Recently I've mentioned the new zANTI2 app from Zimperium and the developer or well-known hacking app called dSploit, and I took a closer look at it. It does pretty crazy stuff indeed!
I was really curious of how remote connection to a host/victim works, so I managed to connect to my PC and I was able to view all my directories and files in it. Pretty cool.
Actually, I don't even know why is the article called "advanced computer hacking", this is pretty easy.
You can see available ports, and finally the directory that I was able to view from my Android phone.
Unfortunately, I was not able to use the Zetasploit which exploits a vulnerability and lets the hacker access Windows UI using VNC but I found a quick video:
This is a pretty neat exploit, that's for sure.
As you can see in the second half of the video, he estabilished a shell connection using ConnectBot and shut down the victim's PC afterwards.
That all, With one app. ZANTI2.
See the original article plus download:
http://androidhackz.blogspot.com/2014/12/dsploit-merges-with-zanti-and-create.html
Saturday, 27 December 2014
Sunday, 21 December 2014
How secure are public networks?
Have you ever wondered? I bet you've connected to a public network already but have you realized what danger are you facing by that? Let's find out. Read on to see what a hacker can do with your phone while you're "safely" connected to a public network.
First off, let's say you connect to a public network with unsecured ports, no firewall, VPN, browsing through HTTP websites. Let's see what I can do.
1. I can easily hack your accounts using my phone and MITM-ARP spoofing attacks, steal your cookies, passwords, see what pictures are you viewing. I can redirect you to other website, change images or inject any javascript to website you're currently on. All of this can be done with apps like dSploit, zANTI and others. Pretty crazy, uh?
2. There's more. If I have a laptop or a PC, I can use the msf metasploit and play with your device a little. I can push a malicious APK onto your device with a preinstalled keylogger or any virus that will attack your device. Using Kali Linux, we can create an APK with remote shell. Then it can be pushed over to your device where you'll install it.
3. While the hacker is inside of a victim's phone, he can basically do whatever he wants with it. Using meterpreter command webcam_list and webcam_snap, he'll retrieve the photos of you from the front camera.
Here's a quick list of what can hacker do while you're connected to a public unsecured network:
Now you're probably shocked and asking "how can I secure myself enough when connected to public networks?" The answer is pretty easy.
First off, let's say you connect to a public network with unsecured ports, no firewall, VPN, browsing through HTTP websites. Let's see what I can do.
1. I can easily hack your accounts using my phone and MITM-ARP spoofing attacks, steal your cookies, passwords, see what pictures are you viewing. I can redirect you to other website, change images or inject any javascript to website you're currently on. All of this can be done with apps like dSploit, zANTI and others. Pretty crazy, uh?
2. There's more. If I have a laptop or a PC, I can use the msf metasploit and play with your device a little. I can push a malicious APK onto your device with a preinstalled keylogger or any virus that will attack your device. Using Kali Linux, we can create an APK with remote shell. Then it can be pushed over to your device where you'll install it.
3. While the hacker is inside of a victim's phone, he can basically do whatever he wants with it. Using meterpreter command webcam_list and webcam_snap, he'll retrieve the photos of you from the front camera.
Here's a quick list of what can hacker do while you're connected to a public unsecured network:
- Steal your passwords, personal informations
- View your IP&MAC Adress
- Inject a script to your website
- Redirect you to another website
- Change images on the website
- Intercept download
- Push a harmful APK to your phone
- Access the shell
- Take your photos, intercept webcameras
- Many more!
Now you're probably shocked and asking "how can I secure myself enough when connected to public networks?" The answer is pretty easy.
- Use the SSL and HTTPS protocol. Most websites like Facebook or Twitter have it already but be sure you have it all the time while you're ON because the hacker can redirect you using SSLStrip.
- Use VPN or Proxy servers. For complete security, install Orbot from Tor project. If you're rooted and have transparent proxying enabled, you're good to go. Download Orbot
- Turn off file sharing and enable Firewall.
- On Android, use WiFi Protector, this will notice you everytime there's an attacker on your network. If you're rooted, you can protect yourself from the attack.
- The MITM (Man-in-the-middle) attacks works by redirecting all the traffic through a "man in the middle", making all the traffic slower. If your net speed suddenly gets slower or even stops, there might be a hacker.
Hope these tips help, always remember the security is number one priority!
Get professionl DSLR camera options to your phone with Camera FV-5
Camera apps in our phones are okay but mostly doesn't feature with advanced functions and therefore photos from these apps may not look quite as good. However, there is an amazing app called Camera FV-5 that features with all advanced functions you need to create a professional photo! Let's take a look!
If you enjoy taking selfies and blurred images of food, coffee and other stuff, you can go ahead and press ctrl+W. However, if you like to capture great shots of nature, panorama or macro details, this app might be just for you.
Camera FV-5 puts DSLR-like manual controls and lets you take a complete control over what you shoot. Exposure, focus, ISO, light metering, white balance and much more.
If you have a device running Android Lollipop and a fully working Camera2 app (currently working with Nexus 5 and 6), you can shoot in true 16-bit RAW format in .DNG and lossless PNG!
Camera FV-5 supports long exposure, up to 30 seconds, self timer for delayed shooting, intervalomenter with build-in timelapse mode and many, many more.
This camera application completely avoids scene modes, instead you get full manual control over all photographic parameters, just like you do with a reflex camera, so you can ultimately control every aspect of the picture, and leave the post-processing to the computer.
You can buy the app on Google Play Store for about 3.2$
If you enjoy taking selfies and blurred images of food, coffee and other stuff, you can go ahead and press ctrl+W. However, if you like to capture great shots of nature, panorama or macro details, this app might be just for you.
Camera FV-5 puts DSLR-like manual controls and lets you take a complete control over what you shoot. Exposure, focus, ISO, light metering, white balance and much more.
If you have a device running Android Lollipop and a fully working Camera2 app (currently working with Nexus 5 and 6), you can shoot in true 16-bit RAW format in .DNG and lossless PNG!
Camera FV-5 supports long exposure, up to 30 seconds, self timer for delayed shooting, intervalomenter with build-in timelapse mode and many, many more.
This camera application completely avoids scene modes, instead you get full manual control over all photographic parameters, just like you do with a reflex camera, so you can ultimately control every aspect of the picture, and leave the post-processing to the computer.
You can buy the app on Google Play Store for about 3.2$
Thursday, 18 December 2014
Name the new OnePlus ROM and win a trip to Hong Kong + Oneplus One 64GB
OnePlus One announced the upcoming ROM with clean, stock Android but also with great flexibility and loads of customizations. This new ROM however, hasn't got a name yet, so guys from OnePlus made a little competition. The winner gets a free OnePlus One 64GB and a trip to Hong Kong to visit OnePlus HQ where you'll get to meet the entire OnePlus team with the CEO.
To win this competition, all you need to do is to find a suitable and original name for the new OnePlus ROM.
The winner will be chosen and announced on January 11th and will recieve One 64GB Sandstone Black OnePlus One and a trip to Hong Kong to visit OnePlus HQ, meet the OnePlus team with CEO.
To win this competition, all you need to do is to find a suitable and original name for the new OnePlus ROM.
- Make up a good name
- Submit it to the Google form here
The winner will be chosen and announced on January 11th and will recieve One 64GB Sandstone Black OnePlus One and a trip to Hong Kong to visit OnePlus HQ, meet the OnePlus team with CEO.
Friday, 5 December 2014
Dsploit merges with zANTI and create the most powerful hacking tool for Android
Good news, my dearest fellow hackers. You might already know this but I've just found out that one of the best hacking softwares for mobile phones and tablets running Android, DSploit, has now merged with another huge company ZImperium which makes a powerful, top-class design hacking/security tool for Android called ZANTI. What's more, there's a new app!
Really awesome news. The new app's called ZANTI2 and has really some awesome features. Let's check them out:
As you can see on the images above, there's been a complete redesign to the app. It looks like the ZImperium took care of the design, whereas evilsocket implemented some really sick stuff into the app.
Firstly, there's a Password complexity audit tab which when clicked, attempts to crack weak passwords in the web. You select the dictionary (small, huge, numbers..) and protocol.
The MITM (Man in the middle) section also underwent some improvements. You can now modify each HTTP request as it passes through your device with zPacketEditor.
There's also a new MITM method, you can use either ICMP or the ARP method. SLLStrip works fine, so does the redirect, image replacement and HTML code insertion to the sites.
Another awesome function is called Capture Download and Intercept Download. With these two fucntions you can capture the victim's downloaded file and store it on your device, or you can even replace the downloaded file with a specific one. This takes it to a whole new level.
You can download ZANTI2 for free direclty on dsploit.net
Really awesome news. The new app's called ZANTI2 and has really some awesome features. Let's check them out:
As you can see on the images above, there's been a complete redesign to the app. It looks like the ZImperium took care of the design, whereas evilsocket implemented some really sick stuff into the app.
Firstly, there's a Password complexity audit tab which when clicked, attempts to crack weak passwords in the web. You select the dictionary (small, huge, numbers..) and protocol.
The MITM (Man in the middle) section also underwent some improvements. You can now modify each HTTP request as it passes through your device with zPacketEditor.
There's also a new MITM method, you can use either ICMP or the ARP method. SLLStrip works fine, so does the redirect, image replacement and HTML code insertion to the sites.
Another awesome function is called Capture Download and Intercept Download. With these two fucntions you can capture the victim's downloaded file and store it on your device, or you can even replace the downloaded file with a specific one. This takes it to a whole new level.
You can download ZANTI2 for free direclty on dsploit.net
Tuesday, 2 December 2014
How To Hack Google In-App Purchases? (And get paid stuff for free)
Here's a little app that can get you paid stuff like coins, gems or whatever you need for games and basically all apps (called IAP - in-app purchases) FOR FREE! Seriously.
First of all, this walkthrough is for educational purposes only, we don't take any responsibility for any of your acts.
Let's get to it!
There's a little app called Lucky Patcher. It's made by a guy known as ChelpuS and it's a really powerful tool. It can hack Google purchases but also crack licenses, remove Google Ads, modify app permissions and much more.
After you open up the Lucky Pather app, the list of installed apps will appear. Some of the titles will turn blue (most of them, actually), which displays the apps with Google Advertisments.
Some of them will appear green, that means these apps have License Verification. You can crack the license also with this app.
And some of the app titles will turn yellow. That means there's a custom patch for that app. For instance, Titanium Backup has a custom patch. By patching the application, you'll basically gain the Pro features out of the free version without paying.
Under some apps you'll see a little text that says In app purchases found. As you can tell, these apps have the IAP from Google.
First of all, this walkthrough is for educational purposes only, we don't take any responsibility for any of your acts.
Let's get to it!
There's a little app called Lucky Patcher. It's made by a guy known as ChelpuS and it's a really powerful tool. It can hack Google purchases but also crack licenses, remove Google Ads, modify app permissions and much more.
After you open up the Lucky Pather app, the list of installed apps will appear. Some of the titles will turn blue (most of them, actually), which displays the apps with Google Advertisments.
Some of them will appear green, that means these apps have License Verification. You can crack the license also with this app.
And some of the app titles will turn yellow. That means there's a custom patch for that app. For instance, Titanium Backup has a custom patch. By patching the application, you'll basically gain the Pro features out of the free version without paying.
Under some apps you'll see a little text that says In app purchases found. As you can tell, these apps have the IAP from Google.
- Click on the app that says In app purchases found.
- Select Open menu of patches
- Hit Support Patch for Inapp and LVL emulation
- Leave the two checkboxes and hit apply.
- Open the app (restart if needed) and try to buy something. A little box with two checkboxes will pop up. Try leaving them unchecked and buy something. If that doesn't work, try to check those two boxes. Still nothing? Try leaving just one (the first one or the second one) checked.
Lucky Patcher can be downloaded on the official site. The newer versions come with integrated auto-update manager so you don't have to worry about updating your app every once a while.
Lucky Patcher is also available on Google Play Store (called Lucky AppManager) but obviuosly doesnt't include functions such as license cracking, IAP hack and other stuff. However, there are some handy stuff you can do with it, such as move apps to sdcard, send APK files using bluetooth and more. You can get it for free:
- DOWNLOAD Lucky AppManager - Google Play
Walkthrough is for educational purposes only.
Get Lollipop-styled incoming calls with L-Call
Android Lollipop has revealed some new cool stuff including the awesome incoming call top banned, which lets you to accept/deny incoming call and not close your current app. Now, you can get this feature even on your non-Lollipop device with L-call!
App is available for about 1 dollar but if you're not willing to pay, you can get the APK as the author provided it in the official XDA thread.
App is available for about 1 dollar but if you're not willing to pay, you can get the APK as the author provided it in the official XDA thread.
App does not require root access or any special permissions. It should work seamlessly on all Nexus stock ROMs, Galaxy devices and many more.
Subscribe to:
Posts (Atom)