Facebook Password Hacker Myegy
Christal Rasband
Compromised uTorrent clients can be abused to download a malicious torrent file. The malicious file is designed to embed a persistent backdoor and execute when Windows 10 reboots, granting the attacker remote access to the operating system at will.
Torrent clients like uTorrent and Transmission have built-in features that allow server administrators to remotely access the torrent client via web application interfaces, as shown in the below image example of uTorrent's web app.
Overall, the number of publicly accessible torrent clients is growing. As torrent clients increase in popularity, so does the number of poorly configured and insecure services. Like all web apps, these clients can be hacked in various ways. For instance, in recent years, numerous directory traversal, privilege escalation, and cross-site scripting vulnerabilities have been disclosed, as seen in the image below. In the future, attackers may discover ways of bypassing authentication entirely.
So, a torrent client gets hacked... what's the worst an attacker can do? Pirate some copyrighted materials? Well, yes, but it gets worse. Torrent clients are capable of creating files and directories on the system as well as replacing existing ones. That access to the filesystem can be abused by downloading malicious files through the compromised torrent client.
Linux systems are equally vulnerable to such attacks but are out of the scope of our demonstration here. The .bashrc file found in most Linux system is essentially a Bash script that's executed every time a new terminal is opened or SSH login is established. An attacker can use the compromised torrent client to download a malicious .bashrc file, replacing the original one found on the server. It would cause the server to execute the attacker's .bashrc when someone successfully authenticates to the server.
This article will show how uTorrent web apps can be brute-forced and used to download a PowerShell script into the Windows 10 Startup directory. The PowerShell script is designed to embed a persistent backdoor and immediately delete itself when completed.
Patator is a brute-forcing tool, like Hydra, Medusa, and Burp's Intruder module. Using Patator to brute-force web app logins is very similar to brute-forcing router gateways. In my previous article, "Break into Router Gateways with Patator," command line usage and examples are covered in great detail.
Open Firefox and Burp Suite. Configure Firefox to proxy requests through Burp and capture the login request. Replace the encoded "Authentication: Basic" string with "FILE0," right-click it, and choose the "Copy to file" option. The FILE0 string will act as a placeholder for Patator's wordlist. Save the request to the /tmp directory with the "utorrent_request.txt" filename.
Hashes.org has published wordlists containing cracked passwords obtained in recent years. The 2018 wordlist, highlighted in the image below, can be downloaded by navigating to the website. That's the one we're using as an example in this guide.
Then, encode each line in the wordlist with base64. The "admin" username is the default with uTorrent web apps. Swap out the "./hashes.org-2018.txt" directory and file with the location and name of your downloaded wordlist.
In my tests against uTorrent version 3.5.5 in Windows 10, there didn't seem to be any kind of blacklisting or rate-limiting invoked by hundreds of thousands of failed login attempts. It would appear uTorrent allows an infinite number of login attempts over any prolonged period of time.
To brute-force uTorrent web logins, use the below patator command with the utorrent_request.txt file created in step two. Make sure you substitute any paths below to the right directory, as yours may be different.
After gaining access to the torrent client, if there are no active downloads, simply add any torrent file and click the "General" tab to identify the username on the Windows system. The torrent can be deleted after discovering the username.
This is only one example of a PowerShell payload. The script can execute a wide range of automated attacks, such as sensitive file exfiltration, desktop live-streaming, password dumping, and converting the device into a web proxy.
In Kali, download the qbittorrent client in a new terminal window. Most torrent applications allow for torrent creation, but the transmission-gtk client failed to create the .torrent file in my tests, so it's not recommended.
The torrent file will be created. Click "OK" and qBittorrent will begin seeding the file. The qBittorrent client must remain open the entire time for other torrent clients (i.e., the compromised uTorrent server) to download the file.
The payload.bat only contains a small PowerShell one-liner so it should download within a few seconds. In Windows 10, which won't be accessible to the hacker yet, the payload.bat can be found in the Startup directory.
The next time Windows 10 reboots, the payload.bat will execute the script. With virtual private servers, getting the target to restart the system can be tricky. Several ideas for accomplishing this are outlined later in the article.
In Kali, the below netcat command can be used to open a listener (-l) on port (-p) 9999. The listener is required to intercept the connection from the Powercat command embedded in the Windows 10 task scheduler. The port number can be changed but needs to match the Powercat port used in the payload.bat.
Windows 10 laptops on a local network can be easier to provoke into rebooting. With virtual private servers, it could be days, weeks, or even months before the target server or computer is restarted. It's uncommon for system administrators to reboot a remote system for no reason.
If the attack were successful, the payload.bat would be removed from the Startup directory, and a new TCP connection will be made to the attacker's system every time the Windows computer becomes idle (i.e., unattended for one minute).
As an avid torrent application user, remote access to the client makes downloading new content very convenient. But such web apps must be well fortified with security solutions like Nginx, SSH port-forwarding, or Tor onion services to prevent unfettered brute-force attacks and full-access to the client from the internet.
Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.
Wifi Password Hacker is an app for pranking your friends by making them believe you are a hacker capable of breaking any Wi-Fi network password. Keep in mind that this app won't provide you with the actual password of any network. Instead, it will pretend it's performing a series of very complex operations, Matrix-style.
Wifi Password Hacker is pretty simple to use. The app's main tab has only three buttons: Wi-Fi Password, Help, and Share. With this last button, you can share the app directly through any other app installed on your device, such as Telegram or WhatsApp. The Help button, on the other hand, allows you to read a few words from the developer himself, in which he explains that this is a prank app designed exclusively for this purpose: playing pranks on your friends.
The first button on the screen, the Wi-Fi Password button, is the one for starting the prank. When you touch it, a real list of all nearby Wi-Fi networks (as many as your device detects) will pop up. At this point, you can show the screen to your friends and ask them which one they want you to hack. Once you have a target, simply tap the Wi-Fi network in question. The screen will go black, and a bunch of green lines of code will start appearing, just like in the Matrix, to impress your friends. After a few seconds, a password will appear on the screen, which, of course, is not real.
Download Wifi Password Hacker to make your friends believe you are a dangerous computer hacker capable of cracking any Wi-Fi password. But keep in mind that part of the app's fun is having your friends nearby. For the prank to work, you'll need to show them your device screen, so you need them close by. Impersonating a movie hacker is just an APK away.
Uptodown is a multi-platform app store specialized in Android. Our goal is to provide free and open access to a large catalog of apps without restrictions, while providing a legal distribution platform accessible from any browser, and also through its official native app.
b1e95dc632