Stephanie Pfeiffer Personal Site: May 2020

Friday, May 22, 2020

$$$ Bug Bounty $$$

What is Bug Bounty ?

A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.

Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.

Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1. In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.

While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.

What Is Brave Browser And How Does It Compares To Chrome ?

There are more competing web browsers than ever, with many serving different niches. One example is Brave, which has an unapologetic focus on user privacy and comes with a radical reimagining of how online advertising ought to work.

Brave is based on Chromium, the open-source code that forms the basis for Google Chrome. But is it any good? And for those using Google Chrome, is it worth switching to Brave?

A Brief History of Brave

When Brendan Eich and Brian Bondy founded Brave in 2015, they wanted to address what they perceived as the biggest problem with the modern internet: intrusive advertising.

Advertising is the fuel that powers the modern internet, allowing websites and digital creatives to monetize their content without charging users for each article read or every video watched. That said, Eich and Bondy think it's got some pretty significant downsides, citing the potentially privacy-harming nature of advertising trackers, as well as the negative impact it has on the overall user experience.

Brave's first release came about amidst two significant trends, which ultimately defined the new browser.

First, the cryptocurrency revolution was in full swing. Companies and individuals alike—like the pseudonymous Satoshi Nakamoto—were creating their own decentralized cryptocurrencies, which quickly reached billion-dollar market capitalizations. Second, ad-blocking technology entered the mainstream. By the decade's halfway point, millions of people were blocking ads online across all browsers, desktop, and mobile.

Brave was one of the first browsers to include built advertisement and tracker blockers, leapfrogging the likes of Opera. It also came with its own cryptocurrency, called BAT (or Basic Attention Token), allowing users to reimburse the sites and creators they like.

Essentially, Brave wants to re-imagine how the Internet works: not just on a usability level, but on an economic level. It's an undeniably radical vision, but you wouldn't expect any less, given its founding team.

Brendan Eich is the inventor of the JavaScript programming language and co-founded the Mozilla Foundation, which created the popular Firefox web browser. He also briefly served as the foundation's CEO before resigning following a bitter controversy over his political donations. Brian Bondy is also ex-Mozilla, and spent time at education startup Khan Academy.

Beyond that, Brave is a reasonably standard browser. Like Edge, Chrome, and Opera, it's built upon the Blink rendering engine, which means webpages should work as you expect. Brave is also compatible with Chrome extensions.

To Track or Not to Track?

The Brave browser is characterized by an unapologetically pathological focus on user privacy. Its primary mechanism for delivering this is something called Brave Shields, which combines traditional tracker-blocking technology, paired with several under-the-hood browser configuration tweaks. This feature is turned on by default, although users can easily de-activate it should it cause websites to break.

As you might expect, Brave blocks trackers based on whether they appear in several public blocklists. Going beyond that, it also uses cloud-based machine learning to identify trackers that slipped through the net, in addition to browser-based heuristics.

Brave Shields also forces sites to use HTTPS, where both an encrypted and unencrypted option is available. By forcing users to use an encrypted version of a website, it makes it harder for those on your network to intercept and interfere with the content you visit. While this sounds abstract, it's more common than you think. Public Wi-Fi hotspots, like those found in airports, routinely inject their own ads into websites being visited. Although upgrading to SSL isn't a silver bullet against all security and privacy, it's a pretty significant security upgrade.

Separately from Shields, Brave also includes a built-in TOR browser. TOR allows users to circumvent local censorship — like that which occurs on a national or ISP level — by routing traffic through other computers on its decentralized network.

The tool, which was funded by the US Department of Defence, is frequently used by dissidents living under authoritarian governments to escape surveillance and censorship. Both Facebook and the BBC offer their own TOR 'onion' sites for this reason. Somewhat of a double-edged sword, it's also used by bad actors — drug dealers, hackers, and other online criminals — to operate free from the scrutiny of law enforcement.

Going Batty for BAT

As mentioned, Brave uses its own cryptocurrency, called BAT, for rewarding websites for the content they appreciate. Microtransaction-based tipping is nothing new. Flattr pioneered it almost a decade ago. What's different about BAT is both the implementation and the scale.

While Flattr used traditional fiat-based currencies (by that, I mean currencies like pounds, dollars, and euros), Flattr has its own fungible (essentially, convertible) cryptocurrency based on the Ethereum blockchain. And, as a browser with mainstream aspirations, Brave can deliver this concept to millions of people.

So, let's talk about how it works. Firstly, it's entirely optional. Users can choose to use brave without even touching the BAT micropayments system. By default, it's turned off.

If you decide to opt-in, users can purchase BAT through a cryptocurrency exchange, like Coinbase. They can also earn it by viewing "privacy-respecting" ads. Rather than traditional banner-based advertising, these present as push notifications. Users can choose to dismiss a notification or view it in full-screen.

Unlike traditional advertising networks, the calculations determining what advertisements to show you are performed on your own device. This means the advertiser isn't able to build a profile of you and your interests.

Of all advertising revenue that Brave receives, it shares 70 percent with users, keeping a 30 percent share. It's also worth noting that Brave's advertising program is only available in a handful of countries, mostly scattered across Europe and the Americas, plus Israel, India, Australia, South Africa, the Philippines, Singapore, and New Zealand.

Once you have some BAT, you can spend it. You can choose to automatically contribute to specific sites or tip creators on an ad-hoc basis. You can even tip individual tweets. When you open Twitter through your browser, Brave will automatically add a button to each post within your newsfeed. Pressing it will open a drop-down window, where you confirm your tip.

The sites accepting BAT include The Guardian, The Washington Post, and Slate, as well as popular tech publications like Android Police and The Register. Brave also plans to allow users to spend their rewards for more tangible rewards: like hotel stays, gift cards, and restaurant vouchers. At the time of publication, this system isn't yet available.

How Does Brave Compare to Google Chrome?

Google Chrome commands the majority of the browser market, with other competitors, including Brave, trailing behind. Independent figures about Brave's adoption aren't readily available. It doesn't show on NetMarketShare or W3Counter, as it uses Chrome's user-agent string. In October, however, the company behind Brave reported eight million monthly active users and 2.8 million daily active users.

While that's pocket change in the broader Internet ecosystem, it's still fairly impressive for a young company that's trying to disrupt a market dominated by a small handful of well-entrenched players, like Mozilla, Google, Microsoft, and Apple.

Brave promises to be faster and less energy-intensive than rival browsers, and it delivers on this. Scientific benchmarks, plus my own anecdotal experiences, pay testament to this. Furthermore, when you open a new tab, Brave shows you how much time you've saved by using it.

However, there are small annoyances you perhaps wouldn't get with other browsers. Functionality that comes standard in Chrome, like the ability to automatically translate webpages, is only available through plug-ins.

You also occasionally encounter webpages that force you to "drop" your shield to access it. And while this isn't Brave's fault, it does highlight the fact that a huge part of the conventional Internet isn't quite prepared to embrace its utopian vision of how content should be monetized.

A Brave New World?

Should you ditch Google Chrome for Brave? Maybe. There's a lot to appreciate about this browser. While it's generally fast, it also feels extremely polished. I appreciate the fact that it comes with both light and dark themes and the ease in which it allows users to protect their privacy from cross-site trackers.

But Brave is more than a browser. It's a statement about how the Internet should work. And while most people will agree that the pace and scale of online tracking should be rolled back, many may disagree whether cryptocurrencies are the best way to monetize content that is otherwise funded by traditional in-browser advertising. And are push notification-based advertisements on your desktop really a less irritating form of advertising?

Ultimately, the question is whether you agree with Brave's approach or not.

@£√£RYTHING NT

Takeover - SubDomain TakeOver Vulnerability Scanner

Sub-domain takeover vulnerability occur when a sub-domain (subdomain.example.com) is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com. For more information: here

Installation:

# git clone https://github.com/m4ll0k/takeover.git
# cd takeover
# python takeover.py

or:

wget -q https://raw.githubusercontent.com/m4ll0k/takeover/master/takeover.py && python takeover.py

Download Takeover

Continue reading

Thursday, May 21, 2020

Hacking All The Cars - Part 2

Connecting Hardware to Your Real Car:

I realized the other day I posted Part 2 of this series to my youtube awhile ago but not blogger so this one will be quick and mostly via video walkthrough. I often post random followup videos which may never arrive on this blog. So if you're waiting on something specific I mentioned or the next part to a series its always a good idea to subscribe to the YouTube. This is almost always true if there is video associated with the post.

In the last blog we went over using virtual CAN devices to interact with a virtual car simulators of a CAN network This was awesome because it allowed us to learn how to interact with he underlying CAN network without fear of hacking around on an expensive automobile. But now it's time to put on your big boy pants and create a real CAN interface with hardware and plug your hardware device into your ODB2 port.

The video I created below will show you where to plug your device in, how to configure it and how to take the information you learned while hacking around on the virtual car from part1 and apply it directly to a real car.

Video Walk Through Using Hardware on a Real Car

As a reference here are the two device options I used in the video and the needed cable:

Hardware Used:

Get OBD2 Cable:
https://amzn.to/2QSmtyL

Get CANtact:
https://amzn.to/2xCqhMt

Get USB2CAN:
https://shop.8devices.com/usb2can

Creating Network Interfaces:

As a reference here are the commands from the video for creating a CAN network interface:

USB2Can Setup:

The following command will bring up your can interface and you should see the device light color change:

sudo ip link set can0 up type can bitrate 125000

Contact Setup:

Set your jumpers on 3,5 and 7 as seen in the picture in the video

Sudo slcand -o -s6 /dev/ttyACM can0 <— whatever device you see in your DMESG output

Ifconfig can0 up

Summary:

That should get you started connecting to physical cars and hacking around. I was also doing a bit of python coding over these interfaces to perform actions and sniff traffic. I might post that if anyone is interested. Mostly I have been hacking around on blockchain stuff and creating full course content recently so keep a look out for that in the future.

What Is Keylogger? Uses Of Keylogger In Hacking ?

What is keylogger?

How does hacker use keylogger to hack social media account and steal important data for money extortion and many uses of keylogger ?

Types of keylogger?

===================

Keylogger is a tool that hacker use to monitor and record the keystroke you made on your keyboard. Keylogger is the action of recording the keys struck on a keyboard and it has capability to record every keystroke made on that system as well as monitor screen recording also. This is the oldest forms of malware.

Sometimes it is called a keystroke logger or system monitor is a type of surveillance technology used to monitor and record each keystroke type a specific computer's keyboard. It is also available for use on smartphones such as Apple,I-phone and Android devices.

A keylogger can record instant messages,email and capture any information you type at any time using your keyboard,including usernames password of your social media ac and personal identifying pin etc thats the reason some hacker use it to hack social media account for money extortion.

======================

Use of keylogger are as follows-

1-Employers to observe employee's computer activity.

2-Attacker / Hacker used for hacking some crucial data of any organisation for money extortion.

3-Parental Control is use to supervise their children's internet usage and check to control the browsing history of their child.

4-Criminals use keylogger to steal personal or financial information such as banking details credit card details etc and then which they will sell and earn a good profit.

5-Spouse/Gf tracking-if you are facing this issue that your Spouse or Gf is cheating on you then you can install a keylogger on her cell phone to monitor her activities over the internet whatever you want such as check Whats app, facebook and cell phone texts messages etc .

=====================

Basically there are two types of keylogger either the software or hardware but the most common types of keylogger across both these are as follows-

1-API based keylogger

2-Form Grabbing Based Keylogger

3-Kernal Based Keylogger

4-Acoustic Keylogger ETC .

====================

How to detect keylogger on a system?

An antikeylogger is a piece of software specially designed to detect it on a computer.

Sometype of keylogger are easily detected and removed by the best antivirus software.

You can view the task manager(list of current programs) on a windows PC by Ctrl+Alt+Del to detect it.

Use of any software to perform any illegal activity is a crime, Do at your own risk.

Related links

Open Sesame - A Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored

A python tool which runs to display random publicly disclosed Hackerone reports when bored. Automatically opens the report in browser.

Contains Over 8k Publicly disclosed Hackerone reports and addtl. wordlist of ~700 bug bounty writeups.

This is a productivity tool for security enthusiasts and bug bounty hunters. I have written a blog here giving my idea of how to use this efficiently.
Launching Open Sesame!

Additional features include:

Opening URL from custom wordlist which has bug bounty writeups.
Fetching and Updating the newly disclosed Hackerone publicly disclosed reports.

Usage:
Pl install components in rquirements.txt
python3 default.py Opens a random magic URL from the collection of publicly disclosed h1 reports.

python3 default.py --custom Opens a random magic URL from the collection of custom wordlist having bug bounty writeups.

python3 default.py --refresh Refreshes and adds newly publicly disclosed h1 reports to your file(final.txt)

Known Issues

The ability of not able to distinguish between completely publicly disclosed reports and reports with limited disclosures.
The tool may break in the way of how it works if it gets run after a long time. The default range specified is scraping 10 pages to reduce load on the site. If you believe you are running it after a long time, consider increasing the range upto 50 in main for loop in refresh.py before running. This will enable collecting all the reports till the recent report extracted in the final.txt.

Thanks

h1.nobbd(dot)de
bugreader(dot)com
Awesome-Bugbounty-Writeups Repo
and other helpful sources.. :)

Download Open-Sesame

via KitPloit

Continue reading

Wednesday, May 20, 2020

Trendnet Cameras - I Always Feel Like Somebody'S Watching Me.

Firstly this post requires the following song to be playing.

http://www.youtube.com/watch?v=wVfjwIyc-CU

Now that we got that out of the way... I have been seeing posts on sites with people having fun with embedded systems/devices and I was feeling left out. I didn't really want to go out and buy a device so I looked at what was laying around.

Enter the Trendnet TV-IP110w - http://www.trendnet.com/products/proddetail.asp?prod=145_TV-IP110W

To start off the latest firmware for this device can be found at the following location :

http://downloads.trendnet.com/tv-ip110w/firmware/FW_TV-IP110W_A1.x(1.1.0.104).zip

First order of business was to update the camera with the most recent firmware:

Device info page confirming firmware version

Now that the device was using the same version of firmware as I was going to dive into, lets get to work. I will be using binwalk to fingerprint file headers that exist inside the firmware file. Binwalk can be downloaded from the following url: http://code.google.com/p/binwalk/

Running binwalk against the firmware file

binwalk FW_TV-IP110W_1.1.0-104_20110325_r1006.pck
DECIMAL HEX DESCRIPTION
-------------------------------------------------------------------------------------------------------
32320 0x7E40 gzip compressed data, from Unix, last modified: Thu Mar 24 22:59:08 2011, max compression
679136 0xA5CE0 gzip compressed data, was "rootfs", from Unix, last modified: Thu Mar 24 22:59:09 2011, max compression

Looks like there are two gzip files in the "pck" file. Lets carve them out using 'dd'. First cut the head off the file and save it off as '1_unk'

#dd if=FW_TV-IP110W_1.1.0-104_20110325_r1006.pck of=1_unk bs=1 count=32320
32320+0 records in
32320+0 records out
32320 bytes (32 kB) copied, 0.167867 s, 193 kB/s

Next cut out the first gzip file that was identified, we will call this file '2'

#dd if=FW_TV-IP110W_1.1.0-104_20110325_r1006.pck of=2 bs=1 skip=32320 count=646816
646816+0 records in
646816+0 records out
646816 bytes (647 kB) copied, 2.87656 s, 225 kB/s

Finally cut the last part of the file out that was identified as being a gzip file, call this file '3'

#dd if=FW_TV-IP110W_1.1.0-104_20110325_r1006.pck of=3 bs=1 skip=679136
2008256+0 records in
2008256+0 records out
2008256 bytes (2.0 MB) copied, 8.84203 s, 227 kB/s

For this post I am going to ignore files '1_unk' and '2' and just concentrate on file '3' as it contains an interesting bug :) Make a copy of the file '3' and extract it using gunzip

#file 3
3: gzip compressed data, was "rootfs", from Unix, last modified: Thu Mar 24 22:59:09 2011, max compression
#cp 3 3z.gz
#gunzip 3z.gz
gzip: 3z.gz: decompression OK, trailing garbage ignored
#file 3z
3z: Minix filesystem, 30 char names

As we can see the file '3' was a compressed Minix file system. Lets mount it and take a look around.

#mkdir cameraFS
#sudo mount -o loop -t minix 3z cameraFS/
#cd cameraFS/
#ls
bin dev etc lib linuxrc mnt proc sbin server tmp usr var

There is all sorts of interesting stuff in the "/server" directory but we are going to zero in on a specific directory "/server/cgi-bin/anony/"

#cd server/cgi-bin/anony/
#ls
jpgview.htm mjpeg.cgi mjpg.cgi view2.cgi

The "cgi-bin" directory is mapped to the root directory of http server of the camera, knowing this we can make a request to http://192.168.1.17/anony/mjpg.cgi and surprisingly we get a live stream from the camera.

video stream. giving no fucks.

Now at first I am thinking, well the directory is named "anony" that means anonymous so this must be something that is enabled in the settings that we can disable.... Looking at the configuration screen you can see where users can be configured to access the camera. The following screen shows the users I have configured (user, guest)

Users configured with passwords.

Still after setting up users with passwords the camera is more than happy to let me view its video stream by making our previous request. There does not appear to be a way to disable access to the video stream, I can't really believe this is something that is intended by the manufacturer. Lets see who is out there :)

Because the web server requires authentication to access it (normally) we can use this information to fingerprint the camera easily. We can use the realm of 'netcam' to conduct our searches

HTTP Auth with 'netcam' realm

Hopping on over to Shodan (http://www.shodanhq.com) we can search for 'netcam' and see if there is anyone out there for us to watch

9,500 results

If we check a few we can see this is limited to only those results with the realm of 'netcam' and not 'Netcam'

creepy hole in the wall

front doors to some business

Doing this manually is boring and tedious, wouldn't it be great if we could automagically walk through all 9,500 results and log the 'good' hosts.... http://consolecowboys.org/scripts/camscan.py

This python script requires the shodan api libs http://docs.shodanhq.com/ and an API key. It will crawl the shodan results and check if the device is vulnerable and log it. The only caveat here is that the shodan api.py file needs to be edited to allow for including result page offsets. I have highlighted the required changes below.

def search(self, query,page=1):
"""Search the SHODAN database.

Arguments:
query -- search query; identical syntax to the website
page -- page number of results

Returns:
A dictionary with 3 main items: matches, countries and total.
Visit the website for more detailed information.

"""
return self._request('search', {'q': query,'page':page})

Last I ran this there was something like 350 vulnerable devices that were available via shodan. Enjoy.

Update: We are in no way associated with the @TRENDnetExposed twitter account.

Continue reading

Nmap: Getting Started Guide

Nmap is a free utility tool for network discovery, port scanning and security auditing, even though we can use it for more than that but in this article we will learn how to do these three things with nmap.

The original author of nmap is Gordon Lyon (Fyodor). Nmap is licensed under GPL v2 and has available ports in many different languages. Nmap is available for Linux, Windows, and Mac OS X. You can download your copy of nmap from their website.

Lets get started with nmap.

When performing pentests we always look for networks we are going to attack. We need to identify live hosts on the network so that we can attack them. There are plenty of tools available for finding live hosts on a network but nmap is one of the best tools for doing this job.

Lets start with simple host (target) discovery scans i,e scans that will tell us which ip address is up on our target network. Those ip addresses which are up on our target network are the ones that are assigned to a device connected on our target network. Every device on the network is going to have a unique ip address.
To perform a simple host discovery scan we use the following command

nmap -v -sn 10.10.10.0/24

flags we used in the above command are
-v for verbose output
-sn to disable port scan (we don't want to scan for ports right now)

Following the flags is the ip address of the target network on which we want to look for live hosts. The /24 at the end of the ip address is the CIDR that specifies the subnet of the network on which we are looking for live hosts.

After running the above command you should get a list of live hosts on your target network.
If you just want to know the list of ip addresses your command is going to scan, you can use the -sL flag of the nmap like this.

nmap -sL 10.10.10.0/24

this command will simply output the list of ip addresses to scan.

We sometimes want to do dns resolution (resolving ip addresses to domain names) when performing our network scans and sometimes we don't want dns resolution. While performing a host discovery scan with nmap if we want to perform dns resolution we use -R flag in our command like this:

nmap -v -sn -R 10.10.10.0/24

And if we don't want to perform dns resolution of hosts during our scan we add the -n flag to our command like this:

nmap -v -sn -n 10.10.10.0/24

After we have discovered the hosts that are up on our target network, we usually put the ip addresses of these hosts into a file for further enumeration.

Next step in our enumeration would be to detect which operating system and which ports are running on these live hosts, for that we run this command:

nmap -O -v 10.10.10.119

here we use -O (capital o not zero) for operating system detection and by default nmap performs SYN Scan for port discovery. However nmap scans for 1000 ports only by default of a particular host.

To make nmap go over a list of ip addresses in a file we use -iL flag like this:

nmap -O -v -iL targetlist

where targetlist is the name of the file which contains ip addresses that we want to perform port scan on.

To make nmap scan all the ports of a target we use the -p flag like this:

nmap -p- -v 10.10.10.121

We can also specify a range of ports using the -p flag like this:

nmap -p1-500 -v 10.10.10.121

here 1-500 means scan all the ports from 1 to 500.

We can use a number of scan techniques to discover open ports on our network but I will only discuss some of them for brevity.

We can perform a TCP SYN scan using nmap with -sS flag like this:

nmap -sS -v 10.10.10.150

We have also flags for TCP connect and ACK scans which are -sT -sA

nmap -sT -v 10.10.10.150

nmap -sA -v 10.10.10.150

We can also perform UDP scan as well instead of TCP scan using -sU flag

nmap -sU -v 10.10.10.150

We can perform TCP Null, FIN, and Xmas scans using the flags -sN, -sF, -sX

nmap -sN -v 10.10.10.150

nmap -sF -v 10.10.10.150

nmap -sX -v 10.10.10.150

If you don't know what these scans are then please visit Port Scanning Techniques and Algorithms for explanation.

After discovering the open ports on our target host, we want to enumerate what services are running on those open ports. To enumerate services and versions information on open ports we use the -sV flag like this:

nmap -sV -v 10.10.10.118

This should give us information about what services are running on what ports and what versions of those services are running on the target host.

nmap has an interesting feature called NSE nmap scripting engine. It allows users to write their own scripts, using the Lua programming language, to automate a wide variety of networking tasks. nmap ships with a diverse set of scripts which are very helpful to enumerate a target. To use the nmap default set of scripts while enumerating the target, we use the -sC flag like this:

nmap -sC -sV -v 10.10.10.118

We can also save the results of our nmap scans to a file using the -o flag like this

nmap -sC -sV -v -oA defaultscan 10.10.10.119

here -oA tells the nmap to output results in the three major formats at once and defaultscan is the name of the file that will be prepended to all the three output files.

This is the end of this short tutorial see you next time.

References:
https://nmap.org/book/scan-methods-null-fin-xmas-scan.html

Related articles

OSWA™

"The OSWA™-Assistant is a self-contained, no Operating System required, freely downloadable, standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer's CDROM and making your computer boot from it!" read more...

Website: http://oswa-assistant.securitystartshere.org

Continue reading

Android SSHControl V1.0 Relased!!!

Hoy sabado 15, he subido al Market de Android la versión 1.0 de SSHControl, con nuevas funcionalades y la esperada opción "Custom Commands".

Esta aplicación permite controlar tus servidores linux, bsd y unix con solo un dedo, mediante esta app Android.
Y soluciona las siguientes problemáticas:
- Manejar una shell desde el pequeño teclado de un móvil es engorroso.
- Leer todos los resultados de un comando en la pantalla del móvil, nos dejamos la vista.

Esta app permite interactuar con servidores remotos simplemente haciendo pulsaciones en la pantalla, mediante un explorador de ficheros, de conexiones, etc..

Las funcionalidades nuevas de esta versión 1.0 son:

- Administración del Firewall Iptables.
- Opción de Custom Commands, tal como había prometido.

Las funcionalidades ya presentes en la v0.8 son:

- escalada a root mediante su y sudo
- gestor de procesos
- explorador de ficheros, editor de ficheros, editor de permisos.
- monitorización y baneo de conexiones
- Visualizadores de logs
- administrador de drivers
- estadisticas de disco

Para la versión 2.0 preveo:

- Escuchar música remota
- Descarga de ficheros (wget)
- Transferencia segura de ficheros entre servidores (scp)
- Gestures, para administrar los sitemas en plan minority report :)

App disponible en el market para 861 tipos de dispositivos y pronto disponible en tablets.

https://market.android.com/details?id=net.ssh.SSHControl

Cualquier sugerencia de mejora: sha0 [4t] badchecksum [d0t] net

Related news

Tuesday, May 19, 2020

DOWNLOAD BLACKMART ANDROID APP – DOWNLOAD PLAYSTORE PAID APPS FREE

Android made endless possibilities for everyone. It introduced a platform where are millions of apps that a user can download and buy depending on their needs. You're thinking about Google PlayStore, yes I am also talking about Google PlayStore. It's categorized app collection depending on every niche of life. Few of them are free and some of them are paid. Most of the paid apps are only charges small cost in between $2 to $8, but few apps are highly costly that make cost over $50 even, which is not possible for every user to buy and get benefit from it. So, here I am sharing a really useful app, that can make every Google PlayStore app for you to download it for free. You can download any paid app that may even cost about $50. It's totally free. Download blackmart Android app and download google play store paid apps freely.

DOWNLOAD BLACKMART ANDROID APP – DOWNLOAD PLAYSTORE PAID APPS FREE

It's extremely easy to use.
It has a Multilingual option for a global user experience.
The app doesn't ask for any payments.
Capable to download full of downloadable applications.
Super fast in downloading and installation.

More articles