WhatsApp Sniffer: description of the program and how to protect yourself. Easy Hack: How to find potential vulnerabilities and hardcoded data in Android applications Free hack how to use the program
Sometimes there is a need to find out what bugs were found in some top Android application. There can be a lot of reasons for this: from attempts to promote the vector further and search for similar vulnerabilities to banal hardcode checks. Let's try to do it, and the HackApp + Vulners combination will help us with this.
HackApp is a shareware toolkit and service for finding bugs in mobile applications. HackApp maintains its own database of found vulnerabilities, where they describe attack vectors and vulnerable versions in detail. Vulners is a free and open source engine for finding vulnerabilities in various products. In addition to the bugs themselves, Vulners finds and displays vulnerability-related exploits, patches, and even news from open sources.
With Vulners and HackApp, you can search for vulnerabilities in more than 22,025 top Android apps from Google Play! Store. To search, you need to specify the type type:hackapp . The search results display the title, the number of vulnerabilities by severity level (red circle - critical, yellow circle - moderate criticality, gray circle - note), information about the application (icon, current version, developer and release date).
The link to the application vulnerability bulletin looks like https://vulners.com/hackapp/HACKAPP:RU.SBERBANK_SBBOL.APK. The bulletin lists all vulnerabilities with a brief description and indicates which versions of the application are considered vulnerable. A full description of the vulnerabilities is available via the link on the HackApp website.
But the real killer feature is the ability to find applications whose careless developers have hardcoded Amazon AWS accounts inside. The simplest query https://vulners.com/search?query=type:hackapp%20AWS%20credentials will return a whole bunch of such “gems”.
Great, we have AWS_KEY. Now we also need AWS_SECRET_KEY . Let's not stop and take a look at the developers' "house"? 🙂
The vulnerable APK can be conveniently downloaded directly from the HackApp website. Then we reveal it in a well-known way:
Java -jar apktool_2.1.1.jar d.apk
Run grep and... voila! It seems that we really found something:
MacBook-Pro:pwner$ grep -R "AKIAI5AWXTYSXJGU55QA" ./ .//smali/com/adobe/air/AdobeAIR.smali:.field private static final TEST_ACCESS_KEY:Ljava/lang/String; = "AKIAI5AWXTYSXJGU55QA" .//smali/com/adobe/air/AdobeAIR.smali: const-string v1, "AKIAI5AWXTYSXJGU55QA" 
What can I say: pwned in less than 1 minute!
By combining these two tools and a simple full-text search, you can unearth many more shameful secrets of mobile apps :).
Good luck and successful learning!
Top programs for a hacker
Hidden from guests
It has a number of features that can help pentesters and hackers. Two compatible applications used in this tool include "Burp Suite Spider", which can list and map different pages and options on a website by examining cookies. Initiates a connection to these web applications, as well as an "Intruder", which carries out a series of automated attacks on targeted web applications.
Burp Suite is an excellent web hacking tool that many pentesters can use to test the vulnerability of websites and targeted web applications. Burp Suite works using detailed knowledge of the application, which has been removed from the HTTP protocol. The tool works through an algorithm that is customizable and can generate a malicious HTTP attack request that hackers often use. Burp Suite is especially indispensably useful for detecting and identifying vulnerabilities for SQL injection and Cross-Site Scripting(s).
Hidden from guests
Also known as "ipscan" is a freely available network hacking scanner that is both fast and easy to use. The main purpose of this IP address and port scanning hacking tool is to find open doors and ports in other people's systems. It is worth noting that Angry IP Scanner also has a bunch of other hacking methods, you just need to know how to use it. Common users of this hacking tool are network administrators and system engineers.
Hidden from guests
is an amazing network hacking tool that can be configured in one of three preset modes:- it can be used as an interceptor
- packet logger
- for detecting network intrusions
THC Hydra - Often seen as another password cracker. THC Hydra is extremely popular and has a very active and experienced development team. Essentially Hydra is fast and stable for hacking logins and passwords. It uses a dictionary and Brute Force attacks to try different combinations of usernames and passwords on the login page. This hacking tool supports a wide range of protocols, including Mail (POP3, IMAP, etc.), Database, LDAP, SMB, VNC, and SSH.
Wapiti has a very loyal following. As a pentesting tool (or Framework), Wapiti is capable of scanning and identifying hundreds of possible vulnerabilities. Basically, this multi-purpose hacking tool can check the security of web applications by executing a black box system. That is, she does not study the source code of the application, but scans the application's HTML pages, scripts and forms, where she can insert her data.
Today this is the top program for a hacker. Do you have information that is newer than ours?- Share it in the comments. Have questions?- ask. We will always answer and explain everything.
06 February 2013, 09:57Console loading speed from 5 seconds to two minutes
(this specificity of work is absolutely all chips reset glitch hack)
As for the speed of launching games, games launch both from an external drive and from an internal one quickly and quietly.
File manager for freeboot
XexMenu is a simple shell for launching games from any media, has a built-in file manager, allows you to launch games and applications with *.xex extensions
Control buttons (rb, X - source selection dvd usb hdd, Y - output menu of operations on copy past cut files) The easiest way to launch games and applications for beginners.
How to use? Very simple.
On the console, go to the “game library” section and launch it (if it is not displayed in the game library, then select the demo version)
XexMenu can also be written to a memory card, flash drive or internal hdd. To do this, launch the hexmenu from the disc, press X, select DVD and copy the C0DE9999 folder with all its contents to the content\0000000000000000 (16 zeros) folder of your HDD. That's it, now you can forget about the blank with the hexmenu.
HOW TO RUNNER ISO FROM USB?
The file system of the hard drive must be FAT 32 only (use acronis disk director for formatting)
Download the Xbox image browser program (link below)
Create a folder on your hard drive (or flash drive) GAMES (ALL WITH CAPITAL LETTERS)
Open the Xbox image browser ISO file with the game.
Create a folder in the GAMES folder with the name of your game.
Now right-click “EXTRACT” and extract all the files into the newly created folder with the name of the game on the USB drive.
After extracting the game, be sure to go to the game folder on the external hard drive and delete the $systemupdate folder
Now we insert the USB into the xbox360. Let's go to the game room. Launch xexmenu. If you copied everything correctly, the games will automatically appear in the xex menu.
Select a game and press A. Enjoy the game!
The XeXmenu program shows a list of games from a hard drive connected via USB
How to unlock arcades?
Download an arcade game from the Internet. Download the YarisSwap program (link below)
Let's launch the program. Select the game file (many numbers and letters). We press the red button and wait. That's it, the file is patched. Then we take the patched file and paste it back into the folder where it was located. Then we throw this folder onto the internal hard drive (read below for how to do this) in the content\00000000000000000\ section
That's it, we have the full version
How to copy games over the network:
XeXmenu shows the IP address for copying games over the network (it is an ftp server)
XeXmenu shows the temperature of the processor, memory and allows you to select the cover to your liking
(games are downloaded through the total commander or FLASHFXP programs better)
We connect the Xbox 360 to the computer via a local network via the FTP protocol
There are two ways to copy games over the network:
1) connect directly to the PC (you need to manually enter IP addresses)
2) connection via a router (the router will do everything automatically, provided that the DHCP service is configured on it)
Let's look at the first method in more detail:
connect directly to the PC (you need to manually enter IP addresses)
We connect the network ports of the computer and xbox 360 with a patch cord cable. If this was not included in the kit, it is sold at any computer store.
Turn on xbox 360
- go to system parameters
- network parameters
- configure the network
- main settings tab
- select manual mode for IP address parameters
- set the IP address to 192.168.0.2
- subnet mask 255.255.255.0
- we don’t need a gateway, set it to 0.0.0.0
- save the settings by clicking done
- run xex menu and leave it running
- on the PC go to Network Connections
- Local network connection properties
Go to properties "Internet Protocol TCP/IP"
Register the IP address and network mask
Click OK
- reboot the PC
- launch Total Commander (you can use any other FTP client)
- press Ctrl+F
- select New Connection
- enter the IP address of the xbox 360 ftp server and the port number separated by a colon - 192.168.0.2
- xbox login and xbox password
Click OK and connect using the created connection
- now we have access to all storage devices connected to xbox360
Copy games to section HDD1\content\0000000000000000\
Using iso2god, you can upload games over the local network we just created.
How to install games on Freeboot from an iso image to the ORIGINAL hard drive over the network
Launch the Iso2God program (link below)
if the program starts with an error, disable your antivirus
When unpacking the archive, the antivirus complained about the xextool.exe program, but there was nothing dangerous in it.
- Click Add ISO
In Image Location we specify the path to the iso image
- In Output Location - the path to save the converted freeboot result
There are 3 items in the lower drop-down list:
- None - select if we do not need to reduce the image size
- Partial - the image is cut off at the end of the last used sector. Saves 800-1500 MB of hard drive space
- Full - complete reconstruction of the image with the removal of all empty sectors on it. You can save the modified image for later use. We get the best result in size. It takes an additional 5-10 minutes.
- select the settings we need and click Add Iso
- now convert
For example, the image of the Saboteur game was reduced from 7.29 GB to 5.64 GB, with the Full image reconstruction mode selected.
- now, the result is in Output Location, I have this folder 4541088F - the name is unique for each game, copy it to the hard drive in partition3 to the folder HDD1/Content/0000000000000000/ via the local network using the FTP protocol.
Don't forget that to copy a game over the network you must be running XEXMENU on xbox 360
(it acts as an FTP server client)
Video codecs for watching movies - download
DLC (add-ons for games) and installation of patches for games
As for various DLCs and title updates, everything is simple.
We downloaded DLC, for example for Batman, usually the DLC has a folder 000002. So, this folder needs to be thrown into the folder hdd\Content\0000000000000000\4500052 where 4500052 is a folder with a unique game number. Moreover, the game itself can be stored on a USB HDD, but the DLC for it must be on the HDD of the console!
Now about the title update, they are also TU, they are also patches. Everything is also simple - throw a unique file into hdd\Cache (4L145C441000.000256 - example file) (no more manipulations are required)
Usually we download the latest update.
Website with the latest title updates -
Programs for PC:
YarisSwap
For what: unlocking arcades, avatar DLC (avatar clothes).
Additionally: can upload content directly via ftp protocol to the box, can change XUID.
Iso2God
Why: converts games from ISO into GOD container (Games on Demand).
Additionally: can upload content directly via ftp protocol to the box, can change the picture of the shortcut that will be visible in the dash, as well as the game name and description.
Xbox Image Browser
if the program starts with an error, disable your antivirus
Why: Unpacks ISO
Additionally: after unpacking the game you need to throw it into x:\Games\game name\ (suitable for both the hard drive of the box and USB flash drives and hard drives). Launch the game with the default.xex file through the xexmenu program, or from a shortcut in Dasha if you previously created it in the Quickboot program.
Programs for Xbox360:
Xexmenu
For what: the main program for xbr consoles. Launching games, emulators, other programs, as well as a file manager, shows the temperature of the hardware. FTP server.
Additionally: to connect to xbox via ftp protocol, this program must be running on the console. It has two types: NXE container (drop to content\0000000000000000\C0DE9999\00080000\) - the shortcut will appear in the games library\game demo section, and unpacked (launch via default.xex).
NXE2GOD
What it does: converts games installed from a disk into GOD games (you no longer need a disk to launch).
Additionally: it also looks like an NXE container (drop it into content\0000000000000000\C0DE9999\00080000\) - the shortcut will appear in the games library\game demo section, and unpacked (launch via default.xex).
Updating Reset glitch hack (new freeboot) to new dashboard 16197
INTERNET EXPLORER appeared in the new freeboot update 16197
Now you can surf the Internet and view the latest posts on your VKontakte wall right away on your XBox 360 game console
- Remember that when you install a third-party application, you are responsible for the consequences!
- By reading someone else's correspondence, you are violating his rights, and for this there is criminal liability!
- This instruction only provides information about how attackers read other people’s correspondence, but in no way calls you to this action.
What is a "sniffer"? In thieves' jargon, these words mean a person who can open a safe with anything, even the rustiest pin. Let's figure out why you need an application like WhatsApp Sniffer for your computer and phone, which, by the way, can be downloaded from our website.
Why is it necessary?
This utility was created in special secret laboratories in America - at least that’s what the developers say. Using a sniffer, you can easily hack any account on WhatsApp and gain access to all the secrets of the desired person’s correspondence. Of course, you download the program at your own peril and risk; no one is responsible for its bugs and other possible unpleasant moments.
So, according to the developers, the sniffer allows:
- completely take over the “victim’s” accounts, as if it were your personal account on WhatsApp;
- read all user messages;
- send messages to the user's friends on his behalf;
- change the photo on your avatar;
- change status;
- send and receive files.
How does it work
The utility only works on Android. The developers also assure us that this application is completely safe for the phone.
So, the essence of the sniffer’s work is as follows: each phone has its own original MAC code, which the utility copies and, thus, the program thinks that it was logged in from a familiar smartphone or other gadget. The sniffer can copy the MAC code in three ways:
- SMS. Send a special SMS to the victim with a link. When the victim opens the link, the sniffer will penetrate the user’s phone and WhatsApp program, opening access for you.
- Call. The application calls the victim's phone and when she answers it penetrates the phone and the application.
- Wi-Fi. If you are close to the victim, and you share Wi-Fi with him, then you just need to launch the sniffer on your phone and indicate the victim’s number: in a second you will have access to her WhatsApp.
To use the sniffer, just launch the utility, select the method of use and press “spoof” - a button that allows you to detect the phone number of the person you are interested in.
Where to download and how to install
To download WhatsApp Sniffer for Android, you need to type in Google: “whatsapp sniffer apk download”, or use the installation file, which you can find on our website. Unfortunately, you won’t be able to download Whatsapp sniffer for iPhone, because it simply doesn’t exist for this operating system.
To install the utility on your phone, follow these steps:
- Transfer the installation file to your smartphone.
- Run it and it will install normally.
- When opening the file, it will ask for permission to access some functions, select “Allow”. That's all: the sniffer is installed on your gadget.
If you can’t install Sniffer, then it is recommended to hack it, for which you need to download WhatsApp Hach Sniffer for free in Russian.
How to protect yourself from WhatsApp Sniffer
What to do if you are not a spy, but a victim? At any slightest suspicion that your phone is being used by attackers for personal gain, you should delete the WhatsApp application and install it again. Moreover, it is recommended:
- Clean your phone using any antivirus;
- Contact the WhatsApp developers so that they can install more serious protection against the penetration of third-party programs into the utility.
- Always check whether the Wi-Fi network you are using is reliable. So, if you have any suspicions that hackers may be connected to it, then it is better not to connect to it.