Suvam Pradhan

How to Crack Passwords in Kali Linux Using John The Ripper John The Ripper is a free password cracking tool that runs on a many platforms. It has become one of the best password cracking tools as it combines several other password crackers into a single package and has a number of handy features like automatic hash type detection. Password cracking in Kali Linux using this tool is very straight forward which we will discuss in this post. John the Ripper uses a 2 step process to crack a password. First, it will use the password and shadow file to create an output file. Later, you then actually use the dictionary attack against that file to crack it. To keep it simple, John the Ripper uses the following two files: /etc/passwd /etc/shadaw Cracking passwords using John the Ripper In Linux, password hash is stored in /etc/shadow file. For the sake of this exercise, I will create a new user names john and assign a simple password ‘password’ to him. I ...

Hack Wap2-psk using  reaver “This post is for educational purposes..Please don’t abuse  i will not responsible for any consequences   .” Step 1:  Open Terminal and Find out the name of your wireless adapter. , type  ifconfig  on a terminal. See the result. (here my wireless adapter is ‘wlan0’) Step 2:  Type the following commands on terminal. airmon-ng check kill airmon-ng check Step 3:  Enable Monitor mode. Now, we use a tool called airmon-ng to create a virtual interface called mon. Just type airmon-ng start wlan0  Step 4:  Start capturing packets. we’ll use airodump-ng to capture the packets in the air. You’ll see the name of the wifi you want to hack. airodump-ng wlan0mon then press Ctrl+c Step5:  Copy the BSSID of Victim. And write it on this command. reaver -i wlan0mon -b (BSSID) -vv -K 1 For ex: reaver -i wlan0mo...

OnePlus investigating credit card fraud reports A number of OnePlus customers have reported unusual credit card transactions after buying products from the smartphone maker’s online store. And, today, OnePlus announces a formal investigation. OnePlus reveals that the complaints come only from users who have made direct purchases and adds that purchases involving third-party services — PayPal, for example — are not affected. The company  says  that it does not store the credit card information that users enter when making a purchase. OnePlus explains that this data is actually processed — but not also stored — by a payment processing company. The only time that credit card-related information is stored on OnePlus’ servers is when users choose the option “save this card for future transactions,” and even then only a token and a few digits from the card’s number are remembered. OnePlus says that using just that information it is not possible to make purchases, ...

Lenovo Discovered a Backdoor in Network Switches Which Allows Attacker Could Perform DDOS. Lenovo discovered a backdoor in network switches that powered by Enterprise Network Operating System firmware during the security audit by Lenovo in the Telnet and Serial Console management interfaces. An Authentication bypass mechanism Backdoor also called “HP Backdoor” was discovered with some Lenovo and IBM RackSwitch and BladeCenter switch that allows attacker gain the switch management console interface. This bypass mechanism can be accessed when performing local authentication under specific and unique circumstances. If the flaw will be perfectly exploited that it gives direct admin levels access to the switch that leads to performing massive DDOS Attack. Authentication Bypass mechanism added in 2004 This mechanism was added in 2004 to ENOS when its owned by Nortel’s Blade Server Switch Business Unit. Lenovo discovered this while source code revision and auditing histo...

Google removes 60 apps from Play Store due to reports of malware ...................................................................... Google has removed 60 games from the Play Store after security firm Checkpoint discovered a  bug that displayed ads for porn within the games . Many of the games were aimed at young children. Checkpoint identified three main ways in which this malware, named  Adult Swine, could cause trouble for users . The first is in the nature of the ads themselves. These ads are often pornographic in nature, which many would find inappropriate in any game, let alone those aimed at children. The ads come from the pages of mainstream ad providers that forbid their content from being used in this manner. The second source of ads is he malware’s own ad libraries, which are where the porn ads come from.Finding ads for porn in children’s games would be bad enough, but there are bigger problems with Adult Swine than that. One such problem is the...

Hacker demands ransom in Bitcoin after taking over hospital servers It is a fact that the healthcare industry has been a  lucrative target for cyber criminals  around the world as every now and then there are incidents involving  malware attacks  on medical centers and hospitals. While cybercriminals do what they are good at these institutions are also to be blamed for not taking their online security seriously and that is what happened at Hancock Health hospital. What Happened On the night of January 11th, Hancock Health hospital in Greenfield Indiana suffered a sophisticated cyber attack in  Which  its entire network was compromised by a hacker who  displayed a message on the computer system demanding ransom money in Bitcoin, a popular cryptocurrency used in making anonymous transactions that are almost impossible to trace. In return, the hospital administration decided to shut down  its system to stop the hacker and ...

Intel AMT Security Issue allows Local Attacker to get Complete Control Over any Laptop Security researchers identified a significant security flaw with Intel AMT(Active Management Technology) utilized for remote monitoring and maintenance in corporate workplaces and it can be found in Intel vPro-enabled processors. The flaw allows attackers to gain remote access to your laptops within seconds by simply log in using the default password and then enabling remote access by changing user permission. BIOS password is to Prevent unauthorized access to the system and the problem here is attacker does not need BIOS password to setup AMT. Intel busy in providing patches for  Meltdown and Spectre  which affects Intel, AMD, ARM processors and this unexpected behavior in Intel AMT reported by security  F-secure security researchers. We hope firmware updates will be available soon. How an attacker can Exploit – Intel AMT The attacker needs to have a few ...

First Android malware written in Kotlin found posing as Swift Cleaner app and stealing user data Security researchers have discovered a  new Android malware , written in the Kotlin programming language – the first ever of its kind to be found. The  malware was found  posing as a Google Play Store app called "Swift Cleaner" and already has between 1,000 to 5,000 installs. The  data-stealing malware  is also capable of other kinds of malicious activities such as performing click ad frauds, remote command execution and sending SMS. According to security researchers at Trend Micro, who discovered  the Android malware , it can also sign up victims for premium SMS subscription services, without their knowledge or permission. Kotlin is a popular language used for writing Android apps. Twitter, Pinterest and Netflix are among some of the top apps that still use Kotlin. The malware was found posing as a Google Play Store app called “Swift Clea...

New macOS Security Bug Unlocks App Store With Any Password Back at the tail end of November, Apple had to rush out an emergency security patch after news of a serious security flaw surfaced in macOS High Sierra. That bug allowed users to  log into a system by typing “root” for a login , then hitting enter for a login attempt several times in a row. Now there’s a new bug; it isn’t as much of a risk as that one, but it’s still a significant issue. The bug appears limited to High Sierra (Sierra isn’t affected), and has been verified by Macrumors as existing in 10.13.2, the latest version of the operating system. Macrumors  states  that it cannot reproduce the error on the beta versions of macOS 10.13.3, suggesting it’ll be fixed in an upcoming release. Nevertheless, it remains active for now. Reproducing the bug is fairly simple and involves the following steps, as laid out by  eholtam,  who found the bug: 1) Log in as a local admin 2) Open App Store...

Wi-Fi Allowance Announces WPA3 Protocol For More Security Protections New Wireless Protocol WPA3 To Get More Wireless Security Especially in Public Wi-Fi and Hotspots. WPA3 supports data encryption individual, it means dictionary attack will no longer work. The traffic between the access point and end user devicess will be encrypted and improve security and privacy. In October 2017, details of the KRACK (Key Reinstallation Attack) attack on WPA2 were published. Therefore, any correct implementation of WPA2 is likely to be vulnerable. The vulnerability affects all major software platforms, including Microsoft Windows, macOS, iOS, Android, Linux, OpenBSD and others. Wi-Fi Alliance will also deliver a suite of features to simplify Wi-Fi security configuration for users and service providers, while enhancing Wi-Fi network security protections. Four new capabilities for personal and enterprise Wi-Fi networks will emerge in 2018 as part of Wi-Fi CERTIFIED WPA3™. Two of ...