is connected
https://www.blackbagtech.com/resources/freetools/ioreg-info.html
————————————————————————————————————–
PMAP Info :
Displays the physical partitioning of the specified device. Can be used to map out all the drive information, accounting for all used sectors
https://www.blackbagtech.com/resources/freetools/pmap-info.html
————————————————————————————————————–
Volafox :
Memory forensic toolkit for Mac OS X
http://forensic.n0fate.com/?page_id=412
————————————————————————————————————–
6. Mobile devices

————————————————————————————————————–
iPBA2 :
Explore iOS backups
http://ipbackupanalyzer.com/
————————————————————————————————————–
iPhone Analyzer :
Explore the internal file structure of Pad, iPod and iPhones
http://sourceforge.net/projects/iphoneanalyzer/
————————————————————————————————————–
ivMeta :
Extracts phone model and software version and created date and GPS data from iPhone videos.
http://www.csitech.co.uk/ivmeta-iphone-metadata/
————————————————————————————————————–
Last SIM Details :
Parses physical flash dumps and Nokia PM records to find details of previously inserted SIM cards.
http://lastsimdetails.blogspot.co.uk/p/downloads.html
————————————————————————————————————–
Rubus :
Deconstructs Blackberry .ipd backup files
http://www.cclgroupltd.com/Buy-Software/rubus-ipd-de-constructor-utility.html
————————————————————————————————————–
SAFT :
Obtain SMS Messages, call logs and contacts from Android devices
http://www.signalsec.com/saft/
————————————————————————————————————–
7. Data analysis suites

————————————————————————————————————–
Autopsy :
Graphical interface to the command line digital investigation analysis tools in The Sleuth Kit (see below)
http://www.sleuthkit.org/autopsy/
————————————————————————————————————–
Backtrack :
Penetration testing and security audit with forensic boot capability
http://www.backtrack-linux.org/
————————————————————————————————————–
Caine :
Linux based live CD, featuring a number of analysis tools
http://www.caine-live.net/
————————————————————————————————————–
Deft :
Linux based live CD, featuring a number of analysis tools
http://www.deftlinux.net/
————————————————————————————————————–
Digital Forensics Framework :
Analyses volumes, file systems, user and applications data, extracting metadata, deleted and hidden items
http://www.digital-forensic.org/
————————————————————————————————————–
Forensic Scanner :
Automates ‘repetitive tasks of data collection’. Fuller description here
https://github.com/appliedsec/forensicscanner
————————————————————————————————————–
Paladin :
Ubuntu based live boot CD for imaging and analysis
http://www.sumuri.com/
————————————————————————————————————–
SIFT :
VMware Appliance pre-configured with multiple tools allowing digital forensic examinations
http://computer-forensics.sans.org/community/downloads/
————————————————————————————————————–
The Sleuth Kit :
Collection of UNIX-based command line file and volume system forensic analysis tools
http://www.sleuthkit.org/sleuthkit/
————————————————————————————————————–
Volatility Framework :
Collection of tools for the extraction of artefacts from RAM
http://www.volatilityfoundation.org/
————————————————————————————————————–

8. Internet analysis

http://www.nirsoft.net/utils/mzcv.html
————————————————————————————————————–
MozillaHistoryView :
Reads the history.dat of Firefox/Mozilla/Netscape Web browsers, and displays the list of all visited Web page
http://www.nirsoft.net/utils/mozilla_history_view.html
————————————————————————————————————–
MyLastSearch :
Extracts search queries made with popular search engines (Google, Yahoo and MSN) and social networking sites (Twitter, Facebook, MySpace)
http://www.nirsoft.net/utils/my_last_search.html
————————————————————————————————————–
PasswordFox :
Extracts the user names and passwords stored by Mozilla Firefox Web browser
http://www.nirsoft.net/utils/passwordfox.html
————————————————————————————————————–
OperaCacheView :
Reads the cache folder of Opera Web browser, and displays the list of all files currently stored in the cache
http://www.nirsoft.net/utils/opera_cache_view.html
————————————————————————————————————–
OperaPassView :
Decrypts the content of the Opera Web browser password file, wand.dat
http://www.nirsoft.net/utils/opera_password_recovery.html
————————————————————————————————————–
Web Historian :
Reviews list of URLs stored in the history files of the most commonly used browsers
http://www.mandiant.com/resources/download/web-historian
————————————————————————————————————–
Web Page Saver :
Takes list of URLs saving scrolling captures of each page. Produces HTML report file containing the saved pages
http://info.magnetforensics.com/web-page-saver
————————————————————————————————————–

9. Registry analysis

————————————————————————————————————–
AppCompatCache Parser :
Dumps list of shimcache entries showing which executables were run and their modification dates. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
ForensicUserInfo :
Extracts user information from the SAM, SOFTWARE and SYSTEM hives files and decrypts the LM/NT hashes from the SAM file
http://www.woanware.co.uk/forensics/forensicuserinfo.html
————————————————————————————————————–
Process Monitor :
Examine Windows processes and registry threads in real time
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
————————————————————————————————————–
RECmd :
Command line access to offline Registry hives. Supports simple & regular expression searches as well as searching by last write timestamp. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
Registry Decoder :
For the acquisition, analysis, and reporting of registry contents
http://www.digitalforensicssolutions.com/registrydecoder/
————————————————————————————————————–
Registry Explorer :
Offline Registry viewer. Provides deleted artefact recovery, value slack support, and robust searching. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
RegRipper :
Registry data extraction and correlation tool
http://regripper.wordpress.com/
————————————————————————————————————–
Regshot :
Takes snapshots of the registry allowing comparisons e.g., show registry changes after installing software
http://sourceforge.net/projects/regshot/files/
————————————————————————————————————–
ShellBags Explorer  :
Presents visual representation of what a user’s directory structure looked like. Additionally exposes various timestamps (e.g., first explored, last explored for a given folder. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
USB Device Forensics :
Details previously attached USB devices on exported registry hives
http://www.woanware.co.uk/forensics/usbdeviceforensics.html
————————————————————————————————————–
USB Historian :
Displays 20+ attributes relating to USB device use on Windows systems
http://www.4discovery.com/our-tools/
————————————————————————————————————–
USBDeview :
Details previously attached USB devices
http://www.nirsoft.net/utils/usb_devices_view.html
————————————————————————————————————–
User Assist Analysis :
Extracts SID, User Names, Indexes, Application Names, Run Counts, Session, and Last Run Time Attributes from UserAssist keys
http://www.4discovery.com/our-tools/
————————————————————————————————————–
UserAssist :
Displays list of programs run, with run count and last run date and time
http://blog.didierstevens.com/programs/userassist/
————————————————————————————————————–
Windows Registry Recovery :
Extracts configuration settings and other information from the Registry
http://www.mitec.cz/wrr.html
————————————————————————————————————–
10. Application analysis

————————————————————————————————————–
Dropbox Decryptor :
Decrypts the Dropbox filecache.dbx file which stores information about files that have been synced to the cloud using Dropbox
http://info.magnetforensics.com/dropbox-decryptor
————————————————————————————————————–
Google Maps Tile Investigator :
Takes x,y,z coordinates found in a tile filename and downloads surrounding tiles providing more context
http://info.magnetforensics.com/google-maps-tile-investigator
————————————————————————————————————–
KaZAlyser :
Extracts various data from the KaZaA application
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
LiveContactsView :
View and export Windows Live Messenger contact details
http://www.nirsoft.net/utils/live_messenger_contacts.html
————————————————————————————————————–
SkypeLogView :
View Skype calls and chats
http://www.nirsoft.net/utils/skype_log_view.html
————————————————————————————————————–

tv - programer

Free hacking ebooks where you can download from the links below.

  1. Black Belt Hacking & Complete Hacking Book
  2. Hackers High School 13 Complete Hacking E-books
  3. Penentration Testing With Backtrack 5
  4. A Beginners Guide To Hacking Computer Systems
  5. Black Book of Viruses and Hacking
  6. Secrets of Super and Professional Hackers
  7. Dangerours Google Hacking Database and Attacks
  8. Internet Advanced Denial of Service (DDOS) Attack
  9. Computer Hacking & Malware Attacks for Dummies
  10. G-mail Advance Hacking Guides and Tutorials
  11. Vulnerability Exploit & website Hacking for Dummies
  12. Web App Hacking (Hackers Handbook)
  13. Security Crypting Networks and Hacking
  14. Botnets The Killer Web Applications Hacking
  15. Hacking attacks and Examples Test
  16. Network Hacking and Shadows Hacking Attacks
  17. Gray Hat Hacking and Complete Guide to Hacking
  18. Advance Hacking Exposed Tutorials
  19. 501 Website Hacking Secrets
  20. Internet Security Technology and Hacking
  21. CEH Certified Ethical Hacker Study Guide
  22. Advanced SQL Injection Hacking and Guide
  23. Web Hacking & Penetration testing
  24. OWASP Hacking Tutorials and Web App Protection
  25. CEH – Hacking Database Secrets and Exploit
  26. Ethical Hacking Value and Penetration testing
  27. Hack any Website, Complete Web App Hacking
  28. Beginners Hackers and tutorials 
  29. Ethical Hacking Complete E-book for Beginners
  30. Backtrack : Advance Hacking tutorials
  31. SQL Injection attacks and tutorials by Exploit DB
  32. XSS + Vulnerability Exploitation & Website Hacking
  33. Ultimate Guide to Social Enginnering attacks
  34. White Hat Hacking complete guide to XSS Attacks 
  35. Cross Site Scripting and Hacking Websites 
  36. The Hackers Underground Handbook ( hack the system)
  37. Blind SQL Injection tutorials and Hacking
  38. Hacking Secrets Revealed
  39. Hacking Website Database and owning systems
  40. Reverse Engineering for Beginners 
  41. Reverse Enginnering (The Real Hacking)
  42. Computer Hacking
  43. Hack your Friend using Backtrack
  44. Reverse Enginnering Hacking and Cracking
  45. Hack the System for beginners
  46. Hacking into Computer Systems
  47. Blind SQL Injection Discovery & Exploitation
  48. CEH v8

Note : These best hacking e-books are only for the ethical knowledge purpose and must not be used for illegal purposes.

In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.
Hackers usually take advantage of an upload panel designed for uploading images onto sites. This is usually found once the hacker has logged in as the admin of the site. Shells can also be uploaded via exploits or remote file inclusion.

 Download Shells And there txt/sources

 asp.rar asp.txt
 aspx.rar (not yet avalible txt file is avalible) aspx.txt
 b374k.rar b374k.txt(notavalible)
 c99.rar (not yet avalible txt file is avalible) c99.txt
 cmdshell.rar (not yet avalible txt file is avalible) cmdshell.txt
 mysql.rar mysql.txt
 r57.rar r57.txt
 sadrazam.rar sadrazam.txt
 webadmin.rar webadmin.txt

Also read https://thehacktoday.com/about-hackers-shell/

 

Source: https://thehacktoday.com/

android-wear-lollipop-watchface-variety-970-80Do you own a Smartwatch? If yes, then how safe it is? There are almost 100 percent chances that you own a vulnerable Smartwatch.
Computer manufacturer Hewlett-Packard is warning users of smartwatches including Apple Watch and Samsung Gear that their wearable devices are vulnerable to cyber attacks.
In a study, HP’s Fortify tested today’s top 10 smartwatches for security features, such as basic data encryption, password protection and privacy concerns.
The most shocking part of the study was that –
 

Not even a Single Smartwatch Found to be 100 percent Safe

Security experts found that 100 percent of wearable devices contained at least one serious security vulnerability that could make the devices vulnerable to hackers.
With the increase in the adoption of smartwatches, manufacturers need to pay closer attention to the customers’ security because these wearable devices could potentially open doors to new threats to personal and sensitive information.

“As the adoption of Smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting Smartwatches into corporate networks,” Jason Schmitt, general manager at HP’s Security Fortify said in a statement.

The study [PDF], no doubt, had included Smart watches by Apple, Pebble, Samsung and Sony, as it claims to have picked top 10 smartwatches.

Here’s the list of issues reported by HP:

1. Lack of transport encryption – Though all products implemented transport encryption using SSL/TLS, 40 percent of devices found to be either vulnerable to the POODLE attack, allowing the use of weak cyphers, or still using SSL v2.
2. Insecure Interfaces – Three out of ten smartwatches used cloud-based web interfaces and all of them were vulnerable to account harvesting. This allowed unlimited login attempts, helping hackers guess passwords.
3. Insufficient User Authentication/Authorization – Three out of ten smartwatches completely failed to offer Two-Factor authentication, or the ability to lock accounts after 3 to 5 failed password attempts.
4. Insecure Software/Firmware – 7 out of 10 smartwatches had issues with firmware updates. The wearable devices, including smartwatches, often did not receive encrypted firmware updates, but many updates were signed to help prevent malicious firmware updates from being installed. While a lack of encryption did not allow the files to be downloaded and analyzed.
5. Privacy Concerns – Smartwatches also demonstrate a risk to personal security as well as privacy. All the tested devices collected some form of personal information, including username, address, date of birth, gender, heart rate, weight and other health information.
The experts said it would not disclose the names of smartphone manufacturers whose watches they had tested, but they are working with vendors to “build security into their products before they put them out to market.”
Meanwhile, HP urges users to not connect their smartwatches to the sensitive access control functions like cars or homes unless strong authorization is offered.
Recommendations
HP has the following recommendations for those looking to use or produce smartwatch devices in a more secure manner:
Consumer
• Do not enable sensitive access control functions (e.g., car or home access) unless strong authentication is offered (two-factor etc).
• Enable passcode functionality to prevent unauthorized access to your data, opening of doors, or payments on your behalf.
• Enable security functionality (e.g., passcodes, screen locks, two-factor and encryption).
• For any interface such as mobile or cloud applications associated with your watch, ensure that strong passwords are used.
• Do not approve any unknown pairing requests (to the watch itself).
Enterprise Technical Teams
• Ensure TLS implementations are configured and implemented properly.
• Protect user accounts and sensitive data by requiring strong passwords.
• Implement controls to prevent man-in-the-middle attacks.
• Build mobile applications (specific to each ecosystem) into the device – in addition to any vendor-provided or recommended apps.

TV_Android

1. Complete Information About your Phone

*#*#4636#*#*
This code can be used to get some interesting information about your phone and battery. It shows following 4 menus on screen:
• Phone information
• Battery information
• Battery history
• Usage statistics

2. Factory data reset

*#*#7780#*#*
This code can be used for a factory data reset. It’ll remove following things:
• Google account settings stored in your phone
• System and application data and settings
• Downloaded applications
It’ll NOT remove:
• Current system software and bundled application
• SD card files e.g. photos, music files, etc.
Note: Once you give this code, you get a prompt screen asking you to click on “Reset phone” button. So you get a chance to cancel your operation.

3. Format Android Phone

*2767*3855#
Think before you give this code. This code is used for factory format. It’ll remove all files and settings including the internal memory storage. It’ll also reinstall the phone firmware.
Note: Once you give this code, there is no way to cancel the operation unless you remove the battery from the phone. So think twice before giving this code.

4. Phone Camera Update

*#*#34971539#*#*
This code is used to get information about phone camera. It shows following 4 menus:
• Update camera firmware in image (Don’t try this option)
• Update camera firmware in SD card
• Get camera firmware version
• Get firmware update count
WARNING: Never use the first option otherwise your phone camera will stop working and you’ll need to take your phone to service centre to reinstall camera firmware.

5. End Call/Power

*#*#7594#*#*
This one is my favourite one. This code can be used to change the “End Call / Power” button action in your phone. Be default, if you long press the button, it shows a screen asking you to select any option from Silent mode, Airplane mode and Power off.
You can change this action using this code. You can enable direct power off on this button so you don’t need to waste your time in selecting the option.

6. File Copy for Creating Backup

*#*#273283*255*663282*#*#*

This code opens a File copy screen where you can back up your media files e.g. Images, Sound, Video and Voice memo.

7. Service Mode

*#*#197328640#*#*
This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

8. WLAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#* – WLAN test (Use “Menu” button to start various tests)

*#*#232338#*#* – Shows Wi-Fi MAC address

*#*#1472365#*#* – GPS test

*#*#1575#*#* – Another GPS test

*#*#232331#*#* – Bluetooth test

*#*#232337#*# – Shows Bluetooth device address

9. Codes to get Firmware version information:

*#*#4986*2650468#*#* – PDA, Phone, H/W, RFCallDate

*#*#1234#*#* – PDA and Phone

*#*#1111#*#* – FTA SW Version

*#*#2222#*#* – FTA HW Version

*#*#44336#*#* – PDA, Phone, CSC, Build Time, Change list number

10. Codes to launch various Factory Tests:

*#*#0283#*#* – Packet Loopback

*#*#0*#*#* – LCD test

*#*#0673#*#* OR *#*#0289#*#* – Melody test

*#*#0842#*#* – Device test (Vibration test and BackLight test)

*#*#2663#*#* – Touch screen version

*#*#2664#*#* – Touch screen test

*#*#0588#*#* – Proximity sensor test

*#*#3264#*#* – RAM version