Odo Head Spa offered by Odo Beauty Care Limited

Odo Beauty Care Limited Welcome to our first Odo Head Spa Salon located at 9F Pennington Com Bldg., 17 Pennington Street, Causeway Bay (Near to Regal Hotel, Hong Kong and above 7-11) 香港铜锣湾边寧顿亍 17号 边寧顿商业大厅厦电梯 9字 鄰近香港富豪酒店,7-11 樓上 TEL: 9010-1586 English and Japanese only (英/日语) Email: info@odo.com.hk BY APPOINTMENT ONLY 完全予約制 敬请电約

網頁

Powered By Blogger

2023年5月31日星期三

HOW TO HACK WHATSAPP ACCOUNT? – WHATSAPP HACK

In the last article, I have discussed a method on WhatsApp hack using SpyStealth Premium App. Today I am gonna show you an advanced method to hack WhatsApp account by mac spoofing. It's a bit more complicated than the last method discussed and requires proper attention. It involves the spoofing of the mac address of the target device. Let's move on how to perform the attack.

SO, HOW TO HACK WHATSAPP ACCOUNT?                                                          

STEP TO FOLLOW FOR WHATSAPP HACK

Here I will show you complete tutorial step by step of hacking WhatsApp account. Just understand each step carefully so this WhatsApp hack could work great.
  1. Find out the victim's phone and note down it's Mac address. To get the mac address in Android devices, go to Settings > About Phone > Status > Wifi Mac address. And here you'll see the mac address. Just write it somewhere. We'll use it in the upcoming steps.
  2. As you get the target's mac address, you have to change your phone's mac address with the target's mac address. Perform the steps mentioned in this article on how to spoof mac address in android phones.
  3. Now install WhatsApp on your phone and use victim's number while you're creating an account. It'll send a verification code to victim's phone. Just grab the code and enter it here.
  4. Once you do that, it'll set all and you'll get all chats and messages which victims sends or receives.
This method is really a good one but a little difficult for the non-technical users. Only use this method if you're technical skills and have time to perform every step carefully. Otherwise, you can hack WhatsApp account using Spying app.
If you want to know how to be on the safer edge from WhatsApp hack, you can follow this article how to protect WhatsApp from being hacked.
Related word

Multi-Protocol Proxy Over TCP & UDP

Many years ago I programed a console based multi protocol proxy (the sha0proxy) lately I created in dotnet a graphical verison of the tool, but due to the form referesh speed finally I implemented it in C++ with Qt.

This tool useful for reversing, exploiting & pentesting was finally called rproxy, and its a multi-protocol proxy over TCP or UDP.





Being in the middle of the communication you can view and modify the bytes before being sent to the client or server.

In the tools tab right now its possible to open the blob on radare2 for further reversing of the data structures or code.


A basic mutation based fuzzer is implemented for bug-hunting, just set the % ratio of mutation and the bytes will be modified during specific communications phase.

One of the powerful things of this tool is the scripting, it is possible to automate a modification in specific moment of the traffic flow.



For example a script with a single line: "IN 3 20 3F" will write a 0x3f on the offset 20 only on the third packet received from the server. I have used this feature for triggering vulnerabilities.

Regarding the saving and loading data from disk, it's possible to save and load data in raw and hex formats. Also can be configured for save all the communications or only specific emission.


Find the source code and binaries at github: https://github.com/sha0coder/reproxy



Continue reading

  1. Hack Tools For Mac
  2. Pentest Tools Url Fuzzer
  3. Hacking Tools For Windows Free Download
  4. Hackrf Tools
  5. Hacking App
  6. Pentest Tools Open Source
  7. Tools For Hacker
  8. Bluetooth Hacking Tools Kali
  9. Hacker Tools Apk
  10. Hacker Hardware Tools
  11. Pentest Tools For Ubuntu
  12. Pentest Tools Kali Linux
  13. Hacking Tools Windows
  14. Hacker Tools Windows
  15. Hack Tools 2019
  16. Hacker Tools Github
  17. Hacker Tools
  18. Hacking Tools For Games
  19. Free Pentest Tools For Windows
  20. Hacking Tools For Kali Linux
  21. Hacking Tools Software
  22. Hack Tools 2019
  23. Hack And Tools
  24. Pentest Reporting Tools
  25. Hacker Tools For Mac
  26. Hack Tools For Ubuntu
  27. Hack App
  28. Hack Website Online Tool
  29. What Are Hacking Tools
  30. Hacking Tools For Beginners
  31. Hack Tools Pc
  32. Pentest Tools Github
  33. Hacking Tools Windows
  34. Hacking Tools Mac
  35. Pentest Tools For Mac
  36. Install Pentest Tools Ubuntu
  37. Hacker Security Tools
  38. Nsa Hack Tools Download
  39. Android Hack Tools Github
  40. Hacking Tools Pc
  41. Pentest Tools Bluekeep
  42. Hack Tools For Games
  43. Pentest Tools Free
  44. Pentest Tools Bluekeep
  45. Hacking Tools For Windows 7
  46. How To Make Hacking Tools
  47. Best Hacking Tools 2019
  48. Hacker Tools
  49. Hack Tools For Windows
  50. Hacking Tools Github
  51. Pentest Tools Open Source
  52. Hacker Tools Apk Download
  53. What Are Hacking Tools
  54. Tools 4 Hack
  55. Free Pentest Tools For Windows
  56. Android Hack Tools Github
  57. Hacker Tools List
  58. Hacker Tool Kit
  59. Pentest Tools For Windows
  60. Top Pentest Tools
  61. Hacking Tools For Pc
  62. Bluetooth Hacking Tools Kali
  63. Hacker Tools
  64. Tools For Hacker
  65. Pentest Tools Open Source
  66. Hackers Toolbox
  67. World No 1 Hacker Software
  68. Hacking Tools 2020
  69. Hack Tools For Ubuntu
  70. Physical Pentest Tools
  71. Hacker Tools For Ios
  72. Hacking Tools For Kali Linux
  73. Hacker Tools
  74. Nsa Hacker Tools
  75. Best Hacking Tools 2020
  76. Hack Tools For Games
  77. Hacker
  78. Hacker Tools Free
  79. Hacker Tools For Pc

2023年5月30日星期二

Shadow Attacks … The Smallest Attack Vector Ever

In July 2020, we introduced a novel attack class called Shadow Attacks. In our recent research, we discovered a new variant of the attack which relies only on an Incremental Update containing a malicious trailer.
A proof-of-concept exploit working on Foxit (Version: 11.0.1.49938) can be downloaded here.

The story so far ...

Shadow attacks are attacks bypassing the integrity protection of digitally signed PDF documents. The attacks abuse two legitimate features in PDF documents which we briefly explain.

Hiding Content

In PDFs, there are multiple techniques to hide content that is not displayed when the document is opened. We, as attackers, usually hide malicious objects without referencing them in the xref section.

Incremental Updates

New content can be appended to a signed PDF document. This is quite dangerous though. The digital signature in PDFs protects a specific range of bytes. Any appended content does not break the signature verification since it is outside this range. As a result, any new Incremental Update does not violate the cryptographic verification of the digital signature. 
But, Incremental Updates are quite dangerous since they may completely change the displayed content of the document. In 2019, we showed different techniques based on Incremental Updates – the Incremental Saving Attacks.
As a countermeasure, most vendors warn if additional content is added after signing the document. BUT … not always!!!
 
There are meaningful use cases where Incremental Updates in digitally signed documents are allowed. For instance, contracts should be signed by multiple parties and each new signature is applied via additional Incremental Update.
Also, PAdES defines Incremental Updates as part of the long-term validation of digitally signed PDFs.
In summary, Incremental Updates are painful from a security perspective. Currently, vendors are trying to estimate whether an Incremental Update is malicious or not by analyzing its content.

Shadow Attacks

Shadow attacks, in general, deceive the PDF applications that an Incremental Update is not malicious. This can be done by providing an Incremental Update with minimal content.
In 2020, we estimated that appending an xref section and a trailer is sufficient to bypass the detection mechanisms of popular applications such as Adobe Reader and Foxit Reader.

Trailer-based Shadow Attack

Three months ago, we tried to reduce the content of the malicious Incremental Update. Our idea was to use only a malicious trailer and still change the content of the entire document when it is opened. Let's see how this can be done. 


The Signer's view on the document

 If a signer gets the document depicted on the left side, he or she sees the content "Sign the document to get a reward".
The document contains a hidden content depicted as red text – the 4 0 obj containing the text "You are fired. Get out immediately" and an xref section pointing to that object. However, the trailer references another xref section, see (1) and (2). Thus, the red text is never shown.
From the signer's perspective, there is no possibility to detect the hidden content by opening and reviewing the document.
As a result, the signer, for example the company director, signs the document.

The Victim's view on the document

We assume that the attacker receives the signed document and manipulates it.
The attacker appends only a trailer that points to the hidden malicious xref section (the red one). When the victim opens the document, the content "You are fired. Get out immediately" is shown.
However, the digital signature validation does not throw any warning since … well … what could go wrong if only a trailer is appended.
 

Honest vs. Malicious Trailer

There are small differences between the honest and the malicious trailer– the byte position of the xref section. Now, the trailer points to the hidden xref section.
trailer
<<
/Size 23
/Prev 18735
/Root 13 0 R
]>>
Honest trailer
trailer
<<
/Size 23
/Prev 19192
/Root 13 0 R
]>>
Malicious trailer
 
 



Impact and Exploit

We successfully applied the new attack on Foxit Reader (Version: 11.0.1.49938). We promptly reported the vulnerability and provided a Proof-of-Concept (PoC) exploit, known as CVE-2021-40326.
Foxit acknowledged the attack and published a security fix with the new version Foxit Reader 11.1.
 
We are not aware of any further implementations vulnerable to this attack.
If you think that your application might be vulnerable to the attack, then just download the exploit and test on your own.
 

Authors of this post

Vladislav Mladenov

Simon Rohlmann

Christian Mainka

Related articles


Testing SAML Endpoints For XML Signature Wrapping Vulnerabilities

A lot can go wrong when validating SAML messages. When auditing SAML endpoints, it's important to look out for vulnerabilities in the signature validation logic. XML Signature Wrapping (XSW) against SAML is an attack where manipulated SAML message is submitted in an attempt to make the endpoint validate the signed parts of the message -- which were correctly validated -- while processing a different attacker-generated part of the message as a way to extract the authentication statements. Because the attacker can arbitrarily forge SAML assertions which are accepted as valid by the vulnerable endpoint, the impact can be severe. [1,2,3]

Testing for XSW vulnerabilities in SAML endpoints can be a tedious process, as the auditor needs to not only know the details of the various XSW techniques, but also must handle a multitude of repetitive copy-and-paste tasks and apply the appropriate encoding onto each message. The latest revision of the XSW-Attacker module in our BurpSuite extension EsPReSSo helps to make this testing process easier, and even comes with a semi-automated mode. Read on to learn more about the new release! 

 SAML XSW-Attacker

After a signed SAML message has been intercepted using the Burp Proxy and shown in EsPReSSO, you can open the XSW-Attacker by navigating to the SAML tab and then the Attacker tab.  Select Signature Wrapping from the drop down menu, as shown in the screenshot below:



To simplify its use, the XSW-Attacker performs the attack in a two step process of initialization and execution, as reflected by its two tabs Init Attack and Execute Attack. The interface of the XSW-Attacker is depicted below.
XSW-Attacker overview

The Init Attack tab displays the current SAML message. To execute a signature wrapping attack, a payload needs to be configured in a way that values of the originally signed message are replaced with values of the attacker's choice. To do this, enter the value of a text-node you wish to replace in the Current value text-field. Insert the replacement value in the text-field labeled New value and click the Add button. Multiple values can be provided; however, all of which must be child nodes of the signed element. Valid substitution pairs and the corresponding XPath selectors are displayed in the Modifications Table. To delete an entry from the table, select the entry and press `Del`, or use the right-click menu.

Next, click the Generate vectors button - this will prepare the payloads accordingly and brings the Execute Attack tab to the front of the screen.

At the top of the Execute Attack tab, select one of the pre-generated payloads. The structure of the selected vector is explained in a shorthand syntax in the text area below the selector.
The text-area labeled Attack vector is editable and can be used to manually fine-tune the chosen payload if necessary. The button Pretty print opens up a syntax-highlighted overview of the current vector.
To submit the manipulated SAML response, use Burp's Forward button (or Go, while in the Repeater).

Automating XSW-Attacker with Burp Intruder

Burp's Intruder tool allows the sending of automated requests with varying payloads to a test target and analyzes the responses. EsPReSSO now includes a Payload Generator called XSW Payloads to facilitate when testing the XML processing endpoints for XSW vulnerabilities. The following paragraphs explain how to use the automated XSW attacker with a SAML response.

First, open an intercepted request in Burp's Intruder (e.g., by pressing `Ctrl+i`). For the attack type, select Sniper. Open the Intruder's Positions tab, clear all payload positions but the value of the XML message (the `SAMLResponse` parameter, in our example). Note: the XSW-Attacker can only handle XML messages that contain exactly one XML Signature.
Next, switch to the Payloads tab and for the Payload Type, select Extension-generated. From the newly added Select generator drop-down menu, choose XSW Payloads, as depicted in the screenshot below.



While still in the Payloads tab, disable the URL-encoding checkbox in the Payload Encoding section, since Burp Intruder deals with the encoding automatically and should suffice for most cases.
Click the Start Attack button and a new window will pop up. This window is shown below and is similar to the XSW Attacker's Init Attack tab.


Configure the payload as explained in the section above. In addition, a schema analyzer can be selected and checkboxes at the bottom of the window allow the tester to choose a specific encoding. However, for most cases the detected presets should be correct.

Click the Start Attack button and the Intruder will start sending each of the pre-generated vectors to the configured endpoint. Note that this may result in a huge number of outgoing requests. To make it easier to recognize the successful Signature Wrapping attacks, it is recommended to use the Intruder's Grep-Match functionality. As an example, consider adding the replacement values from the Modifications Table as a Grep-Match rule in the Intruder's Options tab. By doing so, a successful attack vector will be marked with a checkmark in the results table, if the response includes any of the configure grep rules.

Credits

EsPReSSO's XSW Attacker is based on the WS-Attacker [4] library by Christian Mainka and the original adoption for EsPReSSO has been implemented by Tim Günther.
Our students Nurullah Erinola, Nils Engelberts and David Herring did a great job improving the execution of XSW and implementing a much better UI.

---

[1] On Breaking SAML - Be Whoever You Want to Be
[2] Your Software at My Service
[3] Se­cu­ri­ty Ana­ly­sis of XAdES Va­li­da­ti­on in the CEF Di­gi­tal Si­gna­tu­re Ser­vices (DSS)
[4] WS-Attacker

Related posts