Friday, 30 January 2015

Tutorial - How To Use zANTI2 for hacking?

zANTI2 is a new app that came from the Zimperium and Simone Margaritelli, the dSploit author. zANTI comes with a bunch of amazing features, including metasploit exploits, packets sniffing, session and password hijacking and many more. But how do you use them? See this tutorial!

Ready to hack? Let's go.


First off, (if you haven't already), download the zANTI app from dsploit.net
You can register if you want and you're good to go.

Alright, now connect to the WiFi and start scanning.

Screenshot 2015 01 29 10 06 34Screenshot 2015 01 29 10 07 15

Wait for the scan to be finished. You will see connected devices with open ports. As you can see on the image above, there are a few devices including one HTC device running Linux (Android) and two printers.

You can now choose which of the devices you want to attack. I will go ahead and select the HTC. If you want to attack all of them, you can select the entire network.

If you open up the device, you'll see a few options popping up.


  • Scan
  • Connect to remote port
  • Password complexity audit
  • MITM
  • Vunlerabilities check (shellshock, SSL poodle)
Let's explain them. The scan option will perform another, more advanced scan on the target. You can specify the typea of scan and it will be more accurate on the target.

Connect to remote port is a very interesting option that lets the attacker connect to the open port and estabilish the connection to the victim. If you open up this option, you will see the available ports. In most cases, it would be 80, that is HTTP port. However, there can be more ports available. For example, I attempted to connect to my laptop - I have a password on it, if I didn't have any password set on my laptop, I could easily view everything available in the C:/ drive - pictures, folders, files and many more. Really cool, really spooky; conclusion - secure your laptop with a password, even if there's nobody you know that could possibly break into your device.

We're not done with this option, it brings much more stuff when there is a vunlerability that can be exploited on the victim's PC.


I've found this nice video by Adam Alio demonstrating the power of Zetasploit. He exploits a vulnerability in the victim's PC that allows to connect to remote host via VNC - the virtual network computing, a graphical desktop sharing system that allows to connect to monitor and control your PC using your Android phone, just like as you were running Windows XP.


Then he ran a Cloud exploit and connected to the console. He then took power over the computer and shut it down using shutdown command. Pretty nice and pretty easy. Also pretty scary, isn't it?



Let's skip the password complexity audit and jump right into the MITM section, which will be the most interesting one. MITM stands for man in the middle and what this basically means, is that by triggering an MITM attack, all the traffic goes through your device (you are becoming the man in the middle), thus you can easily view and modify the traffic requests.

To perform this MITM attack, simply select the target and then tap on "Man in the middle" button. A new tab will pop up.

Screenshot 2015 01 30 18 45 59

Firstly, choose which functions do you want to enable during the MITM attack. There is a SSL Strip option, which is very important because it removes the HTTPS protocol by redirecting it to a HTTP. You will not be able to hijack a session when there is a HTTPS protocol so SSL Strip is essential for hacking accounts.

SSL Strip cannot redirect a direct HTTPS, only when victim goes from HTTP to HTTPS. Means that if a victim opens up Facebook (which is HTTPS), SSL Strip will not work as there is a direct request to a HTTPS protocol. I suggest you keeping this enabled the entire time hacking.

Redirect HTTP - 
This option redirects a website to another one. Simply choose the URL and enable the function.¨

Replace images -
Choose an image which will be replaced with all the images your victim browses through.

Capture download - 
Choose which types you want to capture and enable the function to save all the files your victim downloads. You can also Intercept download by pushing another file to the victim.


Enable the MITM and wait a few whiles. If your victim doesn't use the net (web traffic), you'll have to wait till he/she opens up a browser, downloads a file or just use the network. If everything goes right, a little window saying "IP is vulnerable to MITM attack [or something like that]" should pop up. This means your victim is vunlerable to sniffing, session and password hijacking and many more functions zANTI has to offer.

To see what your victim browses through, see the "logged requests" option. You can also see logged images.

Screenshot 2015 01 30 18 48 59

Image above shows logged requests, you can hijack the session by tapping on one of the requests.


To allow each HTTP request individually, use the zPacketEditor. By swyping to the left, you can easily modify the request and send it to the victim.


Alright, now you should know the basics of MITM spoofing attacks, have fun playing!
Just one more thing, always be responsible for what you're doing, don't share private stuff of your victims, After all, it is not that difficult to find out the spoofer across the network.




Sunday, 25 January 2015

Plague - A social network that works like a virus

"Plague works like a virus. When you spread information, it goes to the users who are closest to you physically. The infected users can spread information exponentially further or they can resist the epidemic by keeping the information to themselves." How does this sound? Take a look.

Plague is a really interesting way of providing a place for sharing stuff. The way it works is really neat. You browse through the feed and you can either: swipe down (no action taken, you just view the picture/article/whatever) or you can swipe up to send it to another 5 random people nearby. There's no such thing as friends, following or favourites.

If you got an information interesting enough, it can spread the whole world!


Plague - The Network - screenshot thumbnailPlague - The Network - screenshot thumbnailPlague - The Network - screenshot thumbnail

Plague is available on Google Play for free:



Saturday, 24 January 2015

Cyanogen doens't want to be dependent on Google

Kirt McMaster, the CEO of Cyanogen, has recently given a really interesting speech about the future of Cyanogen itself and its connection to Google. And it's really surprising. It looks like the Cyanogen company doens't want to be a part of Google, not even a bit. They want to take Android away from Google completely.

cyanogen kirt mcmaster steve kondik

Founders of Cyanogen, Steve Kondik  and Kirt McMaster

We’re making a version of Android that is more open so we can integrate with more partners so their servicers can be tier one services, so startups working on [artificial intelligence] or other problems don’t get stuck having you have to launch a stupid little application that inevitably gets acquired by Google or Apple. These companies can thrive on non-Google Android.

It's more than obvious that Cyanogen is making its own way and will start to make the Android its own - without Google. Cyanogen sees itself as a platform for other companies to build services that integrate deeply into Android, which is not possible with the Google-controlled Android.

According to his words,
We’ve barely scratched the surface in regards to what mobile can be. Today, Cyanogen has some dependence on Google. Tomorrow, it will not. We will not be based on some derivative of Google in three to five years. There will be services that are doing the same old bulls— with Android, and then there will be something different. That is where we’re going here.

So...What do you think? Will Cyanogen build its own platform completely independent from Google? We'll see.



NO ROOT - How to remove UI lags on LG G3

LG's flagship, the G3, is really a stunning phone. Many people know this device mostly because of its shocking 2K display and with extreme high dpi but there are a few glitches because of this. This 2K display is really hard to handle and the powerful Snapdragon CPU clocked at 2.5Ghz may heat up a bit when playing some high-end 3D games, for example. And this is the main reason of UI lags you've probably experienced when you got the phone.
The lags are no big, just tiny little hiccups when the phone gets overheated. And why's that?
Well, the main cause of this is High temperature property and Thermal daemon mitigation.

What these two function do, is that they pump fown the FPS a touch to protect the phone from overheating and cool it down. It's not a bad idea but sometimes it may get a bit annoying when the power is really needed.

If you're a G3 user but don't have your phone rooted, nevermind! This time root access will not be needed.

  1. Access hidden menu on your G3.
To open hidden menu, open the dialer app input one of these numbers (that matches your carrier).
After you type the last digit, hidden menu will open on its own. If you're using Verizon carrier, you'll have to call the number.

3845#*855# (for International model)
3845#*851# (for T-Mobile)
3845#*850# (fot AT&T)
##228378 - Verizon

After you successfully opened the hidden menu, scroll down till you see High Temperature Property OFF and turn it ON. Enabling this will disable the high temperature property.

We're not done yet, scroll down a bit more till you see Daemon Mitigation OFF and again, enable it to turn this function off.

Now, reboot your G3. You're done.


Warning:
Disabling these function will no longer turn the brightness down when the device gets overheated so beware when streaming or doing stuff with high brightness.


Have fun!

Friday, 23 January 2015

Is Tor (Orbot) Really That Safe? Here's why you should be (really) careful when bowsing with Tor.

It's been a while since I published a video called The safest way to use the web. I explained the basics of Tor project software and it's client for Android, Orbot. But is it really that safe?  Let's go way deeper into this and find out how things are.

Let's take a quick look at this image.


(http://null-byte.wonderhowto.com/)

This is how it works. You (the terrorist - not really) access the Tor network. What it does, is that it firstly connects to the Tor entry node. Then your connection gets through another node, called Tor relay node, where your net activity gets hidden from tracking websites and such.

We're not done yet, there is one more little step from being connected to the site. It's the Tor exit node, the last node, which, as you may expect - is the most important one.

Now you probably know that if there's anything bad with the exit node provider, you could very easily get exposed and Tor would be totally useless. But it's not that easy to host a harmful exit node, right? Well, you're wrong - it's that easy. Let's see.

Almost anybody can host an exit relay server for Tor. Therefore, the person hosting and estabilishing this kind of connection basically takes all the responsibility at himself. Even if he doesn't mean to cause any troubles, there are many secret services that would love to see how things are.

The tor network is used by thiefs, hackers and even phedophiles. After you host your own exit relay, you become a potential victim for services like the NSA and you could even recieve some nice backdoors and malwares from these guys.

This is just a little list from Sweden study exposing the "bad guys", that were monitoring all the activity that came from people using the Tor network. You can take a look at sampling rate, that shows frequency of attacks - some of them attacked very frequently, some of them poisoned less so nobody would find out. As you can see, almost all of them are from Russia.


So here's just a quick summary - Tor isn't that safe as everyone expects it to be. If the exit relay is monitored, everything becomes useless and even dangerous. If you use the Tor network often, you should consider creating special accounts with unique password so nobody possibly steals your stuff.



Wednesday, 21 January 2015

OnePlus Two confirmed. Comes with amazing specs!

OnePlus One is an amazing hit. Unfortunately, you can only buy it with an invite but users love it. The One comes with stunning specifications and has been marked as a "flagship killer", and that definitely means something. For its price, it really has no competitor. And guess what, there will be a second model! Meet the OnePlus Two.

OnePlus Two will have even crazier specs than his predecessor, check them out:


  • QuadHD display (2560*1440),  534ppi
  • Qualcomm Snapdragon 810 (4-core, cortex A57 with A53)
  • Adreno 430
  • 4GB RAM (uh..?)
  • 3 300 mAh battery
  • Android 5.0
  • 16MP rear, 5MP front facing camera

It is sure that the new generation of this phone will be more than interesting. The release date should be in Q2 or Q3 this year. Stay tuned for updates!

Thursday, 15 January 2015

How to enable stereo surroud sound on Nexus 5?

Nexus 5, the ex-flagship from Google. Unfortunately, it doesn't come with the real stereo sound but we can change that. It's really easy!
Root required

If you play media, music, videos or whatever uses the speaker, it plays only via the only speaker at the bottom. What this mod does, is that it enables all the speakers including ear piece speaker and thus enables the real surround sound for your device.

And how to install it? Well, it's actually pretty simple. The only thing you have to do is to flash a ZIP file in recovery. 


What more to say, just enjoy your upgraded sound!

(If you don't like the changes, you can revert back by flashing this ZIP).


Monday, 12 January 2015

How to speed up YouTube player on Android?

Nothing is more annoying than seeing that little loading bar for ages and waiting till the video finally loads. Well, not anymore! Here's a handy walkthrough of how to speed up YouTube on Android by enabling the ExoPlayer!

Root required


Alright, let's get to it!


  1. Firstly, head over to the Youtube app settings and force stop it. You can also clear its data to avoid possible problems.
  2. Download/open a root browser and navigate to /data/data/com.google.android.youtube
  3. Open the file called shared_prefs
  4. Now, open the youtube.xml in a text editor of the app you're using.
  5. There's a <map> element right after the <xml version>and encoding information.
Copy these lines and past them below the <map> tag.


<string name="exo_player_activation_type">ADAPTIVE</string>
<boolean name="exo_player_cache" value="true"/>
<boolean name="show_exo_player_debzg_messages" value="true"/>

Be sure to save the file. Then go back to Youtube app settings and force close it again to take the effect. And you're done!

A toast message "Using ExoPlayer" should appear if you attempt to play a video on YouTube. That way you'll know the ExoPlayer fully works. Buffering especially HD/FULLHD videos should be much faster than before. Feel free to leave a feedback!



Be sure to have at least youtube,xml file backup before editing system files.

Saturday, 10 January 2015

How to hack Android device using Metasploit

I've got in touch with Metasploit framework, the well-known software for penetration tests (in other words, hacking) and whatnot. You can do a lot of funky stuff with it, here's a quick way to exploit an Android device using it.

For educational purposes only.

To do this, you'll need a Metasploit Framework (you can use Kali Linux as a workspace).
Basically what you do, is that you create a backdoor APK file and send it to the device. The victim then opens and installs the file.

What happens next is that Metasploit starts a reverse handler along with a payload handler. It estabilishes the connection and launches Meterpreter. Meterpreter is a powerful tool with a plenty of awesome functions. Let's check some of them right in the beginning.


  • shell
As the command suggest, this will launch the shell on the target. If the victim uses a Linux-based system, like Android, and it's rooted, you can easily take full control over the device. Using commands like su, rm /system and others will brick the device right away.

  • webcam_list
This command returns a list of all available webcams on the target.

  • webcam_snap
Takes a picture from the target and saves it to your disc (to your current workspace by default).


There are many more commands in Meterpreter, check HERE.


Back to hackz.

What we do next is the execution of msfpayload reverse_tcp with LHOST and finally creating an APK file. When the APK file is created, we can send it to the victim or arrange it somewhere, spread it to the world and whatanot.

Then we do some more funky stuff and start the meterpreter session.
By using sessions command, we can view active sessions (victim x attacker).

Using the command sesssion -i [number of session] we open the active session and start using the meterpreter  command listed above. Pretty easy!

And here's a quick YouTube video I found. Check it out for more information. Happy hacking!