Sottolineature pescate qua e la quando capita

lunedì 31 agosto 2020

What Is Keylogger? Uses Of Keylogger In Hacking ?


What is keylogger? 

How does hacker use keylogger to hack social media account and steal important data for money extortion and many uses of keylogger ?

Types of keylogger? 

===================

Keylogger is a tool that hacker use to monitor and record the keystroke you made on your keyboard. Keylogger is the action of recording the keys struck on a keyboard and it has capability to record every keystroke made on that system as well as monitor screen recording also. This is the oldest forms of malware.


Sometimes it is called a keystroke logger or system monitor is a type of surveillance technology used to monitor and record each keystroke type a specific computer's keyboard. It is also available for use on smartphones such as Apple,I-phone and Android devices.


A keylogger can record instant messages,email and capture any information you type at any time using your keyboard,including usernames password of your social media ac and personal identifying pin etc thats the reason some hacker use it to hack social media account for money extortion.

======================

Use of keylogger are as follows- 

1-Employers to observe employee's computer activity. 

2-Attacker / Hacker used for hacking some crucial data of any organisation for money extortion.

3-Parental Control is use to supervise their children's internet usage and check to control the browsing history of their child.

4-Criminals use keylogger to steal personal or financial information such as banking details credit card details etc and then which they will sell and earn a good profit. 

5-Spouse/Gf tracking-if you are facing this issue that your Spouse or Gf is cheating on you then you can install a keylogger on her cell phone to monitor her activities over the internet whatever you want such as check Whats app, facebook and cell phone texts messages etc . 

=====================

Basically there are two types of keylogger either the software or hardware but the most common types of keylogger across both these are as follows-

1-API based keylogger 

2-Form Grabbing Based Keylogger 

3-Kernal Based Keylogger 

4-Acoustic Keylogger ETC . 

====================

How to detect keylogger on a system?

An antikeylogger is a piece of software specially designed to detect it on a computer. 

Sometype of keylogger are easily detected and removed by the best antivirus software. 

You can view  the task manager(list of current programs) on a windows PC by Ctrl+Alt+Del to detect it.

Use of any software to perform any illegal activity is a crime, Do at your own risk.




Continue reading


  1. Pentest Tools Framework
  2. Hacking Tools For Windows
  3. Pentest Automation Tools
  4. Pentest Tools Subdomain
  5. Hacking Tools Windows
  6. Hacking Tools For Mac
  7. Hacking App
  8. Pentest Tools Url Fuzzer
  9. Hacking Tools 2019
  10. Hack Tools Pc
  11. Nsa Hacker Tools
  12. Pentest Recon Tools
  13. Nsa Hacker Tools
  14. Hacker Tools Free
  15. Pentest Tools For Mac
  16. Pentest Tools Apk
  17. Wifi Hacker Tools For Windows
  18. Hack Tools 2019
  19. World No 1 Hacker Software
  20. Nsa Hack Tools
  21. Hack Tools For Pc
  22. Pentest Tools Free
  23. Hacker Tools Github
  24. Nsa Hacker Tools
  25. Free Pentest Tools For Windows
  26. Hacker Tool Kit
  27. Nsa Hack Tools Download
  28. Hacking Tools Free Download
  29. Hacking Tools Pc
  30. Physical Pentest Tools
  31. Hacking Tools Software
  32. Pentest Tools Nmap
  33. Hacking Tools For Mac
  34. Pentest Tools Framework
  35. Hacking Tools Pc
  36. Tools Used For Hacking
  37. Hacker Tools Online
  38. Hacking Tools For Beginners
  39. Hacker Tools Online
  40. Pentest Tools For Mac
  41. Hack Tools For Games
  42. Hacker Tools Mac
  43. How To Install Pentest Tools In Ubuntu
  44. Hack Tools Download
  45. Pentest Tools For Mac
  46. Hacker Tools Free
  47. Pentest Tools Review
  48. Hacking Tools Usb
  49. Pentest Tools Website
  50. Github Hacking Tools
  51. Hacker Search Tools
  52. Hacker Tools List
  53. Tools Used For Hacking
  54. Pentest Tools Framework
  55. Hack Tools
  56. Hacker Tools For Pc
  57. Tools For Hacker
  58. Usb Pentest Tools
  59. Pentest Tools For Android
  60. Hacking App
  61. Hacker Tools For Ios
  62. Tools Used For Hacking
  63. Hacking Tools Download
  64. Hacking Tools Mac
  65. Hacker Tool Kit
  66. Hacker Search Tools
  67. Easy Hack Tools
  68. Tools For Hacker
  69. Hacking Tools Free Download
  70. Pentest Tools For Mac
  71. Easy Hack Tools
  72. Hacker Tools For Pc
  73. Hackrf Tools
  74. Black Hat Hacker Tools
  75. Hacker Tools 2019

Spykey - FUD Win32 Keylogger And Reverse Shell

Related links


domenica 30 agosto 2020

CORS Misconfigurations On A Large Scale

Inspired by James Kettle's great OWASP AppSec Europe talk on CORS misconfigurations, we decided to fiddle around with CORS security issues a bit. We were curious how many websites out there are actually vulnerable because of dynamically generated or misconfigured CORS headers.

The issue: CORS misconfiguration

Cross-Origin Resource Sharing (CORS) is a technique to punch holes into the Same-Origin Policy (SOP) – on purpose. It enables web servers to explicitly allow cross-site access to a certain resource by returning an Access-Control-Allow-Origin (ACAO) header. Sometimes, the value is even dynamically generated based on user-input such as the Origin header send by the browser. If misconfigured, an unintended website can access the resource. Furthermore, if the Access-Control-Allow-Credentials (ACAC) server header is set, an attacker can potentially leak sensitive information from a logged in user – which is almost as bad as XSS on the actual website. Below is a list of CORS misconfigurations which can potentially be exploited. For more technical details on the issues read the this fine blogpost.

Misconfiguation Description
Developer backdoorInsecure developer/debug origins like JSFiddler CodePen are allowed to access the resource
Origin reflectionThe origin is simply echoed in ACAO header, any site is allowed to access the resource
Null misconfigurationAny site is allowed access by forcing the null origin via a sandboxed iframe
Pre-domain wildcardnotdomain.com is allowed access, which can simply be registered by the attacker
Post-domain wildcarddomain.com.evil.com is allowed access, can be simply be set up by the attacker
Subdomains allowedsub.domain.com allowed access, exploitable if the attacker finds XSS in any subdomain
Non-SSL sites allowedAn HTTP origin is allowed access to a HTTPS resource, allows MitM to break encryption
Invalid CORS headerWrong use of wildcard or multiple origins,not a security problem but should be fixed

The tool: CORStest

Testing for such vulnerabilities can easily be done with curl(1). To support some more options like, for example, parallelization we wrote CORStest, a simple Python based CORS misconfiguration checker. It takes a text file containing a list of domain names or URLs to check for misconfigurations as input and supports some further options:

usage: corstest.py [arguments] infile

positional arguments:
infile File with domain or URL list

optional arguments:
-h, --help show this help message and exit
-c name=value Send cookie with all requests
-p processes multiprocessing (default: 32)
-s always force ssl/tls requests
-q quiet, allow-credentials only
-v produce a more verbose output

CORStest can detect potential vulnerabilities by sending various Origin request headers and checking for the Access-Control-Allow-Origin response. An example for those of the Alexa top 750 websites which allow credentials for CORS requests is given below.

Evaluation with Alexa top 1 Million websites

To evaluate – on a larger scale – how many sites actually have wide-open CORS configurations we did run CORStest on the Alexa top 1 million sites:

$ git clone https://github.com/RUB-NDS/CORStest.git && cd cors/
$ wget -q http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
$ unzip top-1m.csv.zip
$ awk -F, '{print $2}' top-1m.csv > alexa.txt
$ ./corstest.py alexa.txt

This test took about 14 hours on a decent connection and revealed the following results:

Only 29,514 websites (about 3%) actually supported CORS on their main page (aka. responded with Access-Control-Allow-Origin). Of course, many sites such as Google do only enable CORS headers for certain resources, not directly on their landing page. We could have crawled all websites (including subdomains) and fed the input to CORStest. However, this would have taken a long time and for statistics, our quick & dirty approach should still be fine. Furthermore it must be noted that the test was only performed with GET requests (without any CORS preflight) to the http:// version of websites (with redirects followed). Note that just because a website, for example, reflects the origin header it is not necessarily vulnerable. The context matters; such a configuration can be totally fine for a public sites or API endpoints intended to be accessible by everyone. It can be disastrous for payment sites or social media platforms. Furthermore, to be actually exploitable the Access-Control-Allow-Credentials: true (ACAC) header must be set. Therefore we repeated the test, this time limited to sites that return this header (see CORStest -q flag):

$ ./corstest.py -q alexa.txt

This revealed even worse results - almost half of the websites supporting ACAO and ACAC headers contained a CORS misconfigurations that could be exploited directly by a web attacker (developer backdoor, origin reflection, null misconfig, pre-/post-domain wildcard):

The Impact: SOP/SSL bypass on payment and taxpayer sites

Note that not all tested websites actually were exploitable. Some contained only public data and some others - such as Bitbucket - had CORS enabled for their main page but not for subpages containing user data. Manually testing the sites, we found to be vulnerable:
  • A dozen of online banking, bitcoin and other payment sites; one of them allowed us to create a test account so we were able to write proof-of-concept code which could actually have been used to steal money
  • Hundred of online shops/e-commerce sites and a bunch of hotel/flight booking sites
  • Various social networks and misc sites which allow users to log in and communicate
  • One US state's tax filing website (however, this one was exploitable by a MitM only)
We informed all sites we manually tested and found to be vulnerable. A simple exploit code example when logged into a website with CORS origin reflection is given below.


The Reason: Copy & Paste and broken frameworks

We were further interested in reasons for CORS misconfigurations. Particularly we wanted to learn if there is a correlation between applied technology and misconfiguration. Therefore we used WhatWeb to fingerprint the web technologies for all vulnerable sites. CORS is usually enabled either directly in the HTTP server configuration or by the web application/framework. While we could not identify a single major cause for CORS misconfigurations, we found various potential reasons. A majority of dangerous Access-Control-* headers had probably been introduced by developers, others however are based on bugs and bad practices in some products. Insights follow:
  • Various websites return invalid CORS headers; besides wrong use of wildcards such as *.domain.com, ACAO headers which contain multiple origins can often be found; Other examples of invalid - but quite creative - ACAO values we observed are: self, true, false, undefined, None, 0, (null), domain, origin, SAMEORIGIN
  • Rack::Cors, the de facto standard library to enable CORS for Ruby on Rails maps origins '' or origins '*' into reflecting arbitrary origins; this is dangerous, because developers would think that '' allows nothing and '*' behaves according to the spec: mostly harmless because it cannot be used to make to make 'credentialed' requests; this config error leads to origin reflection with ACAC headers on about a hundred of the tested and vulnerable websites
  • A majority of websites which allow a http origin to CORS access a https resource are run on IIS; this seems to be no bug in IIS itself but rather caused by bad advises found on the Internet
  • nginx is the winner when it comes serving websites with origin reflections; again, this is not an issue of nginx but of dangerous configs copied from "Stackoverflow; same problem for Phusion Passenger
  • The null ACAO value may be based on programming languages that simply return null if no value is given (we haven't found any specific framework though); another explanation is that 'CORS in Action', a popular book on CORS, contains various examples with code such as var originWhitelist = ['null', ...], which could be misinterpreted by developers as safe
  • If CORS is enabled in the crVCL PHP Framework, it adds ACAC and ACAO headers for a configured domain. Unfortunatelly, it also introduces a post-domain and pre-subdomain wildcard vulnerability: sub.domain.com.evil.com
  • All sites that are based on "Solo Build It!" (scam?) respond with: Access-Control-Allow-Origin: http://sbiapps.sitesell.com
  • Some sites have :// or // as fixed ACAO values. How should browsers deal with this? Inconsistent at least! Firefox, Chrome, Safari and Opera allow arbitrary origins while IE and Edge deny all origins.
More articles
  1. Pentest Tools Kali Linux
  2. Pentest Tools Linux
  3. Pentest Tools Port Scanner
  4. Hacker Tools Apk Download
  5. Hack Tools For Pc
  6. Pentest Tools Nmap
  7. Best Hacking Tools 2020
  8. Tools Used For Hacking
  9. Pentest Tools For Mac
  10. Hack Tool Apk No Root
  11. Hak5 Tools
  12. Hacking Tools For Mac
  13. Hacker Techniques Tools And Incident Handling
  14. Hacking Tools Software
  15. Hacker Tools Free
  16. Pentest Automation Tools
  17. Hacker Tools For Windows
  18. Hacker Tool Kit
  19. Pentest Tools Subdomain
  20. Hacking Tools Hardware
  21. Hacker Tools For Pc
  22. Growth Hacker Tools
  23. Pentest Tools Url Fuzzer
  24. Termux Hacking Tools 2019
  25. Hack Tool Apk No Root
  26. Hacker Tool Kit
  27. Hacker Tools For Windows
  28. Hack Tools Online
  29. Hacking Tools For Windows
  30. Hacker Tools Software
  31. Hack Tool Apk No Root
  32. Ethical Hacker Tools
  33. Hacker Tools
  34. Pentest Tools Free
  35. Hacking Tools For Kali Linux
  36. World No 1 Hacker Software
  37. Hack Tools For Windows
  38. Hacker Tools Linux
  39. Pentest Tools Website Vulnerability
  40. Tools For Hacker
  41. Pentest Box Tools Download
  42. World No 1 Hacker Software
  43. Hacking Tools Kit
  44. Hacking Tools For Windows Free Download
  45. Pentest Tools Tcp Port Scanner
  46. Hacker Tools Apk
  47. Pentest Tools Tcp Port Scanner
  48. Hack Tools Download
  49. Pentest Tools Download
  50. Termux Hacking Tools 2019
  51. Hack Tools Download
  52. Computer Hacker
  53. Hacker Tools For Windows
  54. Best Pentesting Tools 2018
  55. Hacking Tools Windows 10
  56. Hacker Tools For Pc
  57. New Hacker Tools
  58. Hacker Tools 2019
  59. Pentest Tools Android
  60. How To Hack
  61. Hacking Tools Windows 10
  62. Beginner Hacker Tools
  63. Hack Tools Download
  64. Pentest Tools List
  65. Hacker Tool Kit
  66. Hacking Tools Software
  67. Pentest Recon Tools
  68. Pentest Tools Find Subdomains
  69. Pentest Tools Alternative
  70. Black Hat Hacker Tools
  71. Hacker Tools For Windows
  72. Beginner Hacker Tools
  73. Hack Tools Github
  74. Pentest Tools For Windows
  75. Physical Pentest Tools
  76. Hack Tools
  77. Hack Tools Download
  78. Hacker
  79. How To Make Hacking Tools
  80. Pentest Tools List
  81. Ethical Hacker Tools
  82. Hacking Tools Free Download
  83. Hacker Hardware Tools
  84. Hacker Tools For Windows
  85. How To Install Pentest Tools In Ubuntu
  86. Hacker Search Tools
  87. Computer Hacker
  88. Hack Tools For Pc
  89. Pentest Tools Alternative
  90. Hacker Tools Online
  91. Hacking Apps
  92. Hacker Tools Hardware
  93. Hacker Tools Apk Download
  94. Pentest Tools Alternative
  95. Hak5 Tools
  96. Beginner Hacker Tools
  97. Blackhat Hacker Tools
  98. Hacks And Tools
  99. Hack Tools Mac
  100. Pentest Tools Windows
  101. Pentest Tools For Ubuntu
  102. Pentest Tools Free
  103. Hacking Tools Pc
  104. Hacking Tools Kit
  105. Hack Apps
  106. Hacker Tools For Mac
  107. Hacking Tools Online
  108. Wifi Hacker Tools For Windows
  109. Pentest Tools Free
  110. Tools Used For Hacking
  111. Hack Tools For Mac
  112. Hacking Tools For Windows 7
  113. Hacker Tools 2019
  114. Pentest Tools List
  115. Hacking Tools Windows
  116. Pentest Tools Open Source
  117. Tools Used For Hacking
  118. Hacking Tools Free Download
  119. Pentest Tools Online
  120. Pentest Tools Tcp Port Scanner
  121. Hacker Tools Online
  122. Ethical Hacker Tools
  123. Hack Tools Online
  124. What Is Hacking Tools
  125. Best Pentesting Tools 2018
  126. Hack Tools Download
  127. Hacker Tool Kit
  128. Pentest Tools Kali Linux
  129. How To Make Hacking Tools
  130. Hacking Tools For Pc
  131. Hacking Tools For Windows
  132. New Hacker Tools
  133. New Hack Tools
  134. Pentest Tools Download
  135. Kik Hack Tools
  136. Pentest Tools Website
  137. Nsa Hack Tools
  138. Best Hacking Tools 2020
  139. Hacker Tools For Ios
  140. Pentest Tools Alternative
  141. Hacker Tools For Windows
  142. Pentest Tools Linux
  143. Pentest Tools Port Scanner
  144. Nsa Hack Tools
  145. Hacker Tools Mac
  146. Pentest Tools Review

15 Important Run Commands Every Windows User Should Know

There are several ways to efficiently access the files, folders, and programs in Windows operating system. We can create shortcuts, pin programs to the taskbar, Start menu shortcuts etc. but we can't do it for all programs in many cases. However, the Windows Run Command box is one of the most efficient ways of accessing system programs, folders, and settings.

In this article, I am going to share 15 most important Run commands for Windows users. These commands can make it easier to manage a lot of tasks.
How to open Windows Run command box?
You need to press Win+R (Hold Windows button then Press R)

Important Run Commands Every Windows User Should Know

1. %temp%
This is the fastest way to clear the temporary files from your computer. It can save a lot of space which was being wasted by temporary files.
2. cmd 
This command will open the windows DOS command prompt. Windows command prompt is very useful for performing many tasks which are not possible using graphical user interface.
3. MSConfig
Windows Run Command - MSconfig-compressed
Windows System Configuration
This command will open Windows System Configuration where you can edit different things like the boot options, startup options, services, etc.
4. sysdm.cpl
Windows Run Command - sysdm cpl-compressed
System Properties window
This command will open the System Properties window, Where you can change the system protection and performance related many settings
5. Powershell
Powershell is very similar the command prompt. Just type this command in the Run dialog box, and you will have your PowerShell opened without administrator privileges.
6. perfmon.msc
Windows Run Command - perfmon msc-compressed
Windows System Performance monitor
This command can be used to monitor the performance of your computer. There are plenty of options for monitoring the system performance
7. regedit
Regedit Run command is used to open the Windows Registry. It is a hierarchical database that hosts all the configurations and settings of Windows operating system, it's users and the installed software.
8. \ (Backslash)
This is one of the lesser known Run commands. Just enter the backslash into the Run dialog box and it will open up the C drive. It is one of the quickest ways to access the C drive.
9. . (Dot)
This is yet another lesser known Run command. When executed, it opens the current user's home folder which hosts all the other local folders like the Downloads, Documents, Desktop, Pictures, etc.
10. .. (Double Dots)
When you execute these two dots in the Run dialog box, it will open up the Users folder which is located directly on the C drive
11. Control
This command will open the control panel. Control panel is used for managing all the system settings and programs
12. hdwwiz.cpl
Windows Run Command - hdwwiz-
Windows Device Manager
This command is used to open the Device Manager in Windows. You can manage all the device connected internally or externally to your PC.
13. Notepad
The quickest way to open notepad in Windows. Just type this command in Run Box and hit enter.
14. osk
This command will open On-Screen Keyboard on your display monitor. You can easily touch and type or use your mouse for typing.
15. taskmgr 
This command will open task manager where you can manage all the processes and programs running on Windows Operating system.

Related word


  1. Top Pentest Tools
  2. Hacker Tools For Ios
  3. Hacker Tools Mac
  4. Hacker Tools 2019
  5. Hacker Tools Software
  6. Pentest Tools Tcp Port Scanner
  7. Pentest Tools For Windows
  8. Hacking Tools And Software
  9. Hacking Tools Online
  10. Hacking Tools For Pc
  11. Hack Tools Download
  12. Pentest Tools Website Vulnerability
  13. Hacker Tool Kit
  14. Bluetooth Hacking Tools Kali
  15. Hacker Tools Github
  16. Hacker Security Tools
  17. Blackhat Hacker Tools
  18. Hacking Tools Github
  19. Pentest Tools Android
  20. New Hacker Tools
  21. Pentest Box Tools Download
  22. Kik Hack Tools
  23. Black Hat Hacker Tools
  24. Hacking Tools For Windows
  25. Hacker Tools Online
  26. Hacking Tools For Kali Linux
  27. Pentest Recon Tools
  28. Tools 4 Hack
  29. Pentest Tools Framework
  30. Kik Hack Tools
  31. Usb Pentest Tools
  32. Pentest Tools Download
  33. Hack Apps
  34. Android Hack Tools Github
  35. Best Hacking Tools 2019
  36. Hack Tools For Ubuntu
  37. Hack Tools Download
  38. Hacker Tools Online
  39. Best Pentesting Tools 2018
  40. Hacker Tools Windows
  41. How To Make Hacking Tools
  42. Best Hacking Tools 2020
  43. Pentest Tools Review
  44. Nsa Hack Tools Download
  45. Hackrf Tools
  46. Hacking Tools For Kali Linux
  47. Pentest Tools Linux
  48. Pentest Reporting Tools
  49. Hacking Tools Kit
  50. Pentest Tools Website
  51. Hacking Tools Windows 10
  52. Hacks And Tools
  53. Termux Hacking Tools 2019
  54. Hacker Techniques Tools And Incident Handling
  55. Hack Tools For Pc
  56. What Are Hacking Tools
  57. Hacker Tools 2019
  58. Nsa Hacker Tools
  59. Pentest Tools Online
  60. Pentest Box Tools Download
  61. Best Pentesting Tools 2018

Lettori fissi

Archivio blog