0

Linux/AirDropBot Samples



Reference








Download

       
      Other malware






Hashes

MD5
SHA256
SHA1
85a8aad8d938c44c3f3f51089a60ec16
1a75642976449d37acd14b19f67ed7d69499c41aa6304e78c7b2d977e0910e37
2f0079bb42d5088f1fec341cb68f15cdd447ac43
2c0afe7b13cdd642336ccc7b3e952d8d
64c0e594d4926a293a1f1771187db8cfb44a0dda80d8b25b4f0c975e1e77745c
fef65085a92654cbcf1e3e0d851c6cda8dd3b03d
94b8337a2d217286775bcc36d9c862d2
71c02b99046c3be12e31577aa6623ce47dfb7f369e67af564d2bd499080c03b6
d5deeb1b61026479acb421583b7b82d09d63e921
417151777eaaccfc62f778d33fd183ff
bf6941e644a430fef43afc749479859665a57b711d5483c2c7072049c7db17b7
f76b9447db23229edae17a3160e04df41bc35a9d
d31f047c125deb4c2f879d88b083b9d5
2785845c97a69e15c9c1535216732a9d24bcf8f7244ce7872a2b0d2d4bcb92c3
4693505ef4c029112c4b85a16762cf90f0d69c15
ff1eb225f31e5c29dde47c147f40627e
f7ab3d315961d84da43f30a186136a56f5aa1e9afe6b56a0d357accd5f0ab81a
d5f2a976b703b5e687ffc58c408e0bc880838ae7
f3aed39202b51afdd1354adc8362d6bf
fa2bc8d988c8dfbdc965f1373bd80e9f5862868397c1bcb5e84b1e9c1756e0e2
31f0bca917cfbffcc126219439d38fe80d5c8460
083a5f463cb84f7ae8868cb2eb6a22eb
d654850f7785a5adb34f0808e2952f66e3784c0a32427fab9e97c75f0a48d9f5
ed4359a2805ce69771253d2257598b5c63c36c8e
9ce4decd27c303a44ab2e187625934f3
a2a245f12ae44cca79f03a465e2dc3dfa222dfcfda1017824b16abf397f16255
710e85ae3d362d3c8f3759319c308ff9b4dcdc86
b6c6c1b2e89de81db8633144f4cb4b7d
2480be0d00193250bc9eb50b35403399ed44f53d5d919600ee5bab14ef769530
ee77141054ac8d2fad062bcd79832b5f481c7dfb
abd5008522f69cca92f8eefeb5f160e2
509299df2f6150f59ed777873d3b7c708587c68a4004b4654a8cf2a640dd50aa
15cf94828c07e080b9c455738f3219859d9ab732
a84bbf660ace4f0159f3d13e058235e9
565deb4b1a7397d2497c75c9635b81d2e3b6427f0c576e5cd3c4224660712b56
c56fea8c1c949394e539d5ab3e3df7dfd329844a
5fec65455bd8c842d672171d475460b6
121c7ebfb99d8ef39f72bf7c787be4c15e2e08b731f01172605a4d34d27f08eb
3b6ca4525c3aad0583400b911b015071a0ea6133
4d3cab2d0c51081e509ad25fbd7ff596
7f71577b63b449c1a9e9aa516fa9e4320fe5f79548a00025a430894a269ab57b
d521f25362791de4d8a82a2683f032c1dd816e74
252e2dfdf04290e7e9fc3c4d61bb3529
834fc5c0ccfde1f3d52d88355717f119221118ee2d26018b417c50d066e9e978
c8f3130e64a6f825b1e97060cf258e9086a2b650
5dcdace449052a596bce05328bd23a3b
22949a7a3424f3b3bdf7d92c5e7a7a0de4eb6bbe9c523d57469944f6a8b1d012
f2c072560559a3f112e2000c8e28ee975b2b9db3
9c66fbe776a97a8613bfa983c7dca149
18c08d3c39170652d4770b2f7785e402b58c1f6c51ba1338be4330498ef268f4
18a99ec770109357d1adbc1c2475b17d4dcca651
59af44a74873ac034bd24ca1c3275af5
1c345b5e7c7fdcc79daa5829e0f93f6ae2646f493ae0ec5e8d66ab84a12a2426
98f789e91809203fbf1b7255bd0579fc86a982ba
9642b8aff1fda24baa6abe0aa8c8b173
98165c65d83fd95379e2e7878ac690c492ac54143d7b12beec525a9d048bedae
bd447e0e77a9192b29da032db8e1216b7b97f9ed
e56cec6001f2f6efc0ad7c2fb840aceb
7a2bf405c5d75e4294c980a26d32e80e108908241751de4c556298826f0960f1
b1c271d11797baac2504916ac80fd9e6fac61973
54d93673f9539f1914008cfe8fd2bbdd
c396a1214956eb35c89b62abc68f7d9e1e5bd0e487f330ed692dd49afed37d5a
72a9b8d499cce2de352644a8ffeb63fd0edd414b
6d202084d4f25a0aa2225589dab536e7
c691fecb7f0d121b5a9b8b807c5767ad17ae3dd9981c47f114d253615d0ef171
a68149c19bfddcdfc537811a3a78cd48c7c74740
cfbf1bd882ae7b87d4b04122d2ab42cb
892986403d33acb57fca1f61fc87d088b721bdd4b8de3cd99942e1735188125b
a067a0cf99650345a32a65f5bc14ab0da97789b6

Read more
  1. Github Hacking Tools
  2. Hacking Tools Online
  3. Computer Hacker
  4. Top Pentest Tools
  5. Pentest Tools Port Scanner
  6. Pentest Tools Kali Linux
  7. Hacking Tools Free Download
  8. Hacker Tools Windows
  9. Hacker Tool Kit
  10. Pentest Tools Framework
  11. Hack Tool Apk No Root
  12. Easy Hack Tools
  13. Hack Tools Mac
  14. Hack And Tools
  15. Pentest Tools Github
  16. Nsa Hack Tools
  17. Black Hat Hacker Tools
  18. Hacker Search Tools
  19. Growth Hacker Tools
  20. Pentest Tools Website
  21. Pentest Tools Port Scanner
  22. Hacker Tools Linux
  23. Tools Used For Hacking
  24. Hack Tools Github
  25. Pentest Tools Download
  26. Hacker Tools 2019
  27. Install Pentest Tools Ubuntu
  28. Pentest Tools Linux
  29. Pentest Tools Kali Linux
  30. Android Hack Tools Github
  31. How To Install Pentest Tools In Ubuntu
  32. Pentest Recon Tools
  33. Hack Tools
  34. Hack Tools 2019
  35. Pentest Tools Review
  36. Termux Hacking Tools 2019
  37. Black Hat Hacker Tools
  38. Kik Hack Tools
  39. Hacker Tools For Pc
  40. Hacking Tools Mac
  41. Kik Hack Tools
  42. Pentest Tools Nmap
  43. Best Hacking Tools 2019
  44. Pentest Tools Open Source
  45. Black Hat Hacker Tools
  46. Free Pentest Tools For Windows
  47. Hacking Tools For Games
  48. Install Pentest Tools Ubuntu
  49. Hacking Tools
  50. Hack Tools 2019
  51. Pentest Tools Github
  52. Hackrf Tools
  53. Hacking Tools For Windows 7
  54. Nsa Hack Tools
  55. Hack Rom Tools
  56. Hack Apps
  57. Pentest Tools Subdomain
  58. Pentest Tools Framework
  59. Beginner Hacker Tools
  60. Nsa Hack Tools Download
  61. Pentest Tools For Windows
  62. Beginner Hacker Tools
  63. Hacking Apps
  64. Tools Used For Hacking
  65. Tools 4 Hack
  66. Tools 4 Hack
  67. Hacking Tools Pc
  68. Hacking Tools For Kali Linux
  69. Best Pentesting Tools 2018
  70. Hacker Tools 2020
  71. Hacking Tools For Windows Free Download
  72. Pentest Tools Alternative
  73. Underground Hacker Sites
  74. Pentest Tools Linux
  75. Hak5 Tools
  76. Tools Used For Hacking
  77. Hacker Tools For Windows
  78. Nsa Hacker Tools
  79. Hack Tools For Pc
  80. Hacking Tools And Software
  81. Hak5 Tools
  82. Pentest Tools For Mac
  83. Pentest Tools Bluekeep
  84. Hacker Tools Mac
  85. Game Hacking
  86. Pentest Tools Kali Linux
  87. Hacking Tools For Kali Linux
  88. Hacking Tools For Kali Linux
  89. What Are Hacking Tools
  90. Hacker Tools Free
  91. Hacker Tools Hardware
  92. Hacking Tools Download
  93. Hacker Hardware Tools
  94. Pentest Tools Review
  95. Hacker Tools 2019
  96. Hack Tools 2019
  97. Hacker Tool Kit
  98. Tools 4 Hack
  99. Pentest Tools Framework
  100. Pentest Tools Windows
  101. Pentest Tools Android
  102. Hacking Tools For Windows Free Download
  103. Hackers Toolbox
  104. Hacking Tools Mac
  105. Hacking Tools Github
  106. Hack Tool Apk No Root
  107. Top Pentest Tools
  108. Pentest Tools Website
  109. Hack Tools 2019
  110. Best Pentesting Tools 2018
  111. Best Pentesting Tools 2018
  112. Hacker Tools For Windows
  113. Hacker Tools Mac
  114. Pentest Tools For Mac
  115. Pentest Tools Subdomain
  116. Pentest Tools For Ubuntu
  117. Pentest Tools Tcp Port Scanner
  118. Hacking Tools 2020
  119. Usb Pentest Tools
  120. Hacker Hardware Tools
  121. Hacking Apps
  122. Hacker Tools Online
  123. Hacking Tools Windows
  124. Pentest Tools Download
  125. Pentest Tools Subdomain
  126. Best Hacking Tools 2019
  127. Hacking Tools Name
  128. Hack Tool Apk
  129. Hacking Tools For Beginners
  130. Hacker
  131. Underground Hacker Sites
  132. Pentest Tools Bluekeep
  133. Pentest Box Tools Download
  134. Hacker Tools Free Download
  135. Hacker Tools Free
  136. Hacker Tools Hardware
  137. Computer Hacker
  138. Hacking Tools For Windows 7
  139. Hack Tools
  140. Hack Tools For Windows
0

Waheed Malik sent you a message.

    Waheed Malik sent you a message.   Open Messenger   You'll need to use Messenger to see and respond to Waheed 's message. With Messenger, you can text, and make voice and video calls for free (standard mobile data and text message charges apply).      
   
 
   MessengerOpen Messenger
 
   
   
 
 
Waheed Malik sent you a message.
 
Open Messenger
 
You'll need to use Messenger to see and respond to Waheed's message. With Messenger, you can text, and make voice and video calls for free (standard mobile data and text message charges apply).
 
 
 
   
   
 
This message was sent to criticalappreciation2009.elit@blogger.com. If you don't want to receive these emails from Facebook in the future, please unsubscribe.
Facebook, Inc., Attention: Community Support, 1 Facebook Way, Menlo Park, CA 94025
   
   
To help keep your account secure, please don't forward this email. Learn More
   
 
0

CSRF Referer Header Strip

Intro

Most of the web applications I see are kinda binary when it comes to CSRF protection; either they have one implemented using CSRF tokens (and more-or-less covering the different functions of the web application) or there is no protection at all. Usually, it is the latter case. However, from time to time I see application checking the Referer HTTP header.

A couple months ago I had to deal with an application that was checking the Referer as a CSRF prevention mechanism, but when this header was stripped from the request, the CSRF PoC worked. BTW it is common practice to accept empty Referer, mainly to avoid breaking functionality.

The OWASP Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet tells us that this defense approach is a baaad omen, but finding a universal and simple solution on the Internetz to strip the Referer header took somewhat more time than I expected, so I decided that the stuff that I found might be useful for others too.

Solutions for Referer header strip

Most of the techniques I have found were way too complicated for my taste. For example, when I start reading a blog post from Egor Homakov to find a solution to a problem, I know that I am going to:
  1. learn something very cool;
  2. have a serious headache from all the new info at the end.
This blog post from him is a bit lighter and covers some useful theoretical background, so make sure you read that first before you continue reading this post. He shows a few nice tricks to strip the Referer, but I was wondering; maybe there is an easier way?

Rich Lundeen (aka WebstersProdigy) made an excellent blog post on stripping the Referer header (again, make sure you read that one first before you continue). The HTTPS to HTTP trick is probably the most well-known one, general and easy enough, but it quickly fails the moment you have an application that only runs over HTTPS (this was my case).

The data method is not browser independent but the about:blank trick works well for some simple requests. Unfortunately, in my case the request I had to attack with CSRF was too complex and I wanted to use XMLHttpRequest. He mentions that in theory, there is anonymous flag for CORS, but he could not get it work. I also tried it, but... it did not work for me either.

Krzysztof Kotowicz also wrote a blog post on Referer strip, coming to similar conclusions as Rich Lundeen, mostly using the data method.

Finally, I bumped into Johannes Ullrich's ISC diary on Referer header and that led to me W3C's Referrer Policy. So just to make a dumb little PoC and show that relying on Referer is a not a good idea, you can simply use the "referrer" meta tag (yes, that is two "r"-s there).

The PoC would look something like this:
<html>
<meta name="referrer" content="never">
<body>
<form action="https://vistimsite.com/function" method="POST">
<input type="hidden" name="param1" value="1" />
<input type="hidden" name="param2" value="2" />
...
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>

Conclusion

As you can see, there is quite a lot of ways to strip the Referer HTTP header from the request, so it really should not be considered a good defense against CSRF. My preferred way to make is PoC is with the meta tag, but hey, if you got any better solution for this, use the comment field down there and let me know! :)

Continue reading
0

How To Track Iphone Without Them Knowing

Few feelings are as stomach-sinkingly awful as the thought of losing an expensive new iPhone. Whether you left it on the bus or someone slid it out of your back pocket, we put so much store in our phones that their loss leaves is saddened and angered. Most of us keep at least copies of everything in our lives on our phones, from personal conversations to emails, 


To say nothing of all our personal information and social media accounts. Of course there are security measures in place, but nobody wants to risk having all that information fall into the hands of the wrong people. In this article, I will show you how to find a phone that has been lost, whether your own phone or the phone of a friend or family member.

Can you track an iPhone without them knowing?

First off, hopefully you activated the Find My Phone feature of your iPhone when you still had it in your possession. Secondly, if your phone doesn't have service (and thus a connection to the Internet) or if you don't have iCloud set up, then these solutions are not going to work for you. Unfortunately phone technology is advanced but it isn't magical; if your phone isn't talking to the network or if you haven't turned on Find My Phone, then unfortunately the technological solution is probably not going to work. (Seriously. If you have possession of your phone(s) then stop reading this article, pick up your devices, go to Settings and select "Find My Phone" (iPhone) or "Find My Device" (Android) and make sure they are toggled on. TTjem upi cam dp ot/"

Without further ado, let's find your phone!

Can I Tell if Someone is Tracking my iPhone?

 

image1-3

Usually yes, if someone is using the "Find my Phone" feature, it will be displaying things on the iPhone screen. Thankfully, "Find My iPhone" comes pre-loaded on all phones with iOs 9 or newer. "Find my iPhone" is the gold standard when it comes to locating your lost iPhone. The service is integrated as part of iCloud. Here's how to use it to find your missing iPhone then track down your phone's exact location.

Step 1: Open up the "Find My iPhone" on a different device

It doesn't matter if you decide to use your iPad, your laptop, or a friend's iPhone – you can run the Find My Phone app fr0m Mac. You can use the Find my Phone app.

If you are using an Apple product like another phone or an iPad, you can simply click on the app.

If you are using a computer (even a Windows PC will work), go to icloud.com then click on the "Find iPhone" icon. Once you've clicked on the "Find iPhone" icon the website process and "Find my iPhone" app process are the same.

Step 2: Input Your Apple ID Credentials (they are the same as your iCloud info)

Since you are not using your phone, you won't be automatically logged in.

Once you log in to the app, select the "All Devices" drop-down option and then find the device that you want to locate.

Step 3: Once You Select Your Phone, Options Will Appear

As soon as you select your device on the page, iCloud will begin to search for it. If the search is successful, you will see your device on a map, pinpointing it's location. Before you sprint out the door to get it, there are some other options you should take a look at.

Once you select your device you will have three additional options in addition to seeing your phone's location. These options are playing a sound, activating "Lost Mode" and erase the phone.

Playing the sound is a great way to find your phone if you lost it somewhere around your house. If you click the option, an audio alert will go off on your phone which will hopefully help you find it. The alert will sound like a loud pinging noise alerting you that your phone is at home with you and not at the coffee shop you just visited. If you hear the pinging sound then you'll quickly find your phone by just following the sound.

When enabled, Lost Mode will lock your phone with a passcode and will display a message of your choice. This can either ensure it will be safe until you can find it, or will alert the thief what you expect of them and that you know where they are. This mode can also enable location services on your phone too.

However, if things have gone too far and you think there is a very slim chance you will ever get your device back – perhaps your phone has already crossed an international border – the best course of action is to simply erase it. Yes, this is giving up, but it also prevents your personal information getting into the hands of someone who could abuse it.

If you follow these steps, you should have your phone back in your pocket in no time. 

Is there an app to track someones phone without them knowing?

maxresdefault-11

What if you're looking for someone else's phone? I'm sorry to burst your bubble, but you are not allowed to track someone else's phone without their knowledge. While there are supposedly apps that you can install on a target's phone to track it and keep tabs on what they are doing on it, that is completely illegal and immoral. In addition to the moral issue, there is the practical fact that they could find the app which could lead to a very awkward situation, possibly one involving the police.

However, there are times when you want to find a friend's phone and you have a legitimate reason, and (the important part) they have given you permission to find it. Just as when you were looking for your own phone, there is an app that can help you find the phones of your friends and family with ease. The "Find My Friends" app used to be an extra download, but now it comes with iOS, so if your friends have ever updated their phone, they should have it.

"Find My Friends" is an app that basically allows you to share your location with others and vice versa. It can be great for keeping track of where your kids are, knowing what your significant other is doing, or just keeping tabs on your friends. It can also help them find a lost phone (as long as you have "Shared Locations" with them). Here is how to set it up:

Step 1: Open the app on your phone and the phone of the person you want to be able to share locations with.

Step 2: Click your profile in the bottom left of the screen.

Step 3: Enable "Share My Location" and make sure AirDrop is enabled on your own phone.

Step 4: From there, your friends and family will be able to search/add you to share your location with them and vice versa. You each will need to accept the "Shared Location" request from the other. Now, you can just click on their profile in the app and keep track of them.

As you likely realized while reading this article, it is a much better idea to be proactive than reactive when it comes to tracking phones. If you set up "Find My iPhone" and "Find My Friends" before your phone gets stolen or lost, it will save you a lot of potential hassle down the road. While it may be a bit worrisome to have someone be able to see your location at all times, it can really save you once your phone goes missing and you need to track it down. It is obviously best to pick someone who you trust not to take advantage of the information an app like "Find My Friends" can provide them.

No one deserves to have their phone stolen or go missing, but thankfully, there are some ways to find it, or at least have the information deleted. Hopefully, this guide helped you be able to find your phone or the phone of your friends and family, or at least prepared you for when it may happen.

If you have other ways of finding a lost phone, please share them with us below!

@EVERYTHING NT

More info


Back to Top