Category Archives: Windows

5 Steps to Recover and Secure Your Google Account

Category : Windows

Losing access to your Google account can be a stressful and frustrating experience. Not only do you lose access to all the important data and services associated with your account, but you also run the risk of someone else gaining access to that information. Fortunately, there are steps you can take to recover and secure your Google account. Here are five key steps to follow if you find yourself in this situation:

  1. Try to sign in to your account. The first thing you should do is try to sign in to your account as you normally would. If you’re having trouble remembering your password, you can try resetting it by clicking the “Forgot password?” link on the sign-in page. You may be asked to enter the email address associated with your account, or to answer a security question. If you can’t remember the answer to the security question, or if you don’t have access to the email address associated with your account, you’ll need to follow the next steps.
  2. Check for any account recovery options. If you’re unable to reset your password or regain access to your account, the next step is to check for any account recovery options that Google may have available. This may include verifying your identity by providing additional information about yourself, or by providing proof of ownership of the account. To access these options, go to the Google account recovery page and follow the instructions.
  3. Secure your account if you regain access. If you’re able to recover your account, the next step is to make sure it’s secure. This includes changing your password to something strong and unique, and enabling two-factor authentication to add an extra layer of security to your account. You should also review any other security settings and make sure they’re up to date.
  4. Monitor your account for any suspicious activity. It’s important to regularly check your account for any suspicious activity, such as emails or messages that you didn’t send, or unauthorized changes to your account settings. If you notice anything unusual, take immediate action to secure your account and protect your personal information.
  5. Consider using a password manager. One of the best ways to secure your Google account (and all of your other online accounts) is to use a password manager. A password manager is a tool that helps you create strong, unique passwords for all of your accounts, and stores them securely in one place. This way, you don’t have to worry about remembering multiple passwords, and you can easily change them if you suspect your account has been compromised.

In summary, recovering and securing your Google account requires a combination of proactive measures and timely action. By following these five steps, you can minimize the risk of losing access to your account, and ensure that your personal information is protected.


iBall Baton ADSL2+ Home Router, UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass

Hi, I hope you have already gone through my first router exploitation writing Exploiting Router Authentication through Web Interface (CVE-2017-6558). Once again researching in router exploitation, I found similar bug in two other products iBall Baton ADSL2+ Home Router & UTStar WA3002G4 ADSL Broadband Modem that allowed me to bypass admin panel authentication. Both of these products are from two different vendors, but the vulnerability is same.

I was looking to find some methods to bypass authentication of commonly using routers in my country. First I came to open iBall Baton ADSL2+ Home Router admin page. The admin panel is protected by password authentication. I know some routers use CGI scripts like PayPal use in their websites. I tried to access common pages in the router by appending .cgi at the end of URL. Luckily I got the page info.cgi opened without asking authentication. I got few other pages also which can be accessed in the same way.

Steps

  1. Suppose 192.168.1.1 is the router IP, then the password reset page is http://192.168.1.1/password.html by default
  2. This page is a protected page which can be bypassed by changing URL extension as http://192.168.1.1/password.cgi

In the case of UTStar, the source code of password.cgi page contains the usernames and corresponding passwords in plain text. We can use this password to login admin panel!

Some pages we can directly access:

  • http://192.168.1.1/info.cgi – Status and details
  • http://192.168.1.1/upload.cgi – Firmware Upgrade
  • http://192.168.1.1/backupsettings.cgi – perform backup settings to PC
  • http://192.168.1.1/pppoe.cgi – PPPoE settings
  • http://192.168.1.1/resetrouter.cgi – Router reset
  • http://192.168.1.1/password.cgi – password settings

Products Affected

  • UTStar WA3002G4 ADSL Broadband Modem – Firmware Version: WA3002G4-0021.01
  • iBall Baton ADSL2+ Home Router – Firmware version: FW_iB-LR7011A_1.0.2

 

Identified and Reported by
Gem George


Direct Download Windows 10 ISO/ESD from official site

Finally Microsoft released Windows 10 publicly for free download on 29th July 2015. It gives free upgrade over genuine version of Windows 7, Window 8/8.1. Microsoft provides two ways to download Windows 10 – using Media Creation Tool and Direct ISO from Microsoft’s site. The media creation tool also allows us to:

  • Upgrade PC
  • Directly to your USB
  • ISO file for later usage

Media creation tool downloads Windows 10 in background and if some error happened in the middle of the download, we need to restart whole download from the beginning. Most of the users like to download files using their favorite download manager with resume support.
So let us see the ways to downloading Official ISO directly using your favorite download manager with resume support. It’s legal to download direct downloading offline ISO from Microsoft’s servers and nothing has been said here as illegal. Here is the official download page:

  1. https://www.microsoft.com/en-us/software-download/windows10 (via Media Creation Tool).
  2. http://www.microsoft.com/en-us/software-download/techbench (Official ISO)

If you are visiting 1st link using either windows 7, 8/8.1, it will give an option to download Windows 10 via Media Creation Tool (since they are upgradable to Windows 10). If you are using Windows XP, Vista, Mac OS or any linux PC, the page divert to Official Offline ISO download page. That is the above said page detects your OS and divert page accordingly. Hence you can try these operating systems or mobile phone to get download link, so that you can download it from PC.
Open above link and you will be have the option to select versions:

  • Windows 10
  • Windows 10 KN
  • Windows 10 N
  • Windows 10 Single Language

Each of this ISO file contains Windows 10 Home and Window 10 Pro editions and you can choose which one to be installed during installation. You will get option to select 32-bit (x86) or 64-bit (x64) ISO before starting download. Note that each download link is valid for only 24hrs. If the link is expired, then try downloading new ISO, replace old download link with new download link and resume. Most of the download manager tools allows the option to replace download links of partially completed downloads.

Finding direct download link from Media creation Tool
As said above, Media Creation Tool is an online installer, which is slow and resume unsupported. How it would be if you get direct download link for the version you are selecting to download from this Media Creation Tool? Yes, it’s possible with the help of any packet filtering tool such as Wireshark.

This method is not only applicable to with Media Creation tool, but it also helps you to get direct download links from most of the online installer tools. The main advantage of this method is that the downloaded file is in ESD (Electronic Software Download) format and which is around 25% compressed than ISO. It will definitely saves your data usage and time. FYI: The ESD file of OS can be find at C:\$Windows.~WS\Sources, which is in .tmp extension during download.

Steps to find direct download link:

  1. Open Wireshark and start capture
  2. Run Media Creation Tool, select OS version and start download
  3. Apply filter http.request.method == “GET” in Wireshark. It will list all the HTTP request GET from your computer and you can find official link of ISO from them.
  4. Click on the packet from the list and expand “Hyper Text Transfer Protocol” and there you will find the request URI as blue coloured.
  5. Right Click on it >> Copy >> Value and now you copied the direct download ink of ESD file.
  6. Download it with your download manager and use any tool such as ESD Decrypter to convert it into ISO


Watch video:https://www.youtube.com/watch?v=PWjd5ecbprg