HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixUSqNLiJT8UXG-FoA0p3l0U5CF1hTHfEyIBFdwRd5TPHJLErd6xHGabGzA7_KKkenJPrZE5RYlEVpOLUsCDRhVxWZOKSfymDuQDZPGK9-DyNhweZYg8baZ9RwuQfdx-lDDB5l2vyE41c/s1600/hking-gmail-for-free-custom-domain-email.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="hacking-gmail-for-free-custom-domain-email" border="0" data-original-height="640" data-original-width="1158" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixUSqNLiJT8UXG-FoA0p3l0U5CF1hTHfEyIBFdwRd5TPHJLErd6xHGabGzA7_KKkenJPrZE5RYlEVpOLUsCDRhVxWZOKSfymDuQDZPGK9-DyNhweZYg8baZ9RwuQfdx-lDDB5l2vyE41c/s320/hking-gmail-for-free-custom-domain-email.png" title="hacking-gmail-for-free-custom-domain-email" width="320" /></a></div><h3 style="background-color: white; border: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.75); font-family: "Open Sans"; font-size: 20px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; letter-spacing: 0.5px; line-height: 1.3em; margin: 0px; padding: 0px 0px 10px; text-transform: uppercase; vertical-align: baseline;"><br /></h3><h3 style="background-color: white; border: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.75); font-family: "Open Sans"; font-size: 20px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; letter-spacing: 0.5px; line-height: 1.3em; margin: 0px; padding: 0px 0px 10px; text-transform: uppercase; vertical-align: baseline;">HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL</h3><div style="background-color: white; border: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.5); font-family: "Open Sans", sans-serif; font-size: 14px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 1.7em; margin-bottom: 1.6em; padding: 0px; vertical-align: baseline; word-break: break-word; word-wrap: break-word;">When it comes to email providers, there's no competitor to Google's awesome features. It is efficient which connects seamlessly with the rest of your Google products such as YouTube, Drive, has a major application called Gmail Inbox, and is overall an extremely powerful email service. However, to use it with a custom domain, you need to purchase Google Apps for either $5 or $10/month, which for casual users is a bit unnecessary. On top of that, you don't even get all of the features a personal account gets, e.g. Inbox. So, here's a free way to use your Gmail account with a custom domain. I am just going to show you hacking Gmail for free custom domain email.</div><h3 style="background-color: white; border: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.75); font-family: "Open Sans"; font-size: 20px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; letter-spacing: 0.5px; line-height: 1.3em; margin: 0px; padding: 0px 0px 10px; text-transform: uppercase; vertical-align: baseline;">SO, HOW HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL</h3><div><div class="ethic-mid-before-h3" id="ethic-1743597682" style="background-color: white; border: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.5); font-family: "Open Sans", sans-serif; font-size: 14px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><h6 style="border: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.75); font-family: "Open Sans"; font-size: 14px; font-stretch: inherit; font-style: inherit; font-variant: inherit; letter-spacing: 0.5px; line-height: 1.3em; margin: 0px; padding: 0px 0px 10px; text-transform: uppercase; vertical-align: baseline;">PASSWORD: EHT</h6></div><h4 style="background-color: white; border: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.75); font-family: "Open Sans"; font-size: 18px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; letter-spacing: 0.5px; line-height: 1.3em; margin: 0px; padding: 0px 0px 10px; text-transform: uppercase; vertical-align: baseline;">STEPS:</h4><ul style="background-color: white; border: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.5); font-family: "Open Sans", sans-serif; font-size: 14px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 1.7em; list-style-image: initial; list-style-position: initial; margin: 0px; padding: 0.7em 0px 0.3em 1.143em; vertical-align: baseline;"><li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px 0px 0.7em; padding: 0px; vertical-align: baseline;">First, <a href="https://mailgun.com/signup" rel="external noopener" style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; text-decoration-line: none; vertical-align: baseline; word-break: break-word; word-wrap: break-word;" target="_blank">register with Mailgun</a> using your Gmail address. Use your Gmail only. Once you have clicked the confirm link, log in to the Mailgun website. Now you're in the dashboard, move on the right under "<strong style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Custom Domains</strong>", click "<strong style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Add Domain</strong>".<img alt="" class="aligncenter wp-image-1092" height="131" sizes="(max-width: 600px) 100vw, 600px" src="https://i1.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/1.png?resize=600%2C131" srcset="https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/1.png?w=1264 1264w, https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/1.png?resize=300%2C65 300w, https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/1.png?resize=768%2C167 768w, https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/1.png?resize=1024%2C223 1024w, https://i0.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/1.png?resize=610%2C133 610w, https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/1.png?resize=1080%2C235 1080w" style="border: 0px; box-sizing: border-box; display: block; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; height: auto; line-height: inherit; margin: 0px auto; max-width: 100%; padding: 0px; vertical-align: baseline;" width="600" /></li><li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px 0px 0.7em; padding: 0px; vertical-align: baseline;">Follow the setup instructions and set DNS records with whoever manages your DNS. Once you've done this, click on the "Routes" link on the top to set up email forwarding.</li><li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px 0px 0.7em; padding: 0px; vertical-align: baseline;">Now move to the <strong style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Route </strong>tab and click on <strong style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Create New Route</strong>.</li><li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px 0px 0.7em; padding: 0px; vertical-align: baseline;">As you click the button, you will see a page like below. Just enter the information as entered in the following screenshot.<img alt="" class="aligncenter wp-image-1093" height="289" sizes="(max-width: 600px) 100vw, 600px" src="https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/2.png?resize=600%2C289" srcset="https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/2.png?w=1115 1115w, https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/2.png?resize=300%2C144 300w, https://i0.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/2.png?resize=768%2C370 768w, https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/2.png?resize=1024%2C493 1024w, https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/2.png?resize=610%2C294 610w, https://i1.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/2.png?resize=1080%2C520 1080w" style="border: 0px; box-sizing: border-box; display: block; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; height: auto; line-height: inherit; margin: 0px auto; max-width: 100%; padding: 0px; vertical-align: baseline;" width="600" /></li><li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px 0px 0.7em; padding: 0px; vertical-align: baseline;">Just replace the quoted email with your desired email in the above-given screenshot.</li><li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px 0px 0.7em; padding: 0px; vertical-align: baseline;">Next, we'll setup SMTP configuration so we would be able to send emails from an actual server. Go to "<strong style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Domains</strong>" tab, click on your domain name.</li><li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px 0px 0.7em; padding: 0px; vertical-align: baseline;">On this page, click "Manage your SMTP credentials" then "New SMTP Credential" on the next page.<img alt="" class="aligncenter wp-image-1094" height="384" sizes="(max-width: 600px) 100vw, 600px" src="https://i1.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/3.png?resize=600%2C383" srcset="https://i1.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/3.png?w=731 731w, https://i0.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/3.png?resize=300%2C192 300w, https://i0.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/3.png?resize=610%2C390 610w" style="border: 0px; box-sizing: border-box; display: block; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; height: auto; line-height: inherit; margin: 0px auto; max-width: 100%; padding: 0px; vertical-align: baseline;" width="600" /></li><li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px 0px 0.7em; padding: 0px; vertical-align: baseline;">Type in the desired SMTP credentials. And, go to Gmail settings and click "<strong style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Add another email address you own</strong>". Once you open, enter the email address you wish to send from.<img alt="" class="aligncenter wp-image-1095" height="312" sizes="(max-width: 600px) 100vw, 600px" src="https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/4.png?resize=600%2C312" srcset="https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/4.png?w=858 858w, https://i1.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/4.png?resize=300%2C156 300w, https://i1.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/4.png?resize=768%2C399 768w, https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/4.png?resize=610%2C317 610w" style="border: 0px; box-sizing: border-box; display: block; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; height: auto; line-height: inherit; margin: 0px auto; max-width: 100%; padding: 0px; vertical-align: baseline;" width="600" /></li><li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px 0px 0.7em; padding: 0px; vertical-align: baseline;">In the next step, set the SMTP settings as follows.<img alt="" class="aligncenter wp-image-1096" height="306" sizes="(max-width: 600px) 100vw, 600px" src="https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/5.png?resize=600%2C306" srcset="https://i2.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/5.png?w=854 854w, https://i1.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/5.png?resize=300%2C153 300w, https://i0.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/5.png?resize=768%2C392 768w, https://i1.wp.com/www.ethicalhackingtutorials.com/wp-content/uploads/2018/03/5.png?resize=610%2C311 610w" style="border: 0px; box-sizing: border-box; display: block; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; height: auto; line-height: inherit; margin: 0px auto; max-width: 100%; padding: 0px; vertical-align: baseline;" width="600" /></li><li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px 0px 0.7em; padding: 0px; vertical-align: baseline;">After clicking "<strong style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Add Account</strong>" button, now you're done.</li><li style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px 0px 0.7em; padding: 0px; vertical-align: baseline;">The final step, make sure to set it to default email in the <strong style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Gmail settings > Accounts.</strong></li></ul><div style="background-color: white; border: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.5); font-family: "Open Sans", sans-serif; font-size: 14px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 1.7em; padding: 0px; vertical-align: baseline; word-break: break-word; word-wrap: break-word;">That's all. Now you got free Gmail custom domain with 10,000 emails per month. Hope it will work for you. If you find any issue, just comment below.</div><div class="quads-location quads-ad9" id="quads-ad9" style="background-color: white; border: 0px; box-sizing: border-box; color: rgba(0, 0, 0, 0.5); float: none; font-family: "Open Sans", sans-serif; font-size: 14px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><br style="box-sizing: border-box;" /><hr style="box-sizing: border-box;" /><strong style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Note: </strong>Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.</div></div></div><h3>Related articles</h3><br><ol><li> <a href="https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F05%2Fcareer-choice-tip-cybercrime-is-mostly.html ">Pentest+ Vs Oscp </a></li><li> <a href="https://www.google.pk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F04%2Fangrgdb-use-angr-inside-gdb-create-angr.html ">Hacking Images </a></li><li> <a href="https://www.google.mk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F01%2Fwawa-breach-hackers-put-30-million.html ">Pentest Tools Free </a></li><li> <a href="https://www.google.st/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F05%2Fhow-to-set-up-vpn-on-kodi-in-2-minutes.html ">Pentest Gear </a></li><li> <a href="https://www.google.lt/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2019%2F12%2Fhow-organizations-can-defend-against.html ">Pentest Azure </a></li><li> <a href="https://www.google.ml/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F01%2Fapplicationinspector-source-code.html ">Pentest Android App </a></li><li> <a href="https://www.google.mw/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2019%2F12%2Fsecretx-extracting-api-keys-and-secrets.html ">Pentest Firewall </a></li><li> <a href="https://www.google.ws/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F01%2Fdownload-state-of-security-breach.html ">Hackerx </a></li><li> <a href="https://www.google.tk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F03%2Fninja-open-source-c2-server-created-for.html ">Pentestbox </a></li><li> <a href="https://www.google.ie/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F05%2Fesp-ota-tutorial-with-tricks-incl-ota.html ">Hacking For Dummies </a></li><li> <a href="https://www.google.md/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F03%2Fthe-case-for-limiting-your-browser.html ">Hacking With Python </a></li><li> <a href="https://www.google.ly/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F03%2Freverse-engineering-introduction.html ">Pentest Example Report </a></li><li> <a href="https://www.google.hr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F04%2Ftentacle-poc-vulnerability-verification.html ">Pentest Practice Sites </a></li><li> <a href="https://www.google.so/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F03%2Fevil-ssdp-spoof-ssdp-replies-and-create.html ">Pentest Aws </a></li><li> <a href="https://www.google.to/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F05%2Fcatchyou-fud-win32-msfvenom-payload.html ">Hacking Linux </a></li><li> <a href="https://www.google.mw/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F04%2Fhunting-malware-with-powershell-hacoder.html ">Pentest Bootcamp </a></li></ol>

HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL When it comes to email providers, there's no competitor to Google's awesome features. It ...

Baca selengkapnya »

BurpSuite Introduction & Installation

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><br />What is BurpSuite?<br />Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.<br /><br />In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.<br /><br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQfnhsX-Crqgf_qKwEeWOvjNn00RmHEXDG9KxagHTQLz8ogwl6yrndoF5VIvSxpGVEMxQNDu-Yb5aZ6ngLM0WQh9XRtKVtSic1rInyCB6I-C2d0CPuPU6B2V7gwz2W___FvfE6ZrqDL9Q/s1600/tumblr_np71m42bXR1qedb29o1_400.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="234" data-original-width="400" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQfnhsX-Crqgf_qKwEeWOvjNn00RmHEXDG9KxagHTQLz8ogwl6yrndoF5VIvSxpGVEMxQNDu-Yb5aZ6ngLM0WQh9XRtKVtSic1rInyCB6I-C2d0CPuPU6B2V7gwz2W___FvfE6ZrqDL9Q/s320/tumblr_np71m42bXR1qedb29o1_400.gif" width="320" /></a></div><br /><br /><br /><br /><br /><br /><br /><br />Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.<br /><br />BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.<br /><br />Requirements and assumptions:<br /><br />Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed<br /><br />Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.<br /><br />on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/<br /><br /><br />If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait. <br /><br /><br />Video for setup and installation.<br /><br /><div class="separator" style="clear: both; text-align: center;"><iframe width="320" height="266" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/JRao1oHXYqk/0.jpg" src="https://www.youtube.com/embed/JRao1oHXYqk?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div><br /><br /><br />You need to install compatible version of java , So that you can run BurpSuite.</div><h5>Related word</h5><br><ul><li> <a href="https://www.google.rs/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F05%2Fnmap-tcp-connect-stealth-syn-scanning.html ">Hacking Site </a></li><li> <a href="https://www.google.ie/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F05%2Fpower-supplay-leaking-data-from-air.html ">Pentest Process </a></li><li> <a href="https://www.google.ru/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2019%2F12%2Fcyberrange-open-source-aws-cyber-range.html ">Pentest With Metasploit </a></li><li> <a href="https://www.google.bi/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F03%2Fmicrosoft-patch-tuesday-march-2020.html ">Pentest Training </a></li><li> <a href="https://www.google.rw/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F03%2Ffbi-arrests-alleged-owner-of-deerio-top.html ">Pentesting Tools </a></li><li> <a href="https://www.google.ee/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F05%2Fstrandhogg-20-evil-twin-proof-of.html ">Pentest Owasp Top 10 </a></li><li> <a href="https://www.google.mg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F01%2Fsaudi-prince-allegedly-hacked-worlds.html ">Pentest Firewall </a></li><li> <a href="https://www.google.cf/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F02%2Fqiling-advanced-binary-emulation.html ">Hacking Software </a></li><li> <a href="https://www.google.ee/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F03%2Ftea-ssh-client-worm.html ">Hacking Growth </a></li><li> <a href="https://www.google.bt/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F05%2Frepopeek-python-script-to-get-details.html ">Pentest Standard </a></li><li> <a href="https://www.google.af/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F03%2Fble-oximeter-hack-with-esp32-for-covid.html ">Hacker Keyboard </a></li><li> <a href="https://www.google.so/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F03%2Ftackling-privilege-escalation-with.html ">Pentest Ios </a></li><li> <a href="https://www.google.ae/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F03%2Fawspx-graph-based-tool-for-visualizing.html ">Hacking Attack </a></li></ul>

BurpSuite Introduction & Installation

What is BurpSuite? Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by i...

Baca selengkapnya »

Hacking Freemium Games - The Evolution Of PC Game Cheating

<div style="text-align: justify;">This post is going to be a rather strange post compared to previous ones. But bear with me, in the middle of the post you will see why this post fits the IT security topic.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">I'm also terribly sorry for not posting recently, but I was busy with my <a href="http://www.securitytube-training.com/online-courses/securitytube-python-scripting-expert/" target="_blank">SPSE</a> and <a href="http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/index.html" target="_blank">SLAE</a> certification. Both are recommended for Python and Assembly noobs like me. But back to this post.<br /><br /></div><h2 style="text-align: justify;">A little bit of history</h2><div style="text-align: justify;">Cheating in games started as help for game testers. By using invincibility or infinite ammo testers were able to test the game quicker, which meant less money spent on testing. I personally use cheat codes in games, depending on my mood. Sometimes it feels good to slash all the opponents while I'm invincible, sometimes it is more fun to play the game without cheats. One can argue whether cheating in games is OK or not, but I believe it depends, there is no black or white. But one thing is for sure, it is part of the gaming industry. There is huge demand for cheats. There were even cheat books printed on paper...</div><div style="text-align: justify;"><br /></div><div align="justify"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUaGSk9hgbeUEDKG9eIabN7N0OmR_e1Qii1x01kMkBFs1qS3ytExq5dC27a2yjrEEQMAFj7bHrpcMkHy6ttJvmdYAGa0fpoiGqR8IwxGVbqbP7Pu28Rfta4ixbFSTNMgazqLpddLbRkZhn/s1600/cheats10.jpg" style="margin-left: 1em; margin-right: 1em;"><img align="justify" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUaGSk9hgbeUEDKG9eIabN7N0OmR_e1Qii1x01kMkBFs1qS3ytExq5dC27a2yjrEEQMAFj7bHrpcMkHy6ttJvmdYAGa0fpoiGqR8IwxGVbqbP7Pu28Rfta4ixbFSTNMgazqLpddLbRkZhn/s1600/cheats10.jpg" width="228" /></a></div></div><div style="text-align: justify;"><br /></div><h2 style="text-align: justify;">The different types of cheats (on PC)</h2><div style="text-align: justify;">There are different types of cheats in PC gaming. Following is a noncomplete list of these cheats:<br /><br /></div><h3 style="text-align: justify;">Cheat codes</h3><div style="text-align: justify;">The good old IDDQD type of cheats. These are left in the game by the developers intentionally. Nothing interesting here.<br /><br /></div><h3 style="text-align: justify;">Edit memory</h3><div style="text-align: justify;">This is my favorite. I will talk about this at the end of the post. Whenever a user launches a new program, the program's whole memory is accessible (read/write) to every other program launched by the user. And since the memory stores the current game state (health, ammo, armor, etc.), these values can be changed easily. In the good old times, there were <a href="http://ready64.it/articoli/_files/043_pokesc64.txt" target="_blank">POKE</a> commands to do this cheats, and the memory address to write into was published by people who found where the game stores the most critical states about the game.<br /><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSoj_ajx-BKpNjXMtLVUKRCn6mgaSMVOHmHUbtNVsWASwgxMfSEOCfIb8VeKDJ2a3JeLBVvNmoWc2KsnnV-EkpdPaUgxBVRws1vFoPKH-cAMoRiWViXO1rHUqOdU8hF0EyPM88P_4E-aiU/s1600/hqdefault.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSoj_ajx-BKpNjXMtLVUKRCn6mgaSMVOHmHUbtNVsWASwgxMfSEOCfIb8VeKDJ2a3JeLBVvNmoWc2KsnnV-EkpdPaUgxBVRws1vFoPKH-cAMoRiWViXO1rHUqOdU8hF0EyPM88P_4E-aiU/s1600/hqdefault.jpg" width="400" /></a></div><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Code injection</h3><div style="text-align: justify;">This is like patching the game code. For example, one can change the "DEC (pointer to your current health)" instruction with NOP (do nothing), thus becoming invincible. In multi-player cheats, there is the aimbot to help you aim at enemies, wallhack to see through the wall, increase hitbox of the enemy for smoother hit, or in MMORPGs, one can write macros to collect items while the player is not online. I would say the so-called "<a href="http://en.wikipedia.org/wiki/Trainer_(games)" target="_blank">trainers</a>" more or less fit into this category and the previous one.<br /><br /></div><h3 style="text-align: justify;">Saved game editor</h3><div><div style="text-align: justify;">The first time a kid meets a hex-editor <i>(just like the co-author of this blog did with SIM City when he was 10 years old - David)</i>. It can teach a lot about file structures, the hexadecimal numeral system, etc. Fun times. </div><div style="text-align: justify;"><br /></div></div><h3 style="text-align: justify;">Hacking game server</h3><div><div style="text-align: justify;">Not very common, but even more fun. Warning: endless trolling possibilities in multi-player games ahead :) How to hack a game server? Well, I think this might deserve another full blog post ...</div><div style="text-align: justify;"><br /></div></div><h3 style="text-align: justify;">Network traffic hacking</h3><div><div style="text-align: justify;">One last necessary type of cheating is to modify network traffic between the client and the game server. AFAIK SSL is not universal in gaming, so stunnel is not needed for this hack, but ettercap can help in changing the communication.</div></div><div style="text-align: justify;"><br /></div><h2 style="text-align: justify;">Why cheating becomes more critical (and challenging)?</h2><div style="text-align: justify;">Now in the age of in-app-payments, the game creators are no longer thinking about cheats as funny things but something to be destroyed to the ground. Because cheating decreases its revenue. Or not. At least they think it does. To quote Wikipedia here, "cheating in such games is nonetheless a legal grey area because there are no laws against modifying software which is already owned, as detailed in the Digital Millennium Copyright Act." </div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">A lot of online games include anti-cheating components like PunkBuster, nProtect GameGuard, or Valve Anti-Cheat. This whole cheating/anti-cheating industry is the same as the virus/anti-virus industry. A cat and mouse game.<br /><br /></div><h3 style="text-align: justify;">Freemium games</h3><div style="text-align: justify;">If you have not played with "freemium" games, you should watch South Park season 18, episode 6. - "Freemium Isn't Free." If you did play with freemium games, you definitely have to watch it :) There are many problems with freemium games. It is free to install, free to play. The first 3-4 hours might be fun to play. But after that, it turns out it is impossible to advance in the game without paying money for it. And by spending cash, I mean spending a LOT! Let's have a look at today's example, an arcade racing video game.</div><div style="text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1zuucUbrYnBiyMYPyx5ToXFHbEdvZk5wEsRFbBM46PKboxdBJrYn17SWbySvYC0zOaoYdq9PhSYF56wnOrV09H0n32qwSdSQXNf_fCSiPFAWPhX0v2Jy3wNMUn4GE0obK0HvwCU1Qdiq4/s1600/asphalt1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1zuucUbrYnBiyMYPyx5ToXFHbEdvZk5wEsRFbBM46PKboxdBJrYn17SWbySvYC0zOaoYdq9PhSYF56wnOrV09H0n32qwSdSQXNf_fCSiPFAWPhX0v2Jy3wNMUn4GE0obK0HvwCU1Qdiq4/s1600/asphalt1.png" width="640" /></a></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">For 99.99 USD, you can get 3 000 000 credit. For almost double the price of a new PC game, you can get these credits. In this particular game, I estimate one have to play ~6-24 hours constantly to get this amount of credit. But by playing ~6 hours, I mean 6 hours without progress in the game! Kind of boring. And what do you get from 3 000 000 credit? You can buy one of the most expensive cars, but can't tune them fully. You have to play more (without progress) or buy more. But guess what, there are more cars you can't buy by only playing the game. Those are only available via in-app-purchase.<br /><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibor0EWTThyphenhyphenI0_soTXozTysGVTqzFJTLBqTHhUR0XZKrH3rQr6Tfa46pa0Rx1VKNR6bLEZO3KY7N15TavYhuIzP9EWASbE3m-rvRljDtqN_o_y9NP2v4fWRaDgLhueqcbB_Wm-63eG-Y8u/s1600/asphalt2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibor0EWTThyphenhyphenI0_soTXozTysGVTqzFJTLBqTHhUR0XZKrH3rQr6Tfa46pa0Rx1VKNR6bLEZO3KY7N15TavYhuIzP9EWASbE3m-rvRljDtqN_o_y9NP2v4fWRaDgLhueqcbB_Wm-63eG-Y8u/s1600/asphalt2.png" width="400" /></a></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Even though the player has 58 765 533 credits, it is not possible to buy this car. Only available through real money.<br /><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAvPqgmFDzszeOzxcicAD2XPVJ1l3xQ4fyhPzFfaRLfl2sFrRtH0iXYvvXT-vhE5ZgSaIveRZi_9qCDtXbAtC1WLhl2tWu0GigBf7T_XzuyALFKrotd2YOpaPjDviepReWd3z7hO9yjLuf/s1600/asphalt3.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="181" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAvPqgmFDzszeOzxcicAD2XPVJ1l3xQ4fyhPzFfaRLfl2sFrRtH0iXYvvXT-vhE5ZgSaIveRZi_9qCDtXbAtC1WLhl2tWu0GigBf7T_XzuyALFKrotd2YOpaPjDviepReWd3z7hO9yjLuf/s1600/asphalt3.png" width="400" /></a></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">So, what are your possibilities? You are either Richie Rich, and can afford the money to buy these. Or you can be insane, and try to play the game without in-app-purchase. Or give up the game and try another freemium ... Or, you can try to hack the game!<br /><br /></div><h2 style="text-align: justify;">Hack all the freemium games!</h2><div style="text-align: justify;">Although I was not playing this racing game from day one, I was able to witness the evolution of the cheats against this game. The cheats which worked in one day was not working one month later. The game is continuously updated to defeat the newly published cheats.<br /><br /></div><h3 style="text-align: justify;">Noob start</h3><div style="text-align: justify;">So, I want to hack this game, what is the first thing a noob like me does? <strike>Bing it!</strike> Google it! </div><div style="text-align: justify;">From the first page result, let's check this tool:</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimj7CRPSIgvrFpAlLXu6iqY27DeynjsQLofxeLXrAfiCnYJ9XQSkhwlMGZQ8FDsOjbsfE7vj3EoZotK_jcYr5qb_ZEYA88YO2sx-3C883Lqj0YmBWE0r9rKQ_RDj0QpvLQ15jQzw7FBIfL/s1600/Asphalt-8-Airborne-Hack-Tool-Screenshot.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimj7CRPSIgvrFpAlLXu6iqY27DeynjsQLofxeLXrAfiCnYJ9XQSkhwlMGZQ8FDsOjbsfE7vj3EoZotK_jcYr5qb_ZEYA88YO2sx-3C883Lqj0YmBWE0r9rKQ_RDj0QpvLQ15jQzw7FBIfL/s1600/Asphalt-8-Airborne-Hack-Tool-Screenshot.png" width="390" /></a></div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;">While trying to download that, I just have to give my email address to spammers, or my mobile number will be subscribed to premium rate text messages. What fun.</div><div class="separator" style="clear: both; text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii0r-2mQ8Mh-Ev7FGM86vTIERBoIJFgxUpK-5a_2y5hbhoOF-xLrzlnKOz2mdEngM0pOOAJOpOM8qeXrdjIOscC-jc7vk-w5SAbIY5KA7MinkScJnIW2pYk60sehmakyV3riXXnb18AaGC/s1600/asphalt4.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="313" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii0r-2mQ8Mh-Ev7FGM86vTIERBoIJFgxUpK-5a_2y5hbhoOF-xLrzlnKOz2mdEngM0pOOAJOpOM8qeXrdjIOscC-jc7vk-w5SAbIY5KA7MinkScJnIW2pYk60sehmakyV3riXXnb18AaGC/s1600/asphalt4.png" width="400" /></a></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Another "cheat" program will install malware/adware on your computer. <b><u><span style="color: red;">Never ever try these programs.</span></u></b> They are fake 99% of the time and after installing those you will have another problem, not just how to hack freemium games.<br /><br /></div><h3 style="text-align: justify;">Beginners start - Cheat engine</h3><div><span style="text-align: justify;">When I first heard about hacking games in memory, I visualized hours of OllyDBG/ImmunityDBG/(insert your favorite Windows debugger here). It turned out, there are some specialized tools to help you with cheating the game. No assembly knowledge required. My favourite tool is </span><a href="http://www.cheatengine.org/downloads.php" style="text-align: justify;" target="_blank">CheatEngine</a><span style="text-align: justify;">. I highly recommend to download it and spend 10 minutes to get past the built-in tutorial levels to get a feeling about this tool. It's super duper awesome.</span><br /><span style="text-align: justify;"><br /></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsOT7DZVrcTPqE8avUlAgKfwXvbrkPxSqi0myyHvqhuA60AMrkirCbRNevw4iMebv0vYOueu6soUmJ9ld0P3eWZ3MM_qBREFgIfkNgR3MhbPYAN_ZuRNprkbCgI-ZkGh2XdO7-xveQ16EB/s1600/cheat.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="468" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsOT7DZVrcTPqE8avUlAgKfwXvbrkPxSqi0myyHvqhuA60AMrkirCbRNevw4iMebv0vYOueu6soUmJ9ld0P3eWZ3MM_qBREFgIfkNgR3MhbPYAN_ZuRNprkbCgI-ZkGh2XdO7-xveQ16EB/s1600/cheat.png" width="640" /></a></div><div><span style="text-align: justify;"><br /></span></div><div><span style="text-align: justify;"><br /></span></div><div><div style="text-align: justify;">When I first tried to hack this game myself, I scanned the memory for my actual credit and tried to change that, no luck. Keep reading, you will see what happened.<br /><br />The second cheat I tried with cheat engine was <a href="https://www.youtube.com/watch?v=kz9k4vOpns0" target="_blank">something like this</a>: </div></div><div><ol><li style="text-align: justify;">Start the game, play the first level, and check how many credits is paid for winning the race. Pro tip: use dual display for full-screen game cheating.</li><li style="text-align: justify;">Restart the same level, attach Cheat Engine to the game's process</li><li style="text-align: justify;">Scan the memory for the same value at the beginning of the race</li><li style="text-align: justify;">Scan the memory for the same value at the end of the game. The intersect of the first and second scan includes the real value where the credit is stored for winning the race.</li><li style="text-align: justify;">Change the values (both the real one and some false positives) to something big</li><li style="text-align: justify;">Watch the game to crash</li><li style="text-align: justify;">Be amazed at the money you received</li></ol><div><div style="text-align: justify;">Nowadays, most of the cheats on YouTube does not work. Except for these <a href="https://www.youtube.com/watch?v=f5a3CGVLwAI" target="_blank">kind of cheats</a>. I don't want to recreate that tutorial, so you should watch it first then come back.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBSjOZ4kT9E5lsOXEVf_OTxI7iTH84lBD7AvKIrkxWrv5B4aN5AW_HBCdGpchLvVYA2FG21mRmwGYvZvkefcAtRTryQw7Um1ixu7-2-ztidxa51msQSGpeyBZ9FwRwKmUR5UosXqyXHH2I/s1600/asphalt5.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBSjOZ4kT9E5lsOXEVf_OTxI7iTH84lBD7AvKIrkxWrv5B4aN5AW_HBCdGpchLvVYA2FG21mRmwGYvZvkefcAtRTryQw7Um1ixu7-2-ztidxa51msQSGpeyBZ9FwRwKmUR5UosXqyXHH2I/s1600/asphalt5.png" width="616" /></a></div><br /><br /></div></div></div><div><div style="text-align: justify;">Are you back? Great. Do you have any idea what have you just seen? No? Well, in this case, don't try this at home. Copy-pasting <a href="http://blog.zoller.lu/2009/07/0pen0wnc-shellcode-dissasembled.html" target="_blank">assembly code from random internet posts</a> and running on your computer is always a bad idea. It is precisely as risky as downloading free programs from random internet sites.<br /><br />Although I have not seen people trolling others with this cheat engine type of shellcode, I think the time will come when these will be turned into something terrible. These shellcodes might work, or might harm your computer. The good news is, we can have a look at the code and analyze it. </div></div><div><div style="text-align: justify;"><br /></div></div><div><div style="text-align: justify;">When you open CheatEngine and try to define a new custom type, you are greeted with a skeleton assembly code. I don't want to detail what all the skeleton code does, let's just focus on the difference between the skeleton code and the code used in the video. This is the "decrypt function":</div></div><div><div style="text-align: justify;"><br /></div></div><pre class="prettyprint">xor eax, 0baadf00d<br />rol eax, 0e<br /></pre><div style="text-align: justify;"><br /></div><div><div style="text-align: justify;">What does it mean? The actual credit is encrypted in memory. If you want to scan it in memory, you won't be able to find it. But! The encryption is rotating the value to the right (ROR) with 0xE (14 in decimal), and after that, it is XOR-ed with 0xbaadf00d. Decrypting it is the inverse of the functions in reverse order (in this particular case, the order does not matter, but that's not the point). The inverse function of XOR is XOR, and the inverse function of ROR (rotate right) is ROL (rotate left). Now that we analyzed the assembly code, we can be sure that it is safe to execute. Just follow the video and see your coins falling from the sky. For free. In a freemium game. Have fun!<br /><br /><h3>Encrypt memory - applications at financial institutions</h3></div><div style="text-align: justify;">Another exciting thing is that I don't recall any thick client applications in the financial industry encrypting the values in memory. And I agree, there are more significant problems with thick client applications than not encrypting the essential values in memory. But still, some thick client applications are regularly updated, maintained. Maybe it is a good idea to encrypt the values in memory. It will make attackers' life harder. Not impossible, but harder. Perhaps the developers of these applications should learn from the gaming industry (or from malware developers for that matter) because it is a shame that an arcade racing game or an FPS is protected better than an application responsible for transacting millions of dollars. Just think about the RAM scraping malware stealing millions of credit card data ...<br /><br /></div><h2 style="text-align: justify;">Moral of the story</h2></div><div style="text-align: justify;">Cheating is part of the gaming history, and the freemium games are trying to take away the cheats from the gamers because they want money. Thanks to CheatEngine and some clever hacks, these programs can be still beaten. And guess what, there is CheatEngine for Android - although it did not work for me on the latest Android. And sometimes, hacking all kinds of applications can be more comfortable with CheatEngine, compared to traditional debuggers.<br /><br />Also, always check the code before executing it! And when you find something cool, publish it, so everyone could enjoy the games!<br /><br /><br /></div><h2>Related word</h2><br><ol><li> <a href="https://www.google.bg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F04%2Fs3reverse-format-of-various-s3-buckets.html ">Hacker Google </a></li><li> <a href="https://www.sogou.com/tx?query=site%3Avideo.hacking.reviewspage=52&ie=utf8 ">Hacking The Art Of Exploitation </a></li><li> <a href="https://www.google.hn/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2019%2F11%2Fboost-your-personal-security-with-these.html ">Pentest </a></li><li> <a href="https://www.google.so/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F02%2Faduket-straight-forward-http-client.html ">Pentestgeek </a></li><li> <a href="https://www.google.gm/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F04%2Firongeek-cast-162-im-fool-for-you.html ">Pentestlab </a></li><li> <a href="https://www.google.jp/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F05%2Fhttp-status-codes-command-this-malware.html ">Pentest Basics </a></li></ol>

Hacking Freemium Games - The Evolution Of PC Game Cheating

This post is going to be a rather strange post compared to previous ones. But bear with me, in the middle of the post you will see why this ...

Baca selengkapnya »

Linux Command Line Hackery Series - Part 5

<div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7tnxJogghQUO1fDJxGC3dbMvyhc8X_TS73gkb2ICSTowwClWbQl_9wkhJgGTg61X-A9WDvffp3qlheUzNTzcTcUTsiPmo1KjGYnZSYXsrgkOULFeFpOGyaUGJP3puuLzI7bBv3fK0oyw/s1600/cmd5.png" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7tnxJogghQUO1fDJxGC3dbMvyhc8X_TS73gkb2ICSTowwClWbQl_9wkhJgGTg61X-A9WDvffp3qlheUzNTzcTcUTsiPmo1KjGYnZSYXsrgkOULFeFpOGyaUGJP3puuLzI7bBv3fK0oyw/s1600/cmd5.png" /></a></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Welcome back to the Linux Command Line Hackery series, this is Part-V of the series. Today we are going to learn how to monitor and control processes on our Linux box, so wrap your sleeves up and let's get started.</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Command:    <b><span style="color: #38761d;">ps</span></b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Syntax:           <b><span style="color: #38761d;">ps </span><span style="color: #741b47;">[options]</span></b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Description:  ps displays information about the currently running processes. Some of the common flags of ps are described briefly below</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Flags: </span><br /><b style="font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;"><span style="color: #990000;">  -A</span></b><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"> </span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">or </span><span style="color: #990000; font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><b>-e</b></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"> -> select all processes</span><br /><b style="font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;"><span style="color: #990000;">  -a</span></b><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"> -> select all processes except both session leaders and processes not associated with a terminal.</span><br /><b style="font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;"><span style="color: #990000;">  T</span></b><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"> -> select all processes associated with current terminal</span><br /><b style="font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;"><span style="color: #990000;">  -u</span></b><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"> </span><span style="color: #741b47; font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><username or id></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"> -> select all processes of a given user or userlist</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Open up a terminal and type ps:</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="color: #38761d; font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><b>ps</b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">what you'll see is a list of processes currently running in your terminal. One important thing to notice in the output is what's called as PID which stands for process ID. It is the number that uniquely identifies a process. Just keep that PID concept in mind we'll use it soon.</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">OK I know that's not really what you want to see rather you want to see all the processes that are currently running on your box. Don't worry we have flags to rescue, in order to see all the processes you can use the -e flag like this:</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><b><span style="color: #38761d;">ps </span><span style="color: #990000;">-e</span></b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Boom! you get a long list of processes currently running on your machine (don't stare at me like that, you asked and I gave you that). If you want to see processes of a particular user you can type the following command in your terminal:</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><b><span style="color: #38761d;">ps </span><span style="color: #990000;">-u </span><span style="color: #741b47;">bob</span></b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">here "bob" is a username. This command will list all processes of the user with effective user name of bob.</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">You can do a full-format listing of the processes using the -f flag like this:</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><b><span style="color: #38761d;">ps </span><span style="color: #990000;">-fu</span><span style="color: #38761d;"> </span><span style="color: #741b47;">bob</span></b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">But the output of the ps command is a snapshot not really a live preview of what is going on in your box. I know your next question is going to be something like this, Isn't there a command in Linux that gives me a live updating information of the processes? Yes, there is a command called top that we'll learn about next.</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Command:   <b><span style="color: #38761d;"> top</span></b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Syntax:           <b><span style="color: #38761d;">top </span><span style="color: #741b47;">[options]</span></b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Description:  top gives a dynamic real-time view of a running system. That is, it gives the up-to-date information about all the processes running on your Linux box (sounds fun!). Besides giving information about current processes and threads top also provides a brief system summary.</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">To start top just type this command:</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><b style="font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;"><span style="color: #38761d;">top</span></b><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">and you'll get a nice and cute looking ugly display :). Well what the heck is going on here you might ask, right? What you get is information about what is going on with your computer. To see what more can you do with top just type <h> within the program window and you'll be given list of options that you can play with.</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">OK looking at what processes are going on in your box is cool but what if you want to terminate (or close) a process, is there a command line utility for that? Yes, there is and that's what we are going to look at next.</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Command:   <b><span style="color: #38761d;">kill</span></b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Syntax:          </span><b style="font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;"><span style="color: #38761d;">kill </span></b><span style="color: #741b47; font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><b>[options] <pid> [...]</b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Description:  kill is used to send a signal to process which by default is a TERM signal meaning kill by default sends a signal of termination to process (Cruel guy). To list the available signals we can use the<b><span style="color: #990000;"> -l</span></b> or <span style="color: #990000;"><b>-L </b></span>flag of the kill command.</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">To simply terminate a process we provide kill command a PID (process ID) and it will send the TERM signal to the process. So to kill a process first we'll list the running processes and then we'll keep the PID of the process in mind that we want to terminate. After that we'll issue the kill command with the PID that we just found.</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><b><span style="color: #38761d;">ps </span><span style="color: #990000;">-ax</span></b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><b><span style="color: #38761d;">kill </span><span style="color: #741b47;">1153</span></b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">the above command will send a TERM signal to the process whose PID is 1153, as simple as that.</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">We can also use our already learned skills to refine the output of ps command. Say we have a xterm terminal running on our box and we want to terminate it. By using ps command all alone we'll get a long listing of all processes running on our box. But we can limit the output of ps command to just those processes that we're interested in by piping ps command with the grep command like this:</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><b><span style="color: #38761d;">ps </span><span style="color: #990000;">-ax</span><span style="color: #38761d;"> </span><span style="color: #351c75;">| </span><span style="color: #38761d;">grep </span><span style="color: #741b47;">xterm</span></b></span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">wow! that's amazing, we're able to pull out only those results from the ps command that contained xterm in them. Isn't that a cool trick? But what is that vertical bar ( <b>| </b>) doing in the middle, you may be thinking, right? Remember we learned about the input and output re-directors previously, the vertical bar (pipe in geeky terms) is another re-director whose task is to redirect the output of one command as input to another command. Here the pipe redirects the output of ps -ax command as input to grep command and of-course from the previous article you know that grep is used to search for a PATTERN in the given input. That means the above command searches for the xterm word in the output of ps -ax command and then displays just those lines of ps -ax command which contain xterm. Now get that PID and kill that process.</span><br /><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">That's it for today, try these commands up on your own box and remember practice is gonna make you master the Linux command line. :)</span><br /><div><br /></div></div><strong>Read more</strong><br><ol><li> <a href="https://www.google.iq/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2019%2F11%2Fcustom-header-automatic-add-new-header.html ">Hacker Computer </a></li><li> <a href="https://www.google.im/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F01%2Fandrol4b-virtual-machine-for-assessing.html ">Pentest Vs Red Team </a></li><li> <a href="https://www.google.to/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F03%2Fble-oximeter-hack-with-esp32-for-covid.html ">Pentest Questions </a></li><li> <a href="https://www.google.cz/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F05%2Fweb-hackers-weapons-collection-of-cool.html ">Hacking Hardware </a></li><li> <a href="https://www.google.to/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2019%2F12%2Fseeker-v121-accurately-locate.html ">Hacker Computer </a></li><li> <a href="https://www.google.by/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F01%2Fhershell-multiplatform-reverse-shell.html ">Pentest Documentation </a></li><li> <a href="https://www.google.nr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F04%2Fnew-android-malware-steals-banking.html ">Pentest Tools </a></li><li> <a href="https://www.google.to/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2019%2F11%2Fjaeles-swiss-army-knife-for-automated.html ">Pentest Report Generator </a></li></ol>

Linux Command Line Hackery Series - Part 5

Welcome back to the Linux Command Line Hackery series, this is Part-V of the series. Today we are going to learn how to monitor and control ...

Baca selengkapnya »

Takeover - SubDomain TakeOver Vulnerability Scanner

<div dir="ltr" style="text-align: left;" trbidi="on"><article><div class="post-body entry-content" id="post-body-6758608030969523863" itemprop="articleBody"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWjWTfp8HZnPhaXwbe-fkHwC3WD2oTr0BzKUlqH-9wevg0V5wwqkiGHAtDBpV7q3OVJzeBLRaoL1ZellZAqSay7GrW-C1DshgeALk-LQOL534J04C2mpxCRC3xV3LZnH0pDPAT5o9hK6I/s1600/takeover_1_screen.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="438" data-original-width="1148" height="244" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWjWTfp8HZnPhaXwbe-fkHwC3WD2oTr0BzKUlqH-9wevg0V5wwqkiGHAtDBpV7q3OVJzeBLRaoL1ZellZAqSay7GrW-C1DshgeALk-LQOL534J04C2mpxCRC3xV3LZnH0pDPAT5o9hK6I/s640/takeover_1_screen.png" width="640" /></a></div><br /><span style="font-family: Arial, Helvetica, sans-serif;">Sub-domain takeover vulnerability occur when a sub-domain (<strong>subdomain.example.com</strong>) is pointing to a service (e.g: <strong>GitHub</strong>, <strong>AWS/S3</strong>,..) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if <strong>subdomain.example.com</strong> was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a <strong>CNAME</strong> file containing <strong>subdomain.example.com</strong>, and claim <strong>subdomain.example.com</strong>. For more information: <a href="https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/" rel="nofollow" target="_blank">here</a></span><br /><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.blogger.com/null" name="more"></a><br /></span><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><b>Installation:</b></span><br /><pre><code># git clone https://github.com/m4ll0k/takeover.git<br /># cd takeover<br /># python takeover.py</code></pre><b><span style="font-family: Arial, Helvetica, sans-serif;">or:</span></b><br /><pre><code>wget -q https://raw.githubusercontent.com/m4ll0k/takeover/master/takeover.py && python takeover.py</code></pre><br /><br /><div style="text-align: center;"><b><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><a href="https://github.com/m4ll0k/takeover" rel="nofollow" target="_blank">Download Takeover</a></span></b></div></div></article><div style="clear: both;"></div><div class="post-footer"><div style="text-align: center;"></div></div></div><strong>More articles</strong><br><ol><li> <a href="https://www.google.td/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F05%2Fhackthebox-resolute.html ">Pentesting </a></li><li> <a href="https://www.google.gp/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F03%2Firongeek-cast-161-muh-muh-muh-my-corona.html ">Pentest Owasp Top 10 </a></li><li> <a href="https://www.google.dz/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2019%2F12%2Fspraykatz-tool-able-to-retrieve.html ">Pentest Network </a></li><li> <a href="https://www.google.ng/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2019%2F12%2Fsharphide-tool-to-create-hidden.html ">Pentest Red Team </a></li><li> <a href="https://pr.search.yahoo.com/search?p=site%3Ahacking.reviews&fr=yfp-t&fp=1&toggle=1&cop=mss&ei=UTF-8&fp=1&b=191&pz=10&bct=0&xargs=0 ">Hacking With Linux </a></li><li> <a href="https://www.google.dk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F02%2Fgadgetinspector-byte-code-analyzer-for.html ">Hacking Youtube </a></li></ol>

Takeover - SubDomain TakeOver Vulnerability Scanner

Sub-domain takeover vulnerability occur when a sub-domain ( subdomain.example.com ) is pointing to a service (e.g: GitHub , AWS/S3 ,..) that...

Baca selengkapnya »

Many Ways Of Malware Persistence (That You Were Always Afraid To Ask)

<div style="text-align: justify;">TL;DR: Are you into red teaming? Need persistence? This post is not that long, read it ;)</div><div style="text-align: justify;">Are you into blue teaming? Have to find those pesky backdoors? This post is not that long, read it ;)</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">In the <a href="http://jumpespjump.blogspot.com/2015/03/thousand-ways-to-backdoor-windows.html" target="_blank">previous post</a>, I listed different ways how a Windows domain/forest can be backdoored. In this new post, I am digging a bit deeper, and list the most common/known ways malware can survive a reboot, just using local resources of the infected Windows system. The list is far from complete, and I would like to encourage everyone to comment on new methods, not yet listed here. </div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">From an incident response point of view, one of the best strategies to find malware on a suspicious system is to search for suspicious entries that start with the system. In the good old days, you had to check for 2-3 locations to cover 99% of the infections. Nowadays, there are a thousand ways malware can start. The common ones automatically start whenever Windows starts (or the user logs in), but some tricky ones are triggered by other events.</div><div style="text-align: justify;"><br /></div><div><h2 style="text-align: justify;">Autoruns</h2><div><div style="text-align: justify;">My favorite choice when it comes to malware persistence is Sysinternals tools, Autoruns. In this paragraph, I mainly quote the official built-in help, but bear with me, it is still interesting.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">On a side note, there are some problems with the Autoruns tool: it can only run on a live system. (EDIT: This is not true, Autoruns can analyze offline systems as well! Thanks to a comment from Justin.) And usually, this is not the case - I usually have dd images. And although VBoxManage can convert the dd images to VirtualBox disk image format, usually I don't have the time and storage to do that. This is where xmount awesomeness is here to rescue the day. It can convert dd and Encase images on-the-fly in-memory to Virtualbox format. Just attach the disk image to a new Virtualbox machine as the main boot HDD, modify the CPU/disk/controller settings until Windows starts instead of crashing, and voila, you can boot your forensic image - without modifying a single bit on the original evidence dd file. Another problem with malware analysis on a live system is that a good rootkit can fool the analyst easily. </div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">For quick wins, I usually filter out Microsoft entries, look for per-user locations only and check for unverified (missing or invalid Authenticode) executables. This usually helps to find 90% of malware easily. Especially if it has a color like purple or pink, it is highly suspicious. To find the rest, well, one has to dig deeper.</div><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivH9AyAJY3tC-OhUYl8urUhu_jQ0KV7e-jJtszQ8as7RMDKjQm1TpIfwnmYvkSO18XcU9l_lxeP9-3z6XQ_TH2ikw243N6qzrxq1EeUOnDEiTtQO9QvLpmnts2_RXOdlbnmcaSHpycX5Gl/s1600/zeus1.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="148" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivH9AyAJY3tC-OhUYl8urUhu_jQ0KV7e-jJtszQ8as7RMDKjQm1TpIfwnmYvkSO18XcU9l_lxeP9-3z6XQ_TH2ikw243N6qzrxq1EeUOnDEiTtQO9QvLpmnts2_RXOdlbnmcaSHpycX5Gl/s1600/zeus1.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Zeus "hiding" in the usual random directory - check the faked timestamp</td></tr></tbody></table><div style="text-align: justify;">To implement "poor-mans monitoring", regularly save the output of Autoruns, and during incident response, it will be highly valuable. Howto guide <a href="http://www.sans.org/reading-room/whitepapers/malicious/utilizing-autoruns-catch-malware-33383" target="_blank">here</a>.<br /><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;">Logon</h3><div><div style="text-align: justify;">"This entry results in scans of standard autostart locations such as the Startup folder for the current user and all users, the Run Registry keys, and standard application launch locations." </div></div><div><div style="text-align: justify;">There are 42 registry keys/folders at the moment in Autoruns, which can be used to autostart a malware. The most common ways are the HKCU\Software\Microsoft\Windows\CurrentVersion\Run and the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup folder.</div><div style="text-align: justify;">One of my favorite regarding this topic is the <a href="https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html" target="_blank">file-less Poweliks malware</a>, 100% pure awesomeness. Typical ring 3 code execution.<br /><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Explorer</h3><div><div style="text-align: justify;">"Select this entry to see Explorer shell extensions, browser helper objects, explorer toolbars, active setup executions, and shell execute hooks". 71 registry keys, OMG. Usually, this is not about auto-malware execution, but some of them might be a good place to hide malware.<br /><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Internet explorer</h3><div><div style="text-align: justify;">"This entry shows Browser Helper Objects (BHO's), Internet Explorer toolbars and extensions". 13 registry key here. If a malicious BHO is installed into your browser, you are pretty much screwed.</div><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><img align="middle" border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDRYx3Iula8aOdCQZ4iqq32hxApOamqM_3LsKgzbKvJtmOzh3lBdN4dT1XVRp4r7DNkANB6aLQuKS2K1tWkFPHRh6vY25E72JnOKyUnIiFuHRxOMuxFyVuinVw8lVG_CazLPhNQHODLjqo/s1600/IE_pwn3d.jpg" width="400" /></td></tr></tbody></table><div style="text-align: justify;"><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Scheduled tasks</h3><div class="separator" style="clear: both; text-align: center;"></div><div><div style="text-align: justify;">"Task scheduler tasks configured to start at boot or logon." Not commonly used, but it is important to look at this.</div><div style="text-align: justify;">I always thought this part of the autostart entries is quite boring, but nowadays, I think it is one of the best ways to hide your malware. There are so many entries here by default, and some of them can use quite good tricks to trigger the start.</div><div style="text-align: justify;">Did you know that you can create custom events that <a href="http://blakhal0.blogspot.com/2015/03/windows-event-log-driven-back-doors.html" target="_blank">trigger on Windows event logs</a>?</div><div style="text-align: justify;">Did you know you can create <a href="http://0xthem.blogspot.com/2014/03/t-emporal-persistence-with-and-schtasks.html" target="_blank">malware persistence just by using Windows tools</a> like bitsadmin and Scheduled tasks?</div><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDCKAVij7AvTJ55j_pcYasiZFwGrtYEMWtonfJ_RX-bojYl5kOIYRquIcUAlobp-gvsY9s79J8pm_H-MDA5EadiyjcnLhT4fOzFA7u3uP-ytnjade3E-kfsbl_y3uMiGRtEqRC74doOnze/s1600/sched2.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDCKAVij7AvTJ55j_pcYasiZFwGrtYEMWtonfJ_RX-bojYl5kOIYRquIcUAlobp-gvsY9s79J8pm_H-MDA5EadiyjcnLhT4fOzFA7u3uP-ytnjade3E-kfsbl_y3uMiGRtEqRC74doOnze/s1600/sched2.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Scheduler in the old days</td></tr></tbody></table><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtiEJw0Jz1UWHDEPsrEvmcob44nJ6a2W0VwyF2XrbYXgJEvqXw5EEyPBo_nCQflOGaHqRVWz6HrnB7fyGBaHxqyf2G1CtO_LjpgWrhr5whgxaGE6X9jeRbtm7T6e10WDiZ7UbhDSoAqR9J/s1600/sched.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtiEJw0Jz1UWHDEPsrEvmcob44nJ6a2W0VwyF2XrbYXgJEvqXw5EEyPBo_nCQflOGaHqRVWz6HrnB7fyGBaHxqyf2G1CtO_LjpgWrhr5whgxaGE6X9jeRbtm7T6e10WDiZ7UbhDSoAqR9J/s1600/sched.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Scheduler in the new days</td></tr></tbody></table><div style="text-align: justify;"><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;">Services</h3><div><div style="text-align: justify;">HKLM\System\CurrentControlSet\Services<span class="Apple-tab-span" style="white-space: pre;"> </span>is a very commonplace to hide malware, especially rootkits. Check all entries with special care.<br /><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Drivers</h3><div><div style="text-align: justify;">Same as services. Very commonplace for rootkits. Unfortunately, signing a driver for 64-bit systems is not fun anymore, as it has to be signed by certificates that can be chained back to "<a href="https://msdn.microsoft.com/en-us/library/windows/hardware/dn170454(v=vs.85).aspx" target="_blank">Software Publisher Certificates</a>". Typical startup place for Ring 0 rootkits. </div><div style="text-align: justify;">Starting from Windows 10, even this will change and all drivers have to be signed by "<a href="http://blogs.msdn.com/b/windows_hardware_certification/archive/2015/04/01/driver-signing-changes-in-windows-10.aspx" target="_blank">Windows Hardware Developer Center Dashboard portal</a>" and EV certificates.<br /><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Codecs</h3><div><div style="text-align: justify;">22 registry keys. Not very common, but possible code execution.<br /><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Boot execute</h3><div style="text-align: justify;">"Native images (as opposed to Windows images) that run early during the boot process."</div><div style="text-align: justify;">5 registry keys here. Good place to hide a rootkit here.<br /><br /></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Image hijacks</h3><div style="text-align: justify;">"Image file execution options and command prompt autostarts." 13 registry key here. I believe this was supposed for debugging purposes originally.</div><div style="text-align: justify;">This is where the good-old sticky keys trick is hiding. It is a bit different from the others, as it provides a backdoor access, but you can only use this from the local network (usually). The trick is to execute your code whenever someone presses the SHIFT key multiple times before logging into RDP. The old way was to replace the sethc.exe, the new fun is to <a href="http://www.labofapenetrationtester.com/2012/05/fun-with-sticky-keys-utilman-and.html" target="_blank">set a debug program on sethc</a>. </div><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil48xg0fhj5DW2w3yqHke7gpg2ISXPe7VyVoHt9gJGw4ZvR0v4vG-qamJaiulaBM-U6yuFo2aal02YBZKmDgAbyHBJmWvV4aLytcqHAjxtEfN_V4L5k4YXVe0UK_xG7OWlgb2NNIfPMntj/s1600/sethc.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="108" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil48xg0fhj5DW2w3yqHke7gpg2ISXPe7VyVoHt9gJGw4ZvR0v4vG-qamJaiulaBM-U6yuFo2aal02YBZKmDgAbyHBJmWvV4aLytcqHAjxtEfN_V4L5k4YXVe0UK_xG7OWlgb2NNIfPMntj/s1600/sethc.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">If you see this, you are in trouble</td></tr></tbody></table><div style="text-align: justify;"><br /></div><h3></h3><h3></h3><h3 style="text-align: justify;">AppInit</h3><div style="text-align: justify;">"This has Autoruns shows DLLs registered as application initialization DLLs." Only 3 registry keys here. This is the good old way to inject a malicious DLL into Explorer, browsers, etc. Luckily it is going to be deprecated soon.<br /><br /></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Known DLLs</h3><div style="text-align: justify;">"This reports the location of DLLs that Windows loads into applications that reference them." Only 1 registry key. This might be used to hijack some system DLLs.<br /><br /></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Winlogon</h3><div style="text-align: justify;">"Shows DLLs that register for Winlogon notification of logon events." 7 registry keys. Sometimes used by malware.<br /><br /></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Winsock providers</h3><div style="text-align: justify;">"Shows registered Winsock protocols, including Winsock service providers. Malware often installs itself as a Winsock service provider because there are few tools that can remove them. Autoruns can disable them, but cannot delete them." 4 registry keys. AFAIK this was trendy a while ago. But still, a good place to hide malware.<br /><br /></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Print monitors</h3><div><div style="text-align: justify;">"Displays DLLs that load into the print spooling service. Malware has used this support to autostart itself." 1 registry key. Some malware writers are quite creative when it comes to hiding their persistence module.<br /><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">LSA providers</h3><div><div style="text-align: justify;">"Shows registers Local Security Authority (LSA) authentication, notification and security packages." 5 registry keys. A good place to hide your password stealer. <br /><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Network providers</h3><div><div style="text-align: justify;">"Missing documentation". If you have a good 1 sentence documentation, please comment.<br /><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">WMI filters</h3><div><div style="text-align: justify;">"Missing documentation". Check <a href="https://dl.mandiant.com/EE/library/MIRcon2014/MIRcon_2014_IR_Track_There's_Something_About_WMI.pdf" target="_blank">Mandiant </a>for details.<br /><br /></div></div><h3></h3><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Sidebar gadgets</h3><div><div style="text-align: justify;">Thank god MS disabled this a while ago :)</div><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4vahgzUGEGhZqla-dPre_J1Cx779IAI93yacFjSegEuHiWrNokGPlIJfSm8Rwowab5m4hXGcl8r2BnLmMwp4uUC6A-HlmHjifYVQ99PmZ5sRpqFXU75B1s4T-b4gyLyC2bZE5ix3_NB_u/s1600/coolest-best-latest-new-fun-tech-gadgets-sidebar-gadgets-2.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4vahgzUGEGhZqla-dPre_J1Cx779IAI93yacFjSegEuHiWrNokGPlIJfSm8Rwowab5m4hXGcl8r2BnLmMwp4uUC6A-HlmHjifYVQ99PmZ5sRpqFXU75B1s4T-b4gyLyC2bZE5ix3_NB_u/s1600/coolest-best-latest-new-fun-tech-gadgets-sidebar-gadgets-2.jpg" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">We all miss you, you crappy resource gobble nightmares</td></tr></tbody></table><div style="text-align: justify;"><br /></div></div><h2></h2><h2></h2><h2 style="text-align: justify;">Common ways - not in autoruns</h2><div><div style="text-align: justify;">Now, let's see other possibilities to start your malware, which won't be listed in Sysinternals Autoruns.<br /><br /></div><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Backdoor an executable/DLL</h3></div><div><div style="text-align: justify;">Just change the code of an executable which is either auto-starting or commonly started by the user. To avoid lame mistakes, disable the update of the file ... <a href="https://github.com/secretsquirrel/the-backdoor-factory" target="_blank">The backdoor factory</a> is a good source for this task. But if you backdoor an executable/DLL which is already in Autoruns listed, you will break the Digital Signature on the file. It is recommended to sign your executable, and if you can't afford to steal a trusted certificate, you can still import your own CA into the user's trusted certificate store (with user privileges), and it will look like a trusted one. Protip: Use "Microsoft Windows" as the codesigner CA, and your executable will blend in.</div><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_v3BG_C-NniayFc2kuvvHMJYi5hyW0NtpzUWU5Rdgcuz4TqDYPaIPmGDZvyp_rgxa3YWiIfU7-qv6BWyduJPAITCN2tCto6JfnxW-jtbq8JNjKGW0ZZ28z9s03gIOfaVEMaP6DDInVu17/s1600/cert3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img align="middle" border="0" height="144" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_v3BG_C-NniayFc2kuvvHMJYi5hyW0NtpzUWU5Rdgcuz4TqDYPaIPmGDZvyp_rgxa3YWiIfU7-qv6BWyduJPAITCN2tCto6JfnxW-jtbq8JNjKGW0ZZ28z9s03gIOfaVEMaP6DDInVu17/s1600/cert3.png" width="320" /></a></td></tr><tr><td style="text-align: center;"></td></tr><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeF2HHW3JLdBMK3RGJv0zag4AP-h-6_eygJ_MTCL8TXkI2DJu3Bo8sSNS223I2i0Bem8tGaJACmuoHdIUwkL-6H8G4-40mIKH69mHPAEx3OZvv7-aZrNPYOHBMn41uJIbt4kRYDDZvN48Q/s1600/certs.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img align="middle" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeF2HHW3JLdBMK3RGJv0zag4AP-h-6_eygJ_MTCL8TXkI2DJu3Bo8sSNS223I2i0Bem8tGaJACmuoHdIUwkL-6H8G4-40mIKH69mHPAEx3OZvv7-aZrNPYOHBMn41uJIbt4kRYDDZvN48Q/s1600/certs.png" width="318" /></a></td></tr><tr><td style="text-align: center;"></td></tr><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8v2-bJeIWLShXg_KAZ7hd1wXw_wgCHO0OvVDcGUfzvhYMPFY0czTY2B3DujeK81yp1Lv9BMPiPUZFhpKkHIiWFD3cguT0gJTLvQoVMiKLgz9bhps8qNk7p71Lk7p-0ZfmjUAVUZP-XqCH/s1600/cert2.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="72" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8v2-bJeIWLShXg_KAZ7hd1wXw_wgCHO0OvVDcGUfzvhYMPFY0czTY2B3DujeK81yp1Lv9BMPiPUZFhpKkHIiWFD3cguT0gJTLvQoVMiKLgz9bhps8qNk7p71Lk7p-0ZfmjUAVUZP-XqCH/s1600/cert2.png" width="640" /></a></td></tr></tbody></table>See, rootkit.exe totally looks legit, and it is filtered out when someone filters for "Hide Windows entries".<br /><br /><div><div style="text-align: justify;"><span style="background-color: yellow;"><br /></span></div></div><div><h3></h3><h3 style="text-align: justify;">Hijack DLL load order</h3></div><div><div style="text-align: justify;">Just place your DLL into a directory which is searched before the original DLL is found, and PROFIT! But again, to avoid lame detection, be sure to proxy the legitimate function calls to the original DLL. A good source on this topic from <a href="https://www.mandiant.com/blog/dll-search-order-hijacking-revisited/" target="_blank">Mandiant</a> and <a href="http://digital-forensics.sans.org/blog/2015/03/25/detecting-dll-hijacking-on-windows/" target="_blank">DLL hijack detector</a>.<br /><br /></div><div class="separator" style="clear: both; text-align: justify;"></div><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6So3Lh-Fm_fHmiHCAQs4ghEc5PJdRbB5Zp43PqVjIhyphenhypheniCWlBYNuukE7WU1poxen7kSAewWywRR84jNnLiRdUhfgfKxZVv8a0j3MtK6YP3CYyG1byBIWVuZ0UU9NfCWb9futZaAC26vV6S/s1600/dll-hijack-detector.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="261" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6So3Lh-Fm_fHmiHCAQs4ghEc5PJdRbB5Zp43PqVjIhyphenhypheniCWlBYNuukE7WU1poxen7kSAewWywRR84jNnLiRdUhfgfKxZVv8a0j3MtK6YP3CYyG1byBIWVuZ0UU9NfCWb9futZaAC26vV6S/s1600/dll-hijack-detector.jpg" width="400" /></a></td></tr></tbody></table><br />Here you can see how PlugX works in action, by dropping a legitimate Kaspersky executable, and hijacking the DLL calls with their DLL. </div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTvtou_YxD6H6uCYUzX8meVlfdIkHvBlyHJKhhZrekgmmwy9OI7lvp9gc9rhLZrQbyc8fGDawwzVYlYP1KcWZLYdVGxazivJRhWtczidMT97XgoKicZEyjMdRdLI1VhHpp4tMX5bnzTcMp/s1600/Screen+Shot+2017-07-05+at+20.22.14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="635" data-original-width="1405" height="288" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTvtou_YxD6H6uCYUzX8meVlfdIkHvBlyHJKhhZrekgmmwy9OI7lvp9gc9rhLZrQbyc8fGDawwzVYlYP1KcWZLYdVGxazivJRhWtczidMT97XgoKicZEyjMdRdLI1VhHpp4tMX5bnzTcMp/s640/Screen+Shot+2017-07-05+at+20.22.14.png" width="640" /></a></div><div><div style="text-align: justify;"><br /></div></div><div><h3></h3><h3 style="text-align: justify;">Hijack a shortcut from the desktop/start menu</h3><div style="text-align: justify;">Never underestimate the power of lame tricks. Just create an executable which calls the original executable, and meanwhile starts your backdoor. Replace the link, PROFIT! And don't be a skiddie, check the icon ;) I have seen this trick in adware hijacking browsers a lot of times.<br /><br /></div><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqdlmXkO6_bk5Cy_Bwk4PQwgPhcPL8cn17eRi7UbdKJb-xNwR-qqMtucODbi3V5OUbbfyooFGwcN8SPjHZtuCyTQcBz-PkCmh-7GbR6MT8fS5uzC4smnUwdQ1Ufc_Vz46dt28dF7v3xt4m/s1600/ie.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="373" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqdlmXkO6_bk5Cy_Bwk4PQwgPhcPL8cn17eRi7UbdKJb-xNwR-qqMtucODbi3V5OUbbfyooFGwcN8SPjHZtuCyTQcBz-PkCmh-7GbR6MT8fS5uzC4smnUwdQ1Ufc_Vz46dt28dF7v3xt4m/s1600/ie.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">IE hijacked to start with http://tinyurl.com/2fcpre6</td></tr></tbody></table><div style="text-align: justify;"><br /></div><h3></h3><h3></h3><h3 style="text-align: justify;">File association hijack</h3></div><div><div style="text-align: justify;">Choose the user's favorite file type, replace the program which handles the opening with a similar one described in the previous section, and voila!</div><div style="text-align: justify;"><br /></div></div><h3></h3><h3 style="text-align: justify;">COM object hijack</h3><div style="text-align: justify;">The main idea is that some COM objects are scanned for whether they are on the system or not, and when it is registered, it is automatically loaded. See <a href="https://blog.gdatasoftware.com/blog/article/com-object-hijacking-the-discreet-way-of-persistence.html" target="_blank">COMpfun</a> for details.</div><div style="text-align: justify;"><br /></div><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Windows Application Compatibility - SHIM</h3><div style="text-align: justify;">Not many people are familiar with Windows Application Compatibility and how it works. Think about it as an added layer between applications and the OS. If the application matches a certain condition (e.g. filename), certain actions will take place. E.g. emulation of directories, registry entries, DLL injection, etc. In my installation, there are 367 different compatibility fixes (type of compatibility "simulation"), and some of those can be customized.</div><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZAtmFDm51rQWwr_AKT0g5Cf6y4EPe7X2dDJAzkjPqhqAaG5hw2D5fX4vUxQ_OFtesZnoXEuU0Ble9sHQrMNN_YVQjuIUFI6r85dVPcZoKloRfurPdgRF0W16GJn4dGzUqfp67fOTt4-Zb/s1600/sdb.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="158" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZAtmFDm51rQWwr_AKT0g5Cf6y4EPe7X2dDJAzkjPqhqAaG5hw2D5fX4vUxQ_OFtesZnoXEuU0Ble9sHQrMNN_YVQjuIUFI6r85dVPcZoKloRfurPdgRF0W16GJn4dGzUqfp67fOTt4-Zb/s1600/sdb.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Every time IE starts, inject a DLL into IE</td></tr></tbody></table><div style="text-align: justify;"><br /></div><h2 style="text-align: justify;">Bootkits </h2><div><div style="text-align: justify;">Although bootkits shown here can end up in Autoruns in the drivers section (as they might need a driver at the end of the day), I still think it deserves a different section.<br /><br /></div></div><div><h3 style="text-align: justify;">MBR - Master boot record</h3><div style="text-align: justify;">Malware can overwrite the Master boot record, start the boot process with its own code, and continue the boot process with the original one. It is common for rootkits to fake the content of the MBR record, and show the original contents. Which means one just have attached the infected HDD to a clean system, and compare the first 512 bytes (or more in some cases) with a known, clean state, or compare it to the contents shown from the infected OS. SecureBoot can be used to prevent malware infections like this.</div></div><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBui_7E89_LSPGs2BwpTCLWd76YuVBPLSNss3puDd6jpgj9CLJGgN3jKlTcPYEo9_wEHIVZzI2YAU20aHrty6cTvPbAoSJC9pGFmY6rxiCPER13X1B2tiKl0vPdvnirR8bWWu25I_NukOp/s1600/mbr.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="129" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBui_7E89_LSPGs2BwpTCLWd76YuVBPLSNss3puDd6jpgj9CLJGgN3jKlTcPYEo9_wEHIVZzI2YAU20aHrty6cTvPbAoSJC9pGFmY6rxiCPER13X1B2tiKl0vPdvnirR8bWWu25I_NukOp/s1600/mbr.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="font-size: 13px;">There is a slight difference when MBR is viewed from infected OS vs clean OS</td></tr></tbody></table><h3 style="text-align: justify;">VBR - Volume boot record</h3><div style="text-align: justify;">This is the next logical step where malware can start it's process, and some malware/rootkit prefers to hide it's startup code here. Check <a href="http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/1/" target="_blank">GrayFish </a>for details. SecureBoot can be used to prevent malware infections like this.<br /><br /></div><h3 style="text-align: justify;">BIOS/UEFI malware</h3><div><div style="text-align: justify;">Both the old BIOS and the new UEFI can be modified in a way that malware starts even before the OS had a chance to run. Although UEFI was meant to be more secure than BIOS, implementation and design errors happens. Check the<a href="http://securelist.com/analysis/publications/58278/absolute-computrace-revisited/" target="_blank"> Computrace anti-theft rootkit</a> for details.<br /><br /></div><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Hypervisor - Ring -1 rootkit</h3></div><h3></h3><div style="text-align: justify;">This is somewhat special, because I believe although rootkit can run in this layer but it can't persist only in this layer on an average, physical machine, because it won't survive a reboot <a href="http://blackhat.com/presentations/bh-usa-06/BH-US-06-Rutkowska.pdf" target="_blank">See Rutkowska's presentation from 2006</a> But because the hypervisor can intercept the restart event, it can write itself into one of the other layers (e.g. install a common kernel driver), and simply delete it after it is fully functional after reboot. Update: There is a good paper from Igor Korkin about hypervisor detection <a href="http://igorkorkin.blogspot.ru/2015/05/two-challenges-of-stealthy-hypervisors.html" target="_blank">here</a>.<br /><br /></div><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">SMM (System Management Mode) malware - Ring -2 rootkit</h3><div><div style="text-align: justify;">Somehow related to the previous type of attacks, but not many people know that <a href="http://en.wikipedia.org/wiki/System_Management_Mode#Problems" target="_blank">System Management Mode can be used to inject code into the OS</a>. Check the DEITYBOUNCE malware for more details ;) Also, abusing <a href="https://www.acsac.org/2014/workshops/mmf/Tamas%20Lengyel-Pitfalls%20of%20virtual%20machine%20introspection%20on%20modern%20hardware.pdf" target="_blank">Intel Dual Monitor Mode (DMM)</a> can lead to untrusted code execution, which basically monitors the SMM mode.</div><div style="text-align: justify;"><br /></div><h3></h3><h3 style="text-align: justify;">Intel® Active Management Technology - Ring -3 rootkit</h3></div><div><div style="text-align: justify;">According to Wikipedia, "Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers, in order to monitor, maintain, update, upgrade, and repair them". You can ask, what could possibly go wrong? See <a href="http://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf" target="_blank">Alexander Tereshkin's and Rafal Wojtczuk's great research</a> on this, or <a href="http://people.kth.se/~maguire/DEGREE-PROJECT-REPORTS/100402-Vassilios_Ververis-with-cover.pdf" target="_blank">Vassilios Ververis thesis about AMT</a>. </div><div style="text-align: justify;">As not many people click on links, let me quote the scary stuff about AMT:</div></div></div><div><div><ul><li style="text-align: justify;">Independent of the main CPU</li><li style="text-align: justify;">Can access host memory via DMA (with restrictions)</li><li style="text-align: justify;">Dedicated link to NIC, and its filtering capabilities</li><li style="text-align: justify;">Can force host OS to reboot at any time (and boot the system from the emulated CDROM)</li><li style="text-align: justify;">Active even in S3 sleep!</li></ul></div><div><div style="text-align: justify;"><br /></div><h2></h2><h2 style="text-align: justify;">Other stuff</h2><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Create new user, update existing user, hidden admins</h3></div><div><div style="text-align: justify;">Sometimes one does not even have to add malicious code to the system, as valid user credentials are more than enough. Either existing users can be used for this purpose, or new ones can be created. E.g. a good trick is to use the Support account with a 500 RID - see <a href="http://xangosec.blogspot.com/2013/06/trojanizing-windows.html" target="_blank">here</a>, Metasploit tool <a href="https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/manage/enable_support_account.rb" target="_blank">here</a>.<br /><br /></div></div><h3></h3><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Esoteric firmware malware</h3><div style="text-align: justify;">Almost any component in the computer runs with firmware, and by replacing the firmware with a malicious one, it is possible to start the malware. E.g. HDD firmware (see <a href="http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/1/" target="_blank">GrayFish </a>again), graphic card, etc.<br /><br /></div><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Hidden boot device</h3><div style="text-align: justify;">Malware can hide in one of the boot devices which are checked before the average OS is loaded, and after the malware is loaded, it can load the victim OS.<br /><br /></div><h3 style="text-align: justify;"></h3><h3>Network-level backdoor</h3><div style="text-align: justify;">Think about the following scenario: every time the OS boots, it loads additional data from the network. It can check for new software updates, configuration updates, etc. Whenever a vulnerable software/configuration update, the malware injects itself into the response, and get's executed. I know, this level of persistence is not foolproof, but still, possible. Think about the recently discovered <a href="https://labs.mwrinfosecurity.com/blog/2015/04/02/how-to-own-any-windows-network-with-group-policy-hijacking-attacks/" target="_blank">GPO MiTM attack</a>, the <a href="https://github.com/infobyte/evilgrade" target="_blank">Evilgrade</a> tool, or even the <a href="https://www.blackhat.com/presentations/bh-dc-08/Oberheide/Whitepaper/bh-dc-08-oberheide-WP.pdf" target="_blank">Xensploit</a> tool when we are talking about VM migration.<br /><br /></div><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">Software vulnerability</h3><div style="text-align: justify;">Almost any kind of software vulnerability can be used as a persistent backdoor. Especially, if the vulnerability can be accessed remotely via the network, without any user interaction. Good old MS08-067...<br /><br /></div><h3></h3><h3 style="text-align: justify;">Hardware malware, built into the chipset</h3><div style="text-align: justify;">I am not sure what to write here. Ask your local spy agency for further information. Good luck finding those!<br /><br /></div><h3 style="text-align: justify;"></h3><h3 style="text-align: justify;">More links</h3><div>Tools I highly recommend:</div><div><ul><li><a href="https://technet.microsoft.com/en-us/sysinternals/bb545027.aspx" target="_blank">Sysinternals Autoruns</a></li><li><a href="http://www.gmer.net/" target="_blank">GMER</a></li><li><a href="http://digital-forensics.sans.org/blog/2015/03/25/detecting-dll-hijacking-on-windows/" target="_blank">DLL hijack detector</a></li><li>PCHunter</li><li><a href="https://www.mandiant.com/resources/download/redline" target="_blank">Mandiant Redline</a></li><li><a href="https://github.com/volatilityfoundation" target="_blank">Volatility</a></li><li><a href="https://github.com/davehull/Kansa/" target="_blank">Kansa</a></li></ul></div><div style="text-align: justify;">For more information, check this blog post, <a href="http://blog.cylance.com/windows-registry-persistence-part-1-introduction-attack-phases-and-windows-services" target="_blank">part 1</a>, <a href="http://blog.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order" target="_blank">part 2</a><br /><br />Update 2017-04-29: A very nice list of Office persistence: <a href="https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/">https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/</a><br /><br />Update 2017-10-23: Persistence via Security Descriptors and ACLs: <a href="https://www.youtube.com/watch?v=SeR4QJbaNRg">https://www.youtube.com/watch?v=SeR4QJbaNRg</a><br /><br />Update 2018-07-25: Backdooring LAPS <a href="https://rastamouse.me/2018/03/laps---part-1/">https://rastamouse.me/2018/03/laps---part-1/</a><br /><a href="https://rastamouse.me/2018/03/laps---part-2/" target="_blank">https://rastamouse.me/2018/03/laps---part-2/ </a><br /><br />I would like to thank to Gabor Pek from CrySyS Lab for reviewing and completing this post.</div></div></div><strong>Related word</strong><br><ol><li> <a href="https://www.google.cat/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F03%2Fhow-to-provide-remote-incident-response.html ">Pentesting Tools </a></li><li> <a href="https://www.google.bs/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F05%2Fctfs-are-awesome.html ">Hacking To The Gate </a></li><li> <a href="https://www.google.at/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F05%2Fannouncing-hak5-on-twitch-hack-live.html ">Pentestmonkey Sql Injection </a></li><li> <a href="https://www.google.hr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F01%2Fwawa-breach-hackers-put-30-million.html ">Pentest Hardware </a></li><li> <a href="https://www.google.tl/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fwww.hacking.reviews%2F2020%2F03%2Fpulsar-network-footprint-scanner.html ">Hacking Link </a></li><li> <a href="https://www.google.by/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&url=https%3A%2F%2Fvideo.hacking.reviews%2F2020%2F04%2Fbypass-vpns-to-track-mac-with-arduino.html ">Pentest Wordpress </a></li></ol>

Many Ways Of Malware Persistence (That You Were Always Afraid To Ask)

TL;DR: Are you into red teaming? Need persistence? This post is not that long, read it ;) Are you into blue teaming? Have to find those pesk...

Baca selengkapnya »