Home Others
Category:

Others

10 funny stereotypes about Hackers - blackMORE Ops - 10
Database

10 funny stereotypes about Hackers

by blackMORE
written by blackMORE

Hackers are considered as miracle workers(!); yeah right! Perhaps they are but sometimes Hackers are exaggerated so much that it becomes hard to separate reality from fiction.

10 funny stereotypes about Hackers - blackMORE Ops - 10

Sometimes wearing a mask and gloves also helps create identity.


 

 

10 funny stereotypes about Hackers - blackMORE Ops - 9

If they were this good-looking, they would have chosen modeling or acting, of course!


 

 

10 funny stereotypes about Hackers - blackMORE Ops - 9.5

Nothing to see here, just my mission selection database.


 

 

10 funny stereotypes about Hackers - blackMORE Ops - 8

Pretty sure there’s no chance I’m going to be in jail in at least next 50 years.


 

 

10 funny stereotypes about Hackers - blackMORE Ops - 7

Seriously people, this is no Ocean’s Eleven going on.

Pages: 1 2

0 comments
0 FacebookTwitterPinterestEmail
How to add RBL check on Zimbra Server - blackMORE Ops - 2
Browser

How to add RBL on Zimbra Server?

by blackMORE
written by blackMORE

A DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is an effort to stop email spamming. It is a “blacklist” of locations on the Internet reputed to send email spam. The locations consist of IP addresses which are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists. The term “Blackhole List” is sometimes interchanged with the term “blacklist” and “blocklist”. How to add RBL check on Zimbra Server - blackMORE Ops - 2

A DNSBL is a software mechanism, rather than a specific list or policy. There are dozens of DNSBLs in existence, which use a wide array of criteria for listing and delisting of addresses. These may include listing the addresses of zombie computers or other machines being used to send spam, ISPs who willingly host spammers, or those which have sent spam to a honeypot system.

Since the creation of the first DNSBL in 1997, the operation and policies of these lists have been frequently controversial, both in Internet advocacy and occasionally in lawsuits. Many email systems operators and users[4] consider DNSBLs a valuable tool to share information about sources of spam, but others including some prominent Internet activists have objected to them as a form of censorship. In addition, a small number of DNSBL operators have been the target of lawsuits filed by spammers seeking to have the lists shut down.[Wiki]

What is Zimbra?

In case you haven’t used or heard of Zimbra,

Zimbra is an enterprise-class email, calendar and collaboration solution built for the cloud, both public and private. With a redesigned browser-based interface, Zimbra offers the most innovative messaging experience available today, connecting end users to the information and activity in their personal clouds.

It provides:

  1. Messaging and Collaboration
  2. Advanced, Integrated Web Experience
  3. Simplified Administration
  4. Anywhere, Any Device

Zimbra’s Open Source Community

Since the inception, Zimbra has been a community. All of Zimbra Collaboration Open Source Edition software, documentation and innovation has been created, tested, used, and discussed openly by people like you participating in our Open Source Community. It’s contributors diagnose bugs, fix bugs, translate programs, submit patches, point out deficiencies in documentation, answer community questions, submit killer applications, alert Zimbra to something that needs tweaking, and write new software. No matter how you contribute, Zimbra welcomes new ideas and contributions for the advancement of greater shared knowledge and a better Zimbra Collaboration product.

See more here:

Add RBL check on Zimbra

Login to email server and su youreself to zimbra user.

# su - zimbra

Check current settings

$ zmprov gacf | grep zimbraMtaRestriction

Output:

zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_non_fqdn_sender

Currently reject_non_fqdn_sender and reject_non_fqdn_sender is set.

Add a test RBL server

Adding cbl.abuseat.org

$ zmprov mcf \
zimbraMtaRestriction reject_invalid_helo_hostname \
zimbraMtaRestriction reject_non_fqdn_sender \
zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org"

I used \ to break the lines. You can do it all in one line if you feel like.

$ zmprov mcf zimbraMtaRestriction reject_invalid_helo_hostname zimbraMtaRestriction reject_non_fqdn_sender zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org"

Test Output:

$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org

Adding multiple RBL servers in Zimbra

Going full on retard with RBL check

$ zmprov mcf \
zimbraMtaRestriction reject_invalid_helo_hostname \
zimbraMtaRestriction reject_non_fqdn_sender \
zimbraMtaRestriction reject_invalid_hostname  \
zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \
zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \
zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \
zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \
zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org"

New Output:

$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org

List of RBL servers:

Don’t go full retard with RBL in Zimbra; quite often some RBL servers blacklist good domains for absolutely no reasons (unexplained); so test; test; test until you have the best combination. Here’s a list of all the RBLs/DNSBls you can check your mail servers against(mostly free):

  1. b.barracudacentral.org
  2. bl.emailbasura.org
  3. bl.spamcannibal.org
  4. bl.spamcop.net
  5. blackholes.five-ten-sg.com
  6. blacklist.woody.ch
  7. bogons.cymru.com
  8. cbl.abuseat.org
  9. cdl.anti-spam.org.cn
  10. combined.abuse.ch
  11. combined.rbl.msrbl.net
  12. db.wpbl.info
  13. dnsbl-1.uceprotect.net
  14. dnsbl-3.uceprotect.net
  15. dnsbl.ahbl.org
  16. dnsbl.inps.de
  17. dnsbl.sorbs.net
  18. drone.abuse.ch
  19. drone.abuse.ch
  20. duinv.aupads.org
  21. dul.dnsbl.sorbs.net
  22. dul.ru
  23. dyna.spamrats.com
  24. dynip.rothen.com
  25. http.dnsbl.sorbs.net
  26. images.rbl.msrbl.net
  27. ips.backscatterer.org
  28. ix.dnsbl.manitu.net
  29. korea.services.net
  30. misc.dnsbl.sorbs.net
  31. noptr.spamrats.com
  32. ohps.dnsbl.net.au
  33. omrs.dnsbl.net.au
  34. orvedb.aupads.org
  35. osps.dnsbl.net.au
  36. osrs.dnsbl.net.au
  37. owfs.dnsbl.net.au
  38. owps.dnsbl.net.au
  39. pbl.spamhaus.org
  40. phishing.rbl.msrbl.net
  41. probes.dnsbl.net.au
  42. proxy.bl.gweep.ca
  43. proxy.block.transip.nl
  44. psbl.surriel.com
  45. rbl.interserver.net
  46. rbl.megarbl.net
  47. rdts.dnsbl.net.au
  48. relays.bl.gweep.ca
  49. relays.bl.kundenserver.de
  50. relays.nether.net
  51. residential.block.transip.nl
  52. ricn.dnsbl.net.au
  53. rmst.dnsbl.net.au
  54. sbl.spamhaus.org
  55. short.rbl.jp
  56. smtp.dnsbl.sorbs.net
  57. socks.dnsbl.sorbs.net
  58. spam.abuse.ch
  59. spam.dnsbl.sorbs.net
  60. spam.rbl.msrbl.net
  61. spam.spamrats.com
  62. spamlist.or.kr
  63. spamrbl.imp.ch
  64. t3direct.dnsbl.net.au
  65. tor.ahbl.org
  66. tor.dnsbl.sectoor.de
  67. torserver.tor.dnsbl.sectoor.de
  68. ubl.lashback.com
  69. ubl.unsubscore.com
  70. virbl.bit.nl
  71. virus.rbl.jp
  72. virus.rbl.msrbl.net
  73. web.dnsbl.sorbs.net
  74. wormrbl.imp.ch
  75. xbl.spamhaus.org
  76. zen.spamhaus.org
  77. zombie.dnsbl.sorbs.net

Reference

1 comment
0 FacebookTwitterPinterestEmail
things-to-know-about-linux-kernel-module
Linux

Linux Kernel Module – Basics

by blackMORE
written by blackMORE

things-to-know-about-linux-kernel-moduleThe Linux kernel is a monolithic Unix-like computer operating system kernel. The Linux operating system is based on it and deployed on both traditional computer systems such as personal computers and servers, usually in the form of Linux distributions, and on various embedded devices such as routers, wireless access points, PBXes, set-top boxes, FTA receivers, smart TVs, PVRs and NAS appliances. The Android operating system for tablet computers, smartphones and smartwatches is also based atop the Linux kernel.

Linux allows the Kernel to be configured at run time, to enable or disable different services as you see fit. This way you don’t have to compile a monolithic kernel, and can save some memory usage. Some modules you’ll only need for a short time, others you’ll need all the time. You can configure your Linux machine to load kernel modules on startup so you don’t have to remember to do that when (if) you reboot.

Module Commands

There are a few commands that allow you to manipulate the kernel. Each is quickly described below, for more information say `man [command]`.

  • depmod – handle dependency descriptions for loadable kernel modules.
  • insmod – install loadable kernel module.
  • lsmod – list loaded modules.
  • modinfo – display information about a kernel module.
  • modprobe – high level handling of loadable modules.
  • rmmod – unload loadable modules.

The usage of the commands is demonstrated below, it is left as an exercise to the reader to fully understand the commands.

Using Module Commands

Below the different kernel module commands are demonstrated

# Show the module dependencies.
depmod -n

# Install some module
insmod --autoclean [modnam]

# This lists all currently loaded modules, lsmod takes no useful parameters
lsmod 

# Display information about module eepro100
modinfo --author --description --parameters eepro100

# Removing a module (don't use the example)
rmmod --all --stacks ip_tables

Module Configuration Files

The kernel modules can use two different methods of automatic loading. The first method (modules.conf) is my preferred method, but you can do as you please.

  • modules.conf – This method load the modules before the rest of the services, I think before your computer chooses which runlevel to use
  • rc.local – Using this method loads the modules after all other services are started

Using ‘modules.conf’ will require you to say `man 5 modules.conf`. Using ‘rc.local’ requires you to place the necessary commands (see above) in the right order.

Sample modules.conf

# modules.conf - configuration file for loading kernel modules
# Create a module alias parport_lowlevel to parport_pc
alias parport_lowlevel parport_pc
# Alias eth0 to my eepro100 (Intel Pro 100)
alias eth0 eepro100
# Execute /sbin/modprobe ip_conntrack_ftp after loading ip_tables
post-install ip_tables /sbin/modprobe ip_conntrack_ftp
# Execute /sbin/modprobe ip_nat_ftp after loading ip_tables
post-install ip_tables /sbin/modprobe ip_nat_ftp

Sample rc.local

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

/sbin/insmod ip_tables
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp

Conclusion

You should see/know that modules are necessary. They can be loaded via ‘modules.conf’ or ‘rc.local’, but ‘modules.conf’ load them first and ‘rc.local’ loads them last. Using the various module commands you can add, remove, list or get information about modules.

Resources

  1. The Linux Documentation Project – TLDP
  2. The Linux Kernel Archive
  3. Linux Hardware Devices
  4. Kernel configuration options.
0 comments
0 FacebookTwitterPinterestEmail
Social engineering Amazon Customer Service - blackMORE Ops - 3
Hacking

Social engineering Amazon Customer Service

by blackMORE
written by blackMORE

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme. In December 2006, United States Congress approved a Senate sponsored bill making the pretexting of telephone records a federal felony with fines of up to $250,000 and ten years in prison for individuals (or fines of up to $500,000 for companies). It was signed by President George W. Bush on 12 January 2000. Social engineering Amazon Customer Service - blackMORE Ops - 3

As a security conscious user who follows the best practices like: using unique passwords, 2FA, only using a secure computer and being able to spot phishing attacks from a mile away, I would have thought my accounts and details would be be pretty safe? Wrong.

Because when someone has gone after me, it all goes for nothing. That’s because most systems come with a backdoor, customer support. In this post I’m going to focus on the most grievous offender: Amazon.com

Amazon.com was one of the few companies I trusted with my personal information. After all, I shop there, I used to work as a Software Developer and I am a heavy AWS user (raking up well over $600/month)

It all began with a rather innocuous email:

Weird, I didn’t contact Amazon support?

At first, I assumed it might be a mistake or a delayed email from the time I contacted them months earlier. But curiosity got the better of me, and I contacted Amazon to ask what it was about. They told me that “I” had a conversation with Amazon support? What the hell? It was a text-chat, and they emailed me a transcript:

Let me just stop right there, so I can point out that address isn’t mine. It’s just a fake address of a hotel that was in the same zip code where I lived. I used it to register some domains, knowing that the whois information all too often becomes public. I used the same general area as I lived, so that my ip address would match up with it.

Let’s continue:

“That’s all I needed”.

Wow. Just wow. The attacker gave Amazon my fake details from a whois query, and got my real address and phone number in exchange. Now they had enough to bounce around a few services, even convincing my bank to issue them a new copy of my Credit Card.

Trying very hard to not take out my frustrations on an unrelated support rep, I contacted both Amazon Retail and AWS expressing my disappointment and asking them to put a note on my account that it is at extremely high risk of being social engineering, and I will always be capable of logging in. Amazon Retail said they would put a note, and have a specialist contact me (who never did) while AWS was dismissive of even a risk existing.

Fast forward a couple of months, I made the big mistake of thinking the risk was gone, giving Amazon my fresh credit card and now new address details. I receive another email. I feel a pit of my stomach.

So once again, I contact Amazon support to see what happened. This time I had the pleasure of dealing with a support agent who seemed 100% incapable of realizing that someone was impersonating me. I had trouble keeping my composure when he told me I should change my password to prevent people impersonating me. Eventually I had to basically tell him that it was “me” that contacted support and I wanted “my” transcript, which he provided.

Using the address they got the last time from Amazon..

Again?! For fucks sake.

And then goes on to unsuccessfully try get the last digits of my credit card:

Yeah, that totally looks legit.

Guess I should count my blessings they didn’t give the last digits of my credit card. I again contact Amazon to reiterate how important it is that they keep my account secure, and not give out my details to anyone with a name and address. They promise they’re putting a note on my account, and it’ll never happen again. And I will be contacted by a specialist (never happened, again)

This time I decide I can no longer trust Amazon with my address, and delete it from my account.

Fast forward another day:

This time, I can’t get a transcript of the conversation. They contacted Amazon by phone, and they don’t have a recording to give me. I’m going to have to assume they got the last digits of my credit card, like they seem to be after.

At this point, Amazon has completely betrayed my trust three times. I have done absolutely everything in my power to secure my account, but it’s hopeless. I am in the process of closing my Amazon account, and migrating as much to Google services which seem significantly more robust at stopping these attacks.

After being the victim of these attacks for months, I’d like to make some recommendations for services:

  • NEVER DO CUSTOMER SUPPORT UNLESS THE USER CAN LOG IN TO THEIR ACCOUNT. The only exception to this, would be if the user forgot the password, and there should be a very strict policy. The problem is, 9999 times out of 10000 support requests are legitimate, agents get trained to assume they’re legitimate. But in the 1 case they’re not, you can completely fuck someone over.
  • Show support agents the ip address of the person connecting. Is it a usual one? Is it a VPN/tor one? etc. Give them a warning to be suspicious.
  • Email services should allow me to easily create lots of aliases. Right now the best defense against social engineering seems to be my fastmail account which allows me to create 1 email address alias per service. This makes it incredibly difficult for an attacker when they can’t even figure out your email.
  • Please make whois protection default. Mine leaked because a stupid domain I didn’t care about had its namecheap whois protection expire

For users, be extremely careful with the information you share. Even big companies like Amazon can’t keep it safe, they’re far from the worst.
After reading through this article, obviously you would think that Amazon or such companies would be more careful. But another reader tried it, and posted his successful attempt of Social Engineering and obtaining sensitive information’s.

First Chat:

After reading <a rel=”noreferrer nofollow” target=”_blank” href=”https://medium.com/@espringe/amazon-s-customer-service-backdoor-be375b3428c4#.mx5uffhou”>https://medium.com/@espringe/amazon-s-customer-service-backdoor-be375b3428c4#.mx5uffhou</a> I decided to check if it is possible to get my real address using a fake address in the city I reside in and my real email. My email and city info is available publicly but my address is not.

Second Chat:

After reading <a rel=”noreferrer nofollow” target=”_blank” href=”https://medium.com/@espringe/amazon-s-customer-service-backdoor-be375b3428c4#.mx5uffhou”>https://medium.com/@espringe/amazon-s-customer-service-backdoor-be375b3428c4#.mx5uffhou</a> I decided to check if it is possible to get my real address using a fake address in the city I reside in and my real email. My email and city info is available publicly but my address is not.

Countermeasures

Organizations reduce their security risks by:

  1. Establishing frameworks of trust on an employee/personnel level (i.e., specify and train personnel when/where/why/how sensitive information should be handled)
  2. Identifying which information is sensitive and evaluating its exposure to social engineering and breakdowns in security systems (building, computer system, etc.)
  3. Establishing security protocols, policies, and procedures for handling sensitive information.
  4. Training employees in security protocols relevant to their position. (e.g., in situations such as tailgating, if a person’s identity cannot be verified, then employees must be trained to politely refuse.)
  5. Performing unannounced, periodic tests of the security framework.
  6. Reviewing the above steps regularly: no solutions to information integrity are perfect.
  7. Using a waste management service that has dumpsters with locks on them, with keys to them limited only to the waste management company and the cleaning staff. Locating the dumpster either in view of employees such that trying to access it carries a risk of being seen or caught or behind a locked gate or fence where the person must trespass before they can attempt to access the dumpster.

Sources and acknowledgments

  1. Thanks to Mitch for bringing this article to my attention.
  2. Original Article: https://medium.com/@espringe/amazon-s-customer-service-backdoor-be375b3428c4
  3. Wikipedia: https://en.wikipedia.org/wiki/Social_engineering_(security)
3 comments
0 FacebookTwitterPinterestEmail
Query: Issues with setoolkit or Social-Engineer Toolkit (SET)
Others

Issues with setoolkit or Social-Engineer Toolkit (SET)

by blackMORE
written by blackMORE

Following query was sent to me by Nathan about some issues with setoolkit.

Fri, Jul 24, 2015 at 1:40 PM
Name: Nathan

Comment: I need help with setoolkit. Specifically phishing and site cloning.
I did everything I should have, it works on my LAN. but when I send the link to someone outside it takes forever to load and ends up timing out for them.
Yes I have done these:
-PortForwarded port 80
-Used my external IP
-Used a URL shortener (Multiple different ones)

Things I probally should NOT have done:
-Disabled apache (Cant seem to turn it back on?)

Anyhelp would be greatly appreciated :)

Things to investigate:Query: Issues with setoolkit or Social-Engineer Toolkit (SET)

  1. What happens if you try the actual IP address instead of URL shortener? i.e. http://1.2.3.4/somepage.html ? Is your cloned site accessible from Internet at all?
  2. If apache is not running, how is your web server serving pages? service apache2 start
  3. Instead of having URL shortener forward it to your IP directly, register/use those 0.99$ domains and then do a 301/302 redirect or parked domain …

Timeout mostly points to a routing issue, Firewall or misconfigured server.

Either way, use SET responsibly. It’s a Federal Offense if used for scamming and without permission. Also, it is very easy to track someone down for such activities.

Readers, feel free to join in via the comments section.

11 comments
0 FacebookTwitterPinterestEmail
Newer Posts
Older Posts