miércoles, 6 de noviembre de 2019

aNother NETFLIX- GAy EMAIL scam






De: Netflix <ses@kawanlama.com>

SCAM SERVER
********************************

http://zszajncmces.applogins-netflx.com/?SZAJNCMCES


CONTENIDO ROBOTS.TXT
********************************

User-agent: Googlebot
Disallow: /
User-agent: googlebot-image
Disallow: /
User-agent: googlebot-mobile
Disallow: /
User-agent: MSNBot
Disallow: /
User-agent: Slurp
Disallow: /
User-agent: Teoma
Disallow: /
User-agent: twiceler
Disallow: /
User-agent: Gigabot
Disallow: /
User-agent: Scrubby
Disallow: /
User-agent: Robozilla
Disallow: /
User-agent: Nutch
Disallow: /
User-agent: ia_archiver
Disallow: /
User-agent: baiduspider
Disallow: /
User-agent: naverbot
Disallow: /
User-agent: yeti
Disallow: /
User-agent: yahoo-mmcrawler
Disallow: /
User-agent: psbot
Disallow: /
User-agent: asterias
Disallow: /
User-agent: yahoo-blogs/v3.9
Disallow: /
User-agent: *
Disallow: /
Disallow: /cgi-bin/


Nota: Como se pueden dar cuenta en el robots.txt desabilitan el barrido e escaneo de los boots de las maquinas de búsqueda para que no lo indexen.

Servidores linkeados en ESTE SCAM
**************************
-- member-netflx.com
-- server.peurihucing.com


eMAIL ENCONTTRADO EN EL FORMULARIO
********************

webmaster@applogins-netflx.com

noTA AL ENTRAR al dominio:
***************************
applogins-netflx.com/index.php

de donde proviene este email podemos ver que nos redirige una pagina al servidor: 




El cual si le das  click te manda a:


https://boythatsgood.com/





DOnde podemos ver que el dueño del dominio y para que lo usa este scam.... para redirigir trafico a su pagina web.



al entrar al dominio nos damos cuenta que tiene muchos bugs entre los cuales podemos listar.


-- Slow HTTP Denial of Service Attack
-- XMLRPC ATTACK

https://boythatsgood.com/xxxxxxx.php

con el cual podemos hacerle denegaciones de servicio y todo lo que tenga que ver con ese ataque.

ATAQUE XMLRPC CONFIRMADO


***********************
Los métodos listados son:

<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
<params>
<param>
<value>
<array><data>
<value><string>system.multicall</string></value>
<value><string>system.listMethods</string></value>
<value><string>system.getCapabilities</string></value>
<value><string>demo.addTwoNumbers</string></value>
<value><string>demo.sayHello</string></value>
<value><string>pingback.extensions.getPingbacks</string></value>
<value><string>pingback.ping</string></value>
<value><string>mt.publishPost</string></value>
<value><string>mt.getTrackbackPings</string></value>
<value><string>mt.supportedTextFilters</string></value>
<value><string>mt.supportedMethods</string></value>
<value><string>mt.setPostCategories</string></value>
<value><string>mt.getPostCategories</string></value>
<value><string>mt.getRecentPostTitles</string></value>
<value><string>mt.getCategoryList</string></value>
<value><string>metaWeblog.getUsersBlogs</string></value>
<value><string>metaWeblog.deletePost</string></value>
<value><string>metaWeblog.newMediaObject</string></value>
<value><string>metaWeblog.getCategories</string></value>
<value><string>metaWeblog.getRecentPosts</string></value>
<value><string>metaWeblog.getPost</string></value>
<value><string>metaWeblog.editPost</string></value>
<value><string>metaWeblog.newPost</string></value>
<value><string>blogger.deletePost</string></value>
<value><string>blogger.editPost</string></value>
<value><string>blogger.newPost</string></value>
<value><string>blogger.getRecentPosts</string></value>
<value><string>blogger.getPost</string></value>
<value><string>blogger.getUserInfo</string></value>
<value><string>blogger.getUsersBlogs</string></value>
<value><string>wp.restoreRevision</string></value>
<value><string>wp.getRevisions</string></value>
<value><string>wp.getPostTypes</string></value>
<value><string>wp.getPostType</string></value>
<value><string>wp.getPostFormats</string></value>
<value><string>wp.getMediaLibrary</string></value>
<value><string>wp.getMediaItem</string></value>
<value><string>wp.getCommentStatusList</string></value>
<value><string>wp.newComment</string></value>
<value><string>wp.editComment</string></value>
<value><string>wp.deleteComment</string></value>
<value><string>wp.getComments</string></value>
<value><string>wp.getComment</string></value>
<value><string>wp.setOptions</string></value>
<value><string>wp.getOptions</string></value>
<value><string>wp.getPageTemplates</string></value>
<value><string>wp.getPageStatusList</string></value>
<value><string>wp.getPostStatusList</string></value>
<value><string>wp.getCommentCount</string></value>
<value><string>wp.deleteFile</string></value>
<value><string>wp.uploadFile</string></value>
<value><string>wp.suggestCategories</string></value>
<value><string>wp.deleteCategory</string></value>
<value><string>wp.newCategory</string></value>
<value><string>wp.getTags</string></value>
<value><string>wp.getCategories</string></value>
<value><string>wp.getAuthors</string></value>
<value><string>wp.getPageList</string></value>
<value><string>wp.editPage</string></value>
<value><string>wp.deletePage</string></value>
<value><string>wp.newPage</string></value>
<value><string>wp.getPages</string></value>
<value><string>wp.getPage</string></value>
<value><string>wp.editProfile</string></value>
<value><string>wp.getProfile</string></value>
<value><string>wp.getUsers</string></value>
<value><string>wp.getUser</string></value>
<value><string>wp.getTaxonomies</string></value>
<value><string>wp.getTaxonomy</string></value>
<value><string>wp.getTerms</string></value>
<value><string>wp.getTerm</string></value>
<value><string>wp.deleteTerm</string></value>
<value><string>wp.editTerm</string></value>
<value><string>wp.newTerm</string></value>
<value><string>wp.getPosts</string></value>
<value><string>wp.getPost</string></value>
<value><string>wp.deletePost</string></value>
<value><string>wp.editPost</string></value>
<value><string>wp.newPost</string></value>
<value><string>wp.getUsersBlogs</string></value>
</data></array>
</value>
</param>
</params>
</methodResponse>


Al entrar a ese dominio podemos darnos cuenta que tiene muchisimos bugs su servidor.

****************
siMPLEMENTE que decir de este scam?
WACALA DE POLLO, ni siquiera ocultan el email de donde lo envian.
*****************
Atentamente profesor x

#hacking #Scam #malware

viernes, 11 de octubre de 2019

Ophcrack a free Windows password cracker based on rainbow tables





What is ophcrack?
Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

Features:

� Runs on Windows, Linux/Unix, Mac OS X, ...
� Cracks LM and NTLM hashes.
� Free tables available for Windows XP and Vista/7.
� Brute-force module for simple passwords.
� Audit mode and CSV export.
� Real-time graphs to analyze the passwords.
� LiveCD available to simplify the cracking.
� Dumps and loads hashes from encrypted SAM recovered from a Windows partition.
� Free and open source software (GPL).


Exist many version like this:





Download ophcrack

The latest version of ophcrack is 3.8.0.

Please select the file appropriate for your platform below.


Windows 2000, XP, Vista, 7, 8 and 10 are supported.
md5sum: e8cb96786f5180a796465d73c5189495
md5sum: d4449e15f65b1f0f82abfd963ceff452

The latest version of ophcrack LiveCD is 3.6.0 (including ophcrack 3.6.0). There are three versions available:

  • » ophcrack XP LiveCD: cracks LM hashes (Windows XP and earlier)
  • » ophcrack Vista LiveCD: cracks NT hashes (Windows Vista and 7)
  • » ophcrack LiveCD: does not include any tables (if you already downloaded them)



Free XP Rainbow tables

These tables can be used to crack Windows XP passwords (LM hashes). They CANNOT crack Windows Vista and 7 passwords (NT hashes).








this tool is very effective to recovery windows passwords.

check it 

Li. Rodolfo H. Baz
www.ccat.edu.mx
www.rodolfohbaz.net

lunes, 12 de agosto de 2019

Shodan Dorks HAcking Data Base Instructions- 2019

CSO Online - Shodan Exposes IoT Vulnerabilities - Internet ...











Shodan Dorks 
Hacking DataBase - 2019
Dorks for shodan.io website.


Shodan is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters.

Basic Shodan Filters
city:
Find devices in a particular city.
city:"México"

country:
Find devices in a particular country.
country:"MX"

geo:
Find devices by giving geographical coordinates.
geo:"89.256487,20.111111"

hostname:

Find devices matching the hostname.
server: "gws" hostname:"google"

net:
Find devices based on an IP address or /x CIDR.
net:210.214.0.0/16

os:
Find devices based on operating system.
os:"Windows IIS"

port:
Find devices based on open ports.
apache port:8080

before/after:
Find devices before or after between a given time.
apache after:22/02/2009 before:14/3/2010

YOU CAN ALSO COMBINE FILTERS TO MAKE INTO ADVANCED FILTERS FOR QUICK RECON.


EXAMPLE dORK

************

product:"Microsoft IIS" country:"MX"

Please create a pull request if you want to contribute.

More info in:  github:  /Shodan-Dorks

lunes, 17 de junio de 2019

Black Windows 10 v 2.0



¡Black Window 10 Enterprise es la primera distribución de pruebas de penetración basada en Windows con Linux integrado! ¡El sistema viene activado con una licencia digital para la empresa Windows! ¡Es compatible con aplicaciones de Windows y aplicaciones de Linux, GUI y aplicaciones de terminal! Viene con muchisimas herramientas de pirateo, además de todas las herramientas que se incluyen con la última versión de Cerberus Linux. 

Se ha logrado implementar Cerberus os dentro de las ventanas el cual ofrece la estabilidad de un sistema Windows y ofrece la parte de pirateo con un sistema Cerberus Linux. Puedes correr ambos y solo.



MAs de 2000 exploits y tools que pueden ser usadas.

 
LINKS:

https://mega.nz/#!eIAkVILJ!H_tHgHkLNUJeC6tInHypKxfpXmZ62IxcfkqbNKK4p4o

https://mega.nz/#!SAAw1KrL!Dd2-kFoAweT4lDQkTTrUxFGf9KwUA0fBxVaf5ylZK1M

https://mega.nz/#!OYBiBCKL!XxQ2zBB6PYoKVsc5rTIKqE4A7yhBtllbJIkCnIGVmOQ


 

martes, 19 de marzo de 2019

Online -= Malicious activity =- Webpages 0day 19-03-2019


NEW SECTION CALLED
**************
Online Phising Webpages 0day
**************
In this new Section Wjet News goin to show 0day Websites ONline whit --=Malicious activity=--- for all want to test online this sites and learn more about this tiny malware´s

Wjet News
**************
Will also analyze these sites and give a detailed report of each of them.



SECURITY NOTICE
 ***********************

This sites are online and have Malicious activity, BECAREFUL


WEBSITE:
---------------

http://dipziit.pw

TYPE
---------

Phising
HTTP REQUEST
------------------
 19
4072     iexplore.exe     GET     302     146.66.69.135:80     http://dipziit.pw/     US    

3396     iexplore.exe     GET     200     204.79.197.200:80     http://www.bing.com/favicon.ico        

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/login.php?cmd=login_submit&id=6295f48d612c1da6e4fd35f40d905e5f6295f48d612c1da6e4fd35f40d905e5f&session=6295f48d612c1da6e4fd35f40d905e5f6295f48d612c1da6e4fd35f40d905e5f

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/b1.png
   
4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/al.png

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/b4.png

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/of.png

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/b3.png

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/oth.png         

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/offc.php

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f2.png     

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f3.png     

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f4.png     

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f1.png     

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f8.png    

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f6.png    

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f5.png    

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/f7.png     

4072     iexplore.exe     GET     200     146.66.69.135:80     http://dipziit.pw/images/login.pn

CONNECTIONS
------------------
9
072     iexplore.exe     146.66.69.135:80         US     suspicious
3396     iexplore.exe     204.79.197.200:80     Microsoft Corporation     US     whitelisted
3396     iexplore.exe     146.66.69.135:80  
  


DNS REQUEST
------------------
3

dipziit.pw     146.66.69.135     
www.bing.com     204.79.197.200
 
13.107.21.200
In this case, in the analyzed threats and the processes that are activated when login are found, they were 25 and they are Potentially Bad Traffic .- ET DNS Query to a *.pw domain - Likely Hostile
THREATS
------------
25
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     A Network Trojan was detected     MALWARE [PTsecurity] Google Drive Phishing
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     A Network Trojan was detected     ET INFO Suspicious HTML Decimal Obfuscated Title 4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Generic Protocol Command Decode      STREAM excessive retransmissions
4072     iexplore.exe     Generic Protocol Command Decode      STREAM excessive retransmissions
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     A Network Trojan was detected     ET INFO Suspicious HTML Decimal Obfuscated 
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain 
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
4072     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain
3396     iexplore.exe     Potentially Bad Traffic     ET INFO HTTP Request to a *.pw domain


SECURITY NOTICE
 ***********************

This sites are online and have Malicious activity, BECAREFUL  :p

Crowdstrike -> Solución de errores de actualización de CrowdStrike con BitLocker habilitado

En este pequeño articulo ver como componer el problema de CROWDSTRIKE cuando esta habilitado el BITLOCKER, cabe resaltar que puede ser una e...