Tag: Hacks

Let’s Begin

Note that all the CCTV cameras are operated and connected to the Wi-Fi network. so if I wanted to hack into CCTV camera system I must get into the Wi-Fi network. Now there are a lot of easy ways and articles with which you can find on how to hack Wi-Fi networks.

So I will skip this step. After getting access to a Wi-Fi network the first thing I did is I typed the router address into the browsers URL.

   192.168.1.1 

If you are not sure about whats the IP address for the specific router you can simply look for a router, it’s brand and just simply Google it. Like if I want to know the IP address [Admin Panel address] of a TP-link router I will Google “TP Link admin panel IP address” that’s it and you will get it. !

Now moving towards all I have to do is to get into the router setting now most of the time people don’t change the default username and password for the router so you can always try for simple configuration like :

AUsername: password Admin:admin Admin:12345

And there are a lot of things! you can get the list on the internet just simply Google “the router name brand and the default username and password”. if your friend is smart enough to change the username and password you can still get into it refer to this article: You want password cracking then you seaech my name on search bar and learn

,

Since he was using the default username and password I got into its routers admin panel

then I remember that he had few webcams and few devices connected to it. Luckily in the admin table, I configure and figure out all the devices with hostname. Like if you are using a Lenovo PC then it’s name should be there likeLenovo laptop if you are using a mobile of Samsung the it should display etc and you can just assume that rest of the devices are printer or webcam for CCTV cameras. etc.

So instead of searching to all the connected devices and looking for the open port I decided to use a smart way I decided an app to view the stream of the webcam that automatically find all the CCTV cameras connected to the network with the same Wi-Fi

Now I know that what was the company of the CCTV cameras so I search the company name model and its vulnerability it had one vulnerability and I took advantage of it.

I examine the vulnerable code and I found that there is a vulnerability which can be exploited to get into the webcam so I open the termux app on my cell phone and started to hack into a system

wget http://192.168.1.99//proc/kcore | strings | nano

checking the memory leak I couldn’t find the password so I search forward with exactly words like admin because I thought that admin is the default username and password is usually near the username and it was a lucky guess! I was able to find the username and password so I took the advantage of this vulnerability and easily hack into the system



The very next thing I did was to report the vulnerability to the company’s office and my friend I also advised him to change the default username and password and give him a tip that the username and password should be difficult which includes hexadecimal character and a combination of capital and small alphabets with also some special characters and numeric values!

This way you can hack into any CCTV camera if it has a vulnerability.

With just some googling and basic knowledge you can do this very easily. Share this article and I will soon share more awesome Hacking related and pentesting related articles.

Get in touch with us on every social platform!

  

STEP 1: Create Server for Hacking Passwords

First of all, for hacking any Facebook account password, we have to create our keylogger server that will run on the victim’s machine, capturing his keystrokes and emailing us the record. The keylogger server building process consists of several steps:

1. First of all download the Keylogger and a good binder. Binders are easily available via a Google search. 

2. Extract the RAR file. Now you will get one folder and three files.

3. Open the Keylogger file. Here you will need a gmail ID and password. For safer use, create a fake Gmail account.

4. Click on server settings as shown. Here, enter the time at which you want to receive reports; it’s always preferable to use a 20 minute timer for receiving files. Click on the Output box to choose the location of the file and give it a name. We recommend using a system process name to make it undetectable, like svchost, or check any process name from your task manager and name it. Other fields are optional.

5. Click on Log and Result Setting. In Log Email Title enter the subject of email like “my keylogger report” or anything else that you you like. Click the last two options that add computer name and add the victim’s name.

6. Now click on “Other Options.” In this section you just have to do one thing. Most hackers prefer warning message POP up, but I prefer keylogger using any message – so unclick the message button. When you bind it with any other software it should not have a warning message attached, otherwise it will be detectable.

7. Finally click on Build Keylogger. You will see your keylogger file at the location that you have chosen in the 4th step. This keylogger server file will be used to bind with other software in Binding Step.

 8. Now your keylogger server is ready for you to hack Facebook accounts. 

Step 2: Extracting the icon file from any installer (resource hacker)

1. Open the resource hacker folder and select the reshacker file.

2. Go to its menu and open any setup file. Suppose we want to attach our keylogger to a Ccleaner setup file. Open the Ccleaner setup with resource hacker. 

3. In the menu, there is one action button. Click on it and then click save all resource.

 4. Save all the resources to the desktop or any other location of your choice.

5. It consists of two files. One is icon file and other is res file. We only need the icon file, so you can delete the other one.

6. That leaves us with the icon of installer file (Ccleaner setup icon).

Step 3: Bind the Keylogger server with any software

1. Go to keylogger folder and open the Binder.

2. Click on the button shown below to add files.

3. Add the keylogger server and the setup software (in our case it’s Ccleaner setup).

4. In the Binder menu, go to Settings. There, select the icon that we have generated in the previous step and set the location of the output file as shown in the figure.

5. Now again go to file’s menu in Binder and click on Bind files.

6. Now your Binded keylogger is ready. You just need to spread it or send it to the victim that is your friend.

Step 4: How to spread the keylogger

1. Now you have one software setup file with a keylogger attached to it. (In our case, we have Ccleaner setup with keylogger attached with it)

2. Spread your keylogger through forums. If you are a member of various forums, use them to spread your keylogger in the form of software posts.

3. Spread it through pendrives or USB hard drives. Suppose a friend asked you for a software, give them the software with the keylogger attached to it on the hard drive. 

Note: you can also attach keyloggers to images, but that can be detectable by antivirus, so we recommend avoiding that route.

Hacking someone’s Facebook account takes more than a few minutes. 

 Features:

• Bypassing CSP using polyglot JPEGs

• Encoding Web Shells in PNG IDAT chunks 

• Hidden malvertising attacks (with Polyglot images)

• XSS payload revisiting (in PNG and IDAT chunks)

• XSS Facebook upload (Wonky and PNG content)

Tools:

bmp.pl, gif.pl, jpg.pl, png.pl

Requirements:

GDString::CRC32Image::ExifTool

Install

Clone the repo:

$ git clone https://github.com/chinarulezzz/pixload.git

Note: Debian users need to install the following packages:

$ sudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-perl

Pixload Usage Examples

BMP Payload Creator/Injector

Usebmp.pl to create BMP Polyglot image with custom/default payload, or inject payload into existing image:

$ ./bmp.pl [-payload \’STRING\’] -output payload.bmp 

If the output file exists, then the payload will be injected into the existing file. Else the new one will be created. 

GIF Payload Creator/Injector

$ ./gif.pl [-payload \’STRING\’] -output payload.gif

JPG Payload Creator/Injector

There are two ways in which you can achieve this:

1. Comment section injection:

$ ./jpg.pl -place COM -output payload.jpg

2. DQT table injection:

$ ./jpg.pl -place DQT -output payload.jpg

PNG Payload Creator/Injector

$ ./png.pl [-payload \’STRING\’] -outp

This tutorial is not very difficult and probably nothing new, but I haven\’t seen anything of this methond on this forum yet and some people created threads asking about Snapchat hacking related stuff. Maybe for some of you this is no big deal, but I think not everyone knows that this is possible. This tutorial should also show an efficient way of this method. Keep in mind that this method is for getting the data of random people, not a specific victim.

First of all, Snapchat provides the opportunity to log into your account via browser on https://accounts.snapchat.com/accounts/login

Once you are logged in you can go to \”My Data\” and Snapchat creates a ZIP file for you which contains various information about your Snapchat account. The ZIP file also contains a link with which you can download the memories of that Snapchat account via browse

What is even the use of getting the memories of someone\’s snapchat account? Primarly just getting nudes. A lot of girls save them in their snapchat memories.

There you need the email/account name of the victim as well as the phone number. This is not always the case if you don\’t know much about the person. You also need to rely on the possibility that the person falls for your SMS.

So let\’s get started:

What you need:

1. A good combolist /database. It is important that you have an email:pass list where you know you get a lot of hits. There are some good new leaked databases in this forum, you\’ll find something.

2. A VPN

Firstly you focus on a specific country your victim has to be from. Choose an email that gets used by the people from this country. (For example Germany live.de, hotmail.de, gmx.de etc.). Then connect with your VPN program to a German server. NordVPN isn\’t maybe the best VPN to use for yourself, but I guess it is used by most of you and you can easily connect to a big number of countries.

It is important that you use an IP from the country your victim is from. With a gmail address for example it is difficult to predict where from the person is.

I don\’t have a Snapchat cracker and also didn\’t really search for it. So we are talking about copy & paste the login info manually.

There are now 3 outcomes:

1. The login info is incorrect -> Try the next person

2. The login info is correct and you can successfully log in.

3. The login info is correct but Snapchat recognizes suspicious activity.

Let\’s focus first on outcome number 2. After that number 3.

So now since you could log in without any problems go to the option \”My Data\”. Scroll down and click on \”Submit Request\”. Now Snapchat creates the ZIP file. It depends on the amount of memories the victim has in his/her snapchat account how long it takes until the ZIP file is created. It can take to 1-2hours if it is a lot of data (!). If it takes very long it is possible that Snapchat wants you to type in the password again, so look that you don\’t loose the password.

Very rarely Snapchat fails to create the ZIP file, I don\’t know why. (Usually a sign that it failed is when you click on \”Submit Request\” again and Snapchat starts to create a ZIP file again and doesn\’t say it is still creating it.)

Once the ZIP file is created, download and open it. Now open the html folder and open the memories_history.html file with your browser. Now you can see all the memory files of the victim. But as you also can see you have to download every photo/video separately: https://imgur.com/a/08lygg8

Snapchat doesn\’t give you the option of download it all at once.

But for this I also have a solution: https://github.com/ToTheMax/Snapchat-All-Memories-Downloader

This is a node.js script that lets you download all the memories at once. There is also a readme how to use it. Extract the Snapchat ZIP file in the same folder as the All-Memories-Downloader. So now just open the command prompt, navigate to that folder, type in node main.js and it should work. You can find all memories in the Downloads folder. Done.

 HACKING ANDROID COURSES 

Part 1: Penetration Testing 

Part 2: Setup Your Lab 

 https://mega.nz/folder/TM1jyABL#40eUd_dpLEchdUAxbXPEiQ

Part 3: Finding Your way around Kali  https://mega.nz/folder/fVl3hI7J#tKsrQ4rjzd97b7sah6gwYw

Part 4: IMPORTANT TOOL  

 https://mega.nz/folder/fB9T0CAD#6jdad6-5XW-fSFhuhYO7Uw

Part 5: Exploitations 

 https://mega.nz/folder/fElDXIwA#y6qSr6jMk5dTkXUaDeEe_w

Part 6: Hacking Android Devices  https://mega.nz/folder/HJ8BwQrI#JiQhByO7NvsuU_nRslRhZw

Part 7: Social Engeneering 

 https://mega.nz/folder/vUshmAgD#lJpAwyKwLss9ogVZzrnFvw

Part 8: Hacking Using Android Devices  

 https://mega.nz/folder/aVsFzQ4S#MYrQ9rc3pjDjq2pjVHCtoA

1. What Is Ethical Hacking And Penetration Testing, And How Can You Use It

2. Introduction From Your Co-Instructor Snehil Khare about Ethical Hacking

3. Environment setup lecture

4. Stealing facebook credentials via phishing 

5. How to defend against phishing attacks

6. User Browser hacking using Beef exploitation framework

7. How to defend against browser attacks

8. User machine hacking via word and excel documents

9. Hacking android phones for fun and profit 

10. Backdooring android apps for Profit

11. How to defend against android attacks

12. Chaining multiple commands together

13. Download and build the target

14. Hacking with Kali Linux your target system

Link https://drive.google.com/file/d/1e8IhYxkmpTGE32vutY2EHK4BzqY60r-B/view