Penetration Archives | Vednam https://vednam.com/tag/penetration/ Latest News on Cyber Security,Hacking and Tech Wed, 24 Jun 2020 20:10:28 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 https://vednam.com/wp-content/uploads/2020/05/cropped-LOGO-PNG-02-1-32x32.png Penetration Archives | Vednam https://vednam.com/tag/penetration/ 32 32 The Harvester 2.2a-Tool for data gathering https://vednam.com/the-harvester-2-2a-tool-for-data-gathering/ https://vednam.com/the-harvester-2-2a-tool-for-data-gathering/#comments Sun, 31 May 2020 05:32:51 +0000 https://vednam.com/?p=647 The Harvester is a tool that is basically used to gather, open ports, emails, subdomains, hosts, employee names, and banners from different public sources like search engines, PGP key servers, and SHODAN computer databases. This tool is helpful in penetration testing in the early stages. The tools used to understand the customer footprint on the […]

The post The Harvester 2.2a-Tool for data gathering appeared first on Vednam.

]]>
The Harvester is a tool that is basically used to gather, open ports, emails, subdomains, hosts, employee names, and banners from different public sources like search engines, PGP key servers, and SHODAN computer databases.

This tool is helpful in penetration testing in the early stages. The tools used to understand the customer footprint on the internet. It also helps organizations to now pre attacker plans what exactly they found from the server.

The Harvester 2.2a-Tool for data gathering
The Harvester 2.2a-Tool for data gathering

The feature of the Tools :

  • Search all sources
  • Verify the virtual host
  • File saved in form of HTML and XML
  • Graphic and stats options
  • New Sources
  • Active enumeration(DNS enumeration,Reverse lookups,TLD expansion)
  • New sources
  • Check the open ports and banner with the integration of the SHODAN computer database.

Passive work :

  • Linkedin: specific search for LinkedIn user
  • Google Search Engine- www.google.com
  • Google-specific profiles and search engines.
  •  Bing: Microsoft search engine –www.bing.com
  • PGP key server
  • Shodan- this app will search for ports and banner of discovered hosts(www.shodanhq.com)

Active discovery:

  • DNS brute force: This option helps to run a directory brute force action.
  • DNS reverse lookup: The Reverse lookup is found and discovered in order to find hostnames.
  • DNS TDL expansion: TLD dictionary brute force.

For more information visit: Google Code – The harvester

Download harvester from Source link

The post The Harvester 2.2a-Tool for data gathering appeared first on Vednam.

]]>
https://vednam.com/the-harvester-2-2a-tool-for-data-gathering/feed/ 2
Brazil’s Cosmetic Brand Natura Find Exposes their User Personal Details https://vednam.com/brazils-cosmetic-brand-natura/ https://vednam.com/brazils-cosmetic-brand-natura/#respond Wed, 20 May 2020 18:49:55 +0000 https://vednam.com/?p=212 According to Source, Brazil’s biggest cosmetic company Natura has found leaked hundreds of gigabytes of their customer personal as well as payment-related information publicly accessible online that was accessed by anybody without requiring any authentication. Anurag Sen the Saftey Detective researcher who discovered that last month two unprotected-hosted servers which were 272 GB and 1.3 […]

The post Brazil’s Cosmetic Brand Natura Find Exposes their User Personal Details appeared first on Vednam.

]]>
According to Source, Brazil’s biggest cosmetic company Natura has found leaked hundreds of gigabytes of their customer personal as well as payment-related information publicly accessible online that was accessed by anybody without requiring any authentication.

Anurag Sen the Saftey Detective researcher who discovered that last month two unprotected-hosted servers which were 272 GB and 1.3 TB of size belonging to Natura that have almost more than 192 Million records.

Finding the Reports, we Got that the exposed data includes personally identifiable information on 250,000 Natura customers, Every account login cookies along with the archives which containing logs from the servers and users.

The Leaked information also includes Moip payment account details tokens for nearly 40,000 wirecard.com.br user who integrated it with their Natura accounts as informed by ThehackerNews

Anurag said that around 90% of the were Brazilian customers, although other nationalities were are also the part of ”

What leaked from the server of the omer includes :

  • Full Name
  • Mother’s Name
  • nationality
  • Gender
  • date of Birth:
  • hashed login passwords
  • username and Nickname
  • MOIP accounts Details
  • API credentials with unencrypted passwords
  • Recent  Purchases
  • Email and physical addresses
  • access token for wirecard.com.br

The unprotected server also had a secret permission certificate file that contains the key/passwords to the EC2 Amazon server where the Natura website is already hosted.

natura data leak

Source: TheHackernews

What happens if exploited the server key potentially could be allowed attackers to directly inject the digital skimmer into the company official website to steal the user’s all information including Payment details also.

According to experts, if you have connected with Natura you are advised to stay vigilant against identity theft you need to change the passwords and keep a close eye on every payment transaction if you feel any doubts directly connect with the cyber expert team.

Researchers always warned that the backend, as well as keys to servers, could be leveraged to manage further attacks and allow them to deep penetrations to the rest of existing systems

After all the experts connect with Amazon Services Company and let them know about the faulty server and the company immediately secures all servers and sends all server reporting.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post Brazil’s Cosmetic Brand Natura Find Exposes their User Personal Details appeared first on Vednam.

]]>
https://vednam.com/brazils-cosmetic-brand-natura/feed/ 0