Ways to Encrypt Data to Store in Cloud

For very many people, security is one of the most important issues when it gets to sending their files into the cloud. They worry that their files will be seen or even compromised by other persons because that is what took place in the past. The user accounts used to be hacked, cloud storage systems failed and personal files and data were exposed. Therefore, how can you successfully prevent that from ever happening even when the account gets hacked or something happens to your provider of cloud storage?

The answer to that question is encryption

Encryption can be defined as the process of making one’s files unreadable with a pass phrase or an encryption key so that even when another person gains access to the files, it does not matter because the intruder will only be able to see gibberish. To be able to see very properly what is in the file, one must have a key.

This article contains the two different ways through which one can make his or her files secure and be able to safely use cloud storage without any worries.

Available options

Essentially, when it gets to encrypting files in the cloud, one has two options from which he or she can choose, that is:

• He or she may choose the cloud storage with a built in encryption.
• Make use of a service which encrypts folders and/or files for him or her.

Cloud storage service with built-in encryption

Regardless of your choice, both of the ways to encrypt data to store in cloud have advantages and disadvantages. If you decide to go with the dedicated secure cloud service, you might be required to change the entire setup of transferring files to that specific service, familiarize yourself with the way it works and probably give up on a certain third party support, mainly if you come from the most well-liked cloud storage and syncing service, that is “Dropbox”. Alternatively, you have got everything under one hood and you do not have to worry any more about file security and integrity.

Service for encryption only

If you are using a service which is dedicated to encrypting your files, you will be having more control over which files you would like to encrypt and where you would like them to be stored. For instance, you may choose Dropbox, if at all you like the service; and not give up after encrypting the files properly. Conversely, your files might take longer to be properly synced in case you are getting them encrypted using third party apps.

Conclusion

Either way, it is believed to be very necessary to protect one’s files using the most proper encryption, most especially if he or she is using Dropbox for managing his or her critical files such as contracts, password databases, or any other personal or business files which may be considered to be very important.

Depending on an individual, some would like to install another software on their computers just for the purpose of encryption, while others not. Those who don’t may take advantage of the idea of signing up for a dedicated cloud solution which has built-in local encryption for all the files. Some of such solutions available include SpiderOak, Wuala and Cubby. If online viruses are among the things troubling you, you may also consider making use of the Norton Contact Phone number so as to inquire about how you can be helped.

another easy way to get protect your cloud data with below app. its for totally free & you can download for windows, Android & ios devies from below link.

 

Hacking 101: Hacking Guide for the Absolute Beginner

If you are an absolute beginner in the field of hacking or don’t really know where to start off, this hacking 101 guide can help you kick start your hacker’s journey. Before taking up any hacking course or tutorial, it is necessary to understand what hacking or hacker really means.

As opposed what most people think, hackers are not criminals who break into bank accounts or do all the nasty things on the computer and the Internet. In fact, these criminals who cause damage to cyber space or third party systems are not hackers but are referred to as crackers. For more information of different types of hackers and how they differ from each other, your may refer to our hacking FAQs section.

On the other hand, a hacker (sometimes referred to as ethical hacker) is a person who has developed in-depth expertise or knowledge in the subject of information security. He or she is specialized in penetration testing or other testing methodologies to ensure a company’s information system is secure. Such people are hired and paid by companies to discover vulnerabilities in their system and fix the same before a cracker finds and exploits them.

Hacking 101: Start From the Basics

The best way to start learning is begin with the basics of hacking. Later as your experience grows, gradually advance to the next higher levels so as to master the art of hacking. If you want a beginner’s guide with all the hacking resources available at one place, our book Hacking Secrets Exposed is what you need.

---

1. Learn About Computer Network and Protocols

If you already have an understanding of how computer network works and its basic protocols, you are good to go. If not, it is necessary to learn more about this topic as its understanding makes it easy to comprehend the concepts of network hacking. To start off you can refer this link for more information on basic concepts of computer network.

2. Programming: Is it Necessary?

Once you master the basics of hacking and want to take it as your career or go more deeply, having a knowledge of programming becomes a must. If you are a computer science student, you may already be aware of some of the markup and programming languages such as HTML, C++, Java, PHP, Python etc.

Since there are are hundreds of programming languages it would be impossible for any hacker to master all of them. However, as a hacker you ought to have a working knowledge of at least a few basic languages like HTML, C++ or PHP. This would make it easier to interpret and handle any code that you may come across in the future of your hacking career.

3. Learn Both Windows and UNIX

If you are just like any other computer user who knows only one operating system which is Microsoft Windows, your options to hack and expand knowledge would remain highly limited. This is because most web servers and web applications run on Unix. More and more companies are now switching to Unix based operating systems as it is a freeware and also considering it more secure than Windows.

So, this is why most professional hackers always use Unix as their primary operating system. Even though it is still possible to do most things on Windows itself it still isn’t secure and complete as Unix. This makes it incomplete to use it for hacking and penetrating testing. So, if you are new to it, I recommend you start learning Unix before you try to hack anything of the Web.

Need All the Hacking Resource at One Place?

Well, if you do not have much time to do all the research and learn hacking from multiple sources, you have a better option. We have come up with a complete hacking guide that will teach you everything right from the basics in a step-by-step and easy to follow manner.

This guide contains all the information you need in one place and is called “Hacking Secrets Exposed”. You can download it from the link below:

---

Windows TCP/IP Utilities

The following are the IP utilities available in Windows that help in finding out the information about IP Hosts and domains. These are the basic IP commands that every beginner in the field of hacking must know!

Please note that the the term Host used in this article may also be assumed as a Website for simple understanding purpose.

1. PING

PING is a simple application (command) used to determine whether a host is online and available. PING command sends one or more ICMP “Echo message” to a specified host requesting a reply. The receiver (Target Host) responds to this ICMP “Echo message” and returns it back to the sender. This confirms that the host is online and available. Otherwise the host is said to be unavailable.

Syntax: C:\>ping gohacking.com

2. TELNET

Telnet command is used to connect to a desired host on a specified port number. Just like a house having several doors, a host or a server has different ports running different services. For example port 80 runs HTTP, port 23 runs TELNET while port 25 SMTP. Like this there are several ports on a server through which it is possible for a remote client to establish a connection.

For a connection to be established, the port has to be open. For example, in the following command, we are trying to establish a connection with the Yahoo server on port 25.:

Syntax: C:\>telnet yahoo.com 25 C:\>telnet yahoo.com

The default port number is 23. When the port number is not specified the default number is assumed.

NOTE: If you are using Vista or Windows 7, Telnet feature may not be available by default. To enable it, you can refer my other post: How to enable Telnet feature in Vista and Windows 7?.

3. NSLOOKUP

Many times, we think about finding out the IP address of a given site. Say for example google.com, yahoo.com, microsoft.com etc. But how to do this? There are several websites out there that can be used to find out the IP address of any given website. However, in the Windows operating itself, we have an inbuilt tool to do this job for us. It is called “nslookup”.

This tool can be used for resolving a given domain name into its IP address (determine the IP of a given site name). Not only this, it can also be used for reverse IP lookup. That is, if the IP address is given it determines the corresponding domain name for that IP address.

Syntax:
C:\>nslookup google.com

4. NETSTAT

The netstat command can be used to display the current TCP/IP network connections. For example, the following “netstat” command displays all the currently established connections and their corresponding listening port numbers on your computer.

Syntax:
C:\>netstat -a
Type "Ctrl+Z" to exit.

This command can be used to determine the IP address/Host names of all the applications connected to your computer. If a hacker is connected to your system even the hacker’s IP is displayed. So, the “netstat” command can be used to get an idea of all the active connections of a given system.

Future of Quantum Computing

Quantum computing is in our future and it will change the way we do things in big ways. It is not yet completely understood what quantum computing can exactly bring us, but there are some ideas based on scientific research. One thing is for sure, the experts are excited to be working on quantum computing and to see what it is bringing to the next generation.

What is Quantum Computing?

Quantum computing is different than the regular computing we are used to because it runs on atoms, not on silicone. Atoms are the smallest thing information can be stored on. The problem people are running into when building the quantum computers is how to house these atoms. Any small vibration can set the spinoff of the electron making it not work.

Another thing quantum computers can do is solving multiple problems at once,where regular computers can only solve one thing at a time. The problems quantum computers solve are extremely complex, which brings us to what they will be used for in the future.

Military and Security

Quantum computers can go through large amounts of data in a fraction of the time that regular computers can. For example, satellites collect videos and images but not all of that data can be stored. Much of this data is thrown out because the computers cannot just handle it or do not recognize things that they should. Quantum computers, on the other hand, are much better at facial recognition or picking out small details in busy scenes.

Encryption is another area quantum computers will change. Encryption is everywhere, such as each time we use a credit card or send an email. Yet, it is not a failsafe method because accounts still get hacked and companies lose millions of dollars. Quantum computers use a different type of communication called quantum key distribution. It is much more secure.

Automation and Learning

Quantum computers can learn from experience, they have artificial intelligence. If they make a mistake they can also correct it. This method could actually have quantum computer improving quantum computers. It could leave to very advanced forms of artificial intelligence and even humanoid robots. There are so many different possibilities in this area it is hard to fathom all of them.

Weather Forecasting

Today’s weather forecasting is an educated guess based on the different data a computer is given. There are many different ways a pattern can take, which is why it is not always accurate. Quantum computing can analyze all of these data at once to give meteorologists a better idea of where and when bad weather will hit. This means advanced warnings and more prep time for hurricanes and tornadoes.

Quantum computing will be huge in the future, but it can be hard to tell all of the ways it will impact our lives. We do know that it can bring artificial intelligence, better security, and analyze large amounts of data all at once. It will be interesting to see how the power of quantum computing will be used.

Five things to do after your data has been stolen

Whether you know it or not, you've been hacked — probably several times by now.
You are in good company: There have been 6,467 data breaches since 2005, compromising 879,889,874 records, according to Identity Theft Resource Center. So what should you do when you first learn that your personal information may have been stolen by criminals?

"It sounds counterintuitive, but you don't want to panic," said Matt Ehrlich, vice president of fraud and identity product strategy at credit reporting agency Experian.

Here are five pro tips from people in the business of protecting information.

1) Contact your financial services and health providers
The most important first step is to contact all of your financial, health and insurance organizations, said IBM Security Services Global Lead, Wendi Whitmore. That way your bank, retirement broker, mortgage lender and health insurance provider can be on the lookout for any suspicious activity, such as fraudulent purchases or prescriptions. It is a good idea to keep a list of all this information offline and replicated in several areas, said Whitmore.
"For victims of personal consumer theft, it's still a really challenging area," said Whitmore. "It's difficult for consumers to have a lot of protections in place. Some of the things that you can do are fairly manual."

2) Check your credit report and request a security freeze
Review your credit report and financial reports, something it is good to get into the habit of doing periodically, said Whitmore. Anyone can get a copy for free once a year from Annual Credit Report.com.
Experian, TransUnion and Equifax allow victims of fraud or identity theft to place a temporary security freeze on their account at no cost to prevent lenders and others from accessing their credit report in response to a new credit application. This informs lenders to take extra precautions before extending credit in your name, such as reaching out to you by phone to verify that the request really came from you. You can do this online or over the phone, and it's probably a good idea, said Ehrlich.
A smart move is to file a police report at your local police station, which will allow you to increase the amount of time the credit unions will allow you to place a credit freeze on your account, said Whitmore.

3) Change passwords across all accounts and make them hard to guess

The simplest thing you can do is change all of your online passwords and make sure you are using two-factor authentication — doing this can help mitigate the potential fallout from a breach, said Dimitri Sirota, chief executive officer of cybersecurity firm BigID.
A proactive next step is to implement a password manager like Last Pass that will store all your passwords in an encrypted file. Of course, there are pros and cons to doing this since these services could potentially also be breached.

4) Check your financial statements
"The reality is, we all have to be very vigilant with our personal information," said Whitmore.

That means regularly checking bank and credit card statements for purchases you did not make. Take advantage of free activity alerts offered by banks and credit cards, said Ehrlich. Over time, financial institutions have added more text and email options to let customers keep track of all activity via their mobile devices, and if you haven't logged into your account recently you should check out the latest services on offer, said Ehrlich.

Also, it's not just big transactions to be on the lookout for. Keep an eye out for small amounts going out of your account as criminals may be testing while they wait for your paycheck to hit, said Ehrlich.

"Bring that to the attention of the bank or the business right away," he said.

5) Bring in the experts: Use a credit-monitoring agency
When you have been the victim of a breach, companies are typically required to cover between one to three years of credit-monitoring services. Whitmore says: Take it!
Make sure you sign up for these services, which will proactively look for credit or identity-related transactions and alert you about any suspicious activity or if your information is posted on the dark web.
Such services are offered by the three major credit-reporting companies — Experian's version is called Protect My ID — as well as others like LifeLock and AllClear ID.

Bonus tip: Limiting the amount of personal information you share on social media can also help to protect you from real-world damage to your credit since thieves will often comb social media sites for information that will help them steal your identity.

How To Access The Dark Web Securely.

Accessing and surfing the Dark web is not a hard thing but staying there securely is a hard thing. To avoid tracking you by someone, you must take some precautions. So know here How To Access The Dark Web Securely. If you are thinking that you are using tor browser and you are safe then you are wrong. There will many hackers come in front of you who can crack tor network easily. Now you tell me, are you safe in the Dark Web only by using tor? No. You should follow some Tor browser rules and some tools with it to stay safe. I am discussing them briefly below.

Rules of using Tor browser

If you installed the Tor browser and you are running it for the first time and you show that the opened window of the browser too small and you want to maximize it. Never do this. leave it as the default size. Don't resize the default size of the window. Don't install any Add-on in your browser. Many Add-on tracks its users and collects private data. Never allow running javascript in any site that you are visiting through tor network. This will be very dangerous. This turns off/on option is in the top left corner of the browser. If you are going to visit Dark web for the first time then I advise you to go 'hidden wiki' to get Dark sites links. These links are secure than other site links. If there is an experienced Dark web surfer then if you want new links of Dark sites then ask me. I have a list of more than hundred links. Always turn on the 'HTTPS everywhere' option which is at the top right corner of the browser. Don't download unknown files like mp3, video, e-books provided by the unknown site owners. Adjust your security level in the tor browser security settings. The most important thing don't use your microphone while you're surfing the Dark sites and also don't allow the browser to use your microphone and cover your web camera with bandage or tape. All websites give the description of the website with the link but there are some bad people who give wrong information of the links that they provide which are of unknown and dangerous websites. So check the links and the providers if they could be trust or not. Don't visit the red room and don't visit the child pornography sites if you can't anonymize your online identity. Follow these rules, you can stay safe on the Dark Web.

Use a good VPN with Tor Browser

Find out a good VPN whose provider says that they keep no user logs. There are many VPN providers who share the user's log. This is against the policy but if you do any cyber crime then if the government give an order to the VPN provider to give your logs then he will have to give your logs. So choose a good VPN. Don't use free VPNs, the free VPNs are a demo and sometimes they do not work properly. Never use cracked premium VPNs. The cracked tools contain virus and the viruses will track you. Using VPN with Tor makes a double security layer to your system so that if a hacker cracks your Tor network then the VPN will protect you. Every experienced Tor user uses VPN with it. The VPN will also hide you from your ISP(Internet Service Provider). It makes a tunnel between the ISP and the servers so that no 3rd person can see your details. I recommend you to use Nord VPN. This article is not a VPN promoting article but my personal experience with Nord is good. So you can use it if you want. The price of Nord VPN is very cheap, you can afford it. It is also available and compatible with any device. Cyberghost is also another good VPN. I have browsed Dark web several times using this VPN.

Recommended:

Top 5 Hacking Tools ever: | Must Have Tools For Ethical Hackers or Beginners | Windows/ Android/ Linux
What is Man In The Middle attack? : | Best Way To Hack Into a Network |

Use a good Operating system
Using a good OS is also a good security for Dark web surfers. I used Windows OS many times to access the Dark web but I found some Cons of using Windows OS. Maximum virus found on the Internet are for Windows and also every year Windows users are attacked through the loopholes of the Windows security system. So, I decided to run only Linux based OS on my all devices. There are many ways to configure your proxy setting and if you use Tor in this OS then I think you will be more secure than Windows. Android is also a secure OS as it is based on Linux. Just install Orbot and Orfox from Playstore and run them. You can easily access the Dark sites. But if you have a third-party app installed on your device then there will be a risk for you because third-party applications contain virus. If you follow my all instructions line by line, trust me, you will be safe.The Pros of using Linux based OS are, there are very fewer viruses for Linux than Windows OS. Maximum tools are available for free on Linux developer's website. The cons of using Linux OS are if there is an error in the system then it very difficult to troubleshoot the error. It is not so customizable. If you follow these rules then you never need to search How To Access The Dark Web Securely. 

What Is Encryption? Public Key Encryption and its Uses | Explained

Encryption Defn.

Encryption is a popular topic if it comes to hacking and security in the ultramodern computerized world. encryption is used in many services. For example, recent Whatsapp's end-to-end encryption, Gmail, Facebook encryption, Google Drive's encryption, also encryption used to secure twitter account, to secure private messages. All of you have heard about encryption. But what is encryption and how does it works? all these things you gonna read in this post.
       Encryption is not a new thing that we use nowadays, it is also an old thing that we used for years. Encryption means locking the data or messages in a way that no one can read without the sender's willing. The data or messages are translated to machine language and then generates a key to decrypt it. Without the decryption key, no one can read the messages or data. Consider that a person writing a message using A-Z alphabets and if he writes C as A and B as X, like this, no one can read his message except him until he will give the decryption key. The messages will like this-

Message:

Encryption is a process of encoding the messages in a way that only authorized user can read it

Encrypted Message:

 FsFv.GHPn6xX0R8fuVnWZMZ91HqKpVmoEBRAyxQVIQShPr0s8fCOvaapLfx.y4gj2b4tlwKuncsIPh1FWF3GnfTfnzSoLsfUAAae0YrZ5rT.JNpXHvXSuAjfmJqdeqQaidmJp24mCWb6gX8T.nxQe09dWp5ZL4FvHw9Lux0yhdEjduwYkqreRLa

The normal messages are referred as plain text and encrypted using an encryption algorithm called cipher. The text generated by using Cipher can only be read if it is decrypted. An encryption scheme uses random encryption key generated by an algorithm. For this reason, it is become possible to decrypt the message without processing the key. But if well computational resources and well computer skills are applied in encryption scheme then it is possible to design a better encryption scheme.

Public Key Encryption

The most used encryption is Public Key Encryption and it is used in Gmail, messages even in WhatsApp message encryption. In easy words, Public Key Encryption is, consider that there is two person and both of them have two keys, one is private key and another is a public key. Everybody has the public key but private keys are different for each person which only the person can understand. The formula how to decode the delivered messages is in the keys. If the messages are encrypted by public key then it can only be decrypted by using the private key and if the messages are encrypted by private key then it can only be decrypted by the public key. Giving an example for better understanding, consider that there is two-person, John and Kevin. John sent a message to Kevin "hello". John encrypted the message by Kevin's public key (as everybody has the public keys) and sent it to Kevin but Kevin can decrypt the message only by using his private key. So no third person can read the message between their data transmission. But if they want it to be more secure then John will first encrypt the message by Kevin's public key and then again encrypt it by his private key and will send it to Kevin. kevin will first decrypt the message by his private key and again will decrypt by the public key. In this way, it can be more secure. When two person sends messages in a messaging app, the users first tell their public keys to one another and they lock the messages by using the public keys and will send the messages.

Uses of encryption

Encryption is not a new thing. It has long been used by every militaries and government to protect their secret communication. According to the report submitted by Computer Security Institute in 2007, 71% of companies in the world use encryption for their data transit and 53% of them use encryption for some of their data storage. The Google Drive uses Hashtable to protect the stored data in a different format. The difference between Hashing and encryption is that encryption is a two-way function but Hashing is a one-way function. By using encryption data can be protected from cyber attacks. The Google's Drive uses the hashing technique to protect the stored data. Also, many computers and storage devices are protected by hashing technique. Banks also use encryption technology to protect their client's account details and records. Digital rights management systems use encryption technology, which prevents unauthorized use or reproduction of copyrighted materials and protects the software from reverse engineering. But The cyber-adversaries have developed some new attacks in response to encryption technology. The most recent attacks attempted on encryption technology are cryptographic attacks, attacks on encryption keys, data destruction attacks, integrity attacks and ransomware attacks.
             Encryption can protect the confidentiality of messages. So encryption is used in message verification code authenticity. Every cryptographic software and hardware use encryption but ensuring a succesfully designed encryption technology for getting security is a challanging problem.

Hacking With SS7. Reality!! SS7 Flaw explanation and all about it.

Numerous learners in Ethical Hacking needs to think about SS7 Flaw. They feel this is an energizing thing. So we will talk about on Hacking With SS7. Reality!! SS7 Flaw explanation and about it. This was first demonstrated in 2007 by a security specialist, he recorded the calls of a U.S legislator however the media indicate more than the truth. This was not a little issue but rather not that enormous one how media portrayed to individuals. This year (2017), Nov, Some banks of Germany revealed that they were SS by programmers and a major measure of cash was executed. The hackers utilized SS7 loophole there. For essential understanding consider SS7 is a network. It has many uses, likewise in billing. Previously, in a network, there was utilizing SS5. There was a layer in the network through which the voice and data packet transmitted. In SS5, there utilized InBand signaling, that implies, the scientists used to put the controlling signals in the same band in which the information packets are travelling. There was just a single layer in SS5. At the point when SS6 age came, the analysts made it out-band signaling They isolated the two data packet band and control signals from each other. They made two isolated layers, one is for control signals and another is for the data packet traveling. This controlling layer is our SS7 layer. Note something essential that, SS7 is made for organizations, for the specialists, and for the administrators. Not for the customers. In the event that I am a versatile client then I have no association with SS7. I have to manage just with the data packet layer. Do you know who has the SS7 access? on the off chance that I am utilizing a SIM, consider I am utilizing an Idea SIM, my Idea administrators have the SS7 access. The legislature, the offices who keep an eye on individuals has the SS7 get to. SS7 is such a layer which can't be associated utilizing a PC. On the off chance that you need to interface a PC with SS7 at that point there must be a hub at the center. SS7 associates with hubs. SS7 layer requires a valid authentication to access it. It's not possible for anyone to get to it without approval. As a matter of fact, SS7 was not made for mobile networks, it was made for landlines a couple of years prior, in 1975. This was running great in a successful way. In this manner, it was received by mobile networks. Around then PC frameworks were not all that famous. Later it is utilized to associate with workstations through hubs.

Recommended:
Should You Invest In Bitcoin Or Ethereum? Understand Bitcoin Rise And Fall 

SS7 Flaw Explanation

When it was made for landlines the analysts didn't think such a great amount of in light of the fact that around then the frameworks were not all that confused. Be that as it may, the present versatile systems are exceptionally mind-boggling. They didn't imagine that it will end up being a loophole. This is the fundamental issue that the researchers don't consider the future what it will progress toward becoming. That is the reason there comes enormous lacking or huge issues. At the point when the time changes and things turn out to be further developed, the frameworks can't modify itself with the propel things which cause security defect. Our remote systems administration frameworks have two kinds of databases-HLR(Home Locator Resistor) and VLR(Visitor Locator Resistor). Try not to be confused, keep it simple. When you issue a sim, your entire information are put away in HLR. HLR stores each and every data about you. VLR stores your information just when your sim is enacted, ṭhat implies associated with a mobile tower. VLR keeps a little bit of information from HLR on the grounds that the sim is enacted. What happens really, look, for instance, I am in Mumbai and my SIM is additionally enrolled from Mumbai. Means I am nearby in here. I turned on my Phone a request will be sent to MSC(Mobile Switching Center). When it sent a request to MSC, MSC interfaces itself quickly with the neighborhood HLR to see the phone's data is correct or off-base. On the off chance that the data is correct, MSC will interface the telephone to the closer mobile tower. MSC will give some data about it to VLR on the grounds that the SIM is activated. This data is vital in light of the fact that our if surveillance or police need any data, they can take the data from it. This data is important to trace a phone associated with a tower. Presently, consider that I moved from Mumbai to Australia. Presently my telephone will send a request to the Australia nearby MSC. Subsequent to getting the request MSC will scan its HLR for the telephone's data. MSC will discover that I am not neighborhood. I am from Mumbai. Presently the MSC will send a query through SS7 to the Mumbai neighborhood MSC for my data to give me roaming. Presently consider that I am in Mumbai, yet an MSC from Australia sent a query to Mumbai MSC for my information by saying that a man of yours is in Australia and we need his data to give him roaming, and my HLR gives the data. This is the means by which SS7 attack works. This is a basic illustration, it should be possible through numerous ways. To begin with, comprehend this paragraph, from that point onward, I will disclose to you the truth of SS7 hacking.

SS7 Hacking Reality

Presently I will disclose to you some reality of SS7 hacking. In the first place, recall it that you can't straightforwardly interface with SS7 utilizing a workstation. You should associate it through hubs and hubs are exceptionally costly. In any case, this isn't, you have a hub and you associated with SS7. No. There is a legitimate permit framework. Just your SIM administrators and outsider association, police, spy organizations and so forth official associations can get to it. It isn't feasible for any individual to associate with SS7 without appropriate substantial access permit. The SS7 arrange doesn't offer access to the SS7 hacking. There is no such known technique yet utilizing which a hacker can straightforwardly interface with SS7. At the point when security specialists do SS7 hacking showing the SS7 get to is given to them. In each SS7 exhibit, the SS7 legitimate access is given to the demonstrator. Presently you will state in the event that they got the legitimate access at that point how might it said to hack. Essentially, SS7 hacking is, consider I am in the Idea SIM administrator reconnaissance room and they gave me the entrance to SS7. They said me to hack the messages and call records of Idea clients. I will take out the data. This is typical mind. What will be the hacker mind? I won't hack the data just of the Idea clients, I will hack the data of each individual everywhere throughout the world. This is SS7 hacking. In SS7 hacking the SS7 access is given by the authorities or administrators however the hackers extend the access. The good thing is, in the 4G network, there is no SS7. SS7 is supplanted by LTE in 4G network. As there is no SS7 in the 4G network, it isn't conceivable to do SS7 attack in 4G Network. There are numerous sorts of SS7 attack. This isn't as simple as I am clarifying. In any case, the computerized instruments are made by analysts yet what focal points of these devices in the event that they don't have access to SS7? No strategy has been found to sidestep that access yet. On the off chance that SS7 hacking isn't possible without getting official access then why individuals anxious of this? The fundamental factor is corruption. All reconnaissances are rumored organizations yet it can happen that there is a man who is corrupted? Or on the other hand perhaps it can happen that building up an administrator in a few nations is simpler than some different nations. Setting up an administrator in a few nations is hard. Since this needs a legitimate permit and numerous things. Be that as it may, a few nations are corrupted. They effectively give permit. The hackers can set up their own particular administrator there with least speculation to access SS7. They can hack the data utilizing SS7 everywhere throughout the world. Numerous things are conceivable yet we are not going to clarify every one of them. So bye. Have a good Hacking life.

Cryptocurrency startup Prodeum pulls an exit scam, leaves a penis behind

Another day, another scam. A cryptocurrency startup called Prodeum – which promised to “revolutionise the fruit and vegetable industry” by putting it on the Ethereum blockchain – has seemingly pulled a good ol’ exit scam, leaving its duped ICO investors with one word only: “penis.”
Things first started going awry over the weekend on January 28, when the company’s website suddenly went down. In place of the old layout, the page was showing only one thing: the word “penis” on a white background. The website continues to be unavailable at the time of writing.
The startup, which claimed to be based in Lithuania, set out to build a new price look-up (PLU) code system so consumers can track where their fruit and veggies came from. This honourable cause struck a cord with numerous environmental activists and green-aware people.
Unfortunately, though, it seems it has parted with their funds.
As some users have since pointed out on Twitter, it appears Prodeum might have been paying Fiverr users to write their brand on their bodies and post the images on social media.
Following a viral tweet pointing out the startup is likely puling a Houdini, the domain has since been updated to redirect to a certain Twitter account.
Still, the internet was quick to screenshot Prodeum’s dick move.
In addition to its website, Prodeum has since also purged its Twitter account. Similarly, TokenDesk – a website that promotes various initial coin offerings – has also removed Prodeum’s page from its platform. Instead, it now reads “404 Page Not Found.”
According to its white paper [PDF], Prodeum was founded by four individuals going by the names of Petar Jandric, Darius Rugevicius, Vytaustas Kaseta, and Rokas Vedluga. IBT has since unearthed a deleted LinkedIn profile which allegedly belonged to the Prodeum founder, Jandric.

---

Update: Rugevicius has since contacted TNW with the following statement:

Yesterday I became a victim of an identity theft. My name was used as a tool to attract investments into a project that I have neither no relation with nor ever heard of it before, I want to send my condolences to every Investor that has participated in the project named Prodeum. I will do my best to find and bring the people behind this violent act to justice. This event one more time proves how fragile our industry is and how important it is to conduct a thorough due diligence process before making an investment decision.

He also posted the same message on his LinkedIn.

---

It remains unclear precisely how much cash the startup has lifted from its investors, but its entry on ICO Watchlist indicates Prodeum completed 18 percent from its funding goal. For context, its white paper lists the soft and hard caps for the ICO at 2,100 and 5,400 ETH, respectively. The current price of Ethereum is $1,194, according to CoinMarketCap.
Prodeum is the latest cryptocurrency company to pull an exit scam.
Last year, a sketchy Bitcoin investment platform known as BitPetite suddenly went dark, leaving with all of its investors’ coins.
Only weeks later, another cryptocurrency company, called Confido, wiped its digital fingerprints and dashed off with its customers’ investments. The move came days after its founders said they’ve ran into legal obstacles.

Basically For Windows Users: Tricks To Keep Your Outlook Mail & Windows Account Secure

If you use Outlook.com (formerly
Hotmail) for email, it’s vital that you secure it properly. After all, your email is a gateway to nearly everything you do online.
But there’s another reason that your Outlook account is so important. Windows 10 allows you to sign into your PC with a Microsoft account. If you use this feature and someone steals your account password, you could be in big-time trouble.
Don’t let that happen! We’ll share some great security tips to make sure that nobody can gain access to your account

1. Set a Strong Password
The first tip is one of the most important: make sure your account password is strong. Using a weak password, such as one that’s short, obvious, or something you use on other sites, won’t cut it. A good password, should contain at least 10 characters with a mix of uppercase, lowercase, numbers, and symbols.
If you haven’t updated your password in a while, it’s a good idea to change it now. Log into your Outlook account, then click your name in the top-right corner of the page. Choose View account to access your Microsoft account settings.

On the resulting page, click the Change password link next to your email and under your profile picture. Confirm your current password, then enter a new one. If you like, you can also check a box that will force you to change your password every 72 days. This isn’t necessary if you use a strong password, but it’s not a bad idea to keep it fresh either.


2. Enable Two-Factor Authentication
You’ve hopefully heard about two factor-authentication (2FA). It requires something you have, usually a code from an app or text message, in addition to your password to log in. With this enabled, your password alone isn’t enough to log into your Microsoft account, protecting you if someone steals it.
To get started with 2FA, visit your Microsoft account page and select the Security tab along the top of the page. On the resulting Security basics screen, click the more security options text under the three boxes.

Under the Two-step verification header, click Turn on two-step verification. You’ll see a brief description of what this does. Hit Next to proceed.
Next, you’ll need to choose whether you want to use an app, phone number, or alternate email address for verification. Each method has pros and cons. We recommend picking An app because it’s the most secure and works even if your phone is offline.
Microsoft will push you to you use its authenticator app, but we recommend Authy instead. Once you install an authenticator app on your phone, select your mobile operating system from the list. Then scan the QR code with your app and enter the code to confirm. Make sure you copy down the recovery code before you click Finish.

If you’d rather not use an app, select A phone number or An alternate email address instead. Provide your mobile number or alternate email address, and Microsoft will auto-send a code to it via a call, text, or email. Enter that code to confirm, and you’re all set.

3. Don’t Share Your Account With Anyone
This might sound obvious, but it’s worth mentioning. Sharing email accounts is an easy way to open yourself up to hacks. With extremely rare exceptions, nobody else needs access to your email.
If you’ve ever shared your email password with a friend, or perhaps let someone online log into an account of yours, you need to change your password to lock those others out.

4. Use a PIN to Log In to Windows
If you use a Microsoft account to sign into Windows, then your Outlook email password is the same as your PC login password. While this seems convenient, it poses a risk in two ways.
First, the more secure your password, the less convenient it is to type it out. Thus, you might be tempted to shorten your email password to make signing into your PC faster. Second, if someone stole your PC password through a keylogger or some other method, they’d also have your email password.
A good solution to both of these issues is trying an alternate method of locking your PC. Windows offers a PIN and picture lock on all computers, and even fingerprint and face locks on Windows Hello-compatible machines. To enable an alternate method, visit Settings \> Accounts \> Sign-in options and click Add under the method you’d like to enable.

A PIN provides a good balance of security and convenience. Since PINs are local to one device, someone who stole it wouldn’t be able to log in to your Outlook email.

5. Review Recent Activity Regularly
Like most online accounts, you can review the history on your Outlook account whenever you like. This lets you confirm that unauthorized personnel haven’t signed into your account.
To check it, visit your Microsoft account security page and select the Review Activity button. Take a look through your recent sign-ins, and see if anything looks fishy. You can expand each entry to see what platform and browser it was from, along with whether the sign-in was a success or not.

If something doesn’t look right, click the Secure your account text under the map to rectify it.

6. Check Trusted Devices Registered to Your Account
You can sign into your Microsoft account on all kinds of devices. Thus, it’s smart to review where you’ve logged in once in a while to make sure your account isn’t tied to any old phones or PCs.
You can view devices associated with your account by visiting the Devices page. Have a look to make sure that every PC, phone, Xbox, and more are yours.

In addition, if you’ve had 2FA enabled in the past, it’s worth clearing out your list of app passwords. On your account page, head back to Security \> more security options. Under App passwords, click Remove existing app passwords and then Remove. This will sign you out of any devices that don’t support 2FA, like the Xbox 360 or mail apps on older phones.
Finally, you can click Remove all the trusted devices associated with my account here to force two-factor authentication on everything again.
This might all sound silly, but reducing the potential attack surface for your account is wise.

7. Be Aware of Phishing
Email phishing attempts to steal sensitive information from you by masquerading as a legitimate entity. If you’re not careful, this could lead you to hand over your Outlook account credentials.
Stay safe by never clicking links in emails — always visit the website directly. Don’t trust messages claiming that you need to verify your Outlook password to upgrade your mailbox, as they’re all bogus. Microsoft will never ask you for your password through email. And it isn’t going to call you about PC viruses.

8. Keep Your Recovery Information Current
The quickest way to get back into your Outlook account is by using a recovery email address or phone number. If you don’t add these before you get locked out, you’re going to have a much harder time unlocking your account.
You can add a new recovery address or check your existing ones by once again visiting the Security page of your Microsoft account. Click the Update Info button and you’ll see each of your existing contact entries. Hit Remove on any you no longer use, and make sure you have at least two alternate ways for Microsoft to contact you.

Click Add security info to add a new phone number or email address. You’ll have to verify new methods with a code sent to them. Click Change alert options to decide which contact methods receive account alerts.
If you don’t have a backup email, it’s worth creating another free account so you have this recovery option.

9. Password Protect Your PST File
We’ve focused on Outlook.com mail for these tricks, but if you use Outlook on your PC, there’s a special tip for you. As you might know, the desktop version of Outlook stores your email in a PST file. You can add a password to these files for a bit of extra protection if you like.
Microsoft advises that PST passwords don’t provide adequate protection against malicious attacks. Thus, a strong password on your PC account is the best line of defense for your local email. Also, this doesn’t work for Microsoft Exchange accounts (like those used with corporate email).
To password-protect a PST, open Outlook on the desktop and choose File \> Account Settings \> Account Settings. Switch to the Data Files tab and click the PST you want to protect (there may only be one). Hit the Settings button above, then click Change password. Add a password of 15 characters max, then click OK to set it.


10. Use Alias Accounts to Cover Your Real Address
Adding an alias to your email account lets you give out a different email address that still delivers email to your main inbox. You can use these to easily identify which sources send spam to your inbox. From a security standpoint, they also obfuscate your real address.
To add one, visit the Your Info tab on the Microsoft account website. Click Manage your sign-in email or phone number, then choose Add email. You can Create a new email address and add it as an alias, which will make a new @outlook.com address. Or you can add an existing email address as one.

Either way, you can use that address to sign into your Microsoft account. They all share a password, and you can send and receive email from any of them. Even better, if you click the Change sign-in preferences on the aliases page, you can prevent an alias from signing into your Microsoft account. This lets you create an alias for working with email, but prevent anyone from using it to break into your account.
Microsoft lets you add up to ten aliases in every calendar year. In addition, you can have no more than ten aliases on your account at one time.
Kindly Tell me the tools you use in securing your Outlook Mail. Also share the experience you’ve had with your email processes.

Path/Directory Transversal Attack (Explained + Filter Bypass Techniques)

Hello my fellow noob! Today we are going to learn what is Path/Directory Transversal Attack and the security risks associated with it.
Directory transversal is a an attack which can give read only access to directories and files lying on the web server to an attacker.
It may sound like LFI but its different.
You can execute files with LFI but you can’t do the same with directory transversal attack. As the name suggests, directory transversal gives access files as well as directory which isn’t possible with LFI.

Directory/Path Transversal Attack : Detection

Look at these two URLs:

example.com/load.php?file=image.jpg
example.com/admin/uploads/images/image.jpg

Which one looks like a potential target to you? First one? Good try.
Well both of them can be targeted, like this:

example.com/load.php?file=../../secret/key.txt
example.com/admin/secret/key.txt

Ummm lets try a real world example so you can understand better.
Here’s webpage which is prompting us for a download:

Its URL is:

www.example.com/files/modules/upload/download.php?id=159

Now lets remove download.php?id=159 from the URL and URL will become:

www.example.com/files/modules/upload/

Here we go!

Damn! Can you see that? We can upload files on the server right away.
Now lets shorten the URL even more,

www.example.com/files/modules/upload/

As soon as I visited this URL, I got redirected to the admin panel of this poor website.


Directory transversal is fun, isn’t it?
Many directory transversal vulnerabilities may show up like this as well:



Now lets remove /download.php from the URL



We have the index of their directories and files. We can browse through the file system by using this interface.
So this is the first case! We just altered the path present in the URL and got juicy pages!
Now lets take a look at second case, a case where you have no idea about the path like LFI.

example.com/view.php?load=lion.jpg

Exploitation of this kind of URL is as same as LFI so you can refer to my in depth article about Local File Inclusion.
Here are some techniques to bypass filters that aren’t mentioned in that LFI article:

Try %2f instead of / and %5c instead of \
Try using 16-bit Unicode encoding (. = %u002e, / = % u2215, \ = % u2216)
Try double URL encoding (. = %252e, / = %252f, \ = %255c)
Try overlong UTF-8 Unicode encoding (. can be %c0%2e, %e0%40%ae, %c0ae, / can be %c0%af, %e0%80%af, %c0%2f, etc, \ can be %c0%5c, %c0%80%5c)

Lets say there’s filter which appends .jpg at the end of value in parameter.
So example.com/view.php?load=lion
will be processed as example.com/view.php?load=lion.jpg
So /etc/passwd will be processed as /etc/passwd.jpg which will result in error.
We can bypass this by injecting newline (%0a) or null byte () character like this:

example.com/view.php?load=lion%0a.jpg

If the filter is removing / you can try // so the filter will be bypassed if it doesn’t check recursively. You can use \ instead of / in case of windows.
So thats pretty much all that I had in my mind.
I hope you enjoyed this tutorial.

Hacking Facebook Accounts With IDN Homograph Attack

Grab a cup of coffee and sit comfortably on your chair because shit is going to be serious today. Today we are going to learn IDN Homograph Attack and then we will use it to do phishing and….well lets keep the latter one a surprise.

Homographs

There are a lot of languages in the world and everyone wants to type in their own language thats why we have developed different characters for different languages. For example,

• Latin: A B C D E F G H I J K L M N O P Q R S T U
• Cyrillic: а б в г д е ж з и й к л
• Devnagri: ऄ अ आ इ ई उ ऊ ऋ ऌ ऍ
• Arabic: ﺵ ﺶ ﺷ ﺸ ﺹ ﺺ ﺻ ﺼ ﺽ

Feeling bored already? Ok here’s a question for you, is this character “а” is same as this one “a“?
No they are not the same. The first “а” is in Cyrillic while second “a” is in Latin. Such characters which have similar appearance are called Homographs. Our eyes may not see a difference between homographs but computers treat them as different characters.

Phishing with IDN Homograph Attack

Someone sends you this link facebokk.com/loot.php and when you open this it asks for your username and password. Will you enter your password? Maybe not because its facebokk.com and not facebook.com. So its clear that its phishing attack.
But today we are going to do phishing. Oh! Do you think phishing is an old technique?
Well I am going to change your thinking today. I will be using IDN Homograph Attack with social engineering to pull off a phishing attack.
Step 1. English is written in Latin script but I am going to buy this domain “fаcebook.com” (The a and o‘s are not in Latin, I have replaced them with Cyrillic characters). So our fаcebook.com is different than the original facebook.com.
I am buying this domain from namecheap.com



Wait…Do you see that weird looking domain name that I have marked? Well its meaning is fаcebook.com but the hosting service converted it to Punycode format. If you enter this punycode domain it will also get changed to fаcebook.com. Just host the website somewhere and move on to the next step.
Step 2. Our website is up and running. Now the only thing we need is a phishing page. No! I am not talking about that old login page thing. We are Ultimates so lets do something creative. Here’s how it looks:


This page asks for the profile URL of a person whom the victim wants to hack and when the victim clicks that Takeover button he gets the following popup









He has to enter his password to confirm his identity and as soon as he enters the password it gets saved on our server. The captcha form makes it more trust able.
Isn’t it beautiful? Well its time to make it even better.
Step 3. Take a look at these two screenshots:



First one is our fake website while second one is the original Facebook. Facebook and all other major websites use HTTPS instead of HTTP, we need to have it on our website too. To get HTTPS we need to get SSL certificate for our website. For this purpose, I will be using a free SSL certificate from here, its a 90 day trial actually.
Step 4. Finally! Everything is ready and now its time to deliver our fake webpage to our victim. But always keep in mind that “Do not send the phishing link directly.” I talked with the victim (he’s my friend) for nearly 5-7 minutes and then passed the phishing link:


Looks like he is going to fall into the trap….and he did.



Damn! The hacker got hacked! #Tango_Down
All I did was to create a phishing page which seems to be a part of facebook and doesn’t require you to enter username and password both. Facebook usually asks for a password to confirm something critical and I did the same so the victim didn’t get alerted.
Well you can use IDN Homograph attack in many ways if you are creative enough. Lets take a look at another example with a different approach.

Infecting Users With Cloned Websites

Kali.org is the official website for the Kali Linux. So I repeated the same steps, purchased the domain and got SSL certificate.
Then I cloned (copied all its pages) kali.org using a program named Httrack and edited some of the webpages to show that a new version of Kali Linux is available. The latest Kali Linux version is Kali Linux Rolling 2017.1. but I edited the cloned pages to show that Kali Linux Rolling 2017.2. is released.
Take a look at the release notes,



And I added a backdoored iso image to the available downloads



So I can give the release notes to someone who likes Kali Linux and they will surely fall into the trap and will download my malicious Kali Linux image which will give full control of his system to me.
You see? Homograph attacks can be used in many ways.
Now I am going to end this article right here. I hope you enjoyed it and learned something new.
Keep Learning! Keep Homographing! Keep Hacking!
If you liked this article than you may also like these:

A New stack-based Overflow Vulnerability found in AMD CPUs

 

Google master found another stack-based overflow vulnerability in AMD CPUs that could be misused by means of created EK certificates,
Chip makers are in the whirlwind, while media are keeps sharing news about the Meltdown and Spectre assaults, the security analyst at Google’s cloud security group Cfir Cohen revealed a stack-based overflow vulnerability in the fTMP of AMD’s platform Security Processor (PSP).
The vulnerability influences 64-bit x86 processors, the AMD PSP gives regulatory capacities like the Intel Administration engine.
The fTMP is the firmware usage of the Trusted platform Module that is a universal standard for a protected cryptoprocessor, The TPM is a committed microcontroller intended to secure equipment by incorporating cryptographic keys into gadgets.
Cohen uncovered that he revealed the vulnerability to AMD in September, the producer obviously had built up a fix by December 7. After the 90-day exposure window, Google chose to openly unveil the points of interest of the vulnerability since AMD did not make any move to take care of the issue.

“Through manual static analysis, we’ve found a stack-based overflow in the function EkCheckCurrentCert. This function is called from TPM2_CreatePrimary with user controlled data – a DER encoded [6] endorsement key (EK) certificate stored in the NV storage. A TLV (type-length-value) structure is parsed and copied on to the parent stack frame. Unfortunately, there are missing bounds checks, and a specially crafted certificate can lead to a stack overflow:” reads the security advisory.
“A firmware update emerged for some AMD chips in mid-December, with an option to at least partially disable the PSP. However, a spokesperson for the tech giant said on Friday this week that the above fTMP issue will be addressed in an update due out this month, January 2018.”

Cohen clarified that missing limits checks while dealing with a TLV (type-length-value) structure are the underlying driver of a stack overflow.
The vulnerability asks for the physical access as an essential, the master noticed that the PSP doesn’t actualize regular adventure alleviation systems, for example, stack treats, No-eXecute stack, or ASLR.
The exploit is difficult to abuse as affirmed by an AMD representative to The Enlist.

“an aggressor would first need to access the motherboard and afterward adjust SPI-Streak before the issue could be misused. However, given those conditions, the aggressor would approach the data secured by the TPM, for example, cryptographic keys.” said the AMD representative.

AMD intends to address the weakness for a predetermined number of firmware forms, the security updates will be accessible not long from now.

How To Identify Hashes?

Identifying Hash Algorithm

Before we start discussing about hash identification I want to tell you something real quick,
Hexadecimal Numbers: 0,1,2,3,4,5,6,7,8,9, a,b,c,d,e,f are called hexadecimal characters. To know more about hexadecimal numbers,read this WikiPedia entry.
Each hexadecimal number represent 4 bits. Now for example, the string “a26fe” contains 5 Hexadecimal characters so I can say its a 4 x 5 = 20 bit string. Easy? Great.
Now take a look at this hash, 5187942d399d4ed244068db70a11319e
It contains only hexadecimal numbers right? The number of characters in this hash is 32.
Hence the length of the hash in bits can be calculated as, 32 x 4 = 128 bits

Now here is a nice and short table of bit-lengths of different hash types:

Name	Length
MD2	128 bits
MD4	128 bits
MD5	128 bits
MD6	Up to 512 bits
RIPEMD-128	128 bits
RIPEMD-160	160 bits
RIPEMD-320	320 bits
SHA-1	160 bits
SHA-224	224 bits
SHA-256	256 bits
SHA-384	384 bits
SHA-512	512 bits
SHA-3 (originally known as Keccak)	arbitrary
Tiger	192 bits
Whirlpool	512 bits

Hmmm so the bit-length of our target hash is 128 bits and according the table above, it can be any of these four hashes:
MD2 (Designed in 1989)
MD4 (Designed in 1990)
MD5 (Designed in 1991)
RIPEMD-128 (Designed in 2004)
As you can see, MD5 is the newest 128 bit-length hash in MD Category so no one uses MD2 and MD4 now-a-days. So we can guess that its an MD5 or a RIPEMD-128.
Now ask yourself, which program generated this hash? Well in my case, I got this hash from an MySQL database while performing SQL Injection.
Now your experience and knowledge comes into play, I know that MySQL database management system usually store passwords as MD5 hashes so I know its an MD5 and not a RIPEMD-128. Windows use NTLM hashing algorithm, Linux use MD5, SHA-256 or SHA-512, Blowfish etc., Maria DBMS uses MD5 or SHA-1.
So here’s the conclusion:

1.  Find the bit-length of the hash and write down possible hash types
2. Use your common sense to make an educated guess

But if you are lazy then you can just use this website to make guesses for you. Or if you want something better then you can use a program named “Hash-identifier”.
Linux users can install it via the following command in the terminal

apt-get install hash-identifier

Using hash-identifier is a piece of cake. Run it and enter your hash and it makes really good guesses for you.

Do You Need To Learn Programming To Become A Hacker?

Do you need to learn programming if you want to become a hacker?
This is one of the most asked questions by beginners and the answer is NO.
No, you don’t need to understand all that complicated code if you want to become a hacker.
So should I end this article here? Naah…this topic requires some serious discussion so you can decide if you need to learn programming or not.
So lets imagine there are 3 friends named Skid, Anon and Elite, they all want to become hackers and they chose different paths. Now let me introduce you to them,

1. Skid:
This guys doesn’t know anything about programming. He learned hacking from step by step tutorials like How to hack a website with SQLMap or How to bypass windows 7 password. So he is good at using tools that are mostly used by hackers but he doesn’t know what happens in background of those tools i.e. how those tools work. So whenever he runs into a problem he has no idea whats wrong and he uses Google to find solution.

2. Anon:
This guy knows what is programming but he finds it boring and hard to learn. He knows how computers work, how Internet works and his has a good understanding of basic hacking concepts. He can use hacking tools too but unlike the Skid he knows what he is actually doing with the hacking tools i.e. how those tools work. So he has a better understanding of the situations he works in and can solves 50% of the problems he face right away.

3. Elite:
This guy knows programming and finds it fun to write programs. He also knows how computers and Internet work. He has also good knowledge of hacking concepts. He can use hacking tools and can also create his own with the knowledge of programming. With the deep understanding (due to programming) of things he can solve most of the problems he encounters in his journey.
So which one you want to be? Elite? Why? Why not Anon? Anon can do all the stuff as Elite except creating programs and solving problems.
Wait what? Problems? What kind of problems? Lets find out.
After completing their studies they needed a job for living so they went for interview together.
interviewer asked them what kind of job they are looking for? Pentester (a hacker who is hired by companies to check if their systems are secure or not).
Hmm so he asked them if they wanted the job of Pentester or a Programmer. Skid and Anon said Pentester and Elite said I am good at programming too but I will prefer the Pentester as hacking is my passion (Interviewer somehow impressed).
Interviewer said, Ok boys I will give you a challenge. You have to change our website’s homepage to a page saying “Hire Me!” and I will hire the first one to do that.
They agreed and started to try everything they could.
The skid has no idea where to start from. He checked for XSS and SQL Injection vulnerability but the website didn’t have one. Then he used vulnerability scanners to scan for vulnerabilities and they did pointed out to some vulnerabilities but he didn’t know how to use that report (LOL). Then he tried to hack the server itself with Metasploit but the server was patched to all the known vulnerabilities so he failed to exploit it too. So he spent his most of the time searching Google for things he could try to hack into the website.
In the other room Anon decided to hack into the server first but he failed because it was not vulnerable to any of the exploits available in Metasploit or exploit-db.com . Then he performed a vulnerability scan of the website and there were some vulnerabilities too but they were not serve enough to give him access to change the homepage of the website so he just kept trying to find a way.
In the other room there was Elite, he ran multiple vulnerability scans on the website and looked at the results but the vulnerabilities were not serve enough. He didn’t wanted to waste time so he fired up Metasploit and tried some suitable exploit but they all failed as the server was patched. Then he started to fuzz (we will learn about that later) the server and he came to know that the server has a vulnerability but sadly it was a new vulnerabilty so there was no exploit for it. But he was able to write exploits (he knew programming) and he wrote one. And in no time he was into the server, he went to the directory (folder) where the homepage of the website was saved and changed it with a simple HTML document saying “Hire Me!”.
In the other room, Anon found a Remote Command Execution vulnerability after analyzing the source code of the website and he was very happy. But it was too late as Elite hacked the website alread and got hired.
I will just leave this story here. So do you want to become Skid? Lol no. Anon? Much better. Elite? Yes.
So always keep in mind that Skid was a hacker and but he had not any knowledge but he was a hacker. Anon had knowledge and he was a hacker but he will met a dead end whenever something “New” happens. And then there comes the Elite, he had knowledge and write programs to automate his stuff. He can program his own malware, his own exploit and can deal with vulnerabilities better than Skid (lol why are we still counting him) and Anon.
So I think you want to learn programming now but which programming is good to start with?
The next article will explain that too.
Till then keep reading..keep learning.

Getting A Girlfriend : The Hacker’s Way – Part 2

Welcome back! In the previous part, I wrote about how I found her and stalked her like a creep. Now lets talk about what happened  after that.
So I sent her a phishing link which had a page like this:



I added the ‘Confirm with phone’ option to make it more trustable.
I was checking my mail every hour to see if she fell into the trap or not and after 12-13 hours I got her password and that was “IloveyouJatin”. Jatin was probably her boyfriend’s name.
I got a mini heart attack, but I decided not to go back. I had her password and I thought it would be easy to get access to her account because we live at a distance of 54 km so location based blocking would not be a problem.
But I was wrong, facebook asked me to confirm my identity by entering the OTP they would send at Neha’s phone number. I didn’t have access to her phone so I clicked on ‘No longer have access to these?‘ and then they asked me to upload a government issued ID proof.
Well that was a piece of cake for me, I downloaded an ID card that was available online and edited it with photoshop. I had her full name, picture, father’s name and date of birth so I just had to put them into the card.
So I uploaded it and they told me that they will contact me in a day or two.
In those two days, I got enough time to think about all the shit I did to her privacy. I took a deep breath and sent her a friend request from my own facebook account and messaged her a simple “Hi Neha“..
Luckily, she was online and she saw my message real quick. She accepted my friend request and started to type something and this was our convo:
She: Who are you?
Me: Umm we “met” like a week ago in the train , I was wearing a maroon shirt and was lying on the upper berth. Don’t you remember?
She: Oh hi. But how did you find me?
Me: *I told her how I got her number but not other stalking shit*
She: So much effort :p
Me: Yeah. Well I wanted to say that I think I am in love with you.
She: *typing*
Me: Hey! I don’t want to know your ‘answer’. I just wanted to express what I feel for you.
She: *stopped typing*
*pause of 10 seconds*
She: Oh alright
So we started to talk and became good friends in a month. I never tried to mess things between her and her boyfriend, I never texted her when she was chatting with Jatin.
Time passed and we had been talking since 8 months, our relationship grew stronger and we started sharing everything. I also told her how I stalked her and she was shocked but didn’t get annoyed.
And one day, we were a playing a game where you ask questions and the other one has to answer it honestly.
So she asked me ‘Do you love me?’
‘Yeah, I have fallen in love with you like three times. First, when I saw you laughing while you were adjusting your hair. Second, when I stalked you and third when I really got to know you.’ I replied.
She threw another question at me, ‘Why don’t you propose me again?’
I said, ‘Because you are in a relationship and I don’t want to be a problem. If we can chat like this everyday and can grow old together, I am ok with it’
She said, ‘You know what, we can be more than that. I think I have started to love you as well.’
I was shocked for real. I texted, ‘Really?’ but she went offline before reading my message.
I was very happy and nervous as well. Anyways, I went to sleep and when I woke up I saw something unexpected. She blocked me.
I went through all the conversation we had the previous day to find something that would have annoyed her but everything seemed fine.
My eyes got wet, but instead of crying in a corner I said to myself that this story can’t end like this.
I tried to log into her account with the 8 months old password ‘IloveyouJatin’ but failed. I tried some common passwords like qwerty1234, password, her number and also tried to log in with passwords like mylovejatin, ILoveJatin, ilovejatin, ilovejatin1 etc. but none of them worked. But hey she said she loves me so I entered IloveyouSomdev and I was in.
I opened her inbox and saw three messages from her boyfriend, Jatin:
– I will destroy your life.
– So don’t dare to talk to him again.
– Hi sweety.
That was really very disturbing. I read all the recent chats and found out that she told him that she wanted to break up because she started to love someone else (me :p ). And I don’t know why but he got angry at her and told her that if she tries to get in a relationship with someone else then he will morph her pics and will upload them online.
I was like, dude wtf? What kind of guy he is?
I unblocked myself and told her about what I saw and told her to go to police.
She: I can’t go to police. You don’t know him. His father is a very powerful person.
Me: It will be fun then. Give me 24 hours and he will be gone forever from your life.
She: How?
Me: You don’t know me. *Thug Life*
I turned off the chat and started to think of every single thing that I could do about it.
Two hours passed but I wasn’t able to make any solid plan.
I messaged Neha and asked her if she can send a link to her boyfriend, she said yes.
My plan was to get his IP Address and Browser so I can perform targeted attacks but then I decided to go further.
I opened up BeEF which is a Browser Exploitation Framework and I love it.
After that, I created a website and uploaded a webpage on it with title ‘10 things girls want from their boyfriend‘, the content was copied obviously.
Well it wasn’t a plain webpage, it contained a IP logger and a malicious script (used by BeEF).
That malicious script would help me takeover his browser if possible. Yeah I know BeEF logs the IP and stuff as well but I inserted the IP logger to make sure things don’t go wrong.
Alright, it was time for action!
No dude, not so fast! I had to focus on hiding myself too.
Well I live in a village and there’s city which is 7 km away from my village. I go to that city in like 1-2 times a week whenever I need to buy stuff. Well there’s a mobile shop and I use that shop’s WiFi connection to download movies whenever I have free time. Their WiFi password is 12345678 smh. So I went there, sat on stairs of the restaurant near it and spoofed my MAC Address. Then I connected to the WiFi and accessed their router’s web interface by entering the IP Address of the router in the address bar of my web browser. I got the IP Address of the router with ifconfig command. Login page or you can say the admin panel of the router opened up, you can find the default credentials for a router model with google but admin-admin works most of the times and it did. By having router access, I was able to port forward the ports and I forwarded port number 3000 so I can use BeEF.
Then I sent her the link and asked her to forward it to Jatin by saying something like “I will love this if you can do this to me in bed

I was sure that it would work because I am a boy.
So she sent him the link and boom!
BeEF got the session! He was using a PC, running Mozilla Firefox. I don’t remember exactly but I think it was Firefox 41.0 and the latest version at that time was 51.0 I guess so he was running an outdated version of Mozilla Firefox. I appreciate that.
I used the Pretty Theft module under the Social Engineering tab in BeEF interface.



He entered the credentials like 99% people do and got them. Hacking his facebook account wasn’t my motive, I wanted to get a shell over his PC so I started to prepare a payload which I could send through a plugin update or something.
Unfortunately, my laptop’s battery went down and I didn’t have the charger so I had to get back home.
First thing I did was to change my MAC Address again. Why? I will answer that later. After that, I removed the malicious script from the webpage I created and posted 2 other articles so it doesn’t raise any alarm. After that, I booted into Kali Linux Live and logged into Jatin’s account via tor browser and I used mobile version which doesn’t use javascript. I also turned on a tor bridge so I can hide the fact that I am using TOR.
I knew exactly what I had to do, I sent dick pics to all his relatives. After that I posted this from his account

I am D4RK_H4X0R from team BR0_C0D3. Our team helps innocent girls suffering from blackmailing and similar stuff. A girl reported that you are blackmailing her and thats why I am warning you to stop doing that. I know your father is a very powerful person but we have evidences which clearly proves his corrupted works. I have access to your younger sister Satakshi’s account as well and the nudes she sent to her boyfriend are really nice and they look even better in my porn collection. I have infected your phone as well as your computer as a gift. I hope you are wise enough to understand what I am trying to say. Otherwise I will destroy everything that your family possesses.
I live in Delhi, find me if you can.
Regards!

Every single thing I said in that post was a lie. My alias name and place was meant to disguise them. I said all other stuff to scare him because I am not a bad guy.
But yeah,
For  friends, I seek revenge. For love, I pour blood.
I logged out from his account and pulled out my live USB. Then I asked Neha to delete all chat between us and I deleted them from my side too. I don’t know what happened to that guy’s life after this but he never dared to contact her. It wasn’t easy to track me, I used a WiFi in first place so they would get the IP Address of that router and from there they could have get MAC Address of the devices but I spoofed mine. And in the later part, I used TOR *fingers crossed*.
After a week of this incident, I met Neha in her city Rewari. We hugged each other really hard. She kissed me on my left cheek and I kissed her on forehead. We talked for hours, holding hands. I confessed for everything I did in past and she looked in my eyes and said “My friends have BOYfriends, But I got a MANfriend.”