INTRODUCTION

WhatsApp has become an important part of billions of people’s life. Many of us woke up or go to bed, by checking our WhatsApp messages. Some of us are always curious to know to check WhatsApp of our friends. Girlfriends want to check on boyfriends and boyfriends want to check on girlfriends. Today Ethical Hacking researcher from X University of Cyber Security will demonstrate on How to Hack WhatsApp of your Friend by sending a Single Link.

We will use a tool called Ohmyqr which is a social engineering tool. Using this OhMyQR Tool, we can hijack anyone’s WhatsApp account using the Malicious QR code. We will send Victim a URL using social engineering techniques and when the victim opens that URL he/she will receive a malicious WhatsApp malicious QR code on his/her machine. This QR code is a replica of what you normally see when you use WhatsApp web. On scanning QR code, hackers will be able to session hijack victims WhatsApp account.

ENVIRONMENT

O S: Kali Linux 2019.3 64 bit

Kernel-Version : 5.2.0

INSTALLATION STEPS

Use this command to clone the project.

git clone https://github.com/thelinuxchoice/ohmyqr

root@kali:/home/iicybersecurity# git clone https://github.com/thelinuxchoice/ohmyqr

Use the cd command to enter into ohmyqr directory

root@kali:/home/iicybersecurity# cd ohmyqr/

root@kali:/home/iicybersecurity/ohmyqr#

When we tried to launch the tool, we got an error for not installing the required packages for the tool as shown below.

Use this command bash ohmyqr.sh.

OhMyQR – Scrot Missing Package

For this we used this command to install missing scrot package.

sudo apt-get install scrot

root@kali:/home/iicybersecurity/ohmyqr#  sudo apt-get install scrot

In the same way we got another error for missing package while launching the tool.

 How To Install and Use Masking-URL Tool

It is always the same now in this case and we will download it first using the following command This is a very small tool that does not require any additional reliance, so we can use it in any third party Android app. After the download is complete then we will go to the guide for this tool. That is the only way we can launch this tool using the bash command.

 Step 1 :- First you need to Open the Terminal, Termux. After installation you need to open and type the apt update and hit Enter. Then type the command apt upgrade -y to upgrade the termux. 

pkg update -y && pkg upgrade -y

Step 2 :-  After updating and upgrading the termux then you need to install other packages like, git etc.

pkg install git

Step 3 :- A small and simple tool written in bash, called "MaskPhish". This tool is made by us and is specially available in our GitHub repository. We can add this from our GitHub repository via the following command:

git clone https://github.com/OnlineHacKing/Masking-URL

Step 4 :- Now we just need to navigate to the maskphish directory by simply using the cd command:

cd Masking-URL

Step 5 :-  Use the command below to make the file Permission readable, compact, and effective.

chmod +x *

Step 6 :- We can do this by using the following command:

bash Masking-OH.sh

MaskPhish will then open the main menu in front of us as a screenshot:

Step 8 :-After that we need to set up a trusted URL, anything that can mislead the victim's mind like https://google.com or https: //youtube.com or http: //anything.com. As we did on the following screen:

Step 9 :-Here we need to use some social engineering words separated by "-" to make an example if the victim is a football fan then we can use something like the footaball skills concept that here we are not using anywhere.

After that we just install it and have our MaskPhish link. We started our URL with facebook.com and the URL has no ngrok at the exact URL.

A keylogger is an insidious form of spyware. You enter sensitive data onto your keyboard, believing nobody is watching. In fact, keylogging software is hard at work logging everything that you type.

Keyloggers are activity-monitoring software programs that give hackers access to your personal data. The passwords and credit card numbers you type, the webpages you visit — all by logging your keyboard strokes. The software is installed on your computer, and records everything you type. Then it sends this log file to a server, where cybercriminals wait to make use of all this sensitive information.

Attention! All information is provided for informational and educational purposes only. The author is not responsible for any possible harm caused by the materials of this article.

Beelogeer is an open source electronic keylogger. Have you ever wondered how to get someone’s credentials that are outside of your network that you cannot hack simply by using a payload and listener? Then the only method that remains to spy on his / her credentials is to install a keylogger and most keyloggers available online for remote keylogging are paid for. However, you can create an electronic keylogger with Beelogger for free if you have a Linux or Mac OS system.

We are going to use a powerful tool known as beelogger which will possibly generate fake Adobe Flash update, fake Word document, fake pdf, fake pptx, which are basically Windows keyloggers.

This tool gives extra energy to the subject of social engineering. We all run into problems when we try to install the keylogger on other computers because they know about exe format files and that they do not want to put unknown files in this style, however, if we send them a text document file or PDF file, then there is a good one. chance to click on it.

Functions

Send clicks every 120 seconds.

Send clicks if characters> 50.

Send clicks with GMAIL.

Some phishing techniques included.

Multiple session disconnected.

Auto-constancy.

It can create many types of keyloggers, for example:

Adobe Flash update installation file.

Adobe PDF

Office Word

PowerPoint PPTX

Excel sheet

Empty executable

Installation and launch:

git clone https://github.com/4w4k3/BeeLogger.git

cd BeeLogger

./install.sh

./bee.py

Using:

We generate it for the parameters:

Great, the malware survived:

Antiviruses almost did not harm him

Create a malicious keylogger plugin for Google Chrome

Hera is a utility that allows you to create a keylogger that works as an extension in the Google Chrome browser.

Installation on Linux

$ git clone https://github.com/UndeadSec/HeraKeylogger

$ cd HeraKeylogger

$ sudo apt-get install python3-pip -y

$ sudo pip3 install -r requirements.txt

$ start https://t.me/hackingtipp

Launch

$ python3 hera.py

The extension will be created and saved in the "MaliciousExtension" folder. It must be installed manually in the victim's browser. Once installed, all keystrokes and websites visited will be stored in your log.txt file.

Thank you all for your attention!

 A Google Dork is a search that uses one or more of these advanced techniques to reveal something interesting. Something important to keep in mind, the web can be crawled by anyone. Google automatically indexes a website, and unless sensitive information is explicitly blocked from indexing (nofollow, robots.txt), all of the content can be searched via Dorks or advanced search operators.

A few security webcam searches using Dorks

1

intitle:liveapplet Mostly security cameras, car parks, colleges, clubs, bars etc.

1

intitle:”snc-rz30 home” Mostly security cameras, shops, car parks

1

inurl:LvAppl intitle:liveapplet Mostly security cameras, car parks, colleges etc.

1

2

inurl:lvappl A huge list of webcams around the world, mostly security cameras, car parks, colleges

etc.

1

inurl:axis-cgi/jpg Mostly security cameras

1

inurl:”webcam.html” Mostly European security cameras

1

intitle:”Live View / – AXIS” Mostly security cameras, car parks, colleges etc.

1

intitle:”LiveView / – AXIS” Mostly security cameras, car parks, colleges etc.

1

inurl:view/view.shtml Mostly security cameras, car parks, colleges etc.

1

control/userimage.html

inurl:LvAppl

Dork: inurl:axis-cgi/jpg

Dork: inurl:view/view.shtml

Hacking Security Cameras Using Shodan

Shodan is a search engine for Internet-connected devices. Google lets you search for websites, Shodan lets you search for every device connected to the internet. 

Find security cams on the Shodan website

Website: https://shodan.io/

Searching for Hikvision:

1

Hikvision

1

Hikvision 8080

💚Shodan Dorks❤

A small collection of search queries for Shodan

This was written for educational purpose and pentest only.The author will be not responsible for any damage..!The author of this tool is not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access.This information shall only be used to expand knowledge and not forcausing malicious or damaging attacks.Performing any hacks without written permission is illegal..!!!

Chromecasts / Smart TVs →"Chromecast:" port:8008

Traffic Light Controllers / Red Light Cameras →mikrotik streetlight

IP cams, some of which are unprotected →IP Cams

+ 21k surveillance cams, user: admin; NO PASSWORD →NETSurveillance uc-httpd

DICOM Medical X-Ray Machines →Secured by default, thankfully, but these 1,700 + machines still have no business being on the internet..!DICOM Server Response

Door / Lock Access Controllers →"HID VertX" port:4070

Electric Vehicle Chargers mag_right →"Server: gSOAP/2.8" "Content-Length: 583"

Remote Desktop →Unprotected..!"authentication disabled" "RFB 003.008"

Windows RDP →99.99% are secured by a secondary Windows login screen."\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"

Lantronix ethernet adapter's →admin interface open, NO PASSWORD required.Press Enter Setup Mode port:9999

Pi-hole Open DNS Servers →"dnsmasq-pi-hole" "Recursion: enabled"

Already Logged-In as root via Telnet →"root@" port:23 -login -password -name -Session

Android Root Bridges →A tangential result of Google’s dumb fractured update approach."Android Debug Bridge" "Device" port:5555

Xerox Copiers/Printers →With root acces..!ssl:"Xerox Generic Root"

Apple AirPlay Receivers →Apple TVs, HomePods, etc."\x08_airplay" port:5353

TCP Quote of the Day →Port 17 (RFC 865) has a bizarre history…port:17 product:"Windows qotd"

Find a Job Doing This..! →"X-Recruiting:"

The search begins. Copy the IP address and port, and put it in your browser. ipaddress:8080

For more info you can use nmap tool !!

What data can we find using google dorks?

Username and passwords

Sensitive documents

Govt/military data

Email lists

Bank account details

Google Dorks Lists

I have made a huge Google Dorks List on GitHub. A collection of around 10.000 Dorks.

More about dorks given here.

💚Hacking by Angry IP Scanner❤

In this article I will teach you how to use the Angry IP Scanner to scan the Internet and look for IP cameras and recorders (DVRs and NVRs).

https://angryip.org/

See below the Angry IP Scanner website. Make sure you have Java installed and download the correct version for your computer.

Install ANgry IP Scanner to hack CCTV camera

STEP 2 - Install the Angry IP Scanner

The installation is very simple, you just need to run the setup file and follow the instructions as shown in the images below: (click to enlarge)

Angry IP Scanner Installation 01

Click Next

Angry IP Scanner Installation 02

Click Install

Angry IP Scanner Port Configuration to hack CCTV camera

Configure the fetchers to display the Web Detect information that will show some device information that is useful to find out who is the manufacturer.

To hack a CCTV camera is really necessary to have such basic information

Go to tools and click on fetchers to open the configuration window

Angry IP Scanner fetchers

To hack a CCTV camera first is necessary to find one that is available on the Internet, so you need to choose an IP Address range to scan with the Angry IP scanner. See the picture below where a range of IP address was scanned. 

IP Angry Scanner Results for Hikvision DVRs

You can use the IP range from your country or service provider, in the example above I used the range from xx.242.10.0 to xx.242.10.255. Note that you can fill the first part of the IP range and choose /24 or /16 for example to let the software find the range for you with 254 or 65.534 hosts respectively.

For privacy reasons the first part of the IP is not shown, after only few scans it's possible to find two Hikvision DVRs that are online on the Internet. I know that because of the Web detect information that shows DNVRS-Webs.

The scan can be done for thousand of IP addresses, so it's quite common to find a lot of IP cameras, DVRs and NVRs that are connected to the Internet.

After find an IP camera or DVR online you just need to right click and choose to open it on a Web Browser. Just like shown in the picture below.

Angry IP Scanner Open in a Web Browser

Hikvision DVR Login Screen

Note the manufacturer name (Hikvision) underneath the login screen. Sometimes you see a big logo and sometimes a small text just like this one.

Did you get the idea? To hack CCTV camera you just need to use a tool to scan the Internet, find an online device and try the default password you can get from the manufacturer manual or from a IP camera default password list.

Below the image from the DVR after login with the admin/12345 credentials.

Hikvision Hacked DVR

USERNAME:

admin

PASSWORD:

admin

IP ADRESS:

192.168.1.108

USERNAME:

admin

PASSWORD:

12345 / 123456

IP ADRESS:

192.0.0.64

Other Products

BrandUser NamePasswordIP 

🍏Addressr13xLogic

admin

12345

192.0.0.64

🍏Acti

admin

admin

192.168.0.100

🍏American Dynmics

admin

admin

192.168.1.168

🍏Arecont Vision

admin

No Set Password

No Default / DHCP

🍏Avigilon

admin

admin

No Default / DHCP

🍏Axis

root

no set password

No Default / DHCP

🍏Basler

admin

admin

192.168.100.x

🍏Bosch

service

service

192.168.0.1

🍏Bosch Dinion

admin

No set password

192.168.0.1

🍏Brickcom

admin

admin

192.168.1.1

🍏CBC Ganz

admin

admin

192.168.100.x

🍏Cisco

no default

no set password

192.168.0.100

🍏CNB

root

admin

192.168.123.100

🍏Costar

root

root

unknown

🍏Dahua

admin

admin

192.168.1.108

🍏Drs

admin

1234

192.168.0.200

🍏DVTel

Admin

1234

192.168.0.250

🍏DynaColor

admin

1234

192.168.0.250

🍏Flir

admin

fliradmin

192.168.250.116

🍏Foscam

admin

leave blank

unknown

🍏GeoVision

admin

admin

192.168.0.10

🍏Grandstream

admin

admin

192.168.1.168

🍏GVI

Admin

1234

192.168.0.250

🍏HIKVision

admin

12345

192.0.0.64

🍏Honeywell

administrator

1234

no default/DHCP

🍏IOImage

admin

admin

192.168.123.10

🍏IPX-DDK

root

Admin or admin

192.168.1.168

🍏IQInvision

root

system

no default/DHCP

🍏JVC

admin

Model# of camera

no default/DHCP

🍏VideoIQ

supervisor

supervisor

no default/DHCP

BrandUser NamePasswordIP Addressr1LTS Security

admin

12345

192.0.0.64

🍏March Networks

admin

leave blank

unknown

🍏Merit Lilin

Camera

admin pass

No Default / DHCP

🍏Merit Lilin

Recorder

admin / 1111

No Default / DHCP

🍏Messoa

admin

Model# of camera

192.168.1.30

🍏Mobotix

admin

meinsm

No Default / DHCP

Northern

admin

12345

192.168.1.64

🍏Panasonic

admin

12345

192.168.0.253

Panasonic

admin1

password

192.168.0.253

🍏Pelco

admin

admin

no default/DHCP

🍏PiXORD

admin

admin

192.168.0.200

PiXORD

root

pass

192.168.0.200

🍏QVIS

admin

1234

192.168.0.250

🍏Samsung

root

4321 / admin

192.168.0.200

Samsung

admin

4321 / 1111111

192.168.1.200

🍏Sanyo

admin

admin

192.168.0.2

🍏Sentry360

Admin

1234

192.168.0.250

🍏Sony

admin

admin

192.168.0.100

🍏Speco

root

root

192.168.1.7

Speco

admin

admin

192.168.1.7

🍏StarDot

admin

admin

no default/DHCP

🍏Starvedia

admin

no set password

no default/DHCP

🍏Toshiba

root

ikwb

192.168.0.30

🍏Trendnet

admin

admin

192.168.10.1

🍏UDP

root

unknown

unknown

🍏Ubiquiti

ubnt

ubnt

192.168.1.20

🍏W-Box

admin

wbox / 123

192.0.0.64

Wodsee

root

leave blank

unknown

🍏Verint

admin

admin

no default/DHCP

🍏Vivotek

root

no set password

no default/DHCP

ACTi: admin/123456 or Admin/123456

Amcrest: admin/admin

American Dynamics: admin/admin or admin/9999 

Arecont Vision: none

AvertX: admin/1234

Avigilon: Previously admin/admin, changed to Administrator/<blank> in later firmware versions

Axis: Traditionally root/pass, new Axis cameras require password creation during first login (note that root/pass may be used for ONVIF access, but logging into the camera requires root password creation)

Basler: admin/admin

Bosch: None required, but new firmwares (6.0+) prompt users to create passwords on first login

Brickcom: admin/admin

Canon: root/camera

Cisco: No default password, requires creation during first login

Dahua: Requires password creation on first login. Previously this process was recommended but could be canceled; older models default to admin/admin

Digital Watchdog: admin/admin

DRS: admin/1234

DVTel: Admin/1234

DynaColor: Admin/1234

FLIR: admin/fliradmin

FLIR (Dahua OEM): admin/admin

FLIR (Quasar/Ariel): admin/admin

Foscam: admin/<blank>

GeoVision: admin/admin

Grandstream: admin/admin

Hanwha: admin/no default password, must be created during initial setup

Hikvision: Firmware 5.3.0 and up requires unique password creation; previously admin/12345

Honeywell: admin/1234

IndigoVision (Ultra): none

IndigoVision (BX/GX): Admin/1234

Intellio: admin/admin

Interlogix admin/1234

IQinVision: root/system

IPX-DDK: root/admin or root/Admin

JVC: admin/jvc

Longse: admin/12345

Lorex: admin/admin

LTS: Requires unique password creation; previously admin/12345

March Networks: admin/<blank>

Mobotix: admin/meinsm

Northern: Firmware 5.3.0 and up requires unique password creation; previously admin/12345

Oncam: admin/admin

Panasonic: Firmware 2.40 and up requires username/password creation; previously admin/12345

Pelco: New firmwares require unique password creation; previously admin/admin

Q-See: admin/admin or admin/123456

Samsung Electronics: root/root or admin/4321

Samsung Techwin (old): admin/1111111

Samsung (new): Previously admin/4321, but new firmwares require unique password creation

Sanyo: admin/admin

Scallop: admin/password

Sentry360 (pro): none 

Sony: admin/admin

Speco: admin/1234

Stardot: admin/admin

Starvedia: admin/<blank>

Sunell: admin/admin

SV3C: admin/123456

Swann: admin/12345 

Trendnet: admin/admin

Toshiba: root/ikwd

VideoIQ: supervisor/supervisor

Vivotek: root/<blank>

Ubiquiti: ubnt/ubnt

Uniview: admin/123456

W-Box (Hikvision OEM, old): admin/wbox123

W-Box (Sunell OEM, new): admin/admin

Wodsee: admin/<blank>

Dlink and defeway having default user name is = admin

and pass is blank. 

Site that provides some live cam access!

1. camstreamer.com 

2 ipcamlive.com 

3 learncctv.com 

4 ip-24.net ip-24.net

5 camvista.com 

6 cameraftp.com 

7 pngline.com 

8 webcamlocator.com 

9 webcams.ru

10 no-ip.info 

11 insecam.org

Subscribe to YouTube Channel

https://youtube.com/channel/UCUhO6qymOnHOUGZM9AyQb6w

https://youtube.com/channel/UC9H8sUv8y-T6H7BMwE3bUhA

1. IP: Germany, Netherlands, France or any other IBAN country.
2.  
3. Use old GMail. (atleast 2-3 years old google account)
4.  
5. Instructions:
6. 1. Download OPERA Web Browser
7. 2. Clear Cookies Cache
8. 3. Go to Opera Settings, find VPN and turn it ON.
9. 4. Connect to Europe Location.
10. 5. Sign in to your Google 2-3 years old account
11. 6. go to cloud.google.com & click get 12 months free
12. 7. go to ip2location.com & see what country & ip Opera has set you up
13. 8. Most of times it will set you IP: Netherlands.
14. 9. Go to https://fake-it.ws/nl/
15. 10. Return to cloud.google.com tab, and change country to Netherlands, and tick both google terms and hit continue,
16. 11. Let it be on Business Account and grab data from https://fake-it.ws/nl/ and fill in Google Cloud
17. 12. On Payment below, click small option and you will see Add a BANK Account, click it to add Bank Account
18. 13. grab data from https://fake-it.ws/nl/ and fill in
19. 14. Click verify
20. 15 then wait 10-15 seconds
21. 16. Finally click START Free TRIAL on Google Cloud
22. 17. You will be greeted with Welcome to GCLOUD 12 Months and you awarded with $300 Free Credits..
23. 18. Click Compute Engine.
24. 19. Wait for few minutes or refresh page.
25. 20. Once you see Create button available click on it
26. 21 Create your VM Instances. Note 30GB RAM is the limit do not surpass it.