Attacking Windows Platform with EternalBlue Exploit via Android Phones | MS17-010

Image
Introduction On 14 April 2017, a hacker group know by the name of Shadow Brokers leaked exploitation toolkit used by the National Security Agency (NSA). The leak was also used as part of a worldwide WannaCry ransomware attack. EternalBlue is also an exploit developed and used by the NSA according to former NSA employees. Lab Environment Target Machine: Windows 7 Ultimate x64 bit Attacker Machine: Android 5.1  What is EternalBlue EternalBlue actually exploits a vulnerability found in Server Message Block (SMB) protocol of Microsoft Windows various platforms. This vulnerability can be found under CVE-2017-0144 in the CVE catalog.The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server. Windows 7 Operating with Release Effected by EternalBlue Installing Metasploit Framework on Android Step 1: Download Termux from play store....
Post a Comment

A Single-Character Message Can Crash Any Apple iPhone, iPad Or Mac

Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail.

First Spooted by Italian Blog Mobile World, a potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs and even Watch OS devices running the latest versions of their operating software.

Like previous 'text bomb' bug, the new flaw can easily be exploited by anyone, requiring users to send only a single character from Telugu—a native Indian language spoken by about 70 million people in the country.

 Once the recipient receives a simple message containing the symbol or typed that symbol into the text editor, the character immediately instigates crashes on iPhones, iPads, Macs, Apple Watches and Apple TVs running Apple's iOS Springboard.

Apps that receive the text bomb tries to load the character, but fails and refuses to function properly until the character is removed—which usually can be done by deleting the entire conversation.

 he easiest way to delete the offending message is by asking someone else to send a message to the app that is crashing due to the text bomb. This would allow you to jump directly into the notification and delete the entire thread containing the character.

The character can disable third-party apps like iMessage, Slack, Facebook Messenger, WhatsApp, Gmail, and Outlook for iOS, as well as Safari and Messages for the macOS versions.

Telegram and Skype users appear to be unaffected by the text bomb bug.

Comments

Post a Comment

Popular posts from this blog

Practical of XSS cross site attack

Image
XSS (CROSS SITE SCRIPTING) It is a attack to the websites in this attacker attack the website from the client side. Basically attacker enter malicious code/script/payload in the website from the user end. Concept of this attack is already told in my previous post XSS cross site scripting Now lets come to the practical ones  For do this attack we First need a  SEarch box in the website  So Now see the Practical of Xss  Site Where I performed this Attack  Target Site:-   glbitm.org Now we Enter the script/payload/code to check whether the site is vulnerable or not. Entering the script <Script>alert (“welcome to glbajaj”)</script> If the site is vulnerable then the site pop the message welcome to glbajaj, if not then it will not pop up any message Let’s see:-  See the site Pop the message means the site is vulnerable to cross site scripting Now let’s check the same with ano...
Read more

Self-driving Cars Can be hacked by just putting stickers on street signs

Self-driving Cars Can be hacked by just putting stickers on street signs :-- Car Hacking is a hot topic, though it's not new for researchers to hack cars. Previously they had demonstrated how to hijack a car remotely, how to  disables cars   crucial functions like airbags, and even how to steal cars. But the latest car hacking trick doesn't require any extra ordinary skills to accomplished. All it takes is a simple sticker onto a sign board to confuse any self-driving car and cause accident. Isn't this so dangerous? A team of researchers from the University of Washington demonstrated how anyone could print stickers off at home and put them on a few road signs to convince "most" autonomous cars into misidentifying road signs and cause accidents. According to the researchers, image recognition system used by most autonomous cars fails to read road sign boards if they are altered by placing stickers or posters over part or the whole road sign b...
Read more

New Features Of WhatsApp Comming Soon!

New Features Of WhatsApp Coming  Soon! 1. YouTube Video Directly play In WhatsApp The new feature of WhatsApp to let users view YouTube videos inside  WhatsApp messenger without the  leave  app or open YouTube app. The iOS beta  version  of WhatsApp had added a feature of YouTube integration. The feature is not  currently available in an Android version, but we believe that WhatsApp will soon  come out the feature for Android. 2. Edit ‘sent’ Message This is the very important update for WhatsApp user because many users fill problem with this that he can not change the message when he press enter or send. But after this feature users can change the sent message before the message get read. 3. Money Transaction In India, after demonetization in  2016, the people are struggling for cash because the  people are not aware about the online transaction. Now lots of people use paytm o...
Read more