PhoneSploit v1.2 – Using Open Adb Ports We Can Exploit A Andriod Device

Using open Adb ports we can exploit an Andriod device.you can find open ports here https://www.shodan.io/search?query=android+debug+bridge+product%3A”Android+Debug+Bridge” To find out how to access a local device –> https://www.youtube.com/watch?v=OlhCAX1qBQoRecent News (New Update v.1.2)Port ForwardingNetStatGrab wpa_supplicantTurn WiFi On/OffShow Mac/InetRemove PasswordExtract apk from appUse KeycodeGet Battery StatusGet Current ActivityHOW TO INSTALL WINDOWSgit clone https://github.com/Zucccs/PhoneSploitextract adb.rar to the phonesploit directory cd PhoneSploitpip install coloramapython2 main.pyHOW TO INSTALL Linuxgit clone https://github.com/Zucccs/PhoneSploitcd PhoneSploitpip install coloramapython2 main_linux.pyVIDEODownload PhoneSploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/iQzE7P61W8c/phonesploit-v12-using-open-adb-ports-we.html

ANDRAX v3 – The First And Unique Penetration Testing Platform For Android Smartphones

ANDRAX The first and unique Penetration Testing platform for Android smartphones.Thanks to Jessica Helena she made ANDRAX v3 possible.What is ANDRAXANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution!Why is Android so powerful?Simple, everyone has a smartphone and spends all the time with it! We have the possibility to camouflage easily in the middle of everyone, the processor architecture of most Android smartphones is ARM a modern and robust architecture extremely superior to the rest, With touch screens we can run the tools with great agility and take advantage of the graphical interface of Android, we can get in almost anywhere with our smartphones…In technical terms, ANDRAX and NetHunter should never be compared, ANDRAX is a penetration testing platform for Android smartphones and NetHunter is just a Debian emulator running with chroot.Termux is not our enemy, Termux is an application that allows installation of many Linux packages using a Debian environment running natively on Android.ANDRAX and Termux have a similar development, ANDRAX and Termux share many libs and GNU/Linux resources.But Termux is not a penetration testing platform, it’s software to bring basic tools found in a Debian environment. Penetration tests are not something basic! But advanced techniques that involve advanced tools and a advanced environment to conduct good tests!So you can install many tools manually in Termux but it would be extremely difficult to optimize and configure them to take 100% of the required potential for penetration testing.Termux runs without root privileges and this makes it very difficult to use advanced tools. Features and ToolsTool listInformation GatheringWhoisBind DNS toolsDnsreconRaccoonDNS-CrackerFirewalkScanningNmap – Network MapperMasscanSSLScanAmapPacket CraftingHping3NpingScapyHexinjectNcatSocatNetwork HackingARPSpoofBettercapMITMProxyEvilGINX2WebSite Hacking0d1nWapiti3Recon-NGPHPSploitPhotonXSSerCommixSQLMapPayloadmaskAbernathY-XSSPassword HackingHydraNcrackJohn The RipperCRUNCHWireless HackingVMP Evil APAircrack-NG ToolsCowpattyMDK3ReaverExploitationMetaSploit FrameworkRouterSploit FrameworkGetsploitOWASP ZSCRop-TOOLMore…Advanced TerminalAdvanced and Professional terminal emulator for Hacking!Dynamic Categories Overlay (DCO)Beautiful tools category system Advanced IDEComplete support for many programming languagesInformation GatheringTools for initial informations about the targetScanningTools for second stage: ScanningPacket CraftingTools to craft network packetsNetwork HackingTools for network hackingWebSite HackingTools for WebSite and WebApps HackingPassword HackingTools to break passwordsWireless HackingTools for Wireless HackingExploitationTools for Dev and launch exploitsMore info in official site.Download ANDRAX

Link: http://feedproxy.google.com/~r/PentestTools/~3/3jIpU7zeiJg/andrax-v3-first-and-unique-penetration.html

Facebash – Facebook Brute Forcer In Shellscript Using TOR

Facebook Brute Forcer in shellscript using TORIG: @thelinuxchoice Legal disclaimer:Usage of Facebash for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this programWARNING:Facebook blocks account for 1 hour after 20 wrong passwords, so this script can perform only 20 pass/h.FeaturesSave/Resume sessionsAnonymous attack through TORDefault Password List (+39k)Usage:git clone https://github.com/thelinuxchoice/facebashcd instashellchmod +x facebash.shservice tor startsudo ./facebash.shInstall requirements (Curl, Tor):chmod +x install.shsudo ./install.shDownload Facebash

Link: http://feedproxy.google.com/~r/PentestTools/~3/f3cso_9atWo/facebash-facebook-brute-forcer-in.html

PhoneSploit – Using Open Adb Ports We Can Exploit A Devive

Using open Adb ports we can exploit a device you can find open ports here https://www.shodan.io/search?query=android+debug+bridge+product%3A”Android+Debug+Bridge”To find out how to access a local device:I will soon make a tutorial on how to use PhoneSploitHOW TO INSTALLextract adb.rar to the phonesploit directory git clone https://github.com/Zucccs/PhoneSploitcd PhoneSploitpython2 main.pyDownload PhoneSploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/tEZLuU4Lcu4/phonesploit-using-open-adb-ports-we-can.html

Joomla, BlueKeep, & Chinese OS – Hack Naked News #220

    This week, Microsoft brings hardware-based isolation to Chrome & Firefox, the US border’s license plate scanning technology hacked, Crooks leverage WordPress and Joomla sites for malicious redirects, the Chinese military wants to replace Windows OS in fear of US hacking, and how Google-protected mobile browsers were open to phishing for over a year! […]
The post Joomla, BlueKeep, & Chinese OS – Hack Naked News #220 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/OH0NJULeRnA/

Hardware Hacking 101 – Lesson 1: Beauty, Your Home Lab and Basic Electronics

Hardware hacking is one of those subjects that a lot of hackers appear to have great interest, but most don’t act on that interest. There are a variety of reasons why this may be such as a perceived steep learning curve, financial barrier to entry, and lack of applicability. I’m here to say that these reasons are silly. Hardware hacking can be cheap and easy! And, more importantly, adding hardware hacking to your repertoire of skills can be quite advantageous. Nothing has made this more clear to me than some of the comments I’ve received from other hackers. Here’s a few gems:

“How do you have root already? You haven’t even had the device for half an hour."
"It shouldn’t be able to broadcast that… Can you unlock mine, too?"
"Why does your keyboard have a rave light?"

But, most alarmingly, a lot of the comments are along the lines of "I could never do that." Yes you can! And, if you stick around a bit, I’ll prove it. Throughout this series, we’ll work our way from noob’s first LED swap all the way to dumping secrets from a destroyed IoT device. Any and all ages and experience levels are welcome.
The post Hardware Hacking 101 – Lesson 1: Beauty, Your Home Lab and Basic Electronics appeared first on The Ethical Hacker Network.

Link: https://www.ethicalhacker.net/columns/sindermann/hardware-hacking-101-lesson-1/

Book Review – Linux Basics for Hackers

With countless job openings and growth with no end in sight, InfoSec is the place to be. Many pose the question, “Where do I start?” Over his years of training hackers and eventual security experts across a wide array of industries and occupations, the author ascertains that one of the biggest hurdles that many up-and-coming professional hackers face is the lack of a foundational knowledge or experience with Linux. In an effort to help new practitioners grow, he made the decision to pen a basic ‘How To’ manual, of sorts, to introduce foundational concepts, commands and tricks in order to provide instruction to ease their transition into the world of Linux. Out of this effort, “Linux Basics for Hackers" was born.
The post Book Review – Linux Basics for Hackers appeared first on The Ethical Hacker Network.

Link: https://www.ethicalhacker.net/features/book-reviews/book-review-linux-basics-for-hackers/

Hardware Hacking 101 – Lesson 2: Classical Hardware Hacking

Welcome back to our ongoing series on hardware hacking and our second lesson. Last month we presented “Lesson 1: Beauty, Your Home Lab and Basic Electronics” with an appreciative nod to this fine art, the essential components needed to try this at home and some helpful tutorials to quickly get you up to speed. We also made a distinction between classical and security-focused hardware hacking. So before we drag you into the deep waters and forcing devices to reveal their secrets, we’ll focus on having a smoother transition from noob to necromancer!
To get our feet wet, we’re going to start with a bit of classical hardware hacking. My keyboard, like most, has 3 green indicator LEDs above the number pad; let’s change their color. Additionally, since Linux can do some fun stuff with the scroll lock LED, let’s make that LED have a rainbow effect as a gaudy Linux notification light. Along the way, we’ll cover some core concepts for hardware hacking, learn the importance of breaking large problems into smaller ones, and eventually we’ll make an 80s era keyboard spit rainbows on command with Linux.
The post Hardware Hacking 101 – Lesson 2: Classical Hardware Hacking appeared first on The Ethical Hacker Network.

Link: https://www.ethicalhacker.net/columns/sindermann/hardware-hacking-101-lesson-2-classical-hardware-hacking/

Hardware Hacking 101 – Lesson 3: Abusing UART (U Are RooT)

As a reminder, Lesson 1 was a primer on electronics and setting up your lab, and Lesson 2 was an introduction to classical hardware hacking. To get started with security-focused hardware hacking, let’s look at a pretty simple example: getting a root shell by breaking into U-Boot via a serial console. Basically, we’re just going to connect to a serial port, change a boot flag, and get a shell. Sounds simple, right? To some extent, it is! The only real hard parts are finding the serial port, determining the pinout, and determining the timing. No problem, right? By the end of this lesson, you’ll be abusing UART with the best of them.
The unassuming target of this lesson is a Synology RT2600ac wireless router. This is one of the devices that the ISE Labs team assessed as part of our SOHO 2.0 project, but we had a bit of a problem. We had used the device but failed to record the credentials. And the reset button? Broken. This is where getting a hardware shell came in handy. By using a UART to get a shell, I was able to reset the password and get the assessment back on track. Hardware shells allow you to do so much more though, both in the context of repair and in the context of security. It’s a root shell, you can usually do whatever you like.
The post Hardware Hacking 101 – Lesson 3: Abusing UART (U Are RooT) appeared first on The Ethical Hacker Network.

Link: https://www.ethicalhacker.net/columns/sindermann/hardware-hacking-101-lesson-3-abusing-uart-u-are-root/

Singapore, Cisco, and Israeli Spyware – Paul’s Security Weekly #604

In the Security News, Singapore passes an anti-fake news law, WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware, major security issues found in Cisco routers, and Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability! Paul’s Stories Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities – Help Net Security Passwords […]
The post Singapore, Cisco, and Israeli Spyware – Paul’s Security Weekly #604 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/m4uxm71wI0k/