Everything about CC's Fullz

What Are Fullz? Fullz is a term used by criminals to describe sets of stolen personal information that can be used to impersonate someone or to use their bank cards. Simply put, fullz are stolen identities or stolen credit card information.  The word comes from the word “full” in the sense of “full data” or “full credentials” and encompasses all the information a fraudster needs in order to impersonate someone to defraud a company, steal directly from the victim, or conduct illegal activity that will be attributed to the victim if they are caught.   How Do Fullz Work? Fullz can be acquired in several ways, including: Phishing and spear phishing: The victim is convinced they are sharing their passwords and/or other information with a legitimate company they trust. Bought on the dark web: Fullz are readily available to buy from other criminals, usually in bulk. Sourced from data breaches and elsewhere. These long lists will require card testing and other tests to identify w...
Post a Comment

What is sniffing and their types explained

 What is sniffing and their types explained


Q. What it sniffing?

Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools, it is a form of "tapping phone wires" and get to know about the converstation. it is also called wiretapping applien to the computer networks.

Q. What can be get by sniffing?

One can be sniff the following sensitive information from a network.
  1. E-mail traffic
  2. FTP passwords
  3. Web traffics
  4. Talnet passwords
  5. Router configuration
  6. Chats sessions

How it works

A sniffer normally turns the NIC of the system to the promiscuous mode to that it listens to all the data transmitted on its segment.
Promiscuos mode refers to the unique way of Ethernet hardware, in particular, network interfacecards(NICs), that allows in NIC to receive all traffic on the network, even if it is not addressed to this NIC. By defualt, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the ethernet packet with the hardware address (a.k.a. MAC) or the device. while this makes perfect sense for networking, non-promiscuos mode makes it difficult to use networks monitoring and analysis software for diagnisong connectivity issues or traffic accounting.


Types of sniffing


1. Passive sniffing

In passive sniffing, the traffic is locked but it is not attered in any way. passive sniffing allows listening only. it works with hub devices. on a hub device, the traffic is sent to all the ports in a network that user hubs to connect systems, all hosts on the network can see the traffic. Therefore, an attacker can easily capture traffic going through.
The good new is that hubs are almost obselete nowadays. Most modern networks use switches. Hence, passive sniffing is no more effective.

2. Active sniffing

In active sniffing, the traffic is not only locked and monitored, but it may also be attered in some way as determined by the attack. active sniffing is used to sniff a switch-based network. it involves injecting address resolution packets(ARP) into a target network to flood on the switch content addressable memory(CAM) table. CAM keeps track of which host is connected to which ports.

Active sniffing Technique

Following are the active sniffing tchniques
  1. MAC flooding
  2. DHCP attacks
  3. DNS poisoning
  4. spoofing attacks
  5. ARP poisoning

Sniffing detect - nmap -sn -script=sniffer-detect IP

MAC flooding attack - Macof -i eth0 -d  IP -n 100


More on telegram - Click here

Comments

Post a Comment

Popular posts from this blog

MAN IN THE MIDDLE ATTACK (MITM Attack)

Image
Man-in-the-Middle (MITM) attack happens when a hacker inserts themselves between a user and a website. Attackers have many different reasons and methods for using a MITM attack. Typically, they’re trying to steal something, like credit card numbers or user login credentials. Sometimes they’re snooping on private conversations, which might include trade secrets or other valuable information Usefull Types of Man-in-the Middle Attacks  Wi-Fi Eavesdropping If you’ve ever used a laptop in a coffee shop, you may have noticed a pop-up that says “This network is not secure.” Public wi-fi is usually provided “as-is,” with no guarantees over the quality of service.   However, unencrypted wi-fi connections are easy to eavesdrop. It’s much like having a conversation in a public restaurant – anyone can listen in Another Wi-Fi Eavesdropping attack happens when a hacker creates its own wi-fi hotspot, called an “Evil Twin.” They make the connection look just like the authentic one, down to th...
Read more

How does police track location using phone number

Image
The police can track the location of a phone number through a process known as phone number tracking or phone number triangulation. This technique involves the cooperation of telecommunication service providers and law enforcement agencies. Here is a step-by-step explanation of how the police can track the location using a phone number:    Obtaining a Legal Authorization : Before the police can track the location of a phone number, they need to have a legal authorization such as a warrant or court order. This ensures that the tracking process is conducted in compliance with the law and protects individuals' privacy rights.    Contacting the Telecommunication Service Provider : Once the legal authorization is obtained, the police will contact the relevant telecommunication service provider associated with the phone number. They will provide the phone number and the legal documentation to establish the legitimacy of their request.    Requesting Subscriber Inf...
Read more

Bruteforce Attack explained

 Bruteforce attack explained Q. What is bruteforce attack? A bruteforce attak is a trial-and-error method used to obtain information such as a usser password or personal identification number (PIN). In a bruteforce attack, automated software is used to generate a large number of consecutive guesses as to the values of the desired data. Q. How long do bruteforce attack take? As per this link,with speed of 1000,000,000passwords/sec. Cracking a 8 character password composed using 96 character takes 83.5 days. But a recent reserch presented at password 12 in norway, shows that 8 character passwords are no more safe. They can be cracked in 6 hours. Q.What is the bruteforce method? In computer science, bruteforce search on exhaustive search, also known as generate and test, is a very general problem-solving technique that consists of systematically enumerating all possible candidates for the solution and checking whether each candidate satisfier the problem's statement. Q. How long does ...
Read more