ブログはじめました。日本語だと不便です。機能も少ないです。 なのでそのうち他のサービスを探します。ここはとりあえず実験的に。

水曜日, 5月 31, 2023

BYOPPP - Build Your Own Privacy Protection Proxy

I have read a blog post, where you can build your own privacy proxy server built on Raspberry PI. The post got me thinking about how I can use this to protect my privacy on my Android phone, and also get rid of those annoying ads. 

Since I own a Samsung Galaxy S3 LTE with Android 4.3 (with a HW based Knox counter), rooting the phone now means you break Knox, and loose warranty. Past the point of no return ...

This means I have to solve this without root. Luckily newer Androids support VPN without rooting, but setting a mandatory system-wide proxy is still not possible without root. 
But thanks to some iptables magic and Privoxy, this is not a problem anymore :) 

The ingredients to build your own privacy protection proxy:
  • One (or more) cheap VPS server(s)
  • a decent VPN program
  • Privoxy
  • iptables

VPS server

To get the cheap VPS server, I recommend using Amazon EC2, but choose whatever you like. The micro instance is very cheap (or even free), and has totally enough resources for this task. I'm using the Ubuntu free tier now and it works like a charm. And last but not least Amazon has two-factor authentication! You can set up an Ubuntu server under 10 minutes. Use the AWS region nearest to you, e.g. I choose EU - Ireland.



VPN

For the VPN program, I recommend the free version of the OpenVPN AS (EDIT: be sure to use OpenVPN AS 2.0.6 or later, both on the server and the client). Easy to set-up quick start guide is here, GUI based configuration, and one-click client installer for Android, iOS, Windows, Linux, OSX. The Ubuntu installer packages are here.




The most important settings:

  • I prefer to use the TCP 443 and UDP 53 ports for my OpenVPN setup, and let the user guess why. 
  • For good performance, UDP is preferred over TCP. 
  • VPN mode is Layer 3 (routing/NAT).
  • Don't forget to allow the configured VPN ports in the AWS firewall (security groups). 


Other VPN settings:
  • Should VPN clients have access to private subnets (non-public networks on the server side)? - Yes
  • Should client Internet traffic be routed through the VPN? - Yes

Privoxy

The next component we have to install and configure is Privoxy. As usual, "apt-get install privoxy" just works. The next step is to configure privoxy via /etc/privoxy/config file, there are two options to change:
  • listen-address your.ip.add.ress:8118
  • accept-intercepted-requests 1
Beware not to allow everyone accessing your Privoxy server in the AWS EC2 security groups, be sure it is reachable only to VPN users!

After everything is set, start privoxy with "service privoxy start", and add it to the autostart "update-rc.d privoxy defaults".

Iptables

And the final step is to configure your iptables chain to forward every web traffic from the VPN clients to the Privoxy server:

iptables -t nat -A PREROUTING -s 5.5.0.0/16 -p tcp -m multiport --dports 80,8080,81 -j DNAT --to-destination your.ip.add.ress:8118 

Optionally you can block access to all other ports as well, and what does not go through your Privoxy won't be reachable.
Based on your Linux distribution and preference, you might make this rule persistent.

Final test

Now you can connect to the VPN server from your Android device.
After logging in from a client, you get the following nice packages to install on your device:


After connecting, the final results can be seen in the following screenshots. And yes, there is a reason I chose Angry Birds as an example.

Angry Birds without Privoxy
Angry Birds with Privoxy
Stupid flashlight app with ad
Stupid flashlight app with Privoxy
Spoiler alert
If you are afraid of NSA tracking you, this post is not for you. If you want to achieve IP layer anonymity, this post is not for you. As long as you are the only one using that service, it should be trivial to see what could possibly go wrong with that.

Known issues
Whenever the Internet connection (Wifi, 3G) drops, the VPN connection drops as well, and your privacy is gone ...
Sites breaking your privacy through SSL can still do that as long as the domain is not in the Privoxy blacklist.

Additional recommendation
If you are using OSX or Windows, I can recommend Aviator to be used as your default browser. It is just great, give it a try!

PS: There are also some adblock apps removed from the official store which can block some ads, but you have to configure a proxy for every WiFi connection you use, and it is not working over 3G.



More articles


DirBuster: Brute Force Web Directories


"DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists (Further information can be found below), this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide! If you have the time ;) " read more...

Download: https://sourceforge.net/projects/dirbuster

Related posts


Best Hacking Tools

      MOST USEFUL HACKING TOOL

1-Nmap-Network Mapper is popular and free open source hacker's tool.It is mainly used for discovery and security auditing.It is used for network inventory,inspect open ports manage service upgrade, as well as to inspect host or service uptime.Its advantages is that the admin user can monitor whether the network and associated nodes require patching.

2-Haschat-It is the self-proclaimed world's fastest password recovery tool. It is designed to break even the most complex password. It is now released as free software for Linux, OS X, and windows.


3-Metasploit-It is an extremely famous hacking framework or pentesting. It is the collection of hacking tools used to execute different tasks. It is a computer severity  framework which gives the necessary information about security vulnerabilities. It is widely used by cyber security experts and ethical hackers also.

4-Acutenix Web Vulnerability Scanner- It crawls your website and monitor your web application and detect dangerous SQL injections.This is used for protecting your business from hackers.


5-Aircrack-ng - This tool is categorized among WiFi hacking tool. It is recommended for beginners  who are new to Wireless Specefic Program. This tool is very effective when used rightly.


6-Wireshark-It is a network analyzer which permit the the tester to captyre packets transffering through the network and to monitor it. If you would like to become a penetration tester or cyber security expert it is necessary to learn how to use wireshark. It examine networks and teoubleshoot for obstacle and intrusion.


7-Putty-Is it very beneficial tool for a hacker but it is not a hacking tool. It serves as a client for Ssh and Telnet, which can help to connect computer remotely. It is also used to carry SSH tunneling to byepass firewalls. So, this is also one of the best hacking tools for hackers.


8-THC Hydra- It is one of the best password cracker tools and it consist of operative and highly experienced development team. It is the fast and stable Network Login Hacking Tools that will use dictonary or bruteforce attack to try various combination of passwords against in a login page.This Tool is also very useful for facebook hacking , instagram hacking and other social media platform as well as computer folder password hacking.


9-Nessus-It is a proprietary vulnerability scanner developed by tennable Network Security. Nessus is the world's most popular vulnerability scanner according to the surveys taking first place in 2000,2003,2006 in security tools survey.


10-Ettercap- It is a network sniffing tool. Network sniffing is a computer tool that monitors,analyse and defend malicious attacks with packet sniffing  enterprise can keep track of network flow. 


11-John the Ripper-It is a free famous password cracking pen testing tool that is used to execute dictionary attacks. It is initially developed for Unix OS. The Ripper has been awarded for having a good name.This tools can also be used to carry out different modifications to dictionary attacks.


12-Burp Suite- It is a network vulnerability scanner,with some advance features.It is important tool if you are working on cyber security.


13-Owasp Zed Attack Proxy Project-ZAP and is abbreviated as Zed  Attack Proxy is among popular OWASP project.It is use to find vulnerabilities in Web Applications.This hacking and penetesting tool is very easy to use  as well as very efficient.OWASP community is superb resource for those people that work with Cyber Security.


14-Cain & Abel-It is a password recovery tool for Microsoft Operating System. It allow easy recovery of various kinds of passwords by sniffing the networks using dictonary attacks.


15-Maltego- It is a platform that was designed to deliver an overall cyber threat pictures to the enterprise or local environment in which an organisation operates. It is used for open source intelligence and forensics developed by Paterva.It is an interactive data mining tool.

These are the Best Hacking Tools and Application Which are very useful for penetration testing to gain unauthorized access for steal crucial data, wi-fi hacking , Website hacking ,Vulnerability Scanning and finding loopholes,Computer hacking, Malware Scanning etc.

This post is only for educational purpose to know about top hacking tools which are very crucial for a hacker to gain unauthorized access. We are not responsible for any type of crime.





Related links

  1. Best Pentesting Tools 2018
  2. Usb Pentest Tools
  3. What Is Hacking Tools
  4. Hacker Tools For Ios
  5. Hacking Tools Windows
  6. Free Pentest Tools For Windows
  7. Hacker Tools Github
  8. Hacker Tools Free Download
  9. Hacker Tools 2019
  10. Tools Used For Hacking
  11. Hacker Tools Online
  12. Hackers Toolbox
  13. Hacker Techniques Tools And Incident Handling
  14. Blackhat Hacker Tools
  15. Pentest Tools Alternative
  16. Hack Rom Tools
  17. Hacker Tools Online
  18. Pentest Tools Github
  19. Tools 4 Hack
  20. Pentest Tools Download
  21. Hackers Toolbox
  22. Game Hacking
  23. Hacking Tools For Beginners
  24. Hack Tools For Games
  25. What Are Hacking Tools
  26. Physical Pentest Tools
  27. Hacking Apps
  28. Pentest Tools Open Source
  29. Hacking Tools Kit
  30. Hacking Tools Download
  31. Pentest Tools Framework
  32. Hacking Tools For Windows
  33. Pentest Tools
  34. Hacker Tools
  35. Hack Tools Mac
  36. Tools Used For Hacking
  37. Wifi Hacker Tools For Windows
  38. Hack Tools For Games
  39. Nsa Hacker Tools
  40. Hacking Tools And Software
  41. Computer Hacker
  42. Top Pentest Tools
  43. Hacker Tools Hardware
  44. Hacker Tools For Windows
  45. New Hack Tools
  46. Hack Tools Online
  47. Growth Hacker Tools
  48. Hackrf Tools
  49. Hacker Tools For Pc
  50. Kik Hack Tools
  51. Android Hack Tools Github
  52. Hack Rom Tools
  53. Hacking Tools Mac
  54. Pentest Tools Windows
  55. Hacker Tools Apk
  56. Nsa Hack Tools
  57. Hacking Tools And Software
  58. Pentest Tools Kali Linux
  59. Pentest Tools For Ubuntu
  60. Hacker
  61. How To Make Hacking Tools
  62. Hacking Tools For Windows 7
  63. Hacking Tools Free Download

火曜日, 5月 30, 2023

Attacking Financial Malware Botnet Panels - SpyEye

This is the second blog post in the "Attacking financial malware botnet panels" series. After playing with Zeus, my attention turned to another old (and dead) botnet, SpyEye. From an ITSEC perspective, SpyEye shares a lot of vulnerabilities with Zeus. 

The following report is based on SpyEye 1.3.45, which is old, and if we are lucky, the whole SpyEye branch will be dead soon. 

Google dorks to find SpyEye C&C server panel related stuff:

  • if the img directory gets indexed, it is rather easy, search for e.g. inurl:b-ftpbackconnect.png
  • if the install directory gets indexed, again, easy, search for e.g. inurl:spylogo.png
  • also, if you find a login screen, check the css file (style.css), and you see #frm_viewlogs, #frm_stat, #frm_botsmon_country, #frm_botstat, #frm_gtaskloader and stuff like that, you can be sure you found it
  • otherwise, it is the best not to Google for it, but get a SpyEye sample and analyze it
And this is how the control panel login looks like, nothing sophisticated:


The best part is that you don't have to guess the admin's username ;)

This is how an average control panel looks like:


Hack the Planet! :)

Boring vulns found (warning, an almost exact copy from the Zeus blog post)


  • Clear text HTTP login - you can sniff the login password via MiTM, or steal the session cookies
  • No password policy - admins can set up really weak passwords
  • No anti brute-force - you can try to guess the admin's password. There is no default username, as there is no username handling!
  • Password autocomplete enabled - boring
  • Missing HttpOnly flag on session cookie - interesting when combining with XSS
  • No CSRF protection - e.g. you can upload new exe, bin files, turn plugins on/off :-( boring. Also the file extension check can be bypassed, but the files are stored in the database, so no PHP shell this time. If you check the following code, you can see that even the file extension and type is checked, and an error is shown, but the upload process continues. And even if the error would stop the upload process, the check can be fooled by setting an invalid $uptype. Well done ...
        if ($_FILES['file']['tmp_name'] && ($_FILES['file']['size'] > 0))         {                 $outstr = "<br>";                 set_time_limit(0);                 $filename = str_replace(" ","_",$_FILES['file']['name']);                 $ext = substr($filename, strrpos($filename, '.')+1);                 if( $ext==='bin' && $uptype!=='config' ) $outstr .= "<font class='error'>Bad CONFIG extension!</font><br>";                 if( $ext==='exe' && $uptype!=='body' && $uptype!=='exe' ) $outstr .= "<font class='error'>Bad extension!</font><br>";                  switch( $uptype )                 {                 case 'body': $ext = 'b'; break;                 case 'config': $ext = 'c'; break;                 case 'exe': $ext = 'e'; break;                 default: $ext = 'e';                 }                 $_SESSION['file_ext'] = $ext;                 if( isset($_POST['bots']) && trim($_POST['bots']) !== '')                 {                         $bots = explode(' ', trim($_POST['bots']));                         //writelog("debug.log", trim($_POST['bots']));                         $filename .= "_".(LastFileId()+1);                 }                 if( FileExist($filename) ) $filename .= LastFileId();                 $tmpName  = $_FILES['file']['tmp_name'];                 $fileSize = $_FILES['file']['size'];                 $fileType = $_FILES['file']['type'];                 ## reading all file for calculating hash                 $fp = fopen($tmpName, 'r'); 
  • Clear text password storage - the MySQL passwords are stored in php files, in clear text. Also, the login password to the form panel is stored in clear text.
  • MD5 password - the passwords stored in MySQL are MD5 passwords. No PBKDF2, bcrypt, scrypt, salt, whatever. MD5. Just look at the pure simplicity of the login check, great work!
$query = "SELECT * FROM users_t WHERE uPswd='".md5($pswd)."'";
  • ClickJacking - really boring stuff

SQL injection


SpyEye has a fancy history of SQL injections. See details here, here, here, video here and video here.

It is important to highlight the fact that most of the vulnerable functions are reachable without any authentication, because these PHP files lack user authentication at the beginning of the files.

But if a C&C server owner gets pwned through this vuln, it is not a good idea to complain to the developer, because after careful reading of the install guide, one can see:

"For searching info in the collector database there is a PHP interface as formgrabber admin panel. The admin panel is not intended to be found on the server. This is a client application."

And there are plenty of reasons not to install the formgrabber admin panel on any internet reachable server. But this fact leads to another possible vulnerability. The user for this control panel is allowed to remotely login to the MySQL database, and the install guide has pretty good passwords to be reused. I mean it looks pretty secure, there is no reason not to use that.

CREATE USER 'frmcpviewer' IDENTIFIED BY 'SgFGSADGFJSDGKFy2763272qffffHDSJ'; 

Next time you find a SpyEye panel, and you can connect to the MySQL database, it is worth a shot to try this password.

Unfortunately the default permissions for this user is not enough to write files (select into outfile):

Access denied for user 'frmcpviewer' (using password: YES)

I also made a little experiment with this SQL injection vulnerability. I did set up a live SpyEye botnet panel, created the malware install binaries (droppers), and sent the droppers to the AV companies. And after more and more sandboxes connected to my box, someone started to exploit the SQL injection vulnerability on my server!

63.217.168.90 - - [16/Jun/2014:04:43:00 -0500] "GET /form/frm_boa-grabber_sub.php?bot_guid=&lm=3&dt=%20where%201=2%20union%20select%20@a:=1%20from%20rep1%20where%20@a%20is%20null%20union%20select%20@a:=%20@a%20%2b1%20union%20select%20concat(id,char(1,3,3,7),bot_guid,char(1,3,3,7),process_name,char(1,3,3,7),hooked_func,char(1,3,3,7),url,char(1,3,3,7),func_data)%20from%20rep2_20140610%20where%20@a=3%23 HTTP/1.1" 200 508 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)"

Although the query did not return any meaningful data to the attacker (only data collected from sandboxes), it raises some legal questions.

Which company/organization has the right to attack my server? 
  • police (having a warrant)
  • military (if we are at war)
  • spy agencies (always/never, choose your favorite answer)
  • CERT organisations?

But, does an AV company or security research company has the legal right to attack my server? I don't think so... The most problematic part is when they hack a server (without authorization), and sell the stolen information in the name of "intelligence service". What is it, the wild wild west?

The SQLi clearly targets the content of the stolen login credentials. If this is not an AV company, but an attacker, how did they got the SpyEye dropper? If this is an AV company, why are they stealing the stolen credentials? Will they notify the internet banking owners about the stolen credentials for free? Or will they do this for money?

And don't get me wrong, I don't want to protect the criminals, but this is clearly a grey area in the law. From an ethical point of view, I agree with hacking the criminal's servers. As you can see, the whole post is about disclosing vulns in these botnet panels. But from a legal point of view, this is something tricky ... I'm really interested in the opinion of others, so comments are warmly welcome.

On a side note, I was interested how did the "attackers" found the SpyEye form directory? Easy, they brute-forced it, with a wordlist having ~43.000 entries.

(Useless) Cross site scripting


Although parts of the SpyEye panel are vulnerable to XSS, it is unlikely that you will to find these components on the server, as these codes are part of the install process, and the installer fails to run if a valid install is found. And in this case, you also need the DB password to trigger the vuln...



Session handling


This is a fun part. The logout button invalidates the session only on the server side, but not on the client side. But if you take into consideration that the login process never regenerates the session cookies (a.k.a session fixation), you can see that no matter how many times the admin logs into the application, the session cookie remains the same (until the admin does not close the browser). So if you find a session cookie which was valid in the past, but is not working at the moment, it is possible that this cookie will be valid in the future ...

Binary server


Some parts of the SpyEye server involve running a binary server component on the server, to collect the form data. It would be interesting to fuzz this component (called sec) for vulns.

Log files revealed


If the form panel mentioned in the SQLi part is installed on the server, it is worth visiting the <form_dir>/logs/error.log file, you might see the path of the webroot folder, IP addresses of the admins, etc.

Reading the code


Sometimes reading the code you can find code snippets, which is hard to understand with a clear mind:

$content = fread($fp, filesize($tmpName)); if ( $uptype === 'config' )     $md5 = GetCRC32($content); else $md5 = md5($content); .... <script> if (navigator.userAgent.indexOf("Mozilla/4.0") != -1) {         alert("Your browser is not support yet. Please, use another (FireFox, Opera, Safari)");         document.getElementById("div_main").innerHTML = "<font class=\'error\'>ChAnGE YOuR BRoWsEr! Dont use BUGGED Microsoft products!</font>"; } </script> 

Decrypting SpyEye communication

It turned out that the communication between the malware and C&C server is not very sophisticated (Zeus does a better job at it, because the RC4 key stream is generated from the botnet password).

function DeCode($content) {         $res = '';         for($i = 0; $i < strlen($content); $i++)         {                 $num = ord($content[$i]);                 if( $num != 219) $res .= chr($num^219);         }         return $res; } 
Fixed XOR key, again, well done ...
This means that it is easy to create a script, which can communicate with the SpyEye server. For example this can be used to fill in the SpyEye database with crap data.


import binascii import requests import httplib, urllib  def xor_str(a, b):     i = 0     xorred = ''     for i in range(len(a)):         xorred += chr(ord(a[i])^b)     return xorred              b64_data= "vK6yv+bt9er17O3r6vqPnoiPjZb2i5j6muvo6+rjmJ/9rb6p5urr6O/j/bK+5uP16/Xs7evq9ers7urv/bSo5u316vXs7evq/a6v5pq/trK1/bi4qbjm453j6uPv7Or9tr/u5um+uuvpve3p7eq/4+vsveLi7Lnqvrjr6ujs7rjt7rns/au3vOa5sre3srW8s7q2tr6p4Lm3tLiw4LmuvKm+q7Spr+C4uPu8qbq5ub6p4Li4vKm6ubm+qeC4qb6/sq+8qbq54LiuqK+0tri0tbW+uK+0qeC/v7So4L+1qLqrsuC+trqyt7ypurm5vqngvb24vqmvvKm6ubm+qeC9/aivuq/mtLW3srW+" payload =xor_str (binascii.a2b_base64(b64_data), 219)  print ("the decrypted payload is: " + payload) params = (binascii.b2a_base64(xor_str(payload,219))) payload = {'data': params} r = requests.post("http://spyeye.localhost/spyeye/_cg/gate.php", data=payload) 

Morale of the story?


Criminals produce the same shitty code as the rest of the world, and thanks to this, some of the malware operators get caught and are behind bars now. And the law is behind the reality, as always.

Read more

  1. Hacking Tools For Games
  2. Hacker Tools Software
  3. Hack Website Online Tool
  4. Hacking Tools For Kali Linux
  5. Hack Tools For Windows
  6. Hack Tools For Pc
  7. Hacking Tools Name
  8. Android Hack Tools Github
  9. Blackhat Hacker Tools
  10. Best Hacking Tools 2020
  11. Tools Used For Hacking
  12. Hacker Tools Free
  13. Bluetooth Hacking Tools Kali
  14. Pentest Tools Review
  15. Hack Rom Tools
  16. Pentest Tools Website
  17. Hack Apps
  18. Pentest Tools Apk
  19. Hacker Tools Apk Download
  20. Pentest Tools For Windows
  21. Hacking Tools Online
  22. How To Install Pentest Tools In Ubuntu
  23. Hacker Tools For Mac
  24. Hacking Tools For Windows
  25. Hacking Tools Pc
  26. Underground Hacker Sites
  27. Hacking Tools Kit
  28. Hacker Tools Apk Download
  29. Hack And Tools
  30. Hack And Tools
  31. Hacking Tools Name
  32. Hacker Tools Free
  33. Best Pentesting Tools 2018
  34. Hacker Tools Github
  35. Hacker Tools For Mac
  36. Hacking Tools For Windows 7
  37. Hack Tools For Ubuntu
  38. Pentest Tools Kali Linux
  39. Hacking Apps
  40. Free Pentest Tools For Windows
  41. Best Pentesting Tools 2018
  42. Hack Tools For Pc
  43. Pentest Reporting Tools
  44. Pentest Tools For Mac
  45. Hacker Tools List
  46. Hacker Tools For Mac
  47. Hacker Tools Free
  48. Nsa Hack Tools Download
  49. Hacking Tools For Mac
  50. Pentest Tools Nmap
  51. Hacker Tools List
  52. Pentest Tools Linux
  53. Hacker Tools 2020
  54. Hacking Tools
  55. Growth Hacker Tools
  56. Pentest Tools Linux
  57. Pentest Tools Android
  58. Pentest Tools List
  59. World No 1 Hacker Software
  60. Hacking Tools 2019
  61. Hacker Tools For Windows
  62. Pentest Tools For Mac
  63. Computer Hacker
  64. Hack Tools For Ubuntu
  65. Best Hacking Tools 2020
  66. Pentest Tools Url Fuzzer
  67. Pentest Tools Bluekeep
  68. Physical Pentest Tools
  69. Github Hacking Tools
  70. Game Hacking
  71. Hack Tools
  72. Hack Tools Github
  73. Hacker Tools List
  74. Hacker Tools
  75. Pentest Tools Windows
  76. Hacking Tools Mac
  77. Pentest Tools List
  78. What Is Hacking Tools
  79. Underground Hacker Sites
  80. Hacking Tools Windows
  81. Hacker Security Tools
  82. Hackrf Tools
  83. Pentest Tools Free
  84. Hack Tools
  85. Pentest Tools Website Vulnerability
  86. Hacker Tools Online
  87. Black Hat Hacker Tools
  88. Pentest Tools For Android
  89. Pentest Tools Free
  90. Pentest Tools Port Scanner
  91. Physical Pentest Tools
  92. Hackers Toolbox
  93. Hackers Toolbox
  94. Pentest Tools Open Source
  95. Game Hacking
  96. Hack Tools For Mac
  97. Easy Hack Tools
  98. Hacking Tools For Windows 7
  99. Pentest Tools List
  100. Android Hack Tools Github
  101. Pentest Tools Bluekeep
  102. Hacking Tools Mac
  103. Hacker Tools For Mac
  104. Beginner Hacker Tools
  105. Hacker Tools Free Download
  106. Free Pentest Tools For Windows
  107. Hacker Tools Free
  108. Nsa Hack Tools Download
  109. Pentest Recon Tools
  110. Hack Tools
  111. Nsa Hacker Tools
  112. Hack Tools Mac
  113. Hacker Tools For Pc
  114. Hackrf Tools
  115. Bluetooth Hacking Tools Kali
  116. Ethical Hacker Tools
  117. Hacking Tools
  118. Hacking Tools For Windows 7
  119. Computer Hacker
  120. Hack Tool Apk No Root
  121. Hacking Tools Github
  122. Hacking Tools Kit
  123. Kik Hack Tools
  124. Hacker Tools For Pc
  125. Beginner Hacker Tools
  126. Hacking Tools Download
  127. Hacking Tools Hardware
  128. Tools Used For Hacking
  129. Hacking Tools Github