Root

Over 1 Million Google Accounts Hacked by ‘Gooligan’

As you know by now from the latest buzz. Over 1 Million #Google Accounts Hacked by ‘Gooligan’. Gooligan itself isn’t new, as its just a variant of  Ghost Push, a piece of Android malware

Researchers from security firm Check Point Software Technologies have found the existence of this malware in apps available in third-party marketplaces.

Once installed it then roots the phone to to gain system level access.  The rooted devices then download and install software that steals the authentication tokens that allow the phones to access the owner’s Google-related accounts without having to enter a password. The tokens work for a variety of Google properties, including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite

In a recent blog post by the folks over at Check Point:  http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

“The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device. Our research team has found infected apps on third-party app stores, but they could also be downloaded by Android users directly by tapping malicious links in phishing attack messages. After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server.

Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely.

After achieving root access, Gooligan downloads a new, malicious module from the C&C server and installs it on the infected device. This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad. The module allows Gooligan to:

  • Steal a user’s Google email account and authentication token information
  • Install apps from Google Play and rate them to raise their reputation
  • Install adware to generate revenue

Ad servers, which don’t know whether an app using its service is malicious or not, send Gooligan the names of the apps to download from Google Play. After an app is installed, the ad service pays the attacker. Then the malware leaves a positive review and a high rating on Google Play using content it receives from the C&C server.”

Android users who have downloaded apps from third-party markets can visit the Check Point blog post for a list of the apps known to contain Gooligan.

Also Check Point has released what is being called the Gooligan Checker web page to be used to check if you have been compromised by this latest threat.

 

 

The su Command: Elevate Yourself

OS:  Unix / Linux

Often called the “Super User” command. The su (short for substitute user) command makes it possible to change a login session’s owner without the owner having to first log out of that session.

Although su can be used to change the ownership of a session to any user, it is most commonly used to change the ownership from an ordinary user to the root (i.e., administrative) user, thereby providing access to all parts of and all commands on the computer or system.

And like that of Goku from Dragon Ball Z you elevate yourself to be a powerful user.

Usage example:

sysadmin@jermsmit:~$ su
Password:
root@jermsmit:/home/sysadmin#

 

dSploit – An Android network penetration suite

Not to cause paranoia; Just know that there are people out there looking to compromise your security, especially when you are using wireless networks via your laptop, tablet, or smartphone.

One of such tools are the well known tool called dSploitdSploit, a security toolkit for Android, makes that process so simple anyone can do it.

This network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.

Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack log-on procedures of many tcp protocols, perform man in the middle attacks such as password sniffing with common protocols dissection, real time traffic manipulation, etc…

Requirements

An Android device with at least the 2.3 ( Gingerbread ) version of the OS.
The device must be rooted.
The device must have a BusyBox full install

A full list of features can be found here: http://www.dsploit.net/features

How To: Install CWM Recovery on AT&T Galaxy S4 – SGH-i337

Sometime ago I had rooted my Galaxy S4 (SGH-i337) to enabled WiFi Tethering because I wasn’t done testing the stock image from Samsung / AT&T. Now its time for me to prepare to install CyanogenMod; Before I can do so I need to install ClockworkMod Recovery (CWM) which is a replacement recovery option for Android devices, made by Koushik “Koush” Dutta. More info here.

While the boot-loader on AT&T’s Galaxy S4 is locked  there is a way to install the custom recover using the LOKI method created by one of the XDA Developers which bypasses the boot-loader check to enable the custom recover options and allow you to install ROM’s.

So a few things we need to start and I’ll provide steps that worked for me.

Phone must have been rooted before starting this process (as you will need to move files around in system directories that you can only access as root

You need to download the loki_flash form: http://downloadandroidrom.com/file/GalaxyS4/loki/loki_flash  or from Github: https://github.com/djrbliss/loki

You will need to download the recover.lok for Galaxy S4 from: http://downloadandroidrom.com/file/GalaxyS4/SGH-i337/recovery/CWM/recovery.lok

Once downloaded use any file explorer that is able to be run as superuser – Example: Root Explorer (File Manager) and locate the two files you have just downloaded.

Select and copy the files loki_flash and recovery.lok to the following directory: /data/local/tmp

If not already installed download the Android Terminal Emulator and once at the command line type “su” without the quotes to elevate to superuser.

Once elevated in the terminal change directory by typing: cd /data/local/tmp | verify you are in the right location by typing “ls” without the quotes and you should see the files recovery.lok and loki_flash

In this directory (/data/local/tmp) type chmod 775 *

Now you will need to run the loki script by typing he following: ./loki_flash recovery recovery.lok | once this is run you will receive a successful message, you can then (when ready) type: reboot recovery in the Android Terminal.

Yeah, I made mistakes along the way. In the end it worked out.

Congratulations you now have ClockworkMod Recovery (CWM) and better yes the power to backup/restore ROMs and install custom ROMs such as CyanogenMod

To get back into recovery you have two methods:

  1. Access the Android Terminal Emulator and “su” into superuser and type: reboot recovery
  2. Power off your phone and power on again holding the volume up, center button and power button. Once you see a logo on the screen release the power button and continue to hold volume up, and the center button. Welcome back to the CWM Recovery Menu

How to Root Galaxy S4!

This is a video by our buddy Zedomax on rooting the Galaxy S4. This method is only for root access, its not a video on installing custom recovery, so please enjoy and remember to subscribe to his YouTube Channel.

.

This method works on all Qualcomm Galaxy S4 running Android 4.2.2 including:
AT&T SGH-i337, T-Mobile SGH-M919, Sprint SPH-L720, Verizon, US Cellular, Telus, .
Rogers, etc…

For GT-i9500 octa-core S4, see other root method here:
http://www.youtube.com/watch?v=1VZd71…

Download and Step-by-Step tutorial here:
http://galaxys4root.com/galaxy-s4-roo…

For rooting Galaxy S4 on Linux/Ubuntu, please see this video instead:
http://www.youtube.com/watch?v=JIAbdV…
For rooting Galaxy S4 on Mac OSX, please see this video instead:
http://www.youtube.com/watch?v=q5Sluq…

For more awesome info on rooting the Galaxy S4 stop over at http://GalaxyS4Root.com

Me, Myself, and I, and Others Root

Most wonder and ask why so many of use root / jailbreak and wipe our phones and tablets of the manufactures factory configurations and install custom firmware. This write-up might give you some incite.

Check out the following review / guide and learn more.

CyanogenMod 10.1.0 Release

If you haven’t heard the news, now you know. The CyangenMod team has released version 10.1.0 to be a general release. You will soon see files available on their servers (go to http://get.cm).

As always, you will see a list of devices and while some like Exynos based Samsung devices may have been left out you should see them appearing later in the week(s) to come

As always, the CyanogenMod team are always bring us the best and latest features to empower our devices.

Links: Devices Blog Forum Community

News Source: http://www.cyanogenmod.org/blog/cyanogenmod-10-1-0-release

WiFi Tether AT&T Galaxy S4 SGH-i337

I must first thank Zedomax over at galaxys4root.com for his work and information provided which made this possible for me tonight. My hat’s off to you sir.

Please visit his website and follow his YouTube Channel for all the latest and up to date info in rooting Android devices, such as the Galaxy S2, S3, and S4.

So how is this done!

  1. First thing is to root your Galaxy S4 (SGH-i337), this is a must
  2. Next, download the new Wifi Tether provisioning files. (Link) *his link not mine
  3. Use any file browsing app that allows for root access, such as ‘Script Manger’ found in the Google Play Store
  4. Browse as root  to /system/app directory and you will find two files called TetheringProvision.apk and TetheringProvision.odex.  Rename these files to TetheringProvision.apk.bak and TetheringProvision.odex.bak, respectively. I kept the orginal extension in the backup name so that if I reverted back I would remember what to name them
  5. Next go to your Download folder where you downloaded your new TetheringProvision.apk file and copy it to the file into /system/app directory
  6. Reboot your Galaxy S4 and try turning Mobile Hotspot on.  You still get AT&T’s warning message but tethering will now turn on and work.

Awesome isn’t it

Ultimate Credits go to the folks over at XDA – Stop by and give those guys/gals thanks

 

Enable root in Ubunut

Annoyed with using sudo, and su -i to elevate yourself to root to do things. I was so I just typed sudo passwd and set a new password and now I can log-on as root.

Cool Huh?

Samsung Captivate (Galaxy S) | GingerBreak Log

SuperOneClick v1.9.5.0
Checking drivers…

Killing ADB Server…

OK

Starting ADB Server…
* daemon not running. starting it now on port 5037 *
* daemon started successfully *

OK

Waiting for device…

OK

Getting OS Version…

OK

Pushing GingerBreak…
130 KB/s (16830 bytes in 0.125s)

OK

chmod GingerBreak…

OK

Running GingerBreak…
ROOTED

Pushing busybox…
1426 KB/s (1062992 bytes in 0.727s)

OK

chmod busybox…

OK

Getting mount path…
/dev/block/stl9
OK

Remounting system with read-write access…

OK

Pushing su-v2…
202 KB/s (26264 bytes in 0.126s)

OK

chmod su…

OK

Pushing Superuser.apk…
944 KB/s (196521 bytes in 0.203s)

OK

Creating /system/xbin…
mkdir failed for /system/xbin, File exists
OK

Checking for busybox
Copying busybox (/system/xbin/)…

OK

chmod busybox (/system/xbin/)…

OK

Installing busybox (/system/xbin/)…

OK

Remounting system with read-only access…

OK

Running a SU test…
Success!
Don’t forget to reboot!

——————————————

SuperOneClick v1.9.5.0
***Requires root permission! Watch your phone to allow Superuser commmands***
Killing ADB Server…

OK

Starting ADB Server…
* daemon not running. starting it now on port 5037 *
* daemon started successfully *

OK

Waiting for device…

OK

Checking for sqlite3
Pushing sqlite3…
118 KB/s (24120 bytes in 0.199s)

OK

chmod sqlite3…

OK

Getting settings.db location…
/dbdata/databases/com.android.providers.settings/settings.db
OK

Checking value… (requires root)
Non-market applications are disabled.

Allow non-market apps… (requires root)
OK

Checking value… (requires root)
Non-market applications are enabled!