Budget Hotel Blacklisted Guests database: June 2020

Tuesday 30 June 2020

El Consejo De Gobierno De La Junta De Andalucía Declara Tres Nuevos Lugares De Memoria Democrática

* Se trata de la comisaría de la Plaza de la Gavidia y un punto del Cerro del Águila, en Sevilla, así como el refugio antiaéreo de Villanueva de Córdoba

El Consejo de Gobierno ha aprobado incluir en el Inventario de Lugares de Memoria Democrática de Andalucía la antigua sede de la Jefatura Superior de Policía, situada en la Plaza de la Concordia de Sevilla; la actual esquina de la Avenida Hytasa y la calle Diamantino García, también en Sevilla, donde el 8 de julio de 1977 fue herido mortalmente el trabajador Francisco Rodríguez Ledesma, y el refugio antiaéreo de Villanueva de Córdoba (Códoba), ha informado la Junta de Andalucía.

La inclusión del edificio de la antigua sede de la Jefatura Superior de Policía en Sevilla -destinado a este fin desde su construcción en 1964 hasta 2003- viene fundada por los actos de represión que allí se produjeron. En concreto, en los calabozos del inmueble fueron interrogados y retenidos ciudadanos por sus ideas políticas, reivindicaciones sociales y orientación sexual. El espacio inscrito es una parte de los calabozos situados en la planta semisótano, así como una reserva en la planta baja para dotarlo de acceso específico.
La esquina donde confluyen hoy la Avenida Hytasa y la calle Diamantino García, también en Sevilla capital, es inscrito como Lugar de Memoria Democrática porque allí fue herido mortalmente el trabajador Francisco Rodríguez Ledesma el 8 de julio de 1977 en el transcurso de una concentración de los operarios de Hilaturas y Tejidos Andaluces (Hytasa)y vecinos de la barriada del Cerro del Águila para protestar por el expediente de regulación de empleo que afectaba a 113 trabajadores de dicha empresa.
Por último, el refugio antiaéreo de Villanueva de Córdoba (Córdoba) se convirtió en uno de los mayores espacios para protegerse de los bombardeos durante la Guerra Civil, con capacidad para 9.000 personas. Ubicado bajo la Plaza de España, contaba con cinco accesos para que los vecinos pudieran entrar desde cualquier punto de la localidad. Su construcción -según las instrucciones de la Ingeniería y Defensa Pasiva de la República- se inició a comienzos de 1938 y a mediados de ese mismo año ya estaba en uso.
Conforme a la legislación autonómica sobre la materia, el procedimiento de declaración conlleva un informe exhaustivo sobre el enclave, su evolución histórica y la narración de los hechos que motivan su reconocimiento, con los datos sobre las personas e instituciones que se vieron involucradas. Si se trata de un emplazamiento público, la Administración titular está obligada a garantizar su identificación, señalización, preservación y, en el caso de que experimente alguna transformación de importancia, a mantener una huella o registro permanente que sirva para recordar los hechos relacionados con el sitio.
Los Lugares de Memoria Democrática --finaliza la información la Junta de Andalucía--, se inscriben en un inventario específico de carácter público que contiene la documentación de cada emplazamiento y la adicional que se pueda generar y sea de utilidad para estudios e investigaciones. (Foto: Archivo GN).

Top 11 Best Websites To Learn Ethical Hacking

Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
SecTools.Org: List of 75 security tools based on a 2003 vote by hackers.
The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
Phrack Magazine: Digital hacking magazine.
Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
Hakin9: E-magazine offering in-depth looks at both attack and defense techniques and concentrates on difficult technical issues.
KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
NFOHump: Offers up-to-date .NFO files and reviews on the latest pirate software releases.
HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.

Thursday 11 June 2020

wpCrack - Wordpress Hash Cracker

Wordpress Hash Cracker.

Installation

git clone https://github.com/MrSqar-Ye/wpCrack.git

Video

Download wpCrack

More info

CEH: Gathering Host And Network Information | Scanning

Scanning

It is important that the information-gathering stage be as complete as possible to identify the best location and targets to scan. After the completion of footprinting and information gathering methodologies, scanning is performed.
During scanning, the hacker has vision to get information about network an hosts which are connected to that network that can help hackers to determine which type of exploit to use in hacking a system precisely. Information such as an IP addresses, operating system, services, and installed applications.

Scanning is the methodology used to detect the system that are alive and respond on the network or not. Ethical hackers use these type of scanning to identify the IP address of target system. Scanning is also used to determine the availability of the system whether it is connected to the network or not.

Types Of Scanning

Network Scanning	Identifies IP addresses on a given network or subnet
Port Scanning	Determines open, close, filtered and unfiltered ports and services
Vulnerability Scanner	Detect the vulnerability on the target system

Port Scanning

Port scanning is the process of identifying open and available TCP/IP ports on a system. Port-scanning tools enable a hacker to learn about the services available on a given system. Each service or application on a machine is associated with a well-known port number. Port Numbers are divided into three ranges:

Well-Known Ports: 0-1023
Registered Ports: 1024-49151
Dynamic Ports: 49152-6553

Network Scanning

Network scanning is performed for the detection of active hosts on a network either you wanna attack them or as a network administrator. Network-scanning tools attempt to identify all the live or responding hosts on the network and their corresponding IP addresses. Hosts are identified by their individual IP addresses.

Vulnerability Scanning

This methodology is used to detect vulnerabilities of computer systems on a network. A vulnerability scanner typically identifies the operating system and version number, including applications that are installed. After that the scanner will try to detect vulnerabilities and weakness in the operating system. During the later attack phase, a hacker can exploit those weaknesses in order to gain access to the system. Moreover, the vulnerability scanner can be detected as well, because the scanner must interact over the network with target machine.

The CEH Scanning Methodology

As a CEH, you should understand the methodology about scanning presented in the figure below. Because this is the actual need of hackers to perform further attacks after the information about network and hosts which are connected to the network. It detects the vulnerabilities in the system bu which hackers can be accessible to that system by exploitation of that vulnerabilities.

Wednesday 10 June 2020

Thousand Ways To Backdoor A Windows Domain (Forest)

When the Kerberos elevation of privilege (CVE-2014-6324 / MS14-068) vulnerability has been made public, the remediation paragraph of the following blog post made some waves:
http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx

"The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain."

Personally, I agree with this, but .... But whether this is the real solution, I'm not sure. And the same applies to compromised computers. When it has been identified that malware was able to run on the computer (e.g. scheduled scan found the malware), there is no easy way to determine with 100% certainty that there is no rootkit on the computer. Thus rebuilding the computer might be a good thing to consider. For paranoids, use new hardware ;)

But rebuilding a single workstation and rebuilding a whole domain is not on the same complexity level. Rebuilding a domain can take weeks or months (or years, which will never happen, as the business will close before that).

There are countless documented methods to backdoor a computer, but I have never seen a post where someone collects all the methods to backdoor a domain. In the following, I will refer to domain admin, but in reality, I mean Domain Admins, Enterprise Admins, and Schema Admins.

Ways to backdoor a domain

So here you go, an incomplete list to backdoor a domain:

Create a new domain admin user. Easy to do, easy to detect, easy to remediate
Dump password hashes. The attacker can either crack those or just pass-the-hash. Since KB2871997, pass-the-hash might be trickier (https://technet.microsoft.com/library/security/2871997), but not impossible. Easy to do, hard to detect, hard to remediate - just think about service user passwords. And during remediation, consider all passwords compromised, even strong ones.
Logon scripts - modify the logon scripts and add something malicious in it. Almost anything detailed in this post can be added :D
Use an already available account, and add domain admin privileges to that. Reset its password. Mess with current group memberships - e.g. http://www.exploit-db.com/papers/17167/
Backdoor any workstation where domain admins login. While remediating workstations, don't forget to clean the roaming profile. The type of backdoor can use different forms: malware, local admin, password (hidden admin with 500 RID), sticky keys, etc.
Backdoor any domain controller server. For advanced attacks, see Skeleton keys
Backdoor files on network shares which are commonly used by domain admins by adding malware to commonly used executables - Backdoor factory
Change ownership/permissions on AD partitions - if you have particular details on how to do this specifically, please comment
Create a new domain user. Hide admin privileges with SID history. Easy to do, hard to detect, easy to remediate - check Mimikatz experimental for addsid
Golden tickets - easy to do, hard to detect, medium remediation
Silver tickets - easy to do, hard to detect, medium/hard remediation
Backdoor workstations/servers via group policy

HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunOnce,
scheduled tasks (run task 2 years later),
sticky-keys with debug

Backdoor patch management tool, see slides here

[Update 2017.01.10]

Other tricks

The following list does not fit in the previous "instant admin" tips, but still, it can make the attackers life easier if their primary foothold has been disabled:

Backdoor recent backups - and when the backdoor is needed, destroy the files, so the files will be restored from the backdoored backup
Backdoor the Exchange server - get a copy of emails
Backdoor workstation/server golden image
Change permission of logon scripts to allow modification later
Place malicious symlinks to file shares, collect hashes via SMB auth tries on specified IP address, grab password hashes later
Backdoor remote admin management e.g. HP iLO - e.g. create new user or steal current password
Backdoor files e.g. on shares to use in SMB relay
Backdoor source code of in-house-developed software
Use any type of sniffed or reused passwords in new attacks, e.g. network admin, firewall admin, VPN admin, AV admin, etc.
Change the content of the proxy pac file (change browser configuration if necessary), including special exception(s) for a chosen domain(s) to use proxy on malicious IP. Redirect the traffic, enforce authentication, grab password hashes, ???, profit.
Create high privileged users in applications running with high privileges, e.g. MSSQL, Tomcat, and own the machine, impersonate users, grab their credentials, etc. The typical pentest path made easy.
Remove patches from servers, change patch policy not to install those patches.
Steal Windows root/intermediate CA keys
Weaken AD security by changing group policy (e.g. re-enabling LM-hashes)

Update [2015-09-27]: I found this great presentation from Jakob Heidelberg. It mentions (at least) the following techniques, it is worth to check these:

Microsoft Local Administrator Password Solution
Enroll virtual smart card certificates for domain admins

Forensics

If you have been chosen to remediate a network where attackers gained domain admin privileges, well, you have a lot of things to look for :)

I can recommend two tools which can help you during your investigation:

Lessons learned

But guess what, not all of these problems are solved by rebuilding the AD. One has to rebuild all the computers from scratch as well. Which seems quite impossible. When someone is creating a new AD, it is impossible not to migrate some configuration/data/files from the old domain. And whenever this happens, there is a risk that the new AD will be backdoored as well.

Ok, we are doomed, but what can we do? I recommend proper log analysis, analyze trends, and detect strange patterns in your network. Better spend money on these, than on the domain rebuild. And when you find something, do a proper incident response. And good luck!

Ps: Thanks to Andrew, EQ, and Tileo for adding new ideas to this post.

Check out the host backdooring post as well! :)

More articles

How To Automatically Translate Any Android App Into Any Language

There is the number of applications which are not having the features of translating apps to your favorite languages. This makes it difficult for the users to translate apps into their native language. Today, I am going to tell you about an application which will help you to Automatically Translate Any Android App into Any Language.

Nowadays there are around hundreds of application on play store which is having the feature of translate but some applications don't have this features. This is just because they don't have proper developers or sometimes translators.

There is an application launched by Akhil Kedia from XDA Developer which made it possible for all the users to translate the application to any language you need. This is something which everyone needs it.

Akhil Kedia built an Xposed module in which users can easily change the language of any application to whichever they like or love. Personally, we all love English language but there are peoples in many parts of the world they are suitable for other languages.

Automatically Translate Any Android App into Any Language

The best part about this Xposed Module is that it translates the application to any language whichever you like and there are around many languages which you can try it. The other best part about this application is that the user interface which is amazing.

In an Android application, the best thing is the user interface. This is something which helps users to download the module or application to run again and again. There are about many settings which can be changed from the application.

Read also;- How To Hack and Track any Phone

The setup process is a bit different from other applications but if you will look at the application you will definitely love it. Just because of too many settings and features available in the application and you can turn it to any language without any crashing issues of the application.

Requirements:

Rooted Android Phone
Xposed Framework installed on your phone.
Android 5.0 or higher.
Unknown Source enabled (You might be knowing it)

How to Automatically Translate Any Android App into Any Language

Download the module called as All Trans from here: Download

Now, after installation, it will ask you to reboot your phone to activate the module
Now, you need to get the API Key to get it you need to sign up with Yandex first so sign up: Yandex Sign up

Then after sign up you will get the API key just enter the API key in the All-Trans application.

Open All Trans Application and the swipe right to Global Settings.

Click on Enter Yandex Subscription key and then enter your key.

In Global Settings click on Translate from and select the Language the application is already in. (Eg: English)

Now, click on translate to and select your favorite language. This will change the language.

Swipe left and select the applications which you need to translate and done.

After selecting just open the application and the language is translated automatically.

Final Words:

This is the best and easy way to Automatically Translate Any Android App into Any Language. I hope you love this article.Share this article with your friends and keep visiting for more tips and tricks like this and I will meet you in the next one.
Stay Updated Tune IemHacker

Airpwn: A Wireless Packet Injector

"Airpwn is a framework for 802.11 (wireless) packet injection. Airpwn listens to incoming wireless packets, and if the data matches a pattern specified in the config files, custom content is injected "spoofed" from the wireless access point. From the perspective of the wireless client, airpwn becomes the server." read more...

Website: http://airpwn.sourceforge.net

Tuesday 9 June 2020

How To Install Windscribe - The Best Free VPN On GNU/Linux Distros?

Why should you use Windscrive?
Windscribe is well-known for their free VPN service but they also have a paid version. Only with a free account, you will get 10 countries to connect through and change your real IP address and 10GB of free traffic (if you use an email to sign up Windscribe), and unlimited devices.

The Free version is awesome, but the Pro one is even better! With Pro version you will get Unlimited Data, Unblock over 60 Countries and 110 Cities, Config Generator (OpenVPN, IKEv2, SOCKS5), and full protection from R.O.B.E.R.T.

For your information, Windscribe is one of the best VPN services in the category Free Audit, Value Audit and Overall Audit in BestVPN.com Awards 2019 (Read the White Paper here). You totally can believe in Windscribe (100% no logs).

And about R.O.B.E.R.T, it's an advanced DNS level blocker that protects you from Malware, Ads and Trackers, Social tracking, Porn, Gambling, Fake News, Clickbait and Cryptominers. Read more about R.O.B.E.R.T.

Anyway, Windscribe helps you:

Stop tracking and browse privately: Governments block content based on your location. Corporations track and sell your personal data. Get Windscribe and take back control of your privacy.

Unblock geo-restricted content: Windscribe masks your IP address. This gives you unrestricted and private access to entertainment, news sites, and blocked content in over 45 different countries.

Take your browsing history to your grave: Protect your browsing history from your network administrator, ISP, or your mom. Windscribe doesn't keep any logs, so your private data stays with you.

Stop leaking personal information: Prevent hackers from stealing your data while you use public WIFI and block annoying advertisers from stalking you online.

Go beyond basic VPN protection: For comprehensive privacy protection, use our desktop and browser combo (they're both free).

Windscribe also supports Chrome browser, Firefox browser, Opera browser, Smart TV, Routers, Android, iOS, BlackBerry, Windows OS, Mac OS X and GNU/Linux OS, you name it.

You can install Windscribe on Ubuntu, Debian, Fedora, CentOS, Arch Linux and their based distros too.

But to install and safely use Internet through Windscribe, you must sign up an account first. If you already have an account then let's get started.

How to install Windscribe on Arch and Arch-based distros?
First, open your Terminal.

For Arch Linux and Arch-based distro users, you can install Windscribe from AUR. Run these commands without root to download and install Windscribe on your Arch:

For other distro users, go to VPN for Linux - Windscribe choose the binary file that compatible with your distro (.DEB for Debian and Ubuntu based, .RPM for Fedora and CentOS based) and then install it.

dpkg -i [Windscribe .DEB package] 
rpm -ivh [Windscribe .RPM package]

Or you can scroll down to Pick Your Distro, click to the distro version you use, or click to the distro version that your distro is based on and follow the instructions.

Now enter these commands to auto-start a and log in to Windscribe.

Enter your username and password and then you can enjoy Windscribe's free VPN service.

How to use Windscribe on Linux?
This is Windscribe list of commands (windscribe --help):
If you want Windscribe to chooses the best location for you, use windscribe connect best.

But if you want to choose location yourself, here is the list of Windscribe's locations:
*Pro only
Example, i want to connect to "Los Angeles - Dogg", i use windscribe connect Dogg.

If you want to stop connecting through Windscribe use windscribe disconnect.

For some reasons, you want to log out Windscribe from your device, use windscribe logout.

I hope this article is helpful for you 😃

Sign up for Windscribe

Related articles