Tag Archives: Computer Addicted

Undetected For Years, Stantinko Malware Infected Half a Million Systems


A massive botnet that remained under the radar for the past five years managed to infect around half a million computers and allows operators to “execute anything on the infected host,” ESET researchers warn.

Dubbed Stantinko, the botnet has powered a massive adware campaign active since 2012, mainly targeting Russia and Ukraine, but remained hidden courtesy of code encryption and the ability to rapidly adapt to avoid detection by anti-malware solutions.

Targeting users looking for pirated software, the actors behind the malware use an app called FileTour as the initial infection vector. The program installs a variety of programs on the victim’s machine, while also launching Stantinko in the background.

The massive botnet is used mainly to install browser extensions that in turn perform ad injections and click fraud, but malicious Windows services are used to execute a broad range of operations: backdoor activities, searches on Google, and brute-force attacks on Joomla and WordPress administrator panels, ESET reveals.

Full Story > http://www.securityweek.com/undetected-years-stantinko-malware-infected-half-million-systems

Nepal’s register.mos.com.np hacked by PakMonster


hacked_site

Found this in there facebook post.

Nepalian Domain Registrar Pwn3d
Hacked by Pak Monster
Team:; Pak Cyber Thunders
http://register.mos.com.np/

Mirrors:-
https://defacer-db.com/mirror/id/18523
https://defacer.id/archive/mirror/441473
http://mirror-h.org/browse/863480/

The hacked website acts as an official registration site for .np ccTLD domains in Nepal. Mercantile has been providing free of cost booking, renewal, DNS pointing, DNS transfer etc. for .np domains through this website.

Learn Ethical Hacking in Nepali Language here :  Student Video Tutorial in Youtube

MilkyDoor malware turns Androids into backdoors to attack enterprise networks


Routines and techniques build on those of the malware’s predecessor, DressCode.

A new Android malware family is able to blend in with normal network traffic and avoid detection by encrypting its payloads, in order to access internal networks.

The backdoor, known as MilkyDoor, has so far affected 200 unique Android apps available on the official Google Play Store. Some of those apps boast between 500,000 and one million installs. 

Hundreds of other programs, including books for children and doodle applications, have also suffered infections by MilkyDoor. It appears criminals seized most if not all of these apps, repackaged them with malware, and uploaded them to the Play Store. No doubt they thought these modified versions would still attract large numbers of downloads based upon the popularity of their parent programs.

MilkyDoor malware turns Androids into backdoors to attack enterprise networks

Src & more :https://www.grahamcluley.com/milkydoor-malware-turns-androids-backdoors-attack-enterprise-networks/

Password Cracking. pt 1 – using ‘Hashcat’ (step-by-step guide)


How to crack passwords using Hashcat ?

In this part of Password Cracking Series, I’ll show you built in tool in kali linux for password cracking, i.e. Hashcat.

note : If you face problem during this lab, then at the bottom of step-by-step guide, you will find Video Tutorial (walk-through) of this lab. You can refer that video too.

Let’s get started.

Start kali and open Hashcat.

> go to application and password attacks (offline) and then click hashcat. As shown in image below.

1 locate.JPG

In top of screen you will see usage. Note that carefully. As shown in image below.

2 usage.JPG

Before cracking, we need to what kind of hashing the system is using. type as shown in fig below.

more /etc/login.defs

3 know.JPG

Now, notice in between 80-90%, kali is using sha512 encryption. Refer img below.

4 enc type.JPG

Now, copy that hash to separate file. Refer img below.

cp /etc/shadow copiedhash.lst

5 copy hash.JPG

Make sure of it. Refer 2 images below.

more copiedhash.lst

6 make sure.JPG

6a making sure.JPG

Now, open copiedhash.lst in your editor. I used leafpad. And remove username, in my case it is ‘root’ (notice in above image) and also remove following colon. Then go to last of that line and remove all colon. And image below shows you what we got after that.

7 deleting.JPG

Finally, lets start cracking password of that hash. Type following or refer img.

hashcat -m 1800 -a 0 -o cracked.txt –remove copiedhash.lst /usr/share/sqlmap/txt/wordlist.txt

*note : in image you saw ‘hash.lst’ but in command you saw ‘copiedhash.lst’ . Do not worry, just replace this with what you’ve assigned.

8 cracking.JPG

9 final.JPG

10 toor.JPG Video Tutorial >

By : Bijay Acharya (Follow twitter : @acharya_bijay)

crack password using hashcat, hashcat tutorial, how to crack password, kali linux hashcat password crack, step by step guide on password cracking hashcat

Password Cracking. pt 1 – Hashcat [Only For Educational Purpose ]


This is new series, and here I’m going to post about Password Cracking. Starting with “hashcat”, I will show you different platform, OS and areas on carrying out Password Cracking.

As mentioned in topic, this is video series. But, in video you will get chance to see theory too. It’s a kind of Theory Walk-through via Video Demo on hashcat. In any confusion, please comment in comment section, I will reply as soon as possible.

[ in Nepali ] 45 Ways to Earn Money Online – Way 4 : Create Niche Websites


[ in Nepali ] 45 Ways to Earn Money Online – Way 4 : Create Niche Websites

how to earn money online, how to earn money from website in nepal, how to earn money online nepal, how to earn money passive money, how to earn money from google adsense, how to earn money online nepali tutorial, earn money from home, how to earn money online website, student video tutorial, bijay acharya, how to earn money from youtube in nepal

Ethical Hacking with Kali Linux [3] – Bypassing MAC Address Filter


BY : BIJAY ACHARYA http://bijayacharya.com/

Ethical Hacking with Kali Linux [3] – Bypassing MAC Address Filter

> > Welcome all, to this series of Kali Linux for Ethical Hacking. This is 3rd part, & I’ll explain process of bypassing MAC Address Filter on an AP (Access Point).

# 3 basic Process :

– Finding the AP : airmon-ng & airodump-ng

– Finding an associated client : airodump-ng

– Finally, using the Macchanger

# . . . Let’s Begin,

– Before start, make sure that you have eth0, lo, wlan0 are in action. (go to terminal, & run ifconfig)

– Let’s start to monitor on that wireless interface, run :

airmon-ng start wlan0

– After executing above command, we must get new interface mon0 (monitor mode enabled)

– Verify that both interfaces are up & running, run

airmon-ng

– Watch for wlan0 & mon0 , Run :

airodump-ng mon0

– For monitoring all the APs that Kali Linux OS can find out.

– In next step, you will get BSSID and ESSID, channel, cipher. If there is any hidden SSID, then ESSID will be format like this : <length: 0> or with no SSID. [We, saw in 2nd part, on how to uncover this hidden SSID]. But, here you can use any SSID with Open Encryption, or SSID with known password. We will use the MAC address, that was seen in part 2. i.e. 00:A1:B2:11:20:13:5T & channel ‘1’ (Assume, MAC address filter is done in this system & lets suppose it’s SSID is nhc-BJ)

– Now, we try to find out the Client & his MAC Associated with this AP (nhc-BJ). So, that we can use that MAC to bypass filter. Run;

airodump-ng -c 1 -a –bssid 00:A1:B2:11:20:13:5T mon0

(-c is for channel, channel is 1 for BSSID we are trying to connect, -a is for showing only the client associated with this BSSID)

– You will get MAC address with Station associated with that AP, and this is client’s station. (Lets assume Mac = 00:C1:52:11:20:13:7D)

– CTRL+C (press)

– Run ;

macchanger –help
(notice, -m for setting mac)

-Run ;

macchanger -m 00:C1:52:11:20:13:7D wlan0

(if Device or resource busy, then run following command)

airmon-ng stop wlan0

– Run ;

macchanger -m 00:C1:52:11:20:13:7D wlan0

(in success, you will see msg like ‘faked MAC’)

-Run ;

ifconfig wlan0 down

ifconfig wlan0 up

(now, lets see whether we can associate with SSID now or not, with this Faked MAC)

Run ;

iwconfig wlan0 essid nhc-BJ channel 1

(if not run in kali, run it in BackTrack. Or, see update version for kali)

iwconfig wlan0

(if success, Access Point will be associated)

“This series is only for educational purpose, practice this series lab in virtual/separate network, always avoid illegal activities, and if you can, then support us to fight against black hat hackers”

# Join our Facebook NHC group, to get most out of this series

http://www.facebook.com/groups/nepalesehackerscommunity

# Register in our NHC Forum Website

http://www.nhc.bijayacharya.com

# For, free video tutorial & minimum priced certificate, register my OCN (Online Course Nepal) here : http://www.ocn.bijayacharya.com(Remember, Videos are free to watch, you will pay only if you want certificate :), so that we can maintain this open source culture)

ATTACHMENTS
image005ab.png
image005ab.png (26.61 KiB) 

 

 

Encryption Is Not Enough !, Research & Conclusion (Part 1)


By : BIJAY ACHARYA
Hello World ! Well, welcome in my post. This will be in series, and this is first part. Throughout the series, I will share my research and findings with you. And that will be on topic, Encryption Is Not Enough. We will see, how Encryption is broken & what countermeasures should be implemented to secure it.

 

Image via traxarmstrong.com

Let’s begin, Why do we encrypt ?
-We encrypt, simply for privacy & secrecy
-We encrypt, in pro term : for Confidentiality & Integrity. Well, these are basics for encryption.

“Computer Addicted”: 1 PROMISE ‘READ IT, YOU WILL MASTER THE SECURITY’


 COURSE HERE : http://www.udemy.com/computer-addicted/

COURSE BY : BIJAY ACHARYA

About the Course:

1 COURSE :

5 LECTURES :

1 PROMISE ‘ READ IT, YOU WILL MASTER THE SECURITY

By : Bijay Acharya

Category:Technology and Internet » Internet

Is the Internet Replacing Your Memory?


Woman on laptop

— Google, Facebook, Internet Movie Database, and many other sources of information on the Internet are changing the way in which we remember.

Whether it’s an actor’s name that is on the tip of your tongue, or even a loved one’s birthday, all you have to do is type in some key words and you often can have your answer.

As a result of this instant access, growing numbers of us may actually be outsourcing our memories. It’s called the “Google effect,” and it is documented online in the journal Science.

“Google is just another form of external memory,” says Betsy Sparrow, PhD, an assistant professor in the department of psychology at Columbia University in New York City.

Most of us have some go-to experts for this topic or that. For example, you may go to your husband if you need information on sports, a co-worker for cooking advice, and a best friend to remind you of upcoming birthdays or college memories.

These people serve as our external memory for choice topics, she says. Search engines, however, are akin to having a really well-rounded phone-a-friend if you were a contestant on the game show Who Wants to be a Millionaire.

“The Internet is much more ubiquitous,” she says. “You can find anything at any time very quickly with a lot less effort,” Sparrow says.

As a result, “we do have a little bit of a dependence on it, and we expect to get information when we want to know it,” she says.

Internet’s Impact on Ability to Recall Facts

Sparrow and colleagues conducted four experiments to see how our reliance on search engines or smart phones affects our ability to recall. In one of the experiments, students typed in answers to trivia questions. Some thought their work would be saved while others thought it would be deleted. Participants who thought their information would be erased remembered more than those who thought they could just hit “save.”

During another experiment, volunteers were told that all of the information they typed into the computer could be saved, and they were given generic file names such as facts and data. They were then asked to write down on a sheet of paper as many of the answers as they could remember and in which folders the information was stored. Participants were more likely to remember where the information was stored than the actual information.

“I was surprised by the magnitude of the difference between prioritizing where to find things over the things themselves,” Sparrow says. This epitomizes the so-called Google effect because we now tend to remember where things are and how to find them as opposed to the actual information.

This shift away from memorizing may ultimately help people improve their comprehension and become better learners, she says.

“Memory is so much more than memorization,” she says. The Google effect may allow us to free up more space on our internal hard drives and focus on processing as opposed to memorizing.

Neuropsychologist Mark Mapstone, PhD, University of Rochester Medical Center in Rochester, N.Y., isn’t sure the Google effect is such a good thing for our memories.

“This is not as good for us from a brain perspective,” he says. “If you download your information to a device, you are not using your brain to make connections as you should be.”

That said, “When you don’t burden your memory with rote remembering, it does free up activity for more complex thinking,” he says.

SRC