Hashflare Review

Hashflare.io is an arm of the services delivered by the HashCoins Team of professional cryptocurrency miners.


HashCoins has been in existence since the beginning of the cryptocurrency era in 2013. The team is patronized by over 350000 individuals and companies who have seized the opportunity to multiply their money by investing it wisely.
With hashflare.io, individuals can participate in mining cryptocurrency without doing the work by themselves. This means they can earn cryptocurrencies without purchasing the needed hardware and electricity supply.

Overview of Hashflare.io

Nothing goes wrong when trying to open www.hashflare.io. If you like, you can do this ten times per minute since it is pretty fast with a decent internet access. This makes registration, deposits and withdrawals fast and secure. To ease language barrier and to ensure that their presence is well felt in every region, Hashflare has included not just English Language on its webpage. As a matter of fact, potential investors from Russia, Turkey, Italy, Spain, Portugal, Germany and some more countries can browse the site comfortably by reading the content in their native languages.
On the home page of the site is written the site’s main objective—to mine cryptocurrency. This is followed by what you should expect and the different clouds they offer. With everything being detailed, nobody can say that he or she made a mistake while trying to figure out a good investment plan.

Benefits of Hashflare.io

Free for all

There is no need to ask your friend in Europe to open an account for you on Hashflare since you can do it yourself no matter where you are from. As long as you are an adult and you have some amount to invest, Hashflare.io is just meant for you. There is no restriction to the time limit for investment since they have already declared they are an investment for life opportunity.

VISIT Hashflare.io

The Right Cloud for Everyone

There are different categories of investments on Hashflare to suit everyone’s spending capacity. You can buy one or more units of Scrypt Cloud Mining, SHA-256 Cloud Mining, Ethereum Cloud Mining or Dash Cloud Mining. 1 MH/S of DASH Cloud Mining costs $6 but your contract ends for one year. There is also no maintenance fee for this mining just as in Ethereum Cloud Mining, which also expires in one year.
The minimum hashrate in Ethereum is 100 KH/S and it costs only $2.90. The other two packages have life time contracts but they do require some maintenance fees which can vary depending on prevailing circumstances. Cloud mining on Hashrate.io is like purchasing shares in the stock market. The miners who have donated their money get their share of profits based on the amount they have put into the company.

Hashflare.io Instant Payouts

Hashflare works like a robot. They don’t waste time in paying their share holders at the end of their operations. Investors can collect their funds into their Bitcoin wallets or reinvest it for higher profits.

Conclusion

You can be a member of this company the next minute. All you have to do is to sign up at hashflare.io and send in some bitcoins for any of the four categories I already listed. Your profits start calculating the moment you successfully make a deposit.

VISIT Hashflare.io



Hashflare.io is an arm of the services delivered by the HashCoins Team of professional cryptocurrency miners. Bitcoin Cloud Mining, Hashflare.io Review
Share:

A Foolproof Method to Remotely Install a Spy Software

In many of my previous posts on email hacking, I had suggested the usage of SniperSpy (remote spy software) to hack an email or any other password. To remotely install the SniperSpy on the target computer, all you have to do is just send the remote install file to the target email address as an attachment. Once the target user (victim) runs the file it gets installed automatically.
But there is one small problem…




What if the victim refuses to run the attached file?

This is the common problem that many of my visitors face. To solve this problem, I have come up with a foolproof method to remotely install the Sniperspy (or any other remote spy software) with a very high success rate.
To make the victim run the attached file without any hesitation, here’s a small social engineering trick.
All you have to do is just send the file from an email address that the victim will trust, instead of sending it from your own email account. Here is how it can be done
1. If the target email address is on Yahoo, then you need to create a dummy Yahoo account as follows
  • While creating a new Yahoo account just select the first name as Yahoo Securityand last name as Team.
  • Choose an email ID something like notifications09@yahoo.com,alerts009@yahoo.com etc.
Once you sign up, attach the spy software and send it from this fake ID. Since it appears to have come from Yahoo Security Team the victim runs it without any hesitation.
2. If the target email address is on Gmail, follow these steps
  • Create a new account with Security as first name and Team as last name
  • Choose an email ID something like alerts009@gmail.com
  • Complete the sign up process and go to your account
  • Click on Settings (on the top right corner)
  • Select the accounts tab, and you’ll see the option Send mail as: Next to this click on edit info
  • A new popup window will appear. Under the option Name: click on the second radio button and type the name as Gmail Team.
  • Click on save changes
Now whenever you send an email from this account, it appears to have come fromGmail Team. The victim will trust any emails from Gmail Team and hence will run the attached file without any second thought.

Please follow these instructions carefully

You should not attach the Sniperspy along with your email. You should place only the download link for your SniperSpy file and ask the victim to download it. Here is a step-by-step instructions to do that.
1. Goto www.hotlinkfiles.com and register a free account.
2. After you login to your account, at the top you’ll see an option to “Upload”. Click on it.
3. Now you’ll get a browse option to upload your file.
4. Upload the yahooupdate.zip (or gmailupdate.zip) file to hotlinkfiles.com server. Please note that you should place the snipersy file in a .zip or .rar format and rename it asyahooupdate/gmailupdate before uploading it.
5. Once uploading is completed, you’ll see the option “Direct Link:” under Linking Codes. Click on the option “Just the direct URLs”.
6. Now you’ll see the direct downlink to your yahooupdate.zip/gmailupdate.zip file. Copy it.
7. Place this download link in the body of the email and ask the victim to download the file from this link.
Do not paste the download link as it is. Instead type as “Download Here” and link this text to the download URL.

How to compose the Foolproof email?

Once you create a dummy email account compose a new mail as follows.
NOTE: Text in red color are for your reference only. Do not include that in the actual email body.
Subject: Install the latest security update
————————————- Email Body ——————————————-
Dear Gmail/Yahoo user (or name of the victim)
This is a security alert from Gmail/Yahoo security team. We hereby notify you to install the latest security update (see the download link) as an additional safety for your account. We are pleased to release this latest security update to our subscribers to keep their email accounts safe from unauthorized access. It is highly recommended that you install this update as a part of your Yahoo/Gmail security. To install this security update please follow these instructions
1. Disable your existing antivirus/antispyware (if you have one) before you install this update. This is required to avoid any compatibility issues.
2. Download the update from the following link and unzip the downloaded file.
Download Here
3. Double click on the file to install it. The update gets installed automatically and will not display any window.
4. Now re-enable the antivirus/antispyware software.
Please be advised that we are sending this email only to a list of selected subscribes whose accounts are likely to have vulnerabilities.
thanks,
The Yahoo/Gmail security team
NOTE: This email is sent from an automated system. Hence do not reply to this email.
—————————————– End body ——————————————
Once you send an email to the victim as specified above, the victim will download and install it without any hesitation/suspicion. So what are you waiting for? Go getSniperSpy now!
DISCLAIMER: This Tutorial Is ONLY For Learning Purposes. AnyOne Who Will Use It In A Negative Sense Is Himself Responsible For Any Trouble.
Share:

How To Clean Video Game Consoles Hardware And Accessories


How To Clean Video Game Consoles Hardware And Accessories

Aside from lag, having to clean your gaming equipment is one of the worst things that can happen to a gamer. Seriously, who cleans their things, anyway? Gaming is for fun, not doing chores. But in those rare occasions when you decide that your console can't really take much more, then you have no choice but to clean it, especially as far as dust is concerned. Dust is the biggest enemy your gaming set-up can possibly have. It can not only make your hardware run worse than it usually does, but it can also damage it beyond repair. And in the light of the holidays and the oncoming Christmas celebrations, when I assume many people get the new generation of consoles as presents, I decided to do a guide on how to properly clean and maintain and clean your console hardware and accessories. This will not only increase the longevity of your console,but it will also ensure that it runs great for as long as possible. It's not going to be pleasant, let me tell you that much, but it's worth doing if you are a true enthusiast and plan utilizing your new (or old console) in the best way possible.

Unplug everything

This is possibly the most important step in the process. You need to unplug everything, otherwise you risk damaging the platform. Not only that, but you can also get hurt so it's a good idea to apply extra caution. After all, you are working with sensitive equipment. Carefully unplug everything that can be plugged and make sure you don't forget anything.

If some of the accessories aren't plugged (like your controllers or headset) and are powered by batteries, instead, remove the batteries. You want to discontinue all power supply to both the console and its components.

Cleaning the exterior

There are several things that you will need here in order to accomplish this fairly simple task. First of all, buying a microfiber towel would yield better results in the cleaning process, even though this part is optional. You can use any lint-free old rag you can get your hands on. You will need two of them – one for the processing and one for the drying out. Also purchase an electronics spray (the kind of spray you can use to clean all sorts of electronics, like laptops, consoles, monitors and more). Spray some of the solution on the cloth and wipe off all the surfaces of your hardware. Dry out with the other cloth immediately so you make sure that everything works well afterwards. Never spray directly on the surface of the console or any of the periphery. This may very well damage the devices so be careful.

Cleaning the interior

Cleaning the interior is a bit trickier. You should open the console because odds are you don't know what you're doing (otherwise why would you be reading this?) so you might damage it. Spraying compressed air into the air vents of your device would be enough to remove a large portion of the dust outside the console. This way you don't need to open it but you will still be able to clean most of it. Something to keep in mind is that compressed air comes out rather cold so you shouldn't be keeping the device too close to the source. Otherwise the air will condensate inside and damage the console.

Cleaning peripheral devices

Use a cotton swab and some rubbing alcohol to clean the peripheral devices such as controllers, microphones, headsets, etc. Just make sure to dry it out immediately. If you're not confident in your abilities to clean the console properly, seek the help of a specialist.
Share:

Mobile Hacking Part 1: Introduction and Device Building

Welcome back everyone! Today we start a brand new series about mobile hacking. This article will be an introduction to the concepts we’ll cover throughout the series, and a tutorial on how to build our own mobile hacking device. So, without further adieu, let’s get started!

Introduction and Overview

Smartphones are everywhere. Most people carry one with them majority of the time. Imagine if we could turn a cell phone into an advanced hacking machine, capable of launching targeted attacks. We’d be immensely powerful in the world of mobile devices. Being able to hack from a mobile devices comes with insanely valuable advantages. Throughout this series we’ll be learning to use these advantages in order to further enhance our hacking abilities.
Now that we have a premise for this material, we need to explain what we’ll be covering in this series. In order to avoid divulging too much information about the upcoming articles (no spoilers!), I’ll give a general overview instead of a specific timeline.
  • The advantages and disadvantages of mobile hacking
  • The different options in mobile hacking equipment and setups
    • Also including the pros and cons of each set
  • Mobile specific hacks
    • Hacks that can easily/only be performed on a mobile platform
  • Mobile v.s. Mobile
    • Hacking mobile devices with mobile devices
  • Additional (optional) mobile equipment for specialized attacks
It may not seem like a lot, but trust me, these topics will seriously help us grow and develop as hackers.

Building our First Mobile Hacking Device

Now that we have a basic overview of what we’ll cover throughout this series, we can move on to building our own hacking device! We’ll start by explaining the tech behind the device we’re going to make, and then we’ll get right into it.
It’s time to introduce a company that made the technology we’ll be using today, Pwnie Express. Pwnie Express makes a variety of hacking devices available for purchase. Among these devices is the Pwn Phone. Normally you’d have pay a little over $1000 for a Pwn Phone. But for those with enough ambition, the Pwnie Express maintains the AOPP (Android Open Pwn Project), which allows us to build our very own Pwn Phone! Just a heads up; the AOPP only supports a handful of devices, before continuing, I recommend you make sure your device is supported!
Now that we know where this technology is coming from, we can get building. We’ll be building our Pwn Phone out of a LG Nexus 5, running completely stock ware. So, let’s get started!

Step 1: Download Needed Files

In order to start making our pwn phone, we need to download a handful of files. Since we here at Hacking Loops care about you, I’ve made a simple BASH script to do all the downloading for us. We need to download this script, format it, and make it executable. Let’s do all that now:
downloading-download-script
Now that we have this download script, all we need to do is execute it and wait. These files are quite big, so you’ll need to have some patience. It will store all the downloaded files in a new directory named project. So, let’s execute this script and wait:
executing-download-script
Now that we have these files, we need to do some work with them before we continue.

Step 2: Unpack the Android Command Line Tools

In order to work with our Nexus, we need to use the Android SDK platform tools. In order to use these tools, we need to unzip the Android file we downloaded in the project directory:
unzipping-SDK-tools
Here we use the tar command in order to extract the Android SDK zip archive into a new directory name android-sdk-linux. Inside of this new directory is an install tool that we need to use in order to install the proper platform tools. Let’s move into this directory and use the update tool:
executing-google-install
By using these settings with this install tool, we can install just the platform tools, not any of the other software that would be installed by default. Once we execute this command, we will receive a LOT of output. Eventually we’ll be given a prompt asking if we accept, answer yes and we can continue:
finishing-install
Now that we’ve finished the install, a new directory can be found one directory up named platform-tools. We need to add this directory to our PATH so we can use the tools from anywhere, which will make our job way easier:
editing-PATH
Now that we’ve added this to our PATH, we need to do some work on our device before we can continue.

Step 3: Enable USB Debugging

Before we can continue, we need to enable USB debugging on our device so we can modify it from our Kali system. In order to enable USB debugging, we first go to ‘Settings’, and scroll all the way down to ‘About phone’:
about_phone_normal(1)
Inside of this option we see a large amount of information about our device. Near the bottom of the menu, we can see a tab labeled ‘Build Number’:
build_number(2)
If we keep tapping the build number option, we will unlock developer options for our device. Once it happens we will be given a notification:
dev_options_unlock(3)
Now that we’ve been given this notification, we can go back to the main settings menu and see a new option:
new_menu_ops(4)
Developer options allows us more power over our device, including the ability to enable USB debugging. Around the middle of the menu we can find the option to enable it. Once we do, we will see a prompt asking for us to confirm our decision:
allow_USB_debug(5)
There we go. Now that we have USB debugging enabled, we can continue.

Step 3: Unlock the Bootloader and Install TWRP Custom Recovery

In order to install the AOPP, we need to install it through a custom recovery. If we’re going to use a custom recovery, we ought to install one first! We’re going to be install the Team Win Recovery Project (TWRP for short). This will allow us to backup and install software on our device easily.
But, there’s a catch. In order to install TWRP, we need to unlock the bootloader.  This is incredibly easy so let’s just get it out of the way.  Inside of the compressed file that we setup earlier is a tool named fastboot. This tool allows us to interact with the device while it’s in the fastboot state. In order to access the fastboot menu, power down your device, then hold the power and volume down buttons at the same time until a menu with an open android appears.
Now that we have the fastboot menu open, we need to make sure our Kali system is recognizing the phone. We can tell fastboot to list all the devices current connected. Once we do that we’re going to use fastboot to unlock the bootloader so we can install TWRP. Let’s do these things now:
fastboot-list-and-unlock
Now that we have the bootloader unlocked, we can flash the TWRP recovery image to our device. We also use fastboot for this, and the process is rather simple. Let’s flash TWRP now:
flashing-TWRP

Now that we’ve installed a custom recovery, we can continue.

Step 4: Install the AOPP ROM

Now that we can use our custom recovery, we can install the AOPP. In order to boot into our recovery, we need to select the “Recovery” option from our fastboot menu on our device. You can scroll through the options by using the up and down volume buttons, and choose the selected option with the power button.
We should see the boot screen for TWRP, once it loads it should look something like this:

twrp menu
Now that we’re in TWRP, we need to do some wiping. To do this, we need to select the “Wipe” option, and select everything except Internal Storage and then swipe the bar at the bottom of the menu. After a few seconds, the wipe should be successful.
Now that we have wiped our system, we need to move the AOPP file over from our Kali system to our device. We can do this using a tool known as android debugging bridge (adb). We need to stay in recovery mode to use adb, so let’s use adb to see if the device is ready. If it is, we’ll push the zip file from our Kali over to the device:
push-AOPP-zip
Now that we’ve pushed the AOPP zip file to the device, we need to go back to the main TWRP menu. From here we select the “Install” option. Once we select this option we should see a space that lists file names. Among these names should be the AOPP that we pushed to the device. Select this file and follow the confirmation prompts to flash it to the device.
Alright, we’re almost done installing AOPP. There’s only one more thing we need to do. We need to push the  SuperSU zip file to the device, let’s get that out of the way:
pushing-SuperSU-zip
Now that we have all this in place, we should be able to reboot our device. Only one more step to go until have a fully functional pwn phone!

Step 5: Setup the Pwn Phone Environment

This final step is very easy. All we have to do is boot into our new system and follow the setup prompts. Once this is complete, we will be greeted with the pwn phone home screen. But you may notice something, we don’t have any tools yet!
In order to get the tools we need, we need to setup the Pwnix environment. There should be a notification at the top of the screen prompting us for to setup the environment:
env_setup
Once we select start, we will be prompted by SuperSU asking us if we want to allow the Pwnix setup root access. Once we grant it root permission, the setup will begin. Once the setup is complete, we’ll be prompted to restart to finish the install:
reboottoinstall
Once we restart we should have quite a few tools ready for use. But if we want to greatly expand the amount of tools on our device, we need to perform an update. We should have an update prompt at the top of the screen in the same place the setup prompt was. Once we perform this update we should have a fully fledged pwn phone!

There we have it! We successfully built our very own pwn phone. This device is incredibly powerful and I intend to prove it. In the next article we’ll be going deeper into the advantages of mobile hacking. I’ll see you there!
Share:

What the Deep Web Is, and How to Access It

I’m sure by now you’ve heard about the Yahoo! breach which is one of the largest breached ever.  For many people breaches like this keep us up at night at first but ultimately end there.  Well, the story is usually a much longer one because after these types of breaches occur the sensitive information is then bought and sold within the deep web.  It is for this reason that any pentester or anyone in IT Security for that matter needs to understand what it is and how it works.  One pentesting tactic that is used among professionals is to go look to see if you can discover credentials that are already out on the web due to a previous breach.  There have been many so it is definitely in the realm of possibility, and finding these weaknesses is what the organization would be paying you to do.
Whenever someone mentions the dark net or the deep web, most people’s eyes gloss over with mystified curiosity for the Internet’s innermost circles. And the media doesn’t help, because modern films and television dramas do little to paint an accurate picture of the deep web. Instead, entertainment media paints a picture of clandestine meetings between anonymous silhouettes wearing trench coats and fedoras.
All of this mystique, in my opinion, paints an unfair and inaccurate portrayal of what the deep web really is. It’s not just a place for the world’s most shady and secretive users to lurk around on exclusive “invite only” websites. Even though it may sound like I’m contradicting myself, to be completely honest, there are undoubtedly more than a few of those types of sketchy websites in what most people consider to be the deep web.
While there are plenty of seedy destinations, riff-raff, and unsavory users occupying some portion of the deep web, the vast majority of it isn’t necessarily sketchy or dangerous.  But before we dig into what types of content lurk in the deep web, let’s first talk about it’s size.
Search Engines and the Global Internet as a Whole
What exactly is the Internet? Is it Facebook, Google, and your favorite streaming media sites? There are a variety of definitions, but for our discussion of the deep web, I want you to understand one key point. Technically, any device – be it a router, switch, firewall, smartphone, tablet, refrigerator, or automobile – becomes part of the global network when it gains an Internet connection.
Like it or not, there are a variety of paths between any two endpoints, meaning that in some contexts, the computer you’re using right now could technically be classified as a component of the Internet. However, there are a lot of security tools to separate devices, groups of devices, and entire countries into their own isolated networks. The fact remains that you can’t personally connect to the overwhelming majority of devices connected to the public Internet (such as private corporate networks, your neighbors Wi-Fi router, etc.).
When most people talk about the Internet in common speech, they are merely talking about a couple of different protocols out of many hundreds (or perhaps thousands), namely HTTP and HTTPS. For instance, there are other protocols used every single day, such as File Transfer Protocol, Voice over IP, and Secure Shell, among many others. With that understanding, then wouldn’t the entire Internet consist of HTTP and HTTPS web pages? And doesn’t Google, not to mention other search engines, already index all of those pages so we have a means of sifting through all of the web servers to find the information we want?
Well, not exactly. If you go and run a Google query right now, it’ll spit back millions of results in a fraction of a second. And while that may look like it’s every imaginable web page on the Internet that’s related to your search terms, there’s a lot you don’t see. The fact remains that search engines can only index a very small fraction of the entire Internet that is hosted on web servers.
Why Can’t Google Index the Entire Internet?
Despite what most people think, Google does not have supreme authority on the Internet. In fact, it’s completely optional whether or not you want Google to index your site. But how does Google index sites in the first place? The answer is critical to understanding a vast portion of the deep web. You see, Google uses mechanisms called crawlers to hunt around on the Internet and find web pages.
After a crawler has crawled a page and read the content, it feeds the data through a special proprietary Google algorithm that uses a lot of composite metrics to rank the web page, and perhaps place that page on the first page of the search engine results. But how do the crawlers know where to crawl? Well, they don’t call it the World Wide Web for nothing. The vast majority of web pages and domains are intermingled and linked to each other many times over.
If a crawler is crawling a page and notices outbound links, it then follows those outbound links and starts crawling the new pages. If those new pages contain links, the crawler continues to crawl the current page, and crawls the pages of the second set of outbound links as well, and so on, and so on. It’s a very recursive process, and the crawlers work by building a sort of link road-map of the Internet.
But the crawlers don’t have an all-access pass to every page on the Internet. There are many roadblocks in their way that can prevent them from crawling a website. For instance, a web server hosted on a private network may not allow the crawlers private access. Also, consider gated content. What about content sites that require a user to enter login credentials before accessing information? With few exceptions, crawlers are blocked by sites requiring login credentials.
Furthermore, a lot of data hosted on the Internet is used to create dynamically generated web pages. The crawlers simply can’t comb through the secure back-end databases to index the content. Finally, we are starting to touch on the vast majority of content that is genuinely part of the deep web. But also consider that a website administrator can opt out of Google indexing (in fact, you can opt out of it with your Facebook page as well in the Facebook security settings).
Types of Content on the Deep Web
With so much of the Internet left untapped by the search engines, you are probably wondering what types of content actually exist in the deep web. Naturally, there are some truly disgusting websites hosted by people engaged in nefarious and despicable activities. For instance, there’s more than a fair share of stomach-wrenchingly nasty and disgusting porn sites.
Some people have used the deep web to operate sex trafficking circles, and even child pornography. In addition, there’s quite a few sites that are engaged in the trafficking of drugs and illegal contraband, such as weapons. I don’t recommend that you go hunting around on the deep web for these types of websites out of idle curiosity.
Even the act of just visiting one of these sites would look incredibly suspicious should the authorities become aware of your browsing habits. In the modern digital-driven era, you never know who else may be watching your online activities – even with precautions like Tor, VPN tunnels, and anonymity services. Don’t believe me? Well, consider that the Tor network has been infiltrated by the FBI on multiple occasions in the past.
However, I don’t want to pain an inaccurate picture of the deep web. The fact remains that the aforementioned types of unsavory web destinations only account for a small fraction of all the data that could be classified as the deep web. Other types of data that reside on the deep web include, but are not limited to, the following:
  • Dynamically generated content – dynamic web pages that are based on back-end databases are becoming increasingly common, and that data isn’t typically indexed by search engines.
  • Limited content – it’s a common practice for some websites to limit access to their websites. A few examples include web servers hosted on a corporate intranet, websites that are gated with login credentials, websites that require user verification via a CAPTCHA security plugin, and other similar types of limitations.
  • Oddball file formats – not all of the web is written in text. There are a lot of strange file formats that can’t always be indexed by search engines, such as non-HTML based content, voice, podcasts, video, multimedia content, and others.
  • Private networks – a lot of the Internet is private, such as any home or business network residing behind a firewall.
  • Content protected by software and digital services – some content simply isn’t accessible unless you have access to the right software. For instance, some web pages and domains aren’t accessible unless you are using I2P or Tor. These types of websites are what most people commonly think of as being the entire deep web.
  • Disavowed content – some content on the Internet disavows incoming links, or simply isn’t linked to. Furthermore, the website administrator may use software tools to prevent crawlers from linking to the page, as well as break incoming links with redirects.
  • Archived data – some tools allow people to make historical catalogues of web pages to track changes over time. However, over time, some of the older versions of those web pages may become inaccessible.
How to Access the Deep Web
I know that the deep web sounds like an interesting and curious place, but there’s not that much to it. The easiest way to access what you would think of as the deep web would be to download Tor. You see, Tor is an anonymity network that makes it (virtually) impossible to track users’ online browsing habits. There are a few exceptions, but for the most part, the Tor network is well adept at hiding your identity.
Before we dig into the dirty details of accessing hidden services, I need to first caution you with a warning: proceed at your own risk. There are a lot of dangerous and malicious websites on the deep web, and if you get a virus or end up on governmental watch list for accessing the wrong content, that burden rests squarely on your shoulders.
That said, you want to go ahead and download Tor, and then access hidden services. But how do you know about a website if no one tells you it exists, and you can’t find it in a search engine? I know it seems like a bit of a “chicken and the egg” scenario, but there are a few places you can go to find directories of hidden services.
The following are a few sources for links to the deep web:
Because a lot of these websites aren’t indexed by search engines, they are instead spread by word of mouth. There’s no telling what websites are lurking out there on the deep web, and some may only have user bases of tens or a few hundred people. Some of them are invite only, though these three aforementioned places are a good place to start.
Just glancing at the list, you can begin to get an idea of the types of websites occupying the deep web. There’s more than a few of them I have no desire to visit, such as those that deal with illegal arms trading.
Some of them seem to be pretty black market in nature, and could very well be a scam – such as the fake ID and passport websites. Some of them are simply nefarious online marketplaces, like the infamous silk road, which is a type of Alibaba or Amazon digital vending service that offers a lot of contraband. However, as far as informational content is concerned, there are a lot of hidden blogs as well.
Final Thoughts
The amount of the Internet the average user can see is analogous to an iceberg, whereby you can only see the tiny bit poking above the water’s surface. But deep down below, there’s more than meets the eye. I know that some people are curious by nature, and that you may be one of them.
However, I’d highly caution you against taking a stroll down the back alleys of the Internet. You don’t know what you’re going to find, and it might be pretty ugly. Unless you are specifically trying to access content that you already know about, I wouldn’t spend too much on the deep web.
Share:

Windows 10 Privilege Escalation using Fodhelper

Hello aspiring hackers. Today we will see an exploit  which helps us in Windows 10 Privilege escalation. Till now, there was no exploit for privilege escalation in Windows 10. Recently we got one. This module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched.
Once the UAC flag is turned off, this module will spawn a second shell with system privileges. This module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS.
To use the fodhelper module to escalate privileges, we need to background the current session.
Search for fodhelper module using the search command.
Load the module and set the session ID as shown below.
Run the module as shown below.
As you can see, we successfully got a meterpreter session. When I check privileges, its still user privileges but when I run “getsystem” command, I get system privileges on Windows 10.
Happy HAcking.
HOW TO STAY SAFE: 
Microsoft had already released patches. Just make sure your system is updated.
Share:

DISCLAIMER

The information provided on hottechtips.blogspot.com is to be used for educational purposes only. The website creator is in no way responsible for any misuse of the information provided. All of the information in this website is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” on hottechtips.blogspot.com should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk.