• December 13, 2020

    Take Over Any Android Device In Minutes.

    Android Remote Administration Tool (RAT) named Ahmyth which is being trojanized into other Android apps and is getting distributed in the wild. Upon infecting an Android device this RAT can send sensitive information present on the device like SMS and call logs as well as perform functions like taking a picture, sending a text message or record audio via the microphone. Download & Install AhMyth There are two ways to download and install AhMyth. The first is to directly use the source code from GitHub. The second is to use the binaries they provide. Method 1 From Source Code If you chose to start with the source code, then you’ll need to check that you have a few prerequisites installed. Java — it’s used to generate the APK backdoor. Electron — it’s used to start the desktop application. Electron-builder and Electron-packer — they are used to build the binaries for macOS, Windows, and Linux. Once you have those prerequisites, you’re ready to proceed. First clone the code from GitHub with the following commands. git clone Then move to the AhMyth-Android-Rat directory with the following. cd AhMyth-Android-RAT/AhMyth-Server Once you’re in, start AhMyth with the command below. npm start This program is still in beta development, and as such, it isn’t as robust as it could be. Some users have gotten errors when attempting to start it. If you do, try again running it as root, as seen below. sudo npm start --unsafe-perm You’ll know it’s working when you see the GUI launch. Method 2 From Binaries The source code is one way to download it, but if you’re lazy like me, there’s a slightly easier way — use the binaries! It’s particularly nice when you’re working on a Windows computer and don’t want to mess around with the command line....
  • checklist -Sentry MBA-Config File-Combo File-Fresh Proxies Download Sentry MBA, A Combo file, A Config File, and Proxy scrapper. Now go to the Settings tab, then press General, then go to the Snap Shot section on the bottom left and press Load Settings From Snap Shot to load your Config file. (Be sure when you choose your Config file to change file settings to all files because configs are mostly .txt files now-days) Now you are going to load your Proxy list. You are going to go to the tools tab and click on Proxylist. when you get there, you are going to click the folder like icon and choose your Proxylist, which should be a .txt file. Now you are going to import your Combo list, right under the Proxylist tab, there is a Wordlist tab, click it. and go to the top left box which says Wordlist and click folder like icon and choose your Combo list. it should be also a .txt file. You are now ready to start cracking accounts! now click the Progression tab and on the top left bar, choose how many bots you want to run at a time, which means how many accounts cracking at a time. I suggest to users to use 50-100 bots to not have a program lag or crash. But then click the lightning bolt on the top right to start cracking! Now you play the waiting game.. its a long game but it works. When you get a account, it will be in the hits tab on the bottom of the program and ones that haven’t paid yet will most likely be in the To Check tab on the bottom of the program.
  • What is RDP ( Remote Desktop Protocol) RDP is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. It will connect you with any computer that is located in others country. We use it for stay anon and safety. In one word you will use someone’s pc for carding instead of your own… so let learn how to enable and use it on our pc. 5 ways to open Remote Desktop Connection in Windows 10: Way 1: Open it in Start Menu. Click the bottom-left Start button to display the menu, expand All apps, open Windows Accessories and tap Remote Desktop Connection. Way 2: Launch it by searching. Type remote in the search box on taskbar, and choose Remote Desktop Connection from the items. Way 3: Turn it on via Run. Press Windows+R to show Run, input mstsc and hit OK. Way 4: Open the app via CMD. Start Command Prompt, type mstsc.exe and press Enter. Way 5: Turn it on via Windows PowerShell. Access Windows PowerShell, input mstsc and click Enter. Once the rdp opens, you will be asked to input the computer ip. it is mostly in this format ( and it is part of rdp logins info which is bought from vendor. after writing that down, click on connect and wait for the prompt to input the username and password of the rdp logins which you have bought from a seller, and click on ok and yes upon seeing the prompt below. you have successfully logged in your rdp; you can use internet explorer to download browser of your choice. Buy rdps from monovm or anyother private seller.
  • October 28, 2020

    Phishing Windows Credentials

    It is very common in Windows environments when programs are executed to require from the user to enter his domain credentials for authentication like Outlook, authorization of elevation of privileges (User Account Control) or simply when Windows are inactive (Lock Screen). Mimic this behavior of Windows can lead to harvest credentials of Windows users that could be used for lateral movement during red team assessments. This technique can be useful when initial foothold has been achieved on the system and credentials of the user cannot be discovered by alternative methods.  C# Modern red teaming technique require tradecraft to be based in C# language since it allows in-memory execution by various frameworks such as Cobalt Strike, Covenant etc. The FakeLogonScreen is a Windows utility that was developed in C# by Arris Huijgen that will mimic Windows logon screen in an attempt to obtain the password of the current user.  The tool has the ability to show the background that is currently configured in order to reduce the risk of security conscious users to spot this malicious operation.  When the user enter his password on the fake logon screen it will perform a validation against the Active Directory or locally to ensure that the password is correct. The password will be displayed in the console. There is also a secondary binary which is part of the project and stores the credentials to a file (user.db) on local disk. Specifically executing the following will read the file that contains the credentials of the domain user.  1 type C:\Users\pentestlab.PENTESTLAB\AppData\Local\Microsoft\user.db A similar assembly binary called SharpLocker was developed by Matt Pickford that upon execution will show a fake logon screen to the user.  Every single keystroke will be captured on the console until the password of the user is fully uncovered. PowerShell Windows security input prompts are very common since applications in corporate...