Good News for Wannacry Victims: Your Files Are Easy to Recover!

We all know about the panic made by the infamous ransomware worm wannacry. It hit more than 3lakhs of systems within 72 hours. The latest reports says that there are some errors found in the wannacry code and it might allow the victims to restore the files without any decryption keys.

Senior researcher at security company kasperkey lab Anton Ivanov, along with his team mates’ fedor sinitsy and orkhan mamedov explained thursday that some critical errors in the code made by wannacry developers. They made mainly 2 types errors.

1. While deleting the original file.


2. While processing the read-only files.

By utilizing these errors, the victims can restore their files using just a recovery software.

1.Error in the removal logic

When wannacry encrypts a file it first reads the original file, encrypts it and save it to an extension .WNCRYT. Then it moves to another extension .WNCRY and deletes the original file. Our issue resides in this area that is in the way the ransomware deletes the original file after encryption.

The deletion logic may vary depending on the location and the properties of the victim’s files.

The Files are located on the system drive c:

• If the files is in the desktop or documents folder, the original file will be overwritten with random data before removal. In this case, there is no way for restoring the files.


• If the files are stored outside the important folders(ie, Desktop and Documents), then the original files will be moved into a temporary folder(%TEMP%\%d.WNCRYT, where %d denotes a numeric value). In this case, the original files are not overwritten, but only deleted, it means there is a chance to recover it.

The files are located on other drive:

• Ransomware creates a folder($RECYCLE folder) and intents to move the original files to it. The files In this folder will be also set to hidden attribute. But, in some case, due to the synchronization errors, the ransomware doesn’t move the files to that folder. Even if it, deletion is not in the secure way, which makes the restore of file into available.

The standard way a computer deletes a file is by designating the area of the hard drive as an area that other files can go. But until new data takes up the physical space of the old data the old remains on the hard disk.

In order to delete a file so that file recovery software cannot recover it, malware developers or security minded user must overwrite the original file with new disk. Wannacry did not do this in any but the desktop and documents folders. Instead it uses the normal mechanism to delete files, which can be undone.

2.Read-Only files processing error

The developers also found a bug in read-only file processing. If such files are there in the machine, it create an encrypted copy. But the original files are not deleted or overwritten. But set to the the hidden attribute.

The researchers concluded,

“From our in depth research into this ransomware, it is clear that the ransomware developers have made a lot of mistakes and, as we pointed out, the code quality is very low.

If you were infected with WannaCry ransomware there is a good possibility that you will be able to restore a lot of the files on the affected computer. To restore files, you can use the free utilities available for file recovery. We advise organizations share this article with their system administrators – as they can use the file recovery utilities on affected machines in their network.”

 

20 Best Hacking Apps For Android Phones Part - 2

20 Best Hacking Apps For Android Phones Part 2 We are writing this posts in 4 parts, if you not read earlier part so, first read all earlier parts. This is the second part of "20 Best Hacking Apps For Android Phones" . Hope you read our earlier part. Now we bring you the next.

Read Previous Parts Part - 1

---

---

Disclaimer: "The Content inside the post is only for educational purposes. we are not responsible if anyone misuses it."

---

---

1. zANTI

[caption id="attachment_3524" align="aligncenter" width="480"] 20 Best Hacking Apps For Android Phones - zANTI - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

zANTI is a penetration testing toolkit developed by Zimperium Mobile Security for cyber security professionals. Basically, it allows you to simulate malicious attacks on a network. With the help of zANTI, you will be able to do various types of operations such as MITM attacks, MAC address spoofing, scanning, password auditing, vulnerability checks and much more. In short, this android toolkit is a perfect companion of hackers.

Overall features,

• Change device's MAC address.


• Create a malicious WiFi hotspot.


• Hijack HTTP sessions.


• Capture downloads.


• Modify HTTP requests and responses.


• Exploit routers.


• Audit passwords.


• Check a device for shellshock and SSL poodle vulnerability.

---

2. AnDOSid

[caption id="attachment_3526" align="alignleft" width="1600"] 20 Best Hacking Apps For Android Phones - AnDOSid - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

AnDOSid is an android tool developed by Scott Herbert that you can use to launch DoS attacks from your mobile phone. It was developed as a stress testing tool, but you know, anything can be misused, even a pen....

---

3. cSploit

[caption id="attachment_3530" align="aligncenter" width="496"] 20 Best Hacking Apps For Android Phones - cSploit - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

cSploit is an open source (GPLed) Android network analysis and penetration suite which aims to be the most complete and advanced professional toolkit for IT security experts/geeks to do network security assessments on a mobile device.

Features:

• Map your local network


• Fingerprint hosts' operating systems and open ports


• Add your own hosts outside the local network


• Integrated traceroute


• Integrated Metasploit framework RPCd
  
  
  
  • Search hosts for known vulnerabilities via integrated Metasploit daemon
  
  
  • Adjust exploit settings, launch, and create shell consoles on exploited systems
  
  
  • More coming
  
  
  
  


• Forge tcp/udp packets


• Perform man in the middle attacks (MITM) including:
  
  
  
  • Image, text, and video replacement-- replace your own content on unencrypted web pages
  
  
  • javascript injection-- add your own javascript to unencrypted web pages.
  
  
  • password sniffing ( with common protocols dissection )
  
  
  • Capture pcap network traffic files
  
  
  • Real time traffic manipulation to replace images/text/inject into web pages
  
  
  • DNS spoofing to redirect traffic to different domain
  
  
  • Break existing connections
  
  
  • Redirect traffic to another address
  
  
  • Session Hijacking-- listen for unencrypted cookies and clone them to take Web session
  
  
  
  

---

4. Droidsqli

[caption id="attachment_3532" align="alignleft" width="1600"] 20 Best Hacking Apps For Android Phones - DroidSQLi - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

DroidSQLi is an android app that allows you to launch SQL injection attacks on a target URL. It's fully automated, so you don't need much technical knowledge to operate this application. Just find a vulnerable URL and then put it in the "Target URL", then tap on "Inject". That's it!

---

 

5. Fing Network Tools

[caption id="attachment_3545" align="aligncenter" width="1600"] 20 Best Hacking Apps For Android Phones - Fing Network Tools - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

Fing is a simple android tool for network analysis. It can help you to, discover devices connected to the WiFi network, switch on a device from your mobile/tablet, perform traceroute and some network operations.

All Download Links

[sociallocker] Download - Zanti | Download - AnDOSid  | Download - csploit  | Download - DroidSQLi | Download - Fing [/sociallocker]

if you like this post, please give me little donation

[wp_paypal button="donate" name="My product" button_image="http://ask2guruji.com/blog/wp-content/uploads/2017/06/paypaldonation.png"]

 

Indian Hacker Hacked Pakistani Website For His Girl Friend

Hackers usually take over a site to promote their agenda or for personal gain. However, this recent hack was done purely out of “love.”

The Islamic University of Bahawalpur had its website hacked by an Indian hacker recently on june 2nd. The page has been defaced with an elaborate love letter.

Read More From My Site

1. Top Indian Hackers You Should Know


2. 20 Best Hacking Apps For Android - Part 4


3. Download YouTube Videos Using Tube Mate


4. DroidSQLi Hack Website Using SQL Injection


5. Social Locker Premium Plugin For WordPress


6. What Is SEO Why SEO Important

The browser tab displays the message:

"Hacked by ~vicky~for his love[blue idiot] just hacked into this website for you..we are united indian hackers"

Vicky or Vikrant has supposedly hacked the site to profess his love for his girlfriend as evident from his message (screenshot below).

[caption id="attachment_3451" align="aligncenter" width="700"] site deface page[/caption]

He didn’t mention the girl’s name or why he hacked a site to do that. He did however leave a message for the site owner at the end as well.

"Sorry website owner for getting pwned and thanks to mr.404 not found"

“Devil’s Cafe”

 At the end of the hacker’s message there is a site link “devilscafe.in” which leads to a shady looking blog on “Informational Security” and “SEO & Blogging”.

The message on the about page reads:

"…it is more likely that people often mistake my site to be that promotes Hacking. But in reality, our goal is to prevent hacking. We believe that unless you know how to hack (ethically), you cannot defend yourself from malicious hack attacks."

It’s probable that the site owner is Vikrant himself and he has hacked the Islamia University of Bahwalpur’s site. However, nothing is confirmed for sure.

Source: propakistani.pk

20 Best Hacking Apps For Android Phones Part-1

20 Best Hacking Apps For Android Phones

20 Best Hacking Apps For Android Phones Hacking is a topic which everyone is keen to know. We can also do it, study it even without much of the technical knowledge. So, We bring you a series of 4 posts on 20 Best Hacking Apps For Android Phones. Here is the First part.

Disclaimer: The content inside the post is only for educational purposes. We will not be responsible if anyone misuse it.

here we go..

#1. AndroRAT

[caption id="attachment_3439" align="aligncenter" width="338"] 20 Best Hacking Apps For Android Phones[/caption]

AndroRAT stands for Android and RAT (Remote Administrative Tools). The app aims to give you the control of the Android system remotely and fetch the information from it. The features in this useful Android hacking app include collecting information like contacts, call logs, messages, and location. The app also allows you to remotely monitor received message and state of phone, making a phone call and sending texts, taking picture from camera, opening URL in the default browser etc.

Download Link: http://gallery.mobile9.com/f/4734109/

#2. Nmap

[caption id="attachment_3440" align="aligncenter" width="480"] 20 Best Hacking Apps For Android Phones[/caption]

Nmap is an android tool that you can use on a network to determine available hosts, services, operating system versions, types of packet filters/firewalls and other characteristics. It is an incredibly useful tool for hackers (ethical or unethical).

Requirements:

• The device must have root access. (You can run the app without root access, but some features will not work)


• SuperSU/Busybox/SuperUser.

Download Link: http://www.mediafire.com/file/raxqhxdmmyhbqte/anmap.apk

#3. Hackode

[caption id="attachment_3441" align="aligncenter" width="562"] 20 Best Hacking Apps For Android Phones[/caption]

Hackode is an android app developed by Ravi Kumar for penetration testers Ethical hackers and cyber security professionals. It contains various modules including Reconnaissance, Scanning, Exploits and Security Feed
This Application contains different tools like:

*Reconnaissance
Google Hacking
Whois Lookup
*Scanning
Ping
Traceroute
MX Records
DNS Dig
*Exploit
Tools to be added Soon
*Security Feed
Security news

With some of the modules like Reconnaissance you are able to do some tasks like Google Hacking, allowing you to find the vulnerability from sites using the google dorks.

Download Link: https://play.google.com/store/apps/details?id=com.techfond.hackode

#4. DroidBox

DroidBox is an app that offers dynamic analysis of Android applications. Using the app, one can get a wide range of results about the hashes for the APK package, network traffic, SMS and phone calls, information leaks via different channels etc.

Download Link: https://code.google.com/archive/p/droidbox/

#5. Whatsapp Sniffer

20 Best Hacking Apps For Android Phones

WhatsApp Sniffer is a great Android hacking app, which works in tandem with the WhatsApp application. Using this app, you can hack private WhatsApp chats, pictures, audios and videos of your friends who are using your Wi-Fi Hotspot. You can manipulate pictures, videos, account info at your pleasure.

 Note: Disable Antivirus 

Download Link: http://softstribe.com/apk/download-whatsapp-sniffer-apk-file-android/

Stay tuned for next parts.. :) click here to check the 2nd part. click here to check the 3rd part

Top 5 All Time Best Hacking Tools For Hackers

Top 5 All Time Best Hacking Tools For Hackers: Today in this post i am tell about 5 best hacking tools. So, if want to to learn hacking these tools are important for you.

Read What Is SQL Injection? How To Hack Website Using SQL Injection ?

"THIS TUTORIALS ONLY FOR EDUCATIONAL PURPOSE ONLY" so lets start.

1. Metasploit

Penetration testing software to help you act like the attacker

[caption id="" align="aligncenter" width="635"] Top 5 All Time Best Hacking Tools For Hackers[/caption]

Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

2. NMAP

Used to Scan Ports and Map Networks – and a whole bunch more!

[caption id="" align="alignnone" width="1280"] Top 5 All Time Best Hacking Tools For Hackers[/caption]

Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, Literally, thousands of system admins all around the world will use nmap for network inventory, check for open ports, manage service upgrade schedules, and monitor host or service uptime. Nmap, as a tool uses raw IP packets in creative ways to determine what hosts are available on the network, what services (application name and version) those hosts are providing information about, what operating systems (fingerprinting) and what type and version of packet filters/ firewalls are being used by the target.

3. THC Hydra

A very fast network logon cracker which support many different services.

[caption id="" align="aligncenter" width="800"] Top 5 All Time Best Hacking Tools For Hackers[/caption]

When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC. Other online crackers are Medusa and Ncrack. The Nmap Security Scanner also contains many online brute force password cracking modules.

4. Aircrack-ng

Aircrack-ng is a complete suite of tools to assess WiFi network security.

It focuses on different areas of WiFi security:
Monitoring: Packet capture and export of data to text files for further processing by third party tools.
Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.
Testing: Checking WiFi cards and driver capabilities (capture and injection).
Cracking: WEP and WPA PSK (WPA 1 and 2).
All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.

5. John the Ripper password cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS.John the Ripper is free and Open Source software, distributed primarily in source code form, Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

Warning! You Are Being Watched Without Your Knowledge

When NSA contractor the famous('infamous', 'the hero') Edward Snowden revealed that the US government is watching us through the yahoo web chat in a project called, 'Optic Nerve', we got really scared. A Developer from AOL, Mr.Ran Bar Zik has reported the similar situation Now. He insists we could get spied, watched without our knowledge through a UX design flaw in google chrome. If any hacker with malicious intention exploit this flaw, yes. it is possible. User will be not aware that they are being spied.

How it Works

Presently the modern web browsers like google chrome and mozilla firefox uses a collection of protocols called, webRTC(Web real time communication) protocol for real time audio video communication. Web browsers doesn't need a plugin if they are using webRTC.

To protect from unauthorized audio and streaming using this webRTC, browser requests the users to allow particular websites to use webRTC and then to access devices camera and microphone. The main and exploitable danger part of this is once granted, the website will have access until you manually cancel these webRTC permissions. So, the web browser alerts the user with and indication,mostly in the window header, whenever there is audio and video are being recorded. The only indication in google chrome too lies on the window header.



The danger part is, if any websites with malicious intention popups with headless windows, it can record audio and video secretly.

The developer Ran Bar Zik also provided a demo website that demonstrates the situation. you too can check it with google chrome. just clicking on those 2 buttons are needed. don't worry it is nothing to worry, it is safe.

Google Says,

The more interesting thing is when Mr. Ran Zik the flaw to google on April 10, 2017, they rejected it as a flaw. through their words,

"This isn't really a security vulnerability – for example, WebRTC on a mobile device shows no indicator at all in the browser," a Chromium member replied to the researcher's report. "

Currently the flaw is reported to be affected in google chrome only. but off course it may other web browsers.

Prevention

[caption id="attachment_3430" align="alignnone" width="690"] Facebook CEO Mark Zuckerberg's Post on Instagram[/caption]

• Disable webRTC if you really don't need it.


• If you require this on some sites, allow only trusted ones.


• The funny but only safest solution is what Facebook CEO showed us,Tap the camera from our devices

What Is SQL Injection ? How To Hack Website Using SQL Injection ?

WHAT IS SQL INJECTION ? SQL injection, also known as SQLi, is a common attack vector that uses malicious SQL code for backend database manipulation to use information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

1. How To View Your Email Subscribers In WordPress


2. DroidSQLi Hack Website Using SQL Injection


3. DroidSQLi Pro Android App For Hackers

The impact SQL injection can have on a business is far-reaching. A successful attack may result in the unauthorised viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly harmful to a business.

When calculating the potential cost of a SQLI, it’s important to consider the loss of customer trust should personal information such as phone numbers, addresses and credit card details be stolen.

While this vector can be used to attack any SQL database, websites are the most frequent targets.

WHAT ARE SQL QUERIES

SQL is a standardized language used to use and manipulate databases to build customizable data views for each user. SQL queries are used to execute commands, such as data retrieval, updates and record removal. Different SQL elements implement these tasks, e.g., queries using the SELECT statement to retrieve data, based on user-provided parameters.

A typical eStore’s SQL database query may look like the following:

SELECT ItemName, ItemDescription
FROM Item
WHERE ItemNumber = ItemNumber

From this, the web application builds a string query sent to the database as a single SQL statement:

sql_query= "
SELECT ItemName, ItemDescription
FROM Item
WHERE ItemNumber = " & Request.QueryString("ItemID")

A user-provided input http://www.estore.com/items/items.asp?itemid=999 can then generates the following SQL query:

SELECT ItemName, ItemDescription
FROM Item
WHERE ItemNumber = 999

As you can gather from the syntax, this query provides the name and description for item number 999.

SQL INJECTION EXAMPLE

An attacker wishing to execute SQL injection manipulates a standard SQL query to exploit non-validated input vulnerabilities in a database. There are many ways that this attack vector can be executed, several of which will be shown here to provide you with a general idea about how SQLI works.

For example, the above-mentioned input, which pulls information for a specific product, can be altered to read http://www.estore.com/items/items.asp?itemid=999 or 1=1.

As a result, the corresponding SQL query looks like this:

SELECT ItemName, ItemDescription
FROM Items
WHERE ItemNumber = 999 OR 1=1

And since the statement 1 = 1 is always true, the query returns all of the product names and descriptions in the database, even those thay you may not be eligible to access.

Attackers are also able to take advantage of incorrectly filtered characters to alter SQL commands, including using a semicolon to separate two fields.

For example, this input http://www.estore.com/items/iteams.asp?itemid=999; DROP TABLE Users would generate the following SQL query:

SELECT ItemName, ItemDescription
FROM Items
WHERE ItemNumber = 999; DROP TABLE USERS

As a result, the entire user database could be deleted.

Another way SQL queries can be manipulated is with a UNION SELECT statement. This combines two unrelated SELECT queries to retrieve data from different database tables.

For example, the input http://www.estore.com/items/items.asp?itemid=999 UNION SELECT user-name, password FROM USERS produces the following SQL query:

SELECT ItemName, ItemDescription
FROM Items
WHERE ItemID = '999' UNION SELECT Username, Password FROM Users;

Using the UNION SELECT statement, this query combines the request for item 999’s name and description with another that pulls names and passwords for every user in the database.

SQLI PREVENTION AND MITIGATION

There are several effective ways to prevent SQLI attacks from taking place, as well as protecting against them, should they occur.

The first step is input validation (a.k.a. sanitization), which is the practice of writing code that can identify illegitimate user inputs.

While input validation should always be considered best practice, it is rarely a foolproof solution. The reality is that, in most cases, it is simply not feasible to map out all legal and illegal inputs—at least not without causing a large amount of false positives, which interfere with user experience and an application’s functionality.

For this reason, a web application firewall (WAF) is commonly employed to filter out SQLI, as well as other online threats. To do so, a WAF typically relies on a large, and constantly updated, list of meticulously crafted signatures that allow it to surgically weed out malicious SQL queries. Usually, such a list holds signatures to address specific attack vectors, and is regularly patched to introduce blocking rules for newly discovered vulnerabilities.

Modern web application firewalls are also often integrated with other security solutions. From these, a WAF can receive additional information that further augments its security capabilities.

For example, a web application firewall that encounters a suspicious, but not outright malicious, input may be cross-verify it with IP data before deciding to block the request. It only blocks the input if the IP itself has a bad reputational history.

Incapsula cloud-based WAF uses signature recognition, IP reputation and other security methodologies to identify and block SQL injections, with a minimal amount of false positives. The WAF’s capabilities are augmented by IncapRules—a custom security rule engine that enables granular customization of default security settings and the creation of additional case-specific security policies.

Our WAF also employs crowdsourcing techniques that ensure that new threats targeting any Incapsula user are immediately propagated across the entire user-base. This enables rapid response to newly disclosed vulnerability and zero-day threats.

How To Hack Website Using SQL Injection?

Hello guys, i am Blogger Ashok Puneth today in this section i am teach you how to hack website database using SQL injection, this tutorials only for educational purpose, ask2guruji not responsible for any issue, try this tutorial on own risk.

"If you like this tutorials please give a little donation and help me"

[wp_paypal button="donate" name="My product"]

watch full video tutorial

https://www.youtube.com/watch?v=6wKST22auxw&t=8s

"If you like this tutorials please give a little donation and help me"

[wp_paypal button="donate" name="My product"]