jueves, 16 de julio de 2015

How to disable the Adobe Flash browser plug-in

Se han encontrado una gran cantidad de 0days en Flash, así que es muy importante deshabilitar este componente para evitar la ejecución de código malicioso.

En el siguiente enlace se lista el procedimiento para deshabilitar este complemento en Firefox, Chrome, Safari e Internet Explorer.

http://download.cnet.com/blog/download-blog/how-to-disable-the-adobe-flash-browser-plug-in?tag=rb_content;main

lunes, 13 de julio de 2015

De SQL injection hasta obtener una shell

Un paso a paso realizado por roberknight

Concepto práctico de la inyección SQL,
como ingresar al servidor (apache y db) con una shell remota y
finalmente adquirir privilegios de root.
Ejemplo con apache (php), mysql, debian, Linux Kali.

Source: http://hacking-pentesting.blogspot.com/2013/11/de-sql-injection-obtener-shell-este.html
Material didáctico: https://mega.co.nz/#!rw5zFSZZ!ILMqyDATQSluwS5KwGjvaV8ljA8JbF3NTPvjbfczVHQ

Remote Administration Tool for Android

androrat
Remote Administration Tool for Android



Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.

The name Androrat is a mix of Android and RAT (Remote Access Tool).
It has been developed in a team of 4 for a university project. It has been realised in one month. The goal of the application is to give the control of the android system remotely and retrieve informations from it.

Technical matters
The android application is the client for the server which receive all the connections.
The android application run as a service(not an activity) that is started during the boot. So the user does not need to interact with the service (Even though there is a debug activity that allow to configure the IP and the port to connect to).
The connection to the server can be triggered by a SMS or a call (this can be configured)
All the available functionalities are

Get contacts (and all theirs informations)
Get call logs
Get all messages
Location by GPS/Network
Monitoring received messages in live
Monitoring phone state in live (call received, call sent, call missed..)
Take a picture from the camera
Stream sound from microphone (or other sources..)
Streaming video (for activity based client only)
Do a toast
Send a text message
Give call
Open an URL in the default browser
Do vibrate the phone
Folders
The project contains the following folders:

doc: Will soonly contain all the documentation about the project
Experiment: Contain an experimental version of the client articulated around an activity wish allow by the way to stream video
src/Androrat: Contain the source code of the client that should be put on the android plateform
src/AndroratServer: Contain the sources of the Java/Swing server that can be run on any plateform
src/api: Contain all the different api used in the project (JMapViewer for the map, forms for swing, and vlcj for video streaming)
src/InOut: Contain the code of the content common for the client and the server which is basically the protocol implementation
Screenshots
Main GUI

This is the main GUI where all the clients connected appears. The list is dynamically updated when a new client connects or is disconnected. Moreover a log of all connections and global informations are showed in the log panel at the bottom of the window. A simple double-click on a client open his window to interact with him.

Main GUI

Client Panel

All the actions with client can be made in the client window which is articulated around tabs. The default tab is called Home and provide various functionalities. First as we can see in the left scrollview all the informations about the client like sim infos, battery infos, network infos, sensors infos etc. On the right there is the options which allow remotely to change the configuration of the client like the ip and port to connect to, either or not wait a trigger to intent server connection etc. Finally quick actions can be perfomed in this tab like a toast message, do vibrate the phone or open an URL.

Client Panel

Other tabs

The two screenshots below shows two others tabs for two functionalities which are respectively get contacts and geolocation. As you can see on the get contacts panel the list on the left show all contacts the name, the phone number and the picture if available. Morevover on the right three buttons allow to get more information about the selected contact send him a sms or call him. For Geolocation we can choose our provider either GPS either network that use google to locate. Then the streaming can be started and the map will be updated as soon as data has been received.

Source GitHub: https://github.com/DesignativeDave/androrat

Etiquetas

INTERNET (459) newsweek (305) SEGURIDAD (224) software (136) HACK (86) GOOGLE (47) Hacker (46) Geek (41) hardware (36) WINDOWS (34) Hackers (31) CRACK (29) facebook (29) video (28) DESCARGA (27) videos (26) Celulares (25) MICROSOFT (22) Informatica (21) apple (19) GRATIS (18) technology (18) virus (18) exploit (17) computación (16) informatico (16) web (15) cracker (14) INALAMBRICO (13) WINDOWS 7 (13) noticias (11) MSN (10) termino (10) ACTUALIZACION (9) Gamer (9) LapTops (9) Mac (9) PASSWORD (9) WINDOWS XP (9) dns (9) firefox (9) juegos (9) FOTOS (8) cientifico (8) iphone (8) WEP (7) antivirus (7) bibliografia (7) Desencriptar (6) INFINITUM (6) wifi (6) youtube (6) Craker (5) Culiacan (5) DESMOSTRACION (5) TELEFONIA (5) gmail (5) messenger (5) DIRECTA (4) DOWNLOAD (4) ESPAÑOL (4) XBOX (4) xss (4) Glosario (3) HTML (3) WPA (3) anuncios (3) ataques (3) hosting (3) hotmail (3) Guru (2) ajax (2) wpa2 (2)