Millionaire Boys Club. Make Money. SEX and Money. SecretSexual Exercise and Exciting Money Making Business. Sell theExercise Methods @ UK £ 25.00 Worldwide
"PHoss is a sniffer. A normal sniffer software is designed to find problems in data communication on the network. PHoss is designed to know some protocols which use (or may use) clear text passwords. Many protocols are designed to use secure authentication. For fallback they define a lowest level of authentication using clear text. Many companies use this lowest fallback definition as standard setting to make the product working in many environments." read more...
TL;DR: Don't build a burner device. Probably this is not the risk you are looking for.
Introduction
Every year before DEF CON people starts to give advice to attendees to bring "burner devices" to DEF CON. Some people also start to create long lists on how to build burner devices, especially laptops. But the deeper we look into the topic, the more confusing it gets. Why are we doing this? Why are we recommending this? Are we focusing on the right things?
What is a "burner device" used for?
For starters, the whole "burner device" concept is totally misunderstood, even within the ITSEC community. A "burner device" is used for non-attribution. You know, for example, you are a spy and you don't want the country where you live to know that you are communicating with someone else. I believe this is not the situation for most attendees at DEF CON. More info about the meaning of "burner" https://twitter.com/Viss/status/877400669669306369
Burner phone means it has a throwaway SIM card with a throwaway phone, used for one specific operation only. You don't use the "burner device" to log in to your e-mail account or to VPN to your work or home.
But let's forget this word misuse issue for a moment, and focus on the real problem.
The bad advice
The Internet is full of articles focusing on the wrong things, especially when it comes to "burner devices". Like how to build a burner laptop, without explaining why you need it or how to use it.
The problem with this approach is that people end up "burning" (lame wordplay, sorry) significant resources for building a secure "burner device". But people are not educated about how they should use these devices.
The threats
I believe the followings are some real threats which are higher when you travel:
1. The laptop getting lost or stolen.
2. The laptop getting inspected/copied at the border.
These two risks have nothing to do with DEF CON, this is true for every travel.
Some other risks which are usually mentioned when it comes to "burner devices" and DEF CON:
3. Device getting owned via physical access while in a hotel room.
4. Network traffic Man-in-the-middle attacked. Your password displayed on a Wall of Sheep. Or having fun with Shellshock with DHCP. Information leak of NTLM hashes or similar.
5. Pwning the device via some nasty things like WiFi/TCP/Bluetooth/LTE/3G/GSM stack. These are unicorn attacks.
6. Pwning your device by pwning a service on your device. Like leaving your upload.php file in the root folder you use at CTFs and Nginx is set to autostart. The author of this article cannot comment on this incident whether it happened in real life or is just an imaginary example.
How to mitigate these risks?
Laptop getting stolen/lost/inspected at the border?
1. Bring a cheap, empty device with you. Or set up a fake OS/fake account to log in if you really need your day-to-day laptop. This dummy account should not decrypt the real files in the real account.
Device getting owned while in a hotel room with physical access
1. Don't bring any device with you.
2. If you bring any, make it tamper-resistant. How to do that depends on your enemy, but you can start by using nail glitter and Full Disk Encryption. Tools like Do Not Disturb help. It also helps if your OS supports suspending DMA devices before the user logs in.
3. If you can't make the device tamper-resistant, use a device that has a good defense against physical attackers, like iOS.
4. Probably you are not that important anyway that anyone will spend time and resources on you. If they do, probably you will only make your life miserable with all the hardening, but still, get pwned.
Network traffic Man-in-the-middle attacked
1. Don't bring any device with you.
2. Use services that are protected against MiTM. Like TLS.
3. Update your OS to the latest and greatest versions. Not everyone at DEF CON has a 0dayz worth of 100K USD, and even the ones who have won't waste it on you.
4. Use fail-safe VPN. Unfortunately, not many people talk about this or have proper solutions for the most popular operating systems.
5. For specific attacks like Responder, disable LLMNR, NBT-NS, WPAD, and IPv6 and use a non-work account on the machine. If you don't have the privileges to do so on your machine, you probably should not bring this device with you. Or ask your local IT to disable these services and set up a new account for you.
Pwning the device via some nasty thing like WiFi/TCP/Bluetooth/LTE/3G/GSM stack
1. Don't bring any device with you.
2. If you bring any, do not use this device to log in to work, personal email, social media, etc.
3. Don't worry, these things don't happen very often.
Pwning your device by pwning a service on your device
Just set up a firewall profile where all services are hidden from the outside. You rarely need any service accessible on your device at a hacker conference.
Conclusion
If you are still so afraid to go there, just don't go there. Watch the talks at home. But how is the hotel WiFi at a random place different from a hacker conference? Turns out, it is not much different, so you better spend time and resources on hardening your daily work devices for 365 days, instead of building a "burner device".
You probably need a "burner device" if you are a spy for a foreign government. Or you are the head of a criminal organization. Otherwise, you don't need a burner device. Maybe you need to bring a cheap replacement device.
In this concise article we will learn some basics of how to use Linux Command line, so lets get started.
Requirements:
1. An open Terminal in your Linux Box. I'm using Kali Linux 2.0 or you can check out this amazing website Webminal Command: ls Syntax: ls [flag(s)] Function: ls is short for list. ls command is used to list the contents of a directory these contents include files, folders, and links. ls has many optional flags as well, some of them are described below Flags: -a this flag is used to view hidden files that is those files whose names are preceded by a '.'(dot) -l this flag is used to view file permissions, owner of the file, group of the owner, the file size, the modification date, and the filename. We'll talk more about it in later articles. Command: mkdir Syntax: mkdirdirname Function: mkdir is used to create a directory (or a folder) with the name which is followed by the command now lets create a directory in our current directory named as myfiles, how would you do that? mkdir myfiles which command should we use in order to verify that the directory has been created in our current folder? ls this will list all the files and directories in our current folder. Do you see myfiles directory listed? Command: cd Syntax: cdpath/to/directory Function: cd is short for change directory. It is used to navigate directories, or to make it clear it does the same thing as what double clicking on a folder do except it doesn't show you contents of the directory :(. In order to navigate or visit another directory we need to provide it's ABSOLUTE-PATH or RELATIVE-PATH you heard that, didn't ya? Paths are of two types relative path or absolute path (also called full-path). Relative as the name suggests is relative to the current directory, so if you have to navigate to a folder within the current directory you'll just simply type cddirectory_name. But what if you have to navigate to a directory which is the parent of current directory? Well it's easy just type cd .. (yes double dots, you noticed that .. and . thing when you typed ls -a, didn't you?). The double dots mean the directory above current directory (i,e the parent directory) and a single dot means the current directory (i,e the directory that I'm currently in). Now if you have to navigate two directories above current directory using relative path navigation you'll type cd ../.. here .. means previous directory and another .. after slash (/) means the previous directory of the previous directory sounds confusing..! The Absolute Path means full path to the file or folder which starts from root directory. Say I want to navigate to my home folder using absolute path, then I'll type: cd /home/user where user is the username Now think of navigating to the myfiles folder from your home directory using the absolute path, it will be something like this: cd/home/user/myfiles Exercise:Create a directory project1 inside your home directory and inside the project1 directory create a file and a directory named index.html and css respectively. Then navigate to the css directory and create a style.css file inside it. At last navigate out of the css directory to home both using the relative and absolute path mechanisms. [Trick: To get quickly out of any directory to your home directory type cd~ [press Enter] or simply cd [press Enter]] Command: touch Syntax: touchfilename Function: touch is a nifty little function used to create an empty file (actually it's used to change access time of a file but everyone has got bad habits :P ). You can create any type of empty file with the touch command. If you are a bit curious about touch read the manual page of the touch command using the man touch command. Now lets create a few files inside of our myfiles directory touchfile1 file2 file3 The above command creates three empty files in our current directory named file1, file2, and file3. How will you verify that it has indeed created these three files in your current directory? I won't answer this time. Command: echo Syntax: echoHacker manufacturing under process Function: echo is used to display a line of text. By default echo displays a line of text on the terminal which is the standard output device (stdout for short). However we can redirect the output of an echo command to a file using > (the greater than symbol). Now if we have to echo a line of text to a file, say file1 in our myfiles directory, we will type: echoThis is file1>file1 The above command will echo the text "This is file1" to file1. Command: cat Syntax: catfilename [anotherfilename...] Function: cat stands for concatenate (not that puny little creature in your house). The main function of cat is to concatenate files and display them on your terminal (or in geeky terms stdout). But its also used to display the contents of a file on your terminal. Let's display the contents of file1 in the myfiles directory that we echoed to it using the echo command, for that we'll type: catfile1 Awesome I can see on black screen contents of my file (what if your terminals background is white?), looks like I'm becoming a hacker. In case you don't see it then I suggest you should give up the thought of becoming a hacker. Just kidding you might have missed a step or two from the above steps that we performed. Now lets say that we want to add another line of text to our file using the echo command should we use the same greater than (>) symbol? No, if we want to add another line (which in geeky terms is to append a line) to our file using the echo command we have to use >> (two greater than symbols) like this: echoAnother line of text>>file1 now to check the contents of file1 we'll type: catfile1 OK we wrote two lines inside of the file1. Does it mean we have to add three greater than symbols to write third line? Oh! I didn't thought you'd be such a genius. A single greater than symbol (>) means redirect the output of the preceding command to a file specified after the > symbol. If the file exists then overwrite everything that's in it with the new contents and if the file does not exist then create one and write to it the output of the preceding command. So if you had typed echoAnother line of text>file1 it would have overwritten the contents of the file1 with "Another line of text" and the line "This is file1" would no longer be present in the file. Two greater than symbols (>>) mean that append (remember the geeky term?) the output of the previous command to the end of file specified after >>. Now if you want to add another line of text to file1, you won't use >>> rather you'll use >> like this: echo Third line in file1>>file1 This is it for today. But don't worry we'll learn more things soon.
Desde hace ya unas semanas, desde que se declaró el estado de alarma, millones de ciudadanos de todo el mundo nos encontramos en un periodo de confinamiento por culpa del ya famoso COVID-19. Esta situación excepcional nos ha permitido pasar más tiempo con algunos de nuestros familiares más cercanos y comenzar o retomar algunos de los proyectos que teníamos olvidados por casa.
Figura 1: Raspberry Pi Zero para "Makers": 6 PoCs & Hacks Just for Fun (1 de 3)
Si este es tu caso y estás buscando alguna idea interesante con la que entretenerte en esta cuarentena has llegado al sitio correcto. En esta serie de tres artículos os presentaremos a vosotros los "Makers" o los que queréis ser "Makers" alguna vez, seis interesantes proyectos basados en la Raspberry Pi Zero y os explicaremos cómo llevarlos a cabo.
Y ahora, vamos a por los seis proyectos que puedes hacer tú en tu casa para entretenerte y meterte en el mundo de los "makers" de una vez por todas si tenías ganas de ello.
1.- Pi Zero Drone: Drone "Low-Cost" con Raspberry Pi Zero
El primero de los proyectos de los que os hablaremos hoy se trata de la construcción de un Drone Low-Cost - por menos de 200 € - el cual se basará en una distribución de GNU/Linux y utilizara la Raspberry Pi 0 como placa controladora o cerebro. El mundo de los drones y cuadrocopteros ligeros cuenta con millones de aficionados, con Pi Zero Drone es posible acercar un poco más este mundillo a todos aquellos que quieren introducirse en la construcción de estos divertidos aparatos.
Si no estás familiarizado con la construcción de drones de carreras o de cualquier otro tipo no tienes de que preocuparte, a continuación te explicaremos cuales son las piezas necesarias para este montaje y como se ensamblan pero si te gusta el mundo de los Drones, y tienes inclinaciones de "maker", puedes leer el libro de David Meléndez Calero que habla justo de estas cosas: "Hacking con Drones: Love is in the air".
Las piezas necesarias serán las siguientes: chasis, variadores, motores, hélices, batería, controladora PFX mini (69 €) y por supuesto una Raspberry Pi Zero. Lo primero será realizar el montaje del drone, este proceso es bastante sencillo y no debería llevarte más de 1 hora. Comenzaremos con el montaje de la estructura, en cada brazo del chasis hay que fijar un motor sujetándolo con tornillos (vienen con kit del chasis), a continuación se deben conectar los variadores a los motores (utilizando los cables de colores) y fijarlos en la zona central de los brazos.
Figura 5: Kit de Pi Zero Drone
Para terminar hay que situar la Raspberry Pi Zero y la controladora PFX mini en el centro del chasis, conectando ambas entre sí utilizando los pines y separadores de teflón que vienen en el kit de la controladora. Por último solo queda conectar el módulo de la batería y fíjalo a la parte inferior del chasis utilizando los velcros que te vienen con el kit. También hay que colocar una hélice en cada motor.
Figura 6: Pi Zero Drone montado
Una vez tengamos el montaje realizado pasaremos a la parte de configuración del autopilot (PFX mini + Raspberry Pi Zero), lo bueno del kit de Erle Robotics es que incluye acceso a sus imágenes Debian compatibles con la PFX mini, así que solo tendrás que guardarlas en una tarjeta micro SD e introducirla en tu Raspberry Pi Zero.
Por ultimo conectaremos el cable JSTGH del módulo de alimentación a nuestro montaje de autopilot, lo que hará que al conectar la batería se encienda el drone. Ya solo nos queda conectar los variadores de cada brazo con su respectivo pin a la PFX mini (PWM1 con ESC1, PWM2 con ESC2 y sucesivamente) ya que dos de los motores giraran en sentido horario y otros dos en anti horario.
Figura 7: Cosntrucción de Pi Zero Drone paso a paso
Con el drone ya construido y listo para volar solo queda decidir qué dispositivo utilizar para controlarlo. En este caso el método más sencillo es utilizar una emisora de radio control convencional que cuente con un receptor (el cual montaremos en el drone). Tienes en la página web toda la información detallada del proyecto Pi Zero Drone con un paso a paso.
2.- Zero Phone: construcción de un Smartphone con Raspberry Pi Zero
El segundo de los proyectos del que os hablaremos hoy es la construcción de un mini teléfono móvil, sin duda un proyecto bastante interesante. En este caso la idea surgió de un proyecto de crowdfounding y sus creadores aseguran que es posible construir el smartphone por menos de 50 €.
Este proyecto ha recibido el nombre de Zerophone, es Open Source y está basado en una distribución de GNU/Linux. Una de las mayores ventajas de construir el teléfono nosotros mismos es que nunca tendremos problemas de portabilidad o incompatibilidad con la tarjeta SIM de cualquier operadora de telecomunicaciones. Aunque el Zerophone sea un dispositivo de aspecto muy sencillo será capaz de ejecutar numerosas aplicaciones - solo GNU/Linux pone los limites -, además contará con acceso root.
En cuanto a su hardware, al basarse en una Raspberry Pi Zero este es fácil de modificar y reparar.Una vez hayas adquirido tu kit Zerophone o hayas recopilado todos los componentes necesarios solo tendrás que descargar el software gratuito y seguir paso a paso las instrucciones que encontrarás en la página web del proyecto.
Figura 9: Aspecto de Zero Phone
Si nos fijamos en sus especificaciones se podría decir que es un Smartphone bastante completo, además de contar con iluminación RGB y vibración dispone de una entrada micro HDMI, un puerto USB (de tamaño completo) y un jack de 3.5 en el que podemos conectar auriculares. También cuenta con conectividad Wi-Fi, 2G y es posible implementar BlueTooth.
Figura 10: ZeroPhone kit
En cuanto a la pantalla y teclado cuenta con una pantalla de 1,3 pulgadas y un teclado similar al de los teléfonos móviles de la década anterior. Si esta configuración no te resulta cómoda también es posible sustituir la pantalla y el teclado por una pantalla táctil de Raspberry Pi Zero. Tienes un buen análisis hecho por Javier Pastoren el blog de Xakata.
Una de las cosas que hacen bastante atractivo este proyecto es la posibilidad de conectar el dispositivo a un monitor y de utilizar teclado y ratón para controlarlo o modificar sus funciones desde su API. Si modificar el software del dispositivo no te parece suficiente también puedes personalizar por completo el hardware, es posible integrar una cámara hasta de 8 megapíxeles, nuevos botones o sensores analógicos o digitales, se puede añadir una batería más duradera, añadir distintos módulos (GPS, radio,…) o recurrir a la impresión 3D para diseñar una carcasa totalmente personalizada.
Zerophone es una plataforma ideal para la realización de diversos proyectos, es posible utilizar cualquier lenguaje de programación en él y además permite la ejecución de APIs, scripts SSH y de consolas UART, e incluso, como se ve en la Figura 11, navegar por TOR.
Como veis son proyectos que requieren cierta maña, pero no me digáis que en lugar de estar haciendo puzzles de 1.000 piezas no es mejor estar convirtiéndote en un "maker" y jugando con el hardware y el software.
Autor: Sergio Sancho Azcoitia
*********************************************************************************** - Raspberry Pi Zero para "Makers": 6 PoCs & Hacks Just for Fun (1 de 3) - Raspberry Pi Zero para "Makers": 6 PoCs & Hacks Just for Fun (1 de 3) - Raspberry Pi Zero para "Makers": 6 PoCs & Hacks Just for Fun (1 de 3) ***********************************************************************************
In the last article, I have discussed a method on how to hack SnapChat account using SpyStealth Premium App. In this article, I am gonna show you an advanced method that how to hack SnapChat account by mac spoofing. It works same as WhatsApp hacking by mac spoofing. It's a bit more complicated than the last method discussed and requires proper attention. It involves the spoofing of the mac address of the target device. Let's move on how to perform the attack.
HOW TO HACK SNAPCHAT ACCOUNT BY MAC SPOOFING?
Note: This method will work if SnapChat is created on a phone number.
Here I will show you complete tutorial step by step of hacking the SnapChat account. Just understand each step carefully.
Find out the victim's phone and note down it's Mac address. To get the mac address in Android devices, go to Settings > About Phone > Status > Wifi Mac address. And here you'll see the mac address. Just write it somewhere. We'll use it in the upcoming steps.
As you get the target's mac address, you have to change your phone's mac address with the target's mac address. Perform the steps mentioned in this article on how to spoof mac address in android phones.
Now install SnapChat on your phone and use victim's number while you're creating an account. It'll send a verification code to victim's phone. Just grab the code and enter it here.
Once you do that, it'll set all and you'll get all chats and messages which victims sends or receives.
This method is really a good one but very difficult for the non-technical users. Only use this method if you're technical skills and have time to perform every step carefully. Otherwise, you can hack SnapChat account using Spying app.
In the last article, I have discussed a method on how to hack SnapChat account using SpyStealth Premium App. In this article, I am gonna show you an advanced method that how to hack SnapChat account by mac spoofing. It works same as WhatsApp hacking by mac spoofing. It's a bit more complicated than the last method discussed and requires proper attention. It involves the spoofing of the mac address of the target device. Let's move on how to perform the attack.
HOW TO HACK SNAPCHAT ACCOUNT BY MAC SPOOFING?
Note: This method will work if SnapChat is created on a phone number.
Here I will show you complete tutorial step by step of hacking the SnapChat account. Just understand each step carefully.
Find out the victim's phone and note down it's Mac address. To get the mac address in Android devices, go to Settings > About Phone > Status > Wifi Mac address. And here you'll see the mac address. Just write it somewhere. We'll use it in the upcoming steps.
As you get the target's mac address, you have to change your phone's mac address with the target's mac address. Perform the steps mentioned in this article on how to spoof mac address in android phones.
Now install SnapChat on your phone and use victim's number while you're creating an account. It'll send a verification code to victim's phone. Just grab the code and enter it here.
Once you do that, it'll set all and you'll get all chats and messages which victims sends or receives.
This method is really a good one but very difficult for the non-technical users. Only use this method if you're technical skills and have time to perform every step carefully. Otherwise, you can hack SnapChat account using Spying app.
"PHoss is a sniffer. A normal sniffer software is designed to find problems in data communication on the network. PHoss is designed to know some protocols which use (or may use) clear text passwords. Many protocols are designed to use secure authentication. For fallback they define a lowest level of authentication using clear text. Many companies use this lowest fallback definition as standard setting to make the product working in many environments." read more...
More articles
Related word
