Hackercool Magazine March 2022

A general misconception is that Linux is immune to malware. However, Crowdstrike reported earlier this year that Linux Malware rose by 35% in year 2021. But how is Linux infected with Malware? In this Month’s Issue, our readers will learn about one hacking scenario as to how hackers infect Linux systems with malware. One of the reasons why Linux is secure is its App Stores and Package Managers. Linux Package Management Systems make sure that the apps they provide are secure. Just like Windows, as long as users get their apps from these app stores or trusted sources, they are safe. But what if they fall victim to an untrusted source? Let’s see how a trusted app is packaged with malware. On the Attacker System, let’s create a new directory…

DIRTY PIPE VULNERABILITY Considered to be more prevalent than the Dirty Cow vulnerability and more simpler to exploit, the Dirty Pipe vulnerability affects Linux kernels since 5. 8. To make it worse, this vulnerability affects even Android as its OS is based on Linux. Dubbed as CVE-2022-0847, this vulnerability is fixed in kernel versions 5.16.11, 5.1 5.25 and 5. 1 0. 1 0 2. To understand the Dirty Pipe vulnerability, readers need to understand a few concepts in Linux. 1 Pipe:A pipe is a data channel that is used for uni-directional inter-process communication in Linux. 2.Memory Page:Whenever some data is written to a pipe, a page is allocated to it. A page is ring of a struct pipe buffer implemented by the Linux kernel. The first write to any pipe…

LINUX NETFILTER CVE - 2022 - 25636 VULNERABILITY CVE-2022-25636 is a vulnerability that affects the Linux Netfilter component. What is netfilter? It is an open source framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Its functions include packet filtering, network address translation and port translation. All Linux Firewall utilities i. e Iptables, nftables, ufw etc use Netfilter in their operations. Exploitation of this vulnerability can give attackers root privileges on the target system, allow them to escape containers and in worst case induce a kernel panic. This vulnerability affects Linux kernel versions 5.4 to 5.6.1 0. The target OS include Ubuntu, Debian, RedHat etc. However, there’s no clarity on which kernel versions are actually vulnerable. In our testing,…

Welcome to Metasploit This Month. Let us learn about the latest exploit modules of Metasploit and how they fare in our tests. Wordpress Plugin Catch Themes Demo Import File Upload Module TARGET: WP Catch Themes Demo Import Plugin < 1.8 TYPE: Remote MODULE: Exploit ANTI-MALWARE: NA Catch Themes Demo Import is a free WordPress plugin that allows users to import any demo they like in just a single click. It has over 10,000 active installations. All the above mentioned versions of this plugin have a authenticated RCE vulnerability that can be triggered by arbitrary file uploads. This file upload vulnerability is present in the ` ~/inc/CatchThemesDemoImport.php` file due to insufficient file type validation. We have tested this exploit module on Catch Themes Demo Import Plugin 1.6.1. The download information for…

The article I wrote years back on my blog about hiding a malware behind an image still receives a lot of traffic. This shows the interest that hacker community shows in hiding malware behind an image to deliver to the target. In this Issue, we will show our readers a tool that helps you to hide malware behind an image. We will cover this guide from the installation (trust me it’s bit of a pain) in detail to its usage. We performed this installation on the latest version of Kali Linux, 2022.1. So let’s start with the installation right away. First clone the tool from github as shown below. Navigate into the cloned directory and get execute permissions on the FakeImageExploiter.sh file if not already present. Then execute the file…

Lisa Suguira Senior Lectureer In Criminology and Cybercrime, University Of Portsmouth Jason R. C Nurse Associate Professor In Cyber security, University Of Kent Perpetrators of domestic abuse are increasingly exploiting digital tools to coerce and control their victims. Where there is abuse in a relationship, technology will also feature in how that abuse is conducted. Police forces now expect as much, when responding to cases of domestic abuse. Such technological abuse features everyday tools, from smart devices to online platforms and mobile phone apps. And the information on where to find them and how to use them is easily accessible online, often using a simple Google search. To understand the extent of this problem, we conducted a wide-ranging study for the UK government. We reviewed 146 domestic abuse cases reported…