My boyfriend keeps hacking my android with his iPhone. I need help to keep him out. If he wants to see my phone he could just ask

He has used chromium, parental controls, and costume android apps to get all messages, pictures etc. I don’t have any to hide all he has to do is ask. I’m tired of being watched when I know I’m not doing anything wrong.

CorruptSec – Ethical Hacking Gitlab

We at corruptsec are Security Enthusiast. Our forum was made to provide scripts and knowledge to users in the cyber field of any knowledge the right resources for their jobs/personal use!

Windows Server 2019 hacking case

A strange case occurred recently on our Windows Server 2019.

It runs some Hyper-V VMs,
Apache+PHP7 via mod_fcgid (as a service logged in as a restricted user www),
Nginx (as a service logged in as a restricted user www-front),
A nodejs server and stunnel (which was working as local system, it’s obviously a mistake, now corrected)

So the firewall was on with only necessary ports open to public.

One day I noticed that an extra Administrator account named ht was added and security log cleared.

From what I can tell from logs, it all started with a request to the file on an old legacy website. The whole site was ionCube encoded, except this file:

<?PHP
$current_memory = ini_get('memory_limit');
$current_memory = preg_replace('/D/', '', $current_memory);
if ($current_memory <= '512') { ini_set('memory_limit','1024M'); }

ini_set('max_execution_time','120');

phpinfo();
?>

Then, somehow this file was appended with code that saves uploaded file, though www user has no write permissions on this directory altogether. I even tried to append something myself as www and got “Access Denied”, as expected.

Something even more weird happens, local system disables the firewall

A Windows Defender Firewall setting in the Public profile has changed.
New Setting:
Type:   Enable Windows Defender Firewall
Value:  No
Modifying User: SYSTEM
Modifying Application:  C:WindowsSystem32netsh.exe

A new user gets created and added to admins group.
That user connects via RDP which is now available as the Firewall is down, makes a web shell under that website root directory (which was not writeable for the www user), makes a couple of requests to it, then does nothing more.

So the question is, how did he manage to do things using the Local System account? Could it be a vulnerability in stunnel? Any similar cases known?

[GET] Ethical Hacking, Penetration Testing: Buffer Overflow | NewProxyLists


  1. Ziplack

    Ziplack
    VIP UPLOADER


    Joined:
    Dec 9, 2014
    Messages:
    1,055
    Likes Received:
    135
    Trophy Points:
    63

    [GET] Ethical Hacking, Penetration Testing: Buffer Overflow

    Hidden Content:

    You must reply before you can see the hidden data contained here.

     

  2. jasmine
    New Member


    Joined:
    Today
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1

    thanks for help man

     

Web Scraping Methods with Powerful Hacking Techniques | NewProxyLists

Web Scraping Methods with Powerful Hacking Techniques

The tool, and techniques we will teach bring you live data from thousands of websites tailored specifically to suit your company’s needs. The solutions provide your business with quality data sets that are efficient and massively scalable.​

(​IMG)

(color=rgb(128,0,128);)-Direct Download Links_part01(/color)

Hidden Content:

You must reply before you can see the hidden data contained here.

(color=rgb(128,0,128);)-Direct Download Links_Part02(/color)

Hidden Content:

You must reply before you can see the hidden data contained here.

VirusScan Here:​

Code:

Big File Not Able for Virus Scan

 

android – How should I configure my firewall using iptables commands to defend against hacking?

I need to add extra security to my Android device using iptables and a firewall to defend against hackers. My specific goals are to prevent a hacker from remotely breaking into my device to begin with and, in the event spyware is remotely placed on my device, my data/activity cannot be uploaded to whatever command center the hacker controls. Which commands should I use for maximum hacking defense? So far I only know about closing all ports except 80 and 443. I also need to know how to block all ports except those two, both incoming and outgoing, without preventing myself from browsing the web and other basics.

brute force – Hacking attemps from unkown source

These requests are coming from your private network, not from the public internet.

172.20.76.173 is part of the 172.16.0.0/12 subnet, which is dedicated for private networks. See https://en.wikipedia.org/wiki/Private_network for more info.

Is it possible that the security policy that you created is only applied to the public interface, and not the private interface?

attacks – How does hacking WIFI and IP work?

Can anyone please explain in detail how does a hacker hack someone’s computer if they can have access to the WIFI system range (park their car near their home) but don’t have access to their actual computer? And also, once they get the IP address, how do they actually hack it without physical access to the computer? is that possible?

phishing – Is hacking email with simjacking a concern if you don’t have 2FA for the email?

I’ve been doing some reading on simjacking lately, mainly around how one may be compromised. One common tidbit I read is that you can access your email and your other financial services if you have 2FA for those services. E.g.: here is one quote:

Once the swap is complete, messages containing codes for those two-factor authentication systems we now all have can be intercepted, and fraudsters can hop into your email, social media or mobile banking accounts.

(Source: https://www.vice.com/en/article/3kx4ej/sim-jacking-mobile-phone-fraud)

I completely understand social media and mobile banking accounts could be compromised: if my mobile banking and/or social media accounts are set up to send the security code to my mobile device, and you simjack that device, then the fraudster can receive the code and log into your accounts.

However, assuming your email does not use your mobile number as recipient for 2FA (e.g. if you use TOTP, or if you have a back-up email address to send codes to), does simjacking actually give access to email? I can’t seem to connect those two dots — and I am not sure if I am missing something.

Thank you.

Why??? The hell is Fitz hacking

Can someone explain to me why my x husband John Doe , I.e. Fitz is able to hack me, and more so why I can see it?