Jump to content
Report any bug Read more... ×
We're hiring! We are accepting applications for Developers, Teachers, Redactors and Junior Moderators. Read more... ×
Search In
  • More options...
Find results that contain...
Find results in...
News
  • For new users read this
  • Challenges
  • for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
  • The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.

AdminSec

Administrators
  • Content Count

    175
  • Joined

  • Last visited

  • Days Won

    31
  • Points

    129,882 [ Donate ]

Profile Song

AdminSec last won the day on August 14

AdminSec had the most liked content!

Community Reputation

65 Excellent

3 Followers

About AdminSec

  • Rank
    Developer by day, Ninja by night

Register Information

  • Birth date
    11/15/85
  • Experience in years
    10
  • Your ambitions
    Create the perfect community
  • Your Favorite domains
    Pentest

Recent Profile Visitors

1852 profile views
  1. AdminSec

    CODE FOR SIGN UP CTF_ZONE

    Just follow all the steps
  2. AdminSec

    Introduction - dom1nga

    AdminSec approved the submission
  3. AdminSec

    Introduction - Florian

    Lol, Hello and welcome
  4. iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme. By default on Apple's iOS operating system, every app runs inside a sandbox of its own, which prevent all apps installed on the same device from accessing each other's data. However, Apple offers some methods that facilitate sending and receiving very limited data between applications. One such mechanism is called URL Scheme, also known as Deep Linking, that allows developers to let users launch their apps through URLs, like facetime://, whatsapp://, fb-messenger://. For example, when you click "Sign in with Facebook" within an e-commerce app, it directly launches the Facebook app installed on your device and automatically process the authentication. In the background, that e-commerce app actually triggers the URL Scheme for the Facebook app (fb://) and passes some context information required to process your login. Researchers at Trend Micro noticed that since Apple does not explicitly define which app can use what keywords for their Custom URL Scheme, multiple apps on an iOS device can use single URL Scheme—which eventually could trigger and pass sensitive data to a completely different app unexpectedly or maliciously. To demonstrate this, researchers illustrated an attack scenario, as shown in the image above, using an example of a Chinese retailer app "Suning" and its implementation of "Login with WeChat" feature, explaining how it is susceptible to hacking. In Short, when the Suning app users choose to access their e-commerce account using WeChat, it generates a login-request and sends it to the WeChat app installed on the same device using the iOS URL Scheme for the messaging app. WeChat app then requests a secret login token from its server and sends it back to the Suning app for authentication. Researchers found that since Suning always uses the same login-request query to request the secret token and WeChat does not authenticate the source of the login request, the implementation is vulnerable to the app-in-the-middle attack via the iOS URL Scheme, eventually allowing attackers gain unauthorized access to users' accounts. That means, a malicious app with the same Custom URL Scheme as a targeted application can trick other apps into sharing users' sensitive data with it or can perform unauthorized actions, potentially resulting in the loss of privacy, bill fraud, or exposure to pop-up ads. Since the exploitability of this vulnerability totally depends upon the way a URL Scheme has been implemented, app developers and popular platforms are recommended to review their apps and validate fix for untrusted requests.
  5. <!> Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram <!> If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could allow malicious actors to spread fake news or scam users into sending payments to wrong accounts. Dubbed "Media File Jacking," the attack leverages an already known fact that any app installed on a device can access and rewrite files saved in the external storage, including files saved by other apps installed on the same device. WhatsApp and Telegram allow users to choose if they want to save all incoming multimedia files on internal or external storage of their device. However, WhatsApp for Android by default automatically stores media files in the external storage, while Telegram for Android uses internal storage to store users files that are not accessible to any other app. But, many Telegram users manually change this setting to external storage, using "Save to Gallery" option in the settings, when they want to re-share received media files with their friends using other communication apps like Gmail, Facebook Messenger or WhatsApp. It should be noted that the attack is not just limited to WhatsApp and Telegram, and affects the functionality and privacy of many other Android apps as well. Just like man-in-the-disk attacks, a malicious app installed on a recipient's device can intercept and manipulate media files, such as private photos, documents, or videos, sent between users through the device's external storage—all without the recipients' knowledge and in real-time. Researchers illustrated and demonstrated four attack scenarios, as explained below, where a malware app can instantaneously analyze and manipulate incoming files, leading to: 1.) Image manipulation In this attack scenario, a seemingly innocent-looking, but actually malicious, app downloaded by a user can run in the background to perform a Media File Jacking attack while the victim uses WhatsApp and "manipulate personal photos in near-real-time and without the victim knowing." 2.) Payment manipulation In this scenario, which researchers call "one of the most damaging Media File Jacking attacks," a malicious actor can manipulate an invoice sent by a vendor to customers to trick them into making a payment to an account controlled by the attacker. 3.) Audio message spoofing In this attack scenario, attackers can exploit the relations of trust between employees in an organization. They can use voice reconstruction via deep learning technology to alter an original audio message for their personal gain or to wreak havoc. 4.) Spread fake news In Telegram, admins use the concept of "channels" in order to broadcast messages to an unlimited number of subscribers who consume the published content. Using Media File Jacking attacks, an attacker can change the media files that appear in a trusted channel feed in real-time to spread fake news. How to Prevent Hackers from Hijacking Your Android Files ? Symantec already notified Telegram and Facebook/WhatsApp about the Media File Jacking attacks, but it believes the issue will be addressed by Google with its upcoming Android Q update. Android Q includes a new privacy feature called Scoped Storage that changes the way apps access files on a device's external storage. Scoped Storage gives each app an isolated storage sandbox into the device external storage where no other app can directly access data saved by other apps on your device. Until then, users can mitigate the risk of such attacks by disabling the feature responsible for saving media files to the device's external storage. To do so, Android users can head on to: WhatsApp: Settings → Chats → Turn the toggle off for 'Media Visibility' Telegram: Settings → Chat Settings → Disable the toggle for 'Save to Gallery'
  6. AdminSec

    Introduction - phap

    Hello and welcome
  7. Hackers Stole $32 Million Worth Cryptocurrency Assets from Bitpoint Cryptocurrency Exchange The hackers stole 3.5 billion yen ( $32 million) worth funds in five cryptocurrencies, including Bitcoin, Bitcoin Cash, Litecoin, Ripple, and Ethereal. The exchange noted that out of the stolen 3.5 billion yen ($32 million), 2.5 billion yen ($23 million) were customer funds, while the rest were reserve funds owned by the exchange. Attackers breached the Japan-based cryptocurrency exchange Bitcoin and stole over $32 million worth of cryptocurrency assets. The big picture RemixPoint, the legal entity behind Bitpoint, said that hackers breached the Bitpoint exchange network on July 11, 2019, and stole funds from both of its ‘hot’ and ‘cold’ wallets. Hot wallets are used to store funds for current transactions, while the cold wallets are used for storing emergency and long-term funds. Bitpoint detected the hack after it experienced errors while remitting Ripple funds to customers. Soon the exchange realized that funds from cryptocurrency wallets on its platform have been stolen. The cryptocurrency exchange then held a meeting with its management and shut down the platform. It suspended all the transactions including all deposits and withdrawals. The exchange also notified the law enforcement authorities about the incident. “Today, we have stopped the remittance (sending) and receiving (depositing) services from 6:30, but we will stop all services including transactions and sending and receiving from around 10:30. We apologize for the great inconvenience to our customers, but we appreciate your understanding and cooperation,” Bitpoint said in a notice posted on its website. What was stolen? The hacker stole 3.5 billion yen ( $32 million) worth funds in five cryptocurrencies, including Bitcoin, Bitcoin Cash, Litecoin, Ripple, and Ethereal. Bitpoint noted that out of the stolen 3.5 billion yen ($32 million), 2.5 billion yen ($23 million) were customer funds, while the rest were reserve funds owned by the exchange.
  8. AdminSec

    What's Termux ?

    Termux is an android terminal emulator, it allows each owner of an android to enjoy a linux terminal without having to root his phone. You can download it on the PlayStore : Warning If you do not root your phone you will not be able to modify your phone, because the application installs you in the directory of the application in / DATA If you try to go to the root of your phone access will not be allowed However it allows you to emulate a terminal and be able to launch applications, and guess what? Your favorite app is already available for your phone You can get nmap by the official packages pkg install nmap So you understand where I'm coming from? So you can use your scripts on your phone! Many repository github contains scripts specifically designed for using Termux in cybersecurity at the first use time please update your termux using : pkg update && pkg upgrade or apt update like linux You can install package like : Python2 perl php ruby git openssh curl wget Discover in our next video youtube installation and use of termux when using pentest.
  9. Cybercriminals target pizza delivery website to concoct personalized spam campaigns The scammers used the website’s content in order to create tailor-made spam campaigns. In one instance, the attackers promoted Xenical, a prescription drug used to treat obesity. A pizza delivery website has become the latest target of cyberattackers as it was exploited to deliver personalized spam campaigns. This compromised website was first discovered by Sucuri researchers who it using an older version of WordPress. The attackers exploited the website content in order to devise personalized spams. In one instance, they also promoted Xenical, a prescription medication meant for treating obesity. The big picture The attackers advertised Xenical in a message filled with hyperlinks on the homepage of the compromised pizza delivery site. The message begins by mentioning pizza as one of the food products responsible for obesity and then trails with information on Xenical and its availability on a site known as ‘DietXPills’. It also impersonated the pizza company. Sucuri researchers identified that the server shared by the ‘DietXPills’ website was also used by 46 other sites that allegedly sold medications without prescription. The message content, which was not encoded, was present in a PHP file of the WordPress-based site. In addition, a malicious WordPress user profile was discovered which was subsequently removed by Sucuri researchers. Worth noting The researchers uncovered that the pizza delivery site used an older version of WordPress. “When we received this case, the website had been using outdated software: WordPress version 4.9.6. The most plausible explanation for how the hacker gained access to the site, is that they leveraged the vulnerability to plant their spam content,” they said in the blog. “We encourage website owners to keep everything in the website up to date, be it plugins, themes, or CMS installations,” advised the researchers
  10. Fake JQuery Campaign For Ad Fraud Some malware campaigns seemingly never stop, rather they keep coming back again and again to prey on users. One such malware campaign involving fake jQuery has returned. This fake jQuery campaign now runs for ad fraud schemes and malvertising. Fake JQuery Campaign For Ad Fraud Researchers from Malwarebytes have spotted another fake jQuery campaign in the wild. The fake jQuery campaign that dates back to 2016, has once again gained momentum. Nonetheless, this time, the campaign aims at malvertising and ad fraud. Elaborating on their findings in a blog post, the researchers stated that the payload here focuses at monetizing through ads. The matter caught the attention of Malwarebytes after another researcher with alias ‘Placebo’ highlighted it in his tweet. By searching the domains mentioned in this tweet on PublicWWW, the researchers could find thousands of domains infected with malicious script. When LHN attempted to cross-check this claim, we could also see at least over 1000 domains running the scripts for every domain listed by Placebo. The least results were found for “lib0[.]org” only, which were made up of a few hundred. Digging further into the matter further Malwarebytes to establish that the fake jQuery domains basically redirect to other websites. They could see “12js.org” redirecting to financeleader[.]co, to which other fake domains also redirect. However, if someone tries to directly visit the malicious website “financeleader[.]co”, the user will not succeed. The link redirects to Google.com, as Malwarebytes explained and LHN can verify. Even if a visitor reaches the malicious domain with special identifiers via desktop, the user would only see a bogus website when on a US IP address. With a non-US IP address, the link would redirect to a site advertising VPNs. This depicts some kind of geotargeting behind this campaign. Upon further research, they could also see another domain “afflink[.]org”, besides “financeleader[.]org”, as redirect link. Mobile Phone Users Are Main Targets According to Malwarebytes, the main target of this campaign seems mobile phone users. Where the payload will display full-screen ads on devices at regular intervals. Explaining about this behavior, the researchers stated, In one case, when visiting the site on an Android phone, the researchers could see a malicious adult app asking for download. Upon analysis, this malicious app was found to generate full-screen ads at intervals. While the researchers could not precisely determine the scale of this malware campaign for now, they fear that it will trigger massive ad fraud. Mobile phone users must stay vigilant when browsing different sites and downloading apps. Moreover, they will benefit from using a robust antimalware app running on their devices. Let us know your thoughts in the comments.
  11. AdminSec

    Introduction - MeneurXx

    Hello and welcome
  12. AdminSec

    Introduction - MrSmoke

    Hello and welcome
  13. AdminSec

    Introduction - H3LL

    Hello and welcome !
  14. AdminSec

    Introduction - roel

    Hello and welcome !
×