Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Tunisian Hacker. Show all posts

Tunisian cyber army Cyber attack against French websites


The Tunisian cyber army has claimed to have hacked a number of French websites.  The hackers have breached the website belong to ministry of sport and jeunesse(drdjs-basse-normandie.jeunesse-sports.gouv.fr)

They have dumped the database in pastebin(pastebin.com/wSEfbSd9).  The dump contains the vulnerable link, username, email address, hashed password. It includes the admin username and password.

The admin account is using very weak password, it is easy for hacker to crack.  A simple Google search returns the password of admin.

The hacker also hacked french association of science economic website(afse.fr) and leaked the database(pastebin.com/fY68z7Eb). The leak contains username, email address, plain-text format passwords.

Recently, they have hacked into the france chamber of commerce(littoral-normand-picard.cci.fr) , french normal superior school website(archicubes.ens.fr) and leaked the database.

*Update*
 The hacker claimed that they have hacked France Ministry of Development website and leaked the compromised database (pastebin.com/WVswJ820).  It includes the username, password, email address details.

Algerian Bank CPA hacked by Tunisian Hacker


One of the Algerian Banks , Crédit populaire d'Algérie (CPA) Bank is found to be vulnerable to SQL Injection vulnerability.  This critical vulnerability was discovered by a Grey-hat Tunisian Hacker "Human Mind Cracker" who usually targets Bank and Government sites.

In an email sent to EHN, the hacker provided the vulnerable link of the site(cpa-bank.dz).

" I reported to them the vulnerability before I hack into the database,2 days without reply or anything...After that I find that the email that they put it in the website for contact is INVALID mail.So I get into the database." The hacker said.

In a paste(heypasteit.com/clip/0NLX) , hacker dumped the compromised data to prove the severity level of vulnerability.  It contains Username , passwords ,Email addresses, Phone number, Fax and Location.

Islami Bank Bangladesh website hacked by Human Mind Cracker

The Tunisian hacker 'Human Mind Cracker' who discover critical vulnerability in high profile website, come with another interesting vulnerability finding. He discovered SQL Injection Vulnerability in one of the Bangladesh Bank website , "Islami Bank Bangladesh Ltd"(islamibankbd.com).

In an email sent to EHN, the hacker provided the vulnerable link and a link to the dump(heypasteit.com/clip/0MWN).

"The vulnerability was SQL injection...I report it many times..but they didn't reply and they didn't fix it yet...So I get into their database." Hacker said in the mail.

The dump contains database details, encrypted password, email address, admin id and password.


He also discovered Cross Site scripting security flaw in Feedback sending page of Islami Bank.

This is not the first time the Bank sites are being targeted by Human Mind cracker.  Last time, he discovered SQLi in Tunisian Bank site. 

The hacker always like to be a Grey Hat hacker and like to help the admin of site by reporting the vulnerability. But the admin fails to respond and fails to patch the security flaw.

South Africa's National Department of Health website hacked

database dumped

A Tunisian greyhat hacker named as "Human Mind Cracker" has claimed to have breached the South Africa's National Department of Health website(doh.gov.za) and compromised the database.

In an email sent to EHN, hacker provided the vulnerable link as well as link to Database dump.  Hacker requested me not to post the vulnerable link.

" The only reason about this hack that i love challenge and I readed a lot about the Moroccan hacker that break into some south Africa website so I just wanted to pentest their security" The hacker told EHN.

The dumped database contains database details, username and hashed passwords.

http://pastebin.com/niCEMbRs

Tunisian hacker 'Human Mind Cracker' discovered SQLi vulnerability in Tunisian Bank sites

XSS in Bank sites

A Grey Hat Hacker with online handle "Human Mind cracker" has discovered SQL Injection vulnerability in some Tunisian Bank websites. Central Bank of Tunisia(bct.gov.tn) and Bank of Tunisia and the UAE (bte.com.tn) are vulnerable to SQLi .

In an email sent to EHN , hacker provided us the vulnerable link and the Proof-of-Concept(POC). As he recommend us not to publish the vulnerable , we are not providing the link here.

According to hacker, he reported the vulnerability to them but they didn't fix the vulnerability so he hacked into the database.

He has published some database information compromised from the server that includes database name and few username.

Also, he has discovered Cross site scripting (XSS) vulnerability in Central Bank of Tunisia,atb.com.tn and Banque de Tunisie(bt.com.tn).

SQL Injection is one of the most critical vulnerability, as attacker can extract the entire database by exploiting it. Banks should really buff up their security measures ,as cyber criminals mainly target Financial institution. 

Anonymous Hackers hacked Tunisian Islamist Websites


A Tunisian hacker group affiliated with Anonymous hacked the Facebook page of Hizb Ettahrir, an Islamist political party that is legally unrecognized in Tunisia. . Hackers left a video message on Facebook pages of Tunisian Islamists, warning them against introducing strict Salafist laws to the country.

"We are fighting you... your emails, your bank accounts and transactions will be probed, your hard discs will be copied. If the Tunisian government won't stop your activities in the weeks to come, Anonymous will" said in the video.

According to Tunisia Alive, a member of Tunisian Anonymous group, calling himself "CaliforniaKB", says that the attack was in retaliation to activities carried out by Tunisian hacking group, Fellaga, on behalf of Hizb ut-Tahrir.


“We are not liberals, we do not represent any political party. We are for the people, we are the people. We fight fire with fire, we were watching and doing nothing until we saw the Tunisian flag getting down in Manouba University,” CaliforniaKB explained.
“We are not against Hizb Ettahrir. Personally, I am a Muslim; we are against any extremist idea whether from left, right or center,” he asserted.


“We do have access to many secret files. We are waiting for the good moment to take you down unless you finish the revolution in the right way,” He left the party with a warning.