By opening ports from the Internet to your raspberry pi (ssh, http, ftp, https etc.), you are automatically becoming a victim of many hacker’s attempts. Hackers are seeking exploits and trying to get access to your server. To protect you against such attacks, there is a tool called Fail2Ban. It supports a lot of services (sshd, apache, qmail, proftpd etc.) and can be integrated directly with your IPTables. By this tutorial, we will guide you via the whole process of how to protect against such attacks.   

Who is trying to access my raspberry pi?

If you think that your raspberry pi is safe and you do not need any tool to be installed, please check the content of the following file:

cat /var/log/auth.log | grep 'Failed'

As you can observe above, there are many password failures. Usually, the hacker bots are seeking exploits.  Each attempt consumes resources as your raspberry pi needs to evaluate each request. It is known as DoS attack. 

Hackers can try also a brute-force attack.  Such an attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing a combination correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. 

What is Fail2Ban and how does it work?

Fail2Ban is a daemon that scans access log files and it bans IP addresses that show malicious signs. It protects you against too many password failures as shown above. 

It is a must have tool to protect your from intruders to your server or network especially if you allow outside SSH traffic or any traffics from an outside network to your Raspberry Pi. Fail2Ban tool supports many different services (sshd, apache, qmail, proftpd, sasl, asterisk, etc) and can be integrated with your IPTables.

Installation of Fail2Ban is very easy to install and basic setup will drastically improve security on your Raspberry Pi. Fail2Ban works by checking your access logs for failures and depending on the settings you setup, it will ban or timeout an IP Address for a certain amount of time. Fail2Ban tool can easily protect your raspberry pi against very known brute-force and DoS attacks.

How can I protect myself?

Very easy, by installing of Fail2Ban on your raspberry pi. We will first install Fail2Ban by typing the following commands:

sudo apt-get update
sudo apt-get install fail2ban

By doing that, you have Fail2Ban already installed. The configuration file is located at ‘/etc/fail2ban/jail.local’. If you want to change some parameters, you can simply modify this file and restart the service to take immediate effect.

Let’s edit our SSH Fail2Ban configurations. Open up the ‘/etc/fail2ban/jail.local’ file with the following command:

sudo nano /etc/fail2ban/jail.local

Your jail.local file should already contain some pre-defined config. We will need to tweak it a little bit. Find a section in the file called [sshd] and paste/modify accordingly:

[sshd]

enabled = true
filter = sshd
port = ssh
logpath = /var/log/auth.log
bantime = 86400
banaction = iptables-allports
findtime = 900
maxretry = 3
backend = %(sshd_backend)s

sudo service fail2ban restart

sudo fail2ban-client set sshd unbanip <IP-YOU-WANT-TO-UNBAN>

sudo iptables -L -n --line

The post How to install Fail2Ban on the Raspberry Pi/Unix server appeared first on ITBlogSec.com.

Enjoy and stay tuned for the next episodes  

What you can learn 

If you want to start with hacking, first you need to have some hacking tools available. The best option for that purpose is using Kali Linux what is linux distribution specially designed to be used for hacking activities. As the part of our hacking tutorials for beginners, we are starting with the #1 where you can find exact steps how to install Kali linux on MacOS using Parallels Desktop or Virtual Box. Of course, you can use any virtualization platform you want, even there is ARM Kali Linux image available for rapsbperry PI, you can download it here. 

1: Download kali linux image

– use official webpage https://www.kali.org/downloads/

2: Import Kali linux image

– here is example by using Parallels Desktop – choose Debian GNI/Linux (the same applicable for for Virtual Box)

3: Choose name and location 

4: Select type of installation (Graphical install)

5: Select language for installation

6: Wait for installation 

7: Type hostname of your Kali linux system

8: Type domain name

– if you do not use domain, just leave it blank

9: Set-up user and password

– (always use strong password)

10: Select your time-zone 

11: Partition and format your virtual disk

– please select: Guided – use entire disk

12: Select software you want to install

– of course later you can install any kind of software you want

13: Install GRUB boot loader

14: Wait for installation to be finished

15: Congratulations! We are done.

– Now your Kali linux system is ready to be used for your hacking practice 

Conclusion

At this point, you have the system which is ready to learn new hacking practice by yourself. In our next tutorials, we will try to bring you step-by-step guides how to learn ethical hacking practices. Stay tuned, like us on facebook and soon there will second part of Hacking for Beginners available. 

The post Hacking for beginners #1 – Install the Kali Linux appeared first on ITBlogSec.com.

Security Researcher Mathy Vanhoef of Imec-DistiNet discovered a weakness within the WPA2 protocol, potentially affecting all the wireless routers supporting WPA2, an attacker can take advantage of this vulnerability by using key re-installation attacks (KRACKS).

The attack can be used to intercept passwords, Emails, chat messages and even your credit card Information. Consider if your network is not configured properly the attacker can inject ransomware and other malware into the Web sites you visit.

He says that the weakness is in the Wi-Fi Standard itself even though if your router is perfectly configured you will be affected by this attack. Mathy suggests updating the Router’s Firmware when the Vendor issues the Updates to your Router.

“Note that if your device supports Wi-Fi, it is common that it is affected. During our initial research, we learned ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some modification of the attacks. For more data about specific products, consult the database of CERT/CC, or contact your vendor.”

In the research paper, he explains the attack as “exceptionally destructive” against Android 6.0:

“Because Android uses wpa_supplicant, Android 6.0 and above further contains this vulnerability. This presents it trivial to hijack and manipulate traffic sent by these Linux and Android devices,” he addresses on the Krackattacks site explaining the flaw. “Note that currently, 41% of Android devices are exposed to this exceptionally devastating variant of our attack.”

He also says that attacks on MacOS and OpenBSD are easier to execute although we agree that some of the attack scenarios in the paper are rather impractical, do not let this fool you into believing key re-installation attacks cannot be abused in practice.

Vanhoef further explains how the attack can still work against Web Apps and native Apps that are using HTTPS, explaining how this added encryption layer can be avoided in what he describes as a worrying number of conditions he flags multiple prior instances of HTTPS being avoided “in non-browser software, in Apple’s iOS and OS X, in Android apps, in Android apps again, in financial apps, and even in VPN apps.

See also  a Proof-Concept-Video of the Attack:

ALSO READ: Hack a Windows 7/8/10 admin account password with Windows magnifier

source: https://latesthackingnews.com

The post WPA2 encryption can now be hacked with new KRACKS method appeared first on ITBlogSec.com.

This exploit takes advantage of the ease of access tool on the login page by ‘tricking’ windows into launching a fully privileged command prompt by selecting ‘make items on the screen larger – magnifier’. By using this method you can simply reset admin account password, just by having physical access to the computer.

Disclaimer: This is for use on a PC that you own. Breaking into someone else’s PC is considered a serious crime in most places. If you make a mistake or change something else, your Windows may become a non-boot. If so, just undo whatever you changed outside of the hack shown here, and it will back to normal. Need I say this is for Educational Purposes! You are responsible for your own thoughts and actions.

1. Launch any OS that allow full access to file system

Here you can use many different linux distros or even a windows disk/usb, as long as you can access the terminal/command prompt, you’re good. In this case, we are going to use Kali linux distro. Insert CD/DVD into drive and reboot the machine. Start your Live DVD. You may need to go into the BIOS screen and change the boot-up order to CD/DVD drive first, HDD second.

2. Navigate to Sys32

Use the file browser in your Linux environment, navigate to %windir%/system32/. You may have to right-click and mount the Windows partition/drive first or use the NTFS-3G command.

Article is written on a macbook with Windows dual booted, there is Windows instance named as BOOTCAMP.

3. Rename Magnify.exe

Find and rename magnify.exe (Magnifier file) to magnify.old. 

mv magnify.exe magnify.old

4. Rename cmd.exe

Find and rename cmd.exe to magnify.exe.

mv cmd.exe magnify.exe

5. Shut Down Linux & Reboot Windows

Log out and reboot, remove CD/DVD/USB, and restart into Windows.

6. Get CMD Prompt Modify Accounts

When Windows reboots, click on the ease of access button in the bottom left corner

Click the second selection “Make items on the screen larger (Magnifier)” and hit apply.

The command prompt should now be in front of you. You now have a system level command prompt. At this point is where you can change the admin password and make any modification to the system using administrator privileges. 

Tip: You can right-click on cmd.exe and click “Run as administrator” inside of Windows for escalated privileges. To edit files, it would never be allowed at basic admin level (caution). Same goes for any app in Windows right click and make the magic happen.

Type net user to get a list of accounts

Change Password: 

net user username new_password

Tip: when you do so, the password changes without prompting you again.

Add an account: 

net user username password /add

Tip: If your username has a space, like John Doe, use quotes like “John Doe”.

Admin that: 

net localgroup administrators username /add

Delete that: 

net user username /delete

Remote Desktop Users Group: 

net localgroup Remote Desktop Users username /add

Net User Syntax Reference:

net user commands 
net user for domain

7. Revert back all changes

Now you should insert your Linux Live CD/DVD/USB and rename the files back to the original names.

1. Repeat Step 1
2. Repeat Step 2
3. Rename magnify.exe back to cmd.exe
4. Rename magnify.old back to magnify.exe
5. Log out, take out CD/DVD USB, reboot into Windows

Recommended resources

Kali Linux
Create Live USB Sticks Rufus

Conclusion

Well, that was how you hack a Windows 7/8/2008/10 administrator account password with Windows Magnifier. This also demonstrates how you could Pwn a machine if you think about it some, have hands on and they have not disabled EoA.  Hope it helps you in some way.

source: https://null-byte.wonderhowto.com, https://thehacktoday.com

The post Hack a Windows 7/8/10 admin account password with Windows magnifier appeared first on ITBlogSec.com.

The HBO hackers who have been notoriously leaking unaired TV show episodes and their scripts are acting well on their promise of continuously releasing new material. In the latest wave, the hackers have released more content, but it didn’t include Game of Thrones Season 7 episodes.

According to Reuters, the hackers have released the episodes of the much-anticipated comedy series Curb Your Enthusiasm, which returns in October. Notably, Curb has been off air for 5 years. The dump also included another popular show Insecure’s Sunday night episode.

The other leaked unaired episodes are from the TV shows The Deuce and Barry. While The Deuce is an upcoming TV drama set in and around Times Square, Barry is a Bill Hader comedy series which is set to air in 2018.

For those who don’t know, HBO had suffered a massive hack after becoming the target of a hacker group who calls itself Mr. Smith. As per the claims made by the hackers, they had obtained 1.5TB of data after a 6-months long attack.

Over the past few weeks, hackers have been releasing unreleased episodes and scripts of Game of Thrones and other TV shows, employee emails, and personal contact details of GOT stars.

The hackers have made demands and asked for a 6-month salary in bitcoin, which turns out to be about $6 million to $7.5 million. It was also revealed that, in the past, HBO tried to stop the leaks by offering $250,000 for “finding out vulnerabilities in HBO’s systems.”

ALSO READ: WannaCry ransomware: researcher halts its spread by registering domain for $10.69

source: https://fossbytes.com

The post HBO Hackers Release More TV Show Episodes — No New Game Of Thrones Season 7 Material appeared first on ITBlogSec.com.

Last year the Internet was taken down by cyber criminals through a massive Distributed Denial of Service Attack (DDoS) attack using the infamous Mirai malware. But last Friday afternoon, almost 99 countries including Russia, UK, USA and Australia became victims of a worldwide mass cyber-attack WannaCry ransomware that has been reported to have caused major disruptions to systems that were being used by hospitals, companies, and other institutions.

| ALSO READ: WannaCry ransomware –  hitting world right now uses NSA windows exploit

The Shadow Brokers and the NSA

An unknown hacking group launched ransomware attack to a number of computers worldwide that is seemingly powered by a hacking tool developed by the National Security Agency for spying purposes. The tool got leaked online by the “Shadow Brokers” group as part of their agenda to accumulate hacking tools developed by the agency. The tool is apparently given the name “Eternal Blue” and it exploits a vulnerability in Microsoft Windows.

What does the vulnerability to do?
According to experts, the vulnerability in Microsoft’s flagship operating system can be exploited by Eternal Blue which blocks access to a computer completely. What is more, is that the hacking group demanded a sum of $600 from the victims if they wanted to re-access their systems and de-encrypt the files accordingly.

https://twitter.com/fendifille/status/862997621039878145?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.hackread.com%2Fwannacry-ransomware-researcher-halts-spread-by-registering-domain%2F

Who has been affected?

Up till now, almost 75,000 computers have been reported to have become the victim of the cyber-attack. Moreover, over 40 NHS organizations had been affected initially on Friday in the UK, disrupting the entire health system of the country. Experts say that the ransomware was spreading at an exponential rate of five million emails per hour resulting in the virus affecting a number of other countries as well, including Australia, Germany, Mexico, Italy, Belgium, France and Russia.

 

The post WannaCry ransomware: researcher halts its spread by registering domain for $10.69 appeared first on ITBlogSec.com.

Earlier today, a massive ransomware campaign hit computer systems of hundreds of private companies and public organizations across the globe – which is believed to be the most massive ransomware delivery campaign to date. The Ransomware in question has been identified as a variant of ransomware known as WannaCry ransomware (also known as ‘Wana Decrypt0r,’ ‘WannaCryptor‘ or ‘WCRY‘).

Like other nasty ransomware variants, WannaCry also blocks access to a computer or its files and demands money to unlock it. Once infected with the WannaCry ransomware, victims are asked to pay up to $300 in order to remove the infection from their PCs; otherwise, their PCs render unusable, and their files remain locked.

In separate news, researchers have also discovered a massive malicious email campaign that’s spreading the Jaff ransomware at the rate of 5 million emails per hour and hitting computers across the globe.

| ALSO READ: WannaCry ransomware: researcher halts its spread by registering domain for $10.69

Ransomware Using NSA’s Exploit to Spread Rapidly

What’s interesting about this ransomware is that WannaCry attackers are leveraging a Windows exploit harvested from the NSA called EternalBlue, which was dumped by the Shadow Brokers hacking group over a month ago.

Microsoft released a patch for the vulnerability in March (MS17-010), but many users and organizations who did not patch their systems are open to attacks. The exploit has the capability to penetrate into machines running unpatched version of Windows XP through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server. This is why WannaCry campaign is spreading at an astonishing pace.

Once a single computer in your organization is hit by the WannaCry ransomware, the worm looks for other vulnerable computers and infects them as well.

Infections from All Around the World

How to Protect Yourself from WannaCry

The post WannaCry ransomware – hitting world right now uses NSA windows exploit appeared first on ITBlogSec.com.

The Internet-connected devices are growing at an exponential rate, and so are threats to them. Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used as weapons in cyber attacks.

We have seen IoT botnets like Mirai – possibly the biggest IoT-based malware threat that emerged late last year and caused vast internet outage by launching massive DDoS attacks against DynDNS provider – which proves how easy it is to hack these connected devices. Now, a security researcher is warning of another IoT threat involving Smart TVs that could allow hackers to take complete control of a wide range of Smart TVs at once without having any physical access to any of them.

| ALSO READ: Vault 7: Top 15 Discoveries & Implications

Researcher Shows Live Hacking Demonstration

The proof-of-concept exploit for the attack, developed by Rafael Scheel of cyber security firm Oneconsult, uses a low-cost transmitter for embedding malicious commands into a rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals. Those rogue signals are then broadcast to nearby devices, allowing attackers to gain root access on the Smart TVs, and using those devices for nasty actions, such as launching DDoS attacks and spying on end users.

Scheel provided a live hacking demonstration of the attack during a presentation at the European Broadcasting Union (EBU) Media Cyber Security Seminar, saying about 90 percent of the Smart TVs sold in the last years are potential victims of similar attacks. Scheel’s exploit relies on a transmitter based on DVB-T — a transmission standard that’s built into TVs that are connected to the Internet. The attack exploits two known privilege escalation vulnerabilities in the web browsers running in the background and once compromised, attackers could remotely connect to the TV over the Internet using interfaces, allowing them to take complete control of the device. Once compromised, the TV would be infected in a way that neither device reboots nor factory resets would help the victims get rid of the infection.

Scheel’s exploit is unique and much more dangerous than any smart TV hack we have seen so far. Previous Smart TV hacks, including Weeping Angel (described in the CIA leaked documents), required physical access to the targeted device or relied on social engineering, which exposes hackers to the risk of being caught as well as limits the number of devices that can be hacked.

However, Scheel’s exploit eliminates the need for hackers to gain physical control of the device and can work against a vast majority of TV sets at once. The hack once again underlines the risks of “Internet of Things” devices. Since the IoT devices are rapidly growing and changing the way we use technology, it drastically expands the attack surface, and when viewed from the vantage point of information security, IoT can be frightening.

source: http://thehackernews.com

The post Over 85% of Smart TVs can be hacked remotely using broadcasting signals appeared first on ITBlogSec.com.

Some Russian banks are having sleepless nights because of a series of robberies that happened in the strangest way possible. As seen on the CCTV footage, a guy walks up to an ATM, stands for 20 minutes and goes back with a handful of cash in Rubles (roughly $100,000). All of this was done without even touching the machine. A similar story was repeated at other ATMs across the city, totaling the amount to $800,000 in just one night.

The banks were completely unaware of how did the guys perform the attacks. They didn’t find any existence of malware on their backend network or the ATMs. The Russian security firm Kaspersky Labs was approached by one of the two affected banks.

The only digital traces of the attack were the two log files which the attackers might’ve left by mistake. The events that occurred on the machines were recorded in the log files. The logs also include a line of text written in English, “Take the money bitch.”

The story of the invisible malware

Earlier this year, Kaspersky Labs reported about invisible fileless malware attacks that affected around 140 banks in Europe, US, and other places. Such kind of malware resides in the random access memory of the devices, thus, reducing the chances of leaving any sign afterward.

Sergey Golovanov, a malware expert at Kaspersky Lab, who worked on the case says that the two log files might’ve been left while uninstalling the malware.

Golovanov and his team examined the two log files and concluded that the attack happened in three stages. First, the machine was commanded to withdraw cash from the cassettes and the second to put it on the dispensing tray. The third stage included the mouth of the ATM. The English text might’ve been logged at the same time and also as an indication on the screen for the guy.

However, that wasn’t enough; the researchers took the help of a tool called YARA to create malware samples using the English text in the log files. They successfully found the match of the malware on VirusTotal – an online malware analysis tool – with two files uploaded by someone from Russia and Kazakhstan.

| ALSO READ: CloudBleed – CloudFlare bug exposes sensitive data from million sites

The researchers analyzed the bank’s network. They were able to reverse engineer the code and reconstruct the attack process. The attackers had built a digital tunnel across the bank’s network which allowed them to execute Windows Powershell commands and control the ATMs in real-time.

Golovanov says that fileless attacks might be difficult to track but not impossible. They’ve linked the possible ties of the attackers with two already known bank hacker gangs. Until now, no arrests have been made.

If you have something to add, drop your thoughts and comments.

source: https://fossbytes.com

The post “Disappearing Malware” Allowed Hackers Steal $800,000 Cash From Russian ATMs appeared first on ITBlogSec.com.

Everybody knows how to use search engine “google”.  But do you know tips, tricks and operators which can be used for google hacking? Here’s a tutorial that will teach you how to use google to hack and obtain even more specific data. Enjoy!

We have decided to start a new tutorial where we are trying to collect all techniques and commands which can be used for google hacking. Google hacking, also named Google dorking, is a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use. Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications.

History 

The concept of “Google Hacking” dates back to 2002, when Johnny Long began to collect interesting Google search queries that uncovered vulnerable systems and/or sensitive information disclosures – labeling them googleDorks.

The list of googleDorks grew into large dictionary of queries, which were eventually organized into the original Google Hacking Database (GHDB) in 2004. These Google hacking techniques were the focus of a book released by Johnny Long in 2005, called Google Hacking for Penetration Testers, Volume 1.

Since its heyday, the concepts explored in Google Hacking have been extended to other search engines, such as Bing and Shodan. Automated attack tools use custom search dictionaries to find vulnerable systems and sensitive information disclosures in public systems that have been indexed by search engines.

But in 2012 Google held an open challenge for anyone to infiltrate their resisting servers. For a full visual timeline, detailing the major events and developments in Google Hacking from 2002 to Present, see the Google Hacking History by Bishop Fox.

Search operators

There are many operators which can be used and even combined to achieve required results, see here the list of most popular operators:

The formula of google dorks

Dorks: They are like search criteria in which a search engine returns results related to your dork. The process can be a little time consuming, but the outcome will be worth it after learning on how to use dorks.

Basic Formula of dork: 

"inurl:."domain"/"dorks" "

So now try to understand concept: 
“inurl” = input URL
“domain” = your desired domain ex. .gov
“dorks” = your dork of your choice

Real examples

"intitle:index.of:" mp3 jackson

– download your favorite music for free

intitle:index.of +?last modified? +?parent directory? +pdf "lord of the rings" -htm -html -php -asp

– download book for free

300 -inurl:(htm|html|php|pls|txt) intitle:index.of “last modified” (mp4|wma|aac|avi)

– download your favorite movie directly from the Internet or you can watch it even online (in our example movie 300)
– explanation:

movie Name -inurl:(htm|html|php|pls|txt) intitle:index.of “last modified” (mp4|wma|aac|avi)
– as a result you will see a movie name there you can add any movie name for example 300, deadpool, etc.

inurl(htm|html|php|pls|txt)
– this means search the movie name in the URL. Most of the times there are name of the keywords given in the link itself, and it will search all the links which are having extensions named as htm, html, php, pls, txt.

intitle:index.of “last modified”
– It means that this will search for the recent date when the file was uploaded, so that you can get the HD print of the movie and you can download it in blazing fast speed.

(mp4|wma|aac|avi)
– Your movie will be searched which is having extension of mp4, wma, aac, avi format only. 

Conlusion

In the second part of our tutorial, we will show you more complicated formulas, how to find vulnerable online cameras, web servers and many many another practical tips and tricks. Comment, subscribe or Like us on Facebook so you will get notification about new part of tutorial. Enjoy!

The post Google hacking (dorking) tutorial #1 appeared first on ITBlogSec.com.