CVE-2021-44228

 

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message
parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Notes

Author	Note
mdeslaur	apache-log4j1.2 contains a similar issue in a non-default configuration, and it was assigned CVE-2021-4104, see that CVE for information about apache-log4j1.2

Read More

My final Post

 This is going to be my final post on this blog.

I started learning & writing blogs at same time on this blogging site. Its been more than 12 years since I started this. Thanks for all the viewers who were been a part learning with me on this blog. No one is 100% perfect in any perticular domain. Even I am not good at hacking because as you know that everything digital, electrical, electronical, biological can be hacked & its very huge subject to learn everything.

I am good at OSINT, pentesting, vulnerability assesments & its pretty enough for me. I still need to learn about satellites, telecom frequencies, electronics. I started getting interested in BioHack, Transhumanism, Cyborg implants. But I am just blocking my mind from thinking about all these. These are few amazing technologies but we need to realize that these interests cant feed us. Though these can be a real business but our world is not yet ready for bionics or biohacking yet.

I still learn and practice hacking, but for good. I just have one life, and want to utilize every single second. So forming a small business to work on Cyber Security & data security of Individuals & Enterprises

THANK YOU
With 💗

GlobalHackers

Read More

CoWIN 150 million Data Hacked

 CoWIN 150 million Data Hacked is actually a scam

The group / one person who is posting this info is neither a hacker or ransom group. They just know how to host darkweb website.

For example, ADATA data is being released by Ragnar_Locker ransom group but they didn't uploaded yet. But these fraudsters have posted about leak for $500 though they don't have files.

They post any data to grab others money, I want CyberSec to stop publishing about their data on social networking websites. Please investigate info from your end or atleast find which real group is leaking it.

Read More

My Journey on Hacking

Before starting up with this topic, I would like to say, I don't do any of the hacking activities for financial gain (I earn and take payment only if I am involved in legal activities). I have most of the leaked data but I have nothing to do with anyone's info. I keep them only to extract encrypted passwords to make an application & let people know which passwords not to use (its just like cyber security services).

In addition to this, everyone involved in Ethical Hacking or Hacking or Cyber Security have a pseudonym & we must use it to hide our true identity.

Now, coming to my journey…

When I was in Intermediate (K12) in 2006/7, one of my classmate asked other classmate whether he know about hacking. With the curiosity, I asked him what is hacking. If they gave minimum info about what it is, I wouldn’t have researched about it at all but they replied by saying its hard to explain / you are noob & cannot understand it. So, I felt sad as I didn’t get what I want to know. And when I got back home, I started searching online about hacking and all, I started learning like crazy because everything was so new as I got my 1^st computer just few days before. I just started understanding about basics of networking, Linux was so new for me at that time, started learning about how network infrastructure works, started learning basic programming. Daily I start learning something new & even today I learn something new. Thanks to those two friends who replied me rude when I asked about hacking because after I started learning, I hacked into their Orkut account (I think) and gave them their passwords. Their shocking expression made me happy because its not only result of my learning but its payback to talk rude.

Then after K12, there was a long holiday between K12 & Engineering Degree, so I started learning more about hacking and at that time I came across dark web. When all my friends were having fun outside & making girlfriends, I was having amazing time learning.

I would say, Hacking is equal to OCEAN. There is no end to learning because there is no end to changes in existing software development.

When can we stop learning about hacking?
Its when all softwares, all operating systems, all internet & intranet infrastructure, all satellites, all vehicles, all sensors, all electronics, all wireless technologies, all IoT devices etc. get 100% secured & 100% vulnerability free, that will be the end of hacking & learning hacking, so now you know when you will have 100% knowledge. I say it’s never.

When I joined engineering, I was quiet and used to hack into friends’ accounts & say them their password (no harm). Then in 2008, I created this blog & started writing whatever I learnt before & whatever I was learning at that time. So, I feel in love with writing. Also, I started grabbing hacking tools from DarkWeb & used to post on globalhackerstools.blogspot.com (now its unavailable). I was so happy that I started getting more than 4000-5000 views per day on this blog site.

Then I came to know about google adSense, so as I am already eligible due to site traffic, my account got approved so soon. This was my first money making option from online. You will soon be able to understand why I am still writing these blogs (it’s not for adSense, lol).

I used to do marketing of my blog even in college by writing blog link everywhere possible but unfortunately, I was nicknamed as hacker in college either due to my activities on others accounts or due to this blogging link. But most of them don’t know my real name, they used to call me as hacker which I am not.

After college in 2011, I started hacking into most popular social networking website accounts after finding some vulnerabilities & in that process I unfortunately got connected to my ex. And after her, I started concentrating more on my career than having fun with hacking.

Then I started my business and wasn’t active in these activities but things are not going to be the same. I want to convert my fun into profession. So, I got Ethical Hacker Certification in 2012 (I think) & started providing penetration testing services & also I started getting sub contracts of big projects. In 2014, I started with another business, brokeup with my ex, stopped pen-test services and due to a long gap, programming is out of my mind. In 2015, I again got involved in hacking social networking website accounts but this time its for growing my business just by connecting with unknowns who are also interested in business. In same year, I got connected to my 2004-05 crush & became friends. From then I was more into work than hacking activities.

Again, now in 2021, I got here just to get rid of my stress & depression. I think we must do some positive activities which make us feel good & excited. Getting connected with other hackers, checking about new CVEs and all activities related to Hacking is my Stress Buster (at present). I don’t know when I will quit this again.

I hate those who are involved in ransomware activities, they rip company’s fortune. I hate all those hackers who are taking advantage of their skills. If all / most of them get involved in some technology, we would have been into much advanced world.

If you want to HACK, then hop onto Journals, grab them and start working on the development.

Read More

RockYou2021 8.4 Billion Passlist is a garbage

I am so embarrassed with this garbage called RockYou2021. I don't know who created it but, they are just random words. Its better you create your wordlist than using this.

I downloaded 2 zipped files, one is 8.7GB & the other is 4.5GB

After unzipping, its a huge 93GB TXT file

The real question is, will we be able to open it? LOL, no, I don't know really but I basically use EmEditor to open any text file which is in GBs but as I am using i7-7700k with 4.5Ghz speed processor, 32GB RAM, RTX 2060 GPU, this file is freezing my computer after 45GB of file load & I don't think I should wait further to view whole file.

Any use?
There are possibilities that this could be useful but mostly its just a random generated wordlist.

As per me, whatever the passwords are decrypted from leaked data would be better than using this. However I am not involved in cracking passwords as I don't have time for such shit.

Well, after checking with this file, I am deleting it which saves my disk by total of 104GB

Read More

Wanna peak into some security cameras?

 Wanna peak into some security cameras? Here is a list

http://66.192.13.197:8081/view/viewer_index.shtml?id=25
http://166.247.177.143:8080/
http://141.211.212.124/view/view.shtml?i...jpg&size=1
http://166.251.210.238:81/cgi-bin/guestimage.html
http://107.0.231.40:8083/view/index.shtml
http://47.49.38.178/#view 
http://66.94.163.131/en/index.html
http://50.122.69.182/
http://166.161.207.229/view/viewer_index.shtml?id=3024
http://108.222.132.93:8082/
http://166.241.55.31:81/cgi-bin/guestimage.html
http://166.166.212.11/view/viewer_index.shtml?id=14
http://98.102.110.114:82/view/viewer_index.shtml?id=269
http://166.165.35.36/view/viewer_index.shtml?id=232
http://209.240.57.239:8082/en/index.html
http://50.199.221.39/view/viewer_index.shtml?id=3871
http://108.161.217.10:88/view/viewer_index.shtml?id=284
http://128.223.164.214/view/view.shtml?id=94&imagepath=/mjpg/video.mjpg&size=1
http://173.13.113.38:8081/view/view.shtml?id=80&imagepath=/mjpg/video.mjpg&size=1
http://74.142.49.38:8000/view/viewer_index.shtml?id=11083
http://74.142.49.38:8001/view/viewer_index.shtml?id=2515
http://141.213.139.234/view/view.shtml?id=3554&imagepath=/mjpg/video.mjpg&size=1
http://70.61.121.222:5000/view/viewer_index.shtml?id=198
http://199.1.195.69/view/index.shtml
http://81.250.104.168:8081/cgi-bin/guestimage.html
http://77.195.79.67:8080/stream.html
http://80.15.105.84:8081/view/index.shtml
http://88.125.63.15:8080/view/viewer_index.shtml?id=257
http://82.65.210.152/home/homeS.html
http://86.193.127.205:8080/
http://78.219.129.63:10000/control/userimage.html
http://77.152.202.13/control/userimage.html
http://80.14.77.21:8082/cgi-bin/guestimage.html
http://217.128.13.193:82/control/userimage.html
http://82.127.80.153:10000/live.htm
http://109.18.19.97:2000/cgi-bin/guestimage.html

http://77.150.192.39:88/top.htm

http://41.41.233.243:8080/

http://93.95.173.49:8080/

http://83.234.97.117/view/index.shtml

http://95.25.156.209:8090/

http://92.101.149.203/

http://188.234.250.121/view/viewer_index.shtml?id=2759

http://212.26.235.210/view/index.shtml

http://91.199.196.151/view/index.shtml

http://75.144.124.21:1024/view/viewer_index.shtml?id=11030

http://176.139.87.16:8082/view/viewer_index.shtml?id=6591

http://217.128.36.206/view/view.shtml?id=8500&imagepath=/mjpg/video.mjpg?camera=1&size=1

http://217.128.111.137:8081/view/view.shtml?id=0&imagepath=/mjpg/1/video.mjpg&size=1

http://188.170.32.6:82/view/view.shtml?id=297&imagepath=/mjpg/video.mjpg?camera=1&size=1

http://84.130.192.135:8080/cgi-bin/guestimage.html

http://91.33.113.113:8082/cgi-bin/guestimage.html

http://91.56.175.137:8080/cgi-bin/guestimage.html

http://87.144.115.132/control/userimage.html

http://91.60.221.131:85/cgi-bin/guestimage.html

http://79.218.190.133/control/userimage.html

http://91.65.157.135:8080/

http://79.192.19.143:8083/en/index.html

http://79.192.19.143:8081/en/index.html

http://79.192.19.143:8082/en/index.html

http://188.193.63.112/#view

http://80.129.100.109:8084/control/userimage.html

http://92.218.63.115:10000/GetImage.cgi?CH=0

http://84.156.172.131:8080/control/userimage.html

http://91.39.206.113:8090/control/userimage.html

http://146.52.148.115/

http://84.154.52.86:8000/cgi-bin/guestimage.html

http://91.6.252.101:82/cgi-bin/guestimage.html

http://79.204.69.109/view/index.shtml

http://46.87.25.76:83/view/viewer_index.shtml?id=332

http://217.85.209.95:81/view/index.shtml

http://46.87.25.76:81/view/viewer_index.shtml?id=9290

http://79.239.184.68:8081/control/userimage.html

http://134.3.202.69:81/live/index.html?Language=9

http://84.180.84.56/control/userimage.html

http://78.43.226.26/control/userimage.html

http://84.129.244.8/view/viewer_index.shtml?id=1002

http://91.14.57.19:1024/img/main.cgi?next_file=main.htm

http://139.30.102.203:8080/

http://87.167.99.188/cgi-bin/guestimage.html

http://91.60.186.177:82/view/viewer_index.shtml?id=179

http://79.196.225.194:8080/

http://79.207.51.77:90/view/viewer_index.shtml?id=713

http://46.95.80.74/view/viewer_index.shtml?id=2553

http://185.89.39.70/control/userimage.html

http://93.200.202.53/control/userimage.html

http://217.86.194.35:8080/control/userimage.html

http://77.22.100.19:88/view/viewer_index.shtml?id=3760

http://77.22.100.19:81/view/viewer_index.shtml?id=4615

http://77.22.100.19:91/view/viewer_index.shtml?id=68

http://80.140.57.178:81/control/userimage.html

http://91.9.73.160:10000/live.htm

http://188.136.117.174/view/viewer_index.shtml?id=14110

http://156.67.224.173/cgi-bin/guestimage.html

http://217.235.232.150:81/control/userimage.html

http://87.175.249.136:8080/

http://185.152.246.17:83/control/userimage.html

http://91.184.171.191:81/view/viewer_index.shtml

http://185.152.247.15:8080/cgi-bin/guestimage.html

http://188.192.205.52/control/userimage.html

http://37.10.110.12:5000/control/userimage.html

http://217.251.103.12:90/cgi-bin/guestimage.html

http://109.192.121.4:2000/cgi-bin/guestimage.html

http://84.162.69.164/view/viewer_index.shtml?id=3828

http://87.144.118.135/cgi-bin/guestimage.html

http://87.128.105.199:88/view/viewer_index.shtml?id=187

http://77.235.169.131/control/userimage.html

http://178.69.16.130:82/view/view.shtml?id=7325&imagepath=/mjpg/video.mjpg&size=1

http://217.232.146.120:82/view/view.shtml?id=703&imagepath=/mjpg/video.mjpg&size=1

http://37.247.81.113:81/view/view.shtml?id=26&imagepath=/mjpg/video.mjpg?camera=1&size=1

http://37.247.81.113:86/view/view.shtml?id=17&imagepath=/mjpg/video.mjpg?camera=1&size=1

http://84.169.205.16:2000/view/view.shtml?id=121&imagepath=/mjpg/video.mjpg&size=1

http://87.175.249.57:8001/view/viewer_index.shtml?id=1063

http://77.64.173.153:8001/view/viewer_index.shtml?id=946

http://91.62.176.209/view/view.shtml?id=927&imagepath=/mjpg/video.mjpg&size=1

Read More

Learn Social Engineering

 I know you can't reac all those 407 pages of PDF to do social engineering activities. I too learnt from online. LOL, it's based on how social you are with people / victims to gather information from them.

I am not going to write whole info over here, I just found a pdf on internet.

Well, to be frank, I write these blogs just to relax myself while at work & I work almost 16 hours a day including Sundays.

Check This PDF

Read More