Archivo de la etiqueta: hacking

Hacking Toys


Tras mucho tiempo sin pasarnos por aquí, prometemos volver con fuerza, esta es la primera entrada que hacemos en 2016, y esperamos que venga seguida de otras muchas.

En esta ocasión, os vamos a hablar de una serie de post que vamos a ir realizando, y que van a tratar sobre “Juguetes de hacking” o dicho de otra forma, hardware que nos va a ayudar a realizar distintas tareas de pentesting, dependiendo de qué estemos auditando.

Seguir leyendo Hacking Toys

Vamos a jugar con… Rubber Ducky! (I)

Hoy os traemos un juguetito que tenemos desde hace algún tiempo y con el que hemos empezado a “jugar” hace poco, se trata de “Rubber Ducky”, un USB que no es un simple USB como vamos a ver a continuación.

Para empezar podemos decir que Rubber Ducky tiene apariencia de pendrive, pero en realidad no actúa como tal, sino que ejecuta scripts en el pc víctima, por tanto es un pendrive que es capaz de ejecutar scripts sin el consentimiento del dueño del ordenador.

Estos scripts pueden ser desde un simple “hola mundo”, ejecutar un mimikatz o lo que se nos ocurra ya que las posibilidades están en nuestras manos y en nuestra imaginación. Seguir leyendo Vamos a jugar con… Rubber Ducky! (I)

Phishing in Google Drive

Hello there!

Today we have very interesting news about something we heard some days ago and that it is not being discussed. Symantec has informed about a phishing campaign that is used by Google Drive as bait for gaining information.

The trick is really simple, but very interesting at the same time, because it is very easy to be cheated. The user receives an email with a shared document. Once the user (that is being attacked) has clicked on the link, he is automatically redirected to a fake webpage that impersonates Google Drive’s login screen.


Phishing Google
Phishing Google

After entering the access credentials, this information is sent to a PHP script of a web server.

The special feature of this phishing is that the fake webpage is inside Google servers and it uses SSL (Secure Sockets Layer), so that you may think the webpage is real because is very similar to the original one.

Furthermore, after sending the access credentials, you are redirected to the real Google Drive in order to be unnoticed.

How do they do this? They have created a public folder in Google Drive and they have obtained a public URL by uploading a file. Thanks to this URL, they can send fraudulent messages.

Why do they attack Google and Gmail? Because both are very interesting for this kind of attacks, since the access to these services usually means the access to many other services where we are registered or where we have an account.

So if something similar happens to you, you should be suspicious. If you are already connected to your e-mail account, why do you have to put your credentials to access to Google Drive?

We hope you find this information useful.

Sources: (In Spanish)

Translate by: Cristina Serrano