Category Archives: Hacking Tools

GlobalHackNews Is The Popular Blog of IT Security, Cybersecurity, and Latest Hacking News Update. Read Regular News to Improve Your Security.

Download free Brutus flexible remote password cracker

Brutus

License / Price: Freeware
Version: a2
Language: English
File size: 0.3MB
OS: WINDOWS ( XP OR LATER )

Brutus is a free,  flexible remote password cracker.  it was written originally to help check routers etc for default and common passwords.

Features: Brutus version AET2 is the current release and includes the following authentication types :

• HTTP (Basic Authentication)
• HTTP (HTML Form/CGI)
POP3
• FTP
SMB
Telnet

 

The current password release includes the following functionality :

  • Multi-stage authentication engine
  • 60 simultaneous target connections
  • No username, single username and multiple username modes
  • Password list, combo (user/password) list and configurable brute force modes
  • Highly customisable authentication sequences
  • Load and resume position
  • Import and Export custom authentication types as BAD files seamlessly
  • SOCKS proxy support for all authentication types
  • User and password list generation and manipulation functionality
  • HTML Form interpretation for HTML Form/CGI authentication types
  • Error handling and recovery capability inc. resume after crash/failure.
Download HereGlobalhacknews

Virus Total launches ‘Droidy’ sandbox to detect android apps malware

VIRUS TOTAL APK SCANYesterday Virustotal announce the biggest and most popular multi androids apps scan tools that launch today  a unique android sandbox services, which dubbed Virus total Droidy to help ward to security malware android apps base on performance analysis

Also, android sandbox  perform both motionless and dynamic analysis to detect irregular apps by  performing and  maintained the application in a  few apk and iso setting

Owner of the virus total, Google says is a  free service where any use to upload and check them for virus and against dozens of antivirus

Substituting the actual system of virus total droid has been united in the setting of multi-scan sandbox project  such as

  • Network communications and SMS-related activity
  • Java reflection calls
  • Filesystem interactions
  • SQLite database usage
  • Services started, stopped
  • Permissions checked
  • Registered receivers
  • Crypto-related activity
Here Few Link  you can check behavioral inquiry opinions of some malware  Android apps

Why “VirusTotal Droidy” Is Better Than Older “VirusTotal Sandbox”

For multiple individuals, VirusTotal further allows reports from multiple sandboxes, including Tencent HABO, a setting individually generated by Chinese Antivirus firm Tencent.

The richer the information that we generate for individual data set items, the greater the telescopic capabilities of VirusTotal,” the company said. “This is how we manage to fill in the dots and quickly see all activity tied to certain resources that often show up in malware investigations
Report created working new VirusTotal Droidy Android sandbox technology also includes interactive data from other services such as VirusTotal Intelligence and VirusTotal Graph.

Run ‘Kali Linux’ naively obtainable on Home windows 10

 

Run Kali Linux on Windows 10

 

Run Kali Linux on Windows 10 .Now you possibly can obtain and set up Kali Linux instantly from the Microsoft App Retailer on Home windows 10 similar to every other software.

I do know it sounds loopy, however it’s true!

Kali Linux, a highly regarded, free, and open-source Linux-based working system broadly used for hacking and penetration testing, Run Kali Linux on Windows 10  with out requiring twin boot or virtualization

Kali Linux is the newest Linux server to be made by obtainable on the Home windows App Retailer for one-click set up, becoming a member of the checklist of different widespread distribution equivalent to Ubuntu, Open SUSE and SUSE Enterprise Linux.

In Home windows 10, Microsoft has offered a function known as “Home windows Subsystem for Linux” (WSL) that enables customers to run Linux functions instantly on Home windows.

“For the previous few weeks, we have been working with the Microsoft WSL staff to get Kali Linux launched into the Microsoft App Retailer as an official WSL distribution, and right now we’re comfortable to announce the supply of the ‘Kali Linux’ Home windows software,” Kali Linux mentioned whereas saying the information.

Run Kali Linux on Windows 10

Run Kali Linux on Windows 10

If that is your first time utilizing Home windows Subsystem for Linux (WSL), it’s good to allow this elective Home windows function earlier than getting the Kali Linux app.

Comply with this easy step to enable WSL

  • Navigate to Control Panel and go to “Apps and features”
  • Select “Programs and Features” from the right panel
  • Click the “Turn Windows features on or off” from the left menu
  • Select the “Windows Subsystem for Linux” and save it
  • Reboot your system

You’ll be able to even do the identical by opening PowerShell as Administrator and working the next command and restart your pc.

Run Kali Linux on Windows 10

Allow-WindowsOptionalFeature -On-line -FeatureName Microsoft-Home windows-Subsystem-Linux

Now seek for Kali Linux on Home windows Retailer, obtain it with only a single click on. When you launch the applying, it robotically completes Kali set up and can open the console window.

That is it! You may as well test Kali Linux documentation for extra info.

If you’re concerned with enabling Kali’s desktop setting, this is a video demonstration exhibiting how one can set up xfce4 and xrdp to attach Kali Linux over Distant Desktop.

This announcement is very thrilling for safety professionals and penetration testers who’ve restricted toolsets resulting from enterprise compliance requirements.

Kali Linux on Home windows doesn’t include any hacking or penetration testing instruments pre-installed, however you possibly can simply set up them later.

Home windows defender can set off false-positive warning for hacking instruments and exploits, however you needn’t fear about it.

Microsoft is following its dedication to the open supply neighborhood. In 2013, the corporate launched Visible Studio, and a 12 months later, it open-sourced .NET. In 2015, Microsoft open-sourced the Visible Studio Code Editor, as properly.

New undetectable Keylogging CrossRAT targets Windows, Linux and Mac OS systems.

crossrat-keyloggingAnother day, another malware ,it is CrossRAT malware targeting Linux, macOS and Windows devices without being detected by anti-virus software. to be developed by the Dark Caracal group . Written in Java, this cross-platform malware can take screenshots, manipulate the entire file system, and run random DLLs for secondary infection on Windows.

As per the researchers, the developers of this Trojan are using WhatsApp messages and Facebook group messages to tract it and to redirect the customer send to the malicious websites and download malicious programs.

CrossRAT, however, does not have any predefined command to activate the keylogger, but when uses the open source Java library ‘jnativehook,’ to check the mouse and keyboard occasions.

CrossRAT, one of the very harmful desktop surveillance malware is designed with some basic surveillance features which get activated after getting the predefined instructions from C&C server.crossrat-keylogging

The Trojan then uses the mechanisms according to the particular operating system and re-executes every time the infected system is rebooted. It further registers itself on the C&C server thereby providing an access to the distant attackers.

Yesterday  that the malware is find  by most of the security software on Virus Total, its threat has gone to a low level however following commands can also help you identify if your system is infected with CrossRAT:

Windows users:
Test the ‘HKCU Software Microsoft Windows Current VersionRun’ registry key. It will include a command featuring java, -jar and mediamgrs.jar if infected by CrossRAT

For Mac OS:

Search for launch agent mediamgrs.plist in in /Library/LaunchAgents or ~/Library/LaunchAgents.

(OR) Test for jar file, mediamgrs.jar, in ~/Library.

For Linux:

Search for an ‘autostart file’ probably named mediamgrs.desktop within the ~/.config/autostart

(OR) Test for jar file, mediamgrs.jar, in /usr/var.

Hackers Can Guess Your PIN by Using Smartphone Sensor

Hackers Can Guess Your PIN by Using Smartphone Sensor(NTU)

Do you know Hackers Can Guess Your PIN by Using Smartphone Sensor.Your smartphone sensors can reveal PINs and passwords to hackers and apermission them to unlock your mobile devices, according to a study led by an Indian-origin scientist.

Instruments in smartphones such as the gyroscope and proximity sensors represent a potential security vulnerability, said researchers from Nanyang Technological University (NTU) in Singapore.

Report :-

combination of information gathered from six different sensors found in smartphones, researchers succeeded in unlocking Android smartphones with a 99.5 percent accuracy within only three tries, when tackling a phone that had one of the 50 most common PIN numbers.

The previous best phone-cracking success rate was 74 percent for the 50 most common PIN numbers, but NTU’s technique can be used to guess all 10,000 possible combinations of four-digit PINs.

Shivam Bhasu NTU Senior Research and Scientist, researchers used sensors in a smartphone to model which number had been pressed by its users, based on how the phone was tilted and how much light is blocked by the thumb or fingers.

The researchers believe their work highlights a significant flaw in smartphone security, as using the sensors within the phones require no permissions to be given by the phone user and are openly available for all apps to access.

The team of researchers took Android phones and installed a custom application which collected data from six sensors: accelerometer, gyroscope, magnetometer, proximity sensor, barometer, and ambient light sensor. “When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5, or 9, is very different.

Likewise, pressing 1 with your right thumb will block more light than if you pressed 9,” said Bhasin. The classification algorithm was trained with data collected from three people, who each entered a random set of 70 four-digit pin numbers on a phone.

At the same time, it recorded the relevant sensor reactions.

Known as deep learning, the classification algorithm was able to give different weightings of importance to each of the sensors, depending on how sensitive each was to different numbers being pressed.

This helps eliminate factors which it judges to be less important and increases the success rate for PIN retrieval.

Although each individual enters the security PIN on their phone differently, the scientists showed that as data from more people is fed to the algorithm over time, success rates improved.

So while a malicious application may not be able to correctly guess a PIN immediately after installation, using machine learning, it could collect data from thousands of users over time from each of their phones to learn their PIN entry pattern and then launch an attack later when the success rate is much higher.

The study shows how devices with seemingly strong security can be attacked using a side-channel, as sensor data could be diverted by malicious applications to spy on user behaviour and help to access PIN and password information, said Professor Gan Chee Lip from NTU.

To keep mobile devices secure, Bhasin advises users to have PINs with more than four digits, coupled with other authentication methods like one-time passwords, two-factor authentications, and fingerprint or facial recognition.

New TeamViewer Hack Could Pass client to Hijack Viewers’ PC

New TeamViewer Hack Could Pass Customers to Hijack Viewers' PCIf are you use remote support software TeamViewer then you should pay attention to a dangerous vulnerability identified in the software that could allow users sharing a desktop session to gain complete control of the other’s PC without permission.

TeamViewer is a popular remote-support software that lets you securely share your desktop or take full control of other’s PC over the Internet from wherever in the world.

For an unknown session to work both computers—the customer and the server (viewer)—necessity should be the software installed, and the patient has to share a secret authentication code with the person he wants to share his desktop.

Still, a GitHub user named “Gellin” has disclosed a vulnerability in that could allow the client (sharing its desktop session) to gain authorization of the viewer’s computer without permission.

Also Read:-  31 Million Client Registration Files Leaked

TeamViewer Could Be Handled By Anyone—Server Or Customer Gellin has also revealed a proof-of-concept (PoC) code, which is an injectable C++ DLL, which leverages “naked inline hooking and honest memory adjustment to change TeamViewer authorities.

The injectable C++ DLL (hack) can be managed by both, the client and the server, which issues as discussed below: If utilized by the Server—the hack allows observers to enable “switch teams” innovation, which is just active after the server confirmed limitation with the client, eventually allowing the server to initiate a change of control/sides.




If employed by the Client—the hack supports the client to take check of the mouse and keyboard of the server “with disregard to servers current control settings and permissions.”This vulnerability impressions TeamViewer reports working on Windows, macOS as well as Linux machines.

New TeamViewer Hack Could Pass Customers to Hijack Viewers' PC

A Reddit user “xpl0yt,” who first publicized this vulnerability, claimed to have been in contact with the TeamViewer security team, who confirmed him the existence of the vulnerability in its software and scheduled a patch.

TeamViewer users are recommended to install the patched versions of the software as soon as they become available. Patches will be delivered automatically to those users who have configured their TeamViewer software to receive automatic updates.

Warned:Critical Tor flaw leaks users’ real IP address—update now

 Tor Browser security bugfix release for macOS and Linux users only.

Linux reports of that Tor-browser anonymity browser simply accepted a temporary fix for a critical vulnerability that oozes users’ IP addresses if others encourage several types of addresses.
Tor-Moil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common https:// and HTTP:// address prefixes. While this Tor-browser to mac-OS and Linux does in each method of preparing such an approach, “the operating system may directly connect to the remote host, bypass Tor Browser,” according to a brief blog post published Tuesday by We Are Segment, the security firm that privately reported the bug to Tor developers.
At Friday(03/04/2017), features of the Tor Project distributed a brief workaround that plugs that IP leak. Till that concluding fix is in place, updated versions of the browser may not behave properly when navigating to file:// addresses. 
They announced both those Windows versions of Tor, Tails, and the sandboxed Tor browser that’s in the alpha trial aren’t exposed.
“The fix we deployed is just a workaround stopping the leak,” Tor officials wrote in a post announcing Friday’s release. “As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. Each workaround during these problems is moving the ring into the URL bar or on a tab instead. We follow this follow-up regression in bug 24136.”
Friday’s post went on to say that We Are Segment CEO Filippo Cavallarin privately reported the vulnerability on October 26. Tor developers managed among Mozilla developers to build a workaround that later day, but it only partially worked. They finished work on a more complete workaround on Tuesday. The post didn’t explain why the fix, delivered in Tor browser version 7.0.9 for Mac and Linux users, wasn’t issued until Friday, three days later. This Tor browser is based moving Mozilla’s open-source Firefox browser. This IP flow begins of a Firefox bug.
Tor officials also warned that alpha versions of the Tor browser for Mac and Linux haven’t yet received the fix. Both announced they have temporarily registered a spot to go live on Monday for those versions. In the meantime, the officials said, Mac and Linux alpha users should use updated versions of the stable version.
Tor’s declaration Friday announced there’s no proof the flaw has been actively employed on the Internet or dark web to obtain the IP addresses or Tor users. Of course, the lack of evidence doesn’t mean the flaw wasn’t exploited by law enforcement officers, private investigators, or stalkers. And now that a fix is available, it will be easy for adversaries who didn’t know about the vulnerability before to create working exploits. Anyone who relies on a Mac or Linux version of the Tor browser to shield their IP address should update as soon as practicable and do willing for the chance, still unknown, their IP addresses should previously be leaked

Canada’s Spy Agency Publishes its Cyber-Defense Tool for Public

Canada’s Spy Agency Publishes its Cyber-Defense Tool for Public
Special Communications Security Establishment (CSE), Canada’s main signs statistics agency, has made a malware scanning and analytics tool called AssemblyLine as open-source by releasing the code. assembly line tool can analyze massive volumes of files and also rebalance workload automatically.
When the scanning manner, all file is assigned a unique identifier, and user-defined analytics engines scan it to assess the maliciousness of the code. The file is then assigned a score equally, and if a file is identified to be malicious, then it has to go within other protective mechanisms.
The CSE hopes that by obtaining the code open-source and free, the data security or InfoSec community will be prepared to acquire more tools and come up with innovative designs of detecting malicious files. Designated users can access the AssemblyLine source code at Atlassian’s Bitbucket repository. It is worth noting that the CSE made the software public without commercial or proprietary technology.
This isn’t the first time an agency has released the source code of software since the US NSA/National Security Agency has also publicly released a number of infosec tools such as Secure Extensions for Linux (SELinux) and GCHQ/Government Communications Headquarters of Britain also has a code repository on Github and has already made various tools open-source
The primary purpose of using AssemblyLine is to help questioners from checking them to manually inspect the files and allowing them enough time and space so that they could focus upon incoming malware. Mainstream anti-virus programs like Kaspersky, McAfee, BitDefender, and F-Secure can also be used for scanning with AssemblyLine while the tool can connect with the VirusTotal anti-virus scanning service through an application programming key.
CSE’s IT security head Scott Jones told CBS News that, AssemblyLine is “a tool that helps our analysts know what to look at because it’s overwhelming for the number of people we have to be able to protect things.”

The CSE has dubbed it an “unprecedented step” as it is the first electronic spy agency that has released its own developed cyber defense tool to the public. The agency hopes that organizations will be able to defend their data and sites from cyber threats better.

Self-governing researcher and a portion of University of Toronto’s Citizen Lab, Bill Robinson, has dubbed the step of CSE as “big change” and “a sea of change.” As for, AssemblyLine; the tool is available on BitBucket.

Canada’s Spy Agency Publishes its Cyber-Defense Tool for Public https://t.co/qORdS9HKRF

— Tech Office (@Techoffice3) October 20, 2017

Israel Hacked Kaspersky, Jumped Russian Spies Hacking American Spies, But…


According to an article published today by the New York Times, Israeli government hackers hacked into Kaspersky’s network in 2015 and caught Russian government hackers red-handed hacking US government hackers with the help of Kaspersky.

In other words — Russia spying on America, Israel spying on Russia and America spying on everyone.

What the F^#% is going around?

It is like one is blaming another for doing exactly the same thing it is doing against someone else. Wow!

Well, the fact that everyone is spying on everyone is neither new nor any secret. However, somehow now Kaspersky Labs is at the center of this international espionage tale for its alleged devil role.

Just last week, the Wall Street Journal, an American media agency, published a story against the Kaspersky, a Russian antivirus provider, claiming that the Russian government hackers stole highly classified NSA records and hacking tools in 2015 of a staffer’s home PC with the help of Kaspersky Antivirus.

Even if the incident is real, quoting multiple anonymous sources from US intelligence community, Wall Street Journal article failed to provide any substantial evidence to prove if Kaspersky was intentionally involved with the Russian spies or some hackers simply exploited any zero-day vulnerability in the Antivirus product.

Now, the latest NYT story, again quoting an anonymous source from Israeli Intelligence Agency, seems another attempt to justify the claims made by WSJ article about Russians hacking NSA secrets.

“The role of Israeli intelligence in uncovering [the Kaspersky Labs] breach and the Russian hackers’ use of Kaspersky software in the broader search for American secrets have not previously been disclosed,” the NYT reported.


According to the report, United States officials began an immediate investigation in 2015 after Israel officials notified the U.S. National Security Agency (NSA) about the possible breach.

Indeed, in mid-2015, Moscow-based Kaspersky Lab detected sophisticated cyber-espionage backdoor within its corporate network and released a detailed report about the intrusion, although the company did not blame Israel for the attack.

At the time, Kaspersky said that some of the attack code the company detected shared digital fingerprints first found in the infamous Stuxnet worm, same malware which was developed by America and Israel to sabotage Iran’s nuclear program in 2010.

This suspicion of malicious Kaspersky’s behavior eventually leads the U.S. Department of Homeland Security (DHS) to ban and remove Kaspersky antivirus software from all of its government computers.

Moreover, just last month, the U.S. National Intelligence Council shared a classified report with NATO allies concluding that the Russian FSB intelligence agency had access to Kaspersky’s databases and as well as the source code.


However, Kaspersky Lab has always denied any knowledge of, or involvement in, any cyber espionage operations.

“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” Kaspersky’s founder Eugene Kaspersky said in a statement.


Eugene today also announced that he has just launched an internal investigation to cross-check if United States LEA has relevant facts.

Kaspersky Lab was not involved in, and does not possess any knowledge of the intelligence operation described in the recent @NYTimes article pic.twitter.com/didzcB0650

— Eugene Kaspersky (@e_kaspersky) October 10, 2017




Eugene previously admitted there’s a possibility that NSA hacking tools could have been picked up as malware by their Anti-malware scanner because antivirus products are designed to work in that way.

“We absolutely and aggressively detect and clean malware infections no matter the source,” the antivirus company said.



Until now it is quite tough to judge if Kaspersky was involved in any wrongdoing, but the ball is in America’s court, who has to provide the actual evidence to the world about the highly classified Israeli counter-intelligence operation.

Google security experts disclosed seven distinct vulnerabilities in the Dnsmasq software package.

Security researchers should found not one or two, but a total of seven safety vulnerabilities in the common open source Dnsmasq network services software, three of which could allow remote code execution on a vulnerable system and hijack it.

Dnsmasq is a generally used lightweight web purpose tool designed to provide DNS (Domain Name System) forwarder, DHCP (Dynamic Host Configuration Protocol) server, router ads and network boot services for small networks.

Dnsmasq comes pre-installed on many designs and cutting rules, including Linux partitions such as Ubuntu and Debian, home routers, smartphones and Internet of Things (IoT) devices. A shodan scan for “Dnsmasq” reveals around 1.1 million instances worl

Google security experts disclosed seven distinct vulnerabilities in the Dnsmasq software package.


 Newly, Google’s security team studied Dnsmasq and found seven security issues, including DNS-related remote code execution, information disclosure, and denial-of-service (DoS) issues that can be triggered via DNS or DHCP.

“We discovered seven distinct issues (listed below) over the course of our regular internal security assessments,” Google’s security team wrote in a blog post published on Monday. 

“Once we determined the severity of these issues, we worked to investigate their impact and exploitability and then produced internal proofs of concept for each of them. We also worked with the maintainer of Dnsmasq, Simon Kelley, to produce appropriate patches and mitigate the issue.”

After the vulnerabilities have now been patched by Dnsmasq developer and maintainer Simon Kelley, Google researchers have issued details and proof-of-concept (PoC) exploit code for each of the vulnerabilities.

Out of seven vulnerabilities identified by the team, three can be exploited to give remote code execution, three can be used in denial of service attacks, and one information leakage flaw


Here’s the List of All Vulnerabilities:

  • CVE-2017-14491—A DNS-based remote code execution vulnerability in Dnsmasq versions before 2.76 is marked as the most severe that allows for unrestricted heap overflows, affecting both directly exposed and internal network setups.
  • CVE-2017-14492—Another remote code execution vulnerability due to a DHCP-based heap overflow issue.
  • CVE-2017-14493—Another noteworthy DHCP-based remote code execution bug caused by a stack buffer overflow. According to Google, this flaw is trivial to exploit if it’s used in conjunction with the flaw (CVE-2017-14494) mentioned below.
  • CVE-2017-14494—An information leak in DHCP which can be combined with CVE-2017-14493 to allow attackers bypass ASLR security mechanism and execute arbitrary code on a target system.
  • CVE-2017-14495—A flaw in Dnsmasq which can be exploited to launch a denial of service (DoS) attack by exhausting memory via DNS. The flaw impacts dnsmasq only if one of these options is used: –add-mac, –add-cpe-id or –add-subnet.
  • CVE-2017-14496—Google’s Android operating system is specifically affected by this DoS issue which can be exploited by a local hacker or one who is tethered directly to the device. However, Google pointed out the service itself is sandboxed, so the risk to Android users is reduced.
  • CVE-2017-14497—Another DoS issue wherein a large DNS query can crash the software.
  • Since all the issues have already been addressed with the release of Dnsmasq 2.78, Dnsmasq users are advised to update their installations as soon as possible.

    To patch your devices, make sure to upgrade packs on your way. Google has updated its affected services and released the security fixes to Android partners on 5 September 2017 in October’s Android security updates.

    Other affected Google services are also claimed to be updated. Kubernetes versions 1.5.8, 1.6.11, 1.7.7, and 1.8.0 have also been updated with a patched Dnsmasq