Facebook, Instagram, and WhatsApp are all experiencing issues this morning for users worldwide. Facebook and Instagram are both inaccessible, with news feeds refusing to refresh and the main Facebook.com domain unavailable.
Reports on Twitter suggest that some users are unable to send or receive messages on WhatsApp. On Instagram, feeds refuse to load or refresh.
On 14 February 2019, a convoy of vehicles carrying security personnel on the Jammu Srinagar National Highway was attacked by a vehicle-borne suicide bomber at Lethpora (near Awantipora) in the Pulwama district, Jammu and Kashmir, India.
In the retaliation, Indian I Crew Team hacked into several Pakistani websites showing their level of anger.
In the mean time I Crew hacked into one of the Pakistan’s renowned University portal. Following defacement was uploaded by the team.
It’s been a long time, since I wrote a blog. I hope this time I continue writing with a vulnerable machine walk through.
You can easily download image for this VM from vulnhub.
The walk through will be in detail. Let’s start with this machine.
I have already hosted this virtual machine in my vmware workstation. You will prompt with below image once you start pWnOS machine whether in vmware workstation or in virtual machine.
pWnOS machine booted
I have already logged into my Kali machine. Its time to get the IP address of pWnOS machine by a command utility prebuilt in Kali i.e. netdiscover as seen below:
Knowing about the services running on target machine helps to build an attack surface. We use Nmap; a command-line utility to find services running on various ports on target system.
Various ports are open, we see that MiniServ 0.01 (Webmin httpd) server is running on port 10000, after googling I found that the target system is using vulnerable version. Luckily I found an exploit in Metasploit.
Using the highlighted auxiliary module.
We see RPATH variable is set to /etc/passwd by default, let’s extract it:
Now set the RPATH variable to /etc/shadow and extract it too:
We got 5 hashes from shadow file, save the hashes in shadow.txt file as shown in command below.
John the ripper; a command-line utility will help to crack them using the following command:
john --wordlist=/usr/share/wordlists/rockyou.txt --fork=5 shadow.txt
Luckily, John cracked 1 hash out of 5.
This cracked hash helped us to login via SSH as shown below:
Let’s see what rights/privileges vmware (user) have:
As we saw vmware got no rights/privileges, we further investigate about the kernel.
After googling we found the following exploit for vulnerable version of kernel, you can easily find it in Kali via searchsploit.
Linux Kernel 2.6.17 < 126.96.36.199 - 'vmsplice' Local Privilege Escalation (2)
I have started apache2 web server on my kali machine to host this exploit publicly by the following command:
There is another method too. As we came across /etc/passwd, we saw that there were few users mentioned at the very end. Each user can login to pWnOS via SSH. Each user has authorized keys that are present in root directory but in a hidden directory .ssh, let’s get it via RPATH variable.
authorized key of vmware user
You might be thinking why we are interested in searching for authorized keys. Well, in this scenario we are lucky enough to have file disclosure vulnerability and we do have access to authorized keys file placed in home directory of each user. Each authorized key is mapped to RSA key.
Now from where to get RSA keys? Good question 😀 Google solved this problem too. Below link has a repository of keys both for 1024 and 2048 bits. But here we need 2048 bits of RSA keys.
On Monday, Zerodium, a startup that buys and sells hacking tools and exploits to governments around the world, announced price increases for almost everything they are looking for, such as iOS remote jailbreaks and Windows exploits. It said it will now pay security researchers $1,000,000 for exploits in WhatsApp, iMessage, and SMS/MMS apps for all mobile operating systems.
“Messaging apps in general and WhatsApp in particular are sometimes the only communication channel used by targets and end-to-end encryption makes it difficult for our government customers to intercept such communications,” Zerodium’s founder Chaouki Bekrar told Motherboard in an online chat. “So having the ability to remotely compromise these apps directly without compromising the whole phone is much more strategic and effective.”
The US National Counter-Intelligence and Security Center which is responsible for the security and counter intelligence efforts has started a campaign against cyber threats that are propagating over the companies in US. With all these threats and menaces the companies haven’t taken serious measures to counter themselves against cyber attacks.
Trump administration on Monday launched a drive to push US firms to better protect their trade secrets from foreign hackers, following a slew of cases accusing individuals and companies of economic espionage for China.
US companies have recently hit by recent attacks included Hewlett Packard Enterprise Co and International Business Machines Corp.
The US National Counter-Intelligence is worried about cyber attacks on US government agencies and the private sector from China, Russia, North Korea and Iran.
An alleged hacker who reportedly threatened to sell the personal details of 319 million iCloud users is having his day in court. IT analyst Kerem Albayrak, 21, filmed himself accessing accounts and posted the footage on YouTube, it was said.
Albayrak, who is Turkish, works as a freelance and founded firms Vasinity Digital and Verticle Media.
He then allegedly demanded more than $174,000 worth of Bitcoin and $1,100 iTunes vouchers from tech giant Apple in return for calling off his plan.
The digital revolution has immensely influenced our lives and today our lives heavily depend on the cell phones, gadgets, and computer machines. All of this tech –inventions have made our lives easier than ever before. Now we can make long and short cell phones calls within cheap rates, we can use social media apps such as Facebook, Yahoo, Line, Vine, Tinder, Whatsapp, Snapchat, and plenty of others alike.
The social media apps enable a user to make chat conversations, text messages, share media files such as photos and videos and last but not the least Voice messages through WhatsApp, IMO, Facebook and Telegram. Having all the advantages, the young generations, on the other hand, are getting trapped by cyber predators such as cyber bullies. Online bullies are present on the social messaging apps and they are in large numbers and always looking forward to approaching young kids and teens to tease, squeeze and humiliate them online. Therefore, parents really feel concerned for the online protection of the children.
Effects of cyber bullying on children
Online bullying has its dangerous effects on children, teens and even adults all feel very distressed and alone when being bullied online. The victim of cyberbullying really feel helpless and overwhelmed and they can feel embarrassment and they have to live with this unpleasant time and most of the victim such as teens feel ashamed of themselves is not able to deal with.
However, young kids and teens who are the victim of online bullying don’t want to visit the place again where he/she has been bullied such as particular social media platform or school in real-life. They remain under the continuous source of stress and worry. However, they may get health issues such as depression, anxiety, and psychotic disorders. However, young teens have reportedly attempted suicide after being bullied online or in real life number of times.
Cyber Bullying stats
20% of the young kids and teens who are being bullied online don’t want to go to the place where they bullied either online or in real life
5% of the victims start self –harming activities
3% of the victims especially teens commit suicide being bullied online
Mostly young kids and teens are more likely to bullied online while using Facebook social media app
28% of the teens and kids have reportedly bullied online using twitter
Protect children from cyber bullying using parental control app
First and foremost, all you need to do is to subscribe for cell phone spy app and you will get an email that contains credentials. Moreover, you need to get access to the target device and then install the mobile phone monitoring app on the target phone. When you have done with the installation process then activate it on the target device. Before you are completing the particular process, you will get a message on the screen either you want to use it secretly on the target device or not. Then chose the best option and activate on the target device. Furthermore, you need to use the passcode and ID in order to get access to the online control panel of the mobile phone surveillance software. Once you have got access to the dashboard of the mobile phone tracking app. Then you need to visit the cell phone tracking app tools in order to monitor your kids and teens to protect them from cyber bullying.
Use android monitoring app tools & protect teens from bullying
You can use IM’s social media and can view IM’s logs such as chat conversations, text messages, audio and video conversations, shared media such as photos and videos and Voice messages. You can monitor live calls with secret calls recorder and record and listen to the live calls. You can also view text messages with text messages spy and can view SMS, MMS and heads up tickers notifications. However, you can do the live screen recording of all the instant messaging apps and get to know your children social media activities. Furthermore, you can remotely control your children activities and protect them from all online dangers and cyber predators including cyberbullies with remotely phone controller. You can view installed apps, block text messages, block incoming calls and block access to the internet on the target cell phone device. Moreover, you can track the location of kids and teens with GPS location tracker if they don’t come home once bullied online or in real life. This will really help you out to track their current and exact location.
If you’re worried about your children digital activities especially on social media apps and you don’t want your kids to be a victim of cyberbullying. Then you need to use the mobile phone spy app for androids and stay updated about kids and teens cell phone activities connected to the internet.
Are you interested in reading exploitation of vulnerable machine “Mr. Robot”? Click here to read complete walk-through.
Thinking to write and share guest blogs on kamranmohsin.com? Click here.
Mr. Robot is a vulnerable machine, which has different ports opened. The goal of this machine is to break the security of target machine and find the 3 keys stored in it. The walkthrough is explained below in detail.
Once you fire up Mr. Robot VM in your virtual box or vmware/player, you will get the below screen.
You can download Mr. Robot virtual machine from here.
Okay let’s try to break into the machine, hope you enjoy the journey with me 😀
1. Discover all the live hosts in a network with netdiscover.
2. Discover the running ports and applications running on it with nmap.
3. Discover all the directories on web server using dirb.
4. Check robots.txt file.
5. We got key 1 (out of 3 keys) that was placed in robots.txt file.
6. We found another file fsocity.dic that was also available in robots.txt. After opening it, we found that it is a wordlist with duplicated data. Therefore, we tried to compile a unique data and saved in shortfsocity.dsc.
Note: Target IP is changed below; it’s 192.168.1.46 and the local IP of my attacker [Kali] machine is 192.168.1.54
7. For http-post-form we got a http post request form.
8. After a little bit research with nikto/source code analysis, we found that the website is running WordPress, so we jumped onto /wp-admin or wp-login and tried fuzzing. The result was not fair enough, so we used fsocity.dic as a wordlist in hydra to bruteforce username and password.
9. We successfully got username and through the same wordlist file, we started finding password.
10. The username and password we got are Elliot and ER29-0652. Login through wp-login and see what we got interesting in WordPress dashboard. Luckily, we opened into the dashboard, now try to upload a reverse shell for remote connection. We uploaded Pentestmonkey’s php reverse shell in zip.
11. Unfortunately, I did not get remote connection (Shell) through plugins. I copied PHP reverse shell code and pasted in 404 page and the code successfully worked.
Note: IP should be of your kali machine.
12. Open netcat connection first on port 1234 that was specified in the php reverse shell code.
Open any random page on target IP that does not exist.
13. Let us see which shell we got with netcat.
14. We got a limited shell. Now we try for a bash shell. For that, we check if python is installed on target system. We a spawn a bash shell and got access to daemon account.
15. We got key 2 file but we didn’t have permissions to open it. We got access to another file that has a secret hash.
16. Let us try to break the hash first.
17. The hash was cracked and we got password of robot account that has access to key 2 file.
18. After getting 2 keys we moved into root folder but we were not able to open key 3 file due to limited privileges assigned for robot account.
We check if the applications running on target system can be used to get access to root account.
19. Look for any out dated service running on target system that we mounted in tmp directory.
20. Luckily, we found nmap (version 5.3.4) on target system, which provides interactive shell to get root access.
21. Through nmap (interactive mode), we achieved key 3 (out of 3 keys) in root folder that only a root account can access.
I personally give you a high-five and want to thank you for your contribution to this world. This is the most comprehensive list of Top 75 Hacker Blogson the internet and I’m honored to have you as part of this!
Also, you have the honor of displaying the following badge on your blog. Use the below code to display this badge proudly on your blog.”
Message from Anuj Agarwal; founder of Feedspot:
The Best Hacker blogs from thousands of Cyber Security blogs in our index using search and social metrics.
We’ve carefully selected these websites because they are actively working to educate, inspire, and empower their readers with frequent updates and high-quality information.
These blogs are ranked based on following criteria:
Google reputation and Google search ranking
Influence and popularity on Facebook, twitter and other social media sites
Quality and consistency of posts.
Feedspot’s editorial team and expert review
Top 75 Hacker Blogs Winners
CONGRATULATIONS to every blogger that has made this Top Hacker Blogs list! This is the most comprehensive list of best Hacker blogs on the internet and I’m honoured to have you as part of this! I personally give you a high-five and want to thank you for your contribution to this world.
If your blog is one of the Top 75 Hacker blogs, you have the honour of displaying the following badge on your site. Use the below code to display this badge proudly on your blog. You deserve it!
After a break of months, I finally urged myself to start writing information security blogs again. Hope, I do my best to deliver a valuable information to my readers. This time I’d be starting with writing walkthroughs and privilege escalation of vulnerable machines / capture the flag (CTF).
I picked Metasploitable virtual machine i.e. an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Mestaploitable version 2 can be downloaded from here. This virtual machine is compatible with VirtualBox, VMWare, and other common virtualization platforms. In this blog, we will try our best to cover privilege escalation in metasploitable 2 machine.
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user – read more.
Note: For privilege escalation we should get limited shell first.
In metasploitable 2, we can get limited shell through various services running on the system.
1. We used nmap (Network Mapper) to search for running services, and ended up finding telnet running with default username and password on metasploitable 2.
Telnet is a program used to establish a connection between two computers. It is inherently insecure because it transmits data in clear text.
On the Kali box, open a terminal, and telnet to the Metasploitable VM. Login with the ‘msfadmin:msfadmin’ credentials.
2.The logged in user is msfadmin (not root account).