Xerosploit: Advanced Man in the Middle Framework

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. 

Dependencies

• nmap
• hping3
• build-essential
• ruby-dev
• libpcap-dev
• libgmp3-dev
• tabulate
• terminaltables

Instalation

Dependencies will be automatically installed.

git clone https://github.com/LionSec/xerosploit
cd xerosploit && sudo python install.py
sudo xerosploit

features

• Port scanning
• Network mapping
• Dos attack
• Html code injection
• Javascript code injection
• Download intercaption and replacement
• Sniffing
• Dns spoofing
• Background audio reproduction
• Images replacement
• Drifnet
• Webpage defacement and more ...

Download and read more at:

Read more

by Malik korrich ~ lundi 8 août 2016 0 commentaires

Portable Man-in-the-Middle Attack Framework

BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.

Installation

BetterCap comes packaged as a Ruby gem, meaning you will need a Ruby interpreter ( >= 1.9 ) and a RubyGems environment installed. Moreover, it is fully compatible with GNU/Linux, Mac OS X and OpenBSD platforms.

Dependencies

All Ruby dependencies will be automatically installed through the GEM system, however some of the GEMS need native libraries in order to compile:

sudo apt-get install build-essential ruby-dev libpcap-dev

Stable Release ( GEM )

You can easily install bettercap using the gem install GEMNAME command:

gem install bettercap

To update to a newer release:

gem update bettercap

If you have trouble installing bettercap read the following sections about dependencies.

Quick Start

Once you’ve installed bettercap, quickly get started with:

bettercap --help

The help menu will show you every available command line option and a few examples.Read more at:

Read more

by Malik korrich ~ samedi 23 avril 2016 0 commentaires

Framework to Automate Man-In-The-Middle attacks

Man-in-the-middle is one the dangerous hacking attack, cyber criminals use this attack to hack the corporate organizations. The tools to launch man-in-the-middle attack are very common, try searching Hacking Tools on Google. Anyway, MITMf is the topic of this article. What is this?

MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques.

Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely re-written from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack.

Features

• The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass.
• As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what etterfilters did, only better), allowing users to modify any type of traffic or protocol.

• The configuration file can be edited on-the-fly while MITMf is running, the changes will be passed down through the framework: this allows you to tweak settings of plugins and servers while performing an attack.
• MITMf will capture FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc.) and Kerberos credentials by using Net-Creds, which is run on startup.
• Responder integration allows for LLMNR, NBT-NS and MDNS poisoning and WPAD rogue server support.

Active packet filtering/modification

You can now modify any packet/protocol that gets intercepted by MITMf using Scapy! (no more etterfilters! yay!)

For example, here's a stupid little filter that just changes the destination IP address of ICMP packets:

if packet.haslayer(ICMP):
    log.info('Got an ICMP packet!')
    packet.dst = '192.168.1.0'

• Use the packet variable to access the packet in a Scapy compatible format
• Use the data variable to access the raw packet data

Now to use the filter all we need to do is: python mitmf.py -F ~/filter.py

You will probably want to combine that with the Spoof plugin to actually intercept packets from someone else ;)

Note: you can modify filters on-the-fly without restarting MITMf!

Read more and download

Read more

by Malik korrich ~ samedi 30 janvier 2016 0 commentaires

'itsoknoproblembro' Toolkit - The Beast that Beat Banks

Large scale, sophisticated distributed denial of service attacks - which have plagued the banking industry for months now - are finally subsiding. These attacks, which for the most part have been politically and socially motivated, have been cause for concern for security experts, government officials, and banks.







How It Started

Beginning in September 2012, large banking institutions; including Wells Fargo, Bank of America, PNC and JPMorgan Chase were at the receiving end of high level DDoS attacks - at times peaking between 60Gbps - 100Gbps. Comparatively speaking, most attacks are below 1Gbps. Thus, the cause for concern. Why were banks attacked? For some, the reason seems to be a little flimsy. Rumors circled that it was an Iran sponsored attack due to its sophistication and size, but an Iran hacker collective quelled these rumors by claiming full responsibility for the DDoS attacks and citing the Innocence of Muslims video as their motivation.

If you didn’t catch the headlines, the Innocence of Muslims video incensed the Muslim world because of its negative depiction of the Prophet Mohammad. Soon after clips of the video were released on YouTube, the hacker group Izz ad-din Al Qassam Cyber Fighters posted on Pastebin:

We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasty movie. Beware this attack can vary in type.

And then the attacks started. The attacks lasted for months and are still a potential threat to banks. Here’s an infographic timeline of the series of DDoS attacks that took place.

How the ‘itsoknoproblembro’ Toolkit Works

The ‘itsoknoproblembro’ toolkit was the weapon of choice for the hackers that launched repeated attacks against banks. The tool is a hybrid DDoS attack tool that operates as a PHP-based suite. “itsoknoproblembro can launch multi-layered attack vectors by leveraging already compromised commercial machines, while at the same time, injecting malicious PHP scripts into popular content management systems - like WordPress and Joomla. This gives attackers the ability to scale up the size of an attack by converting machines into brobots,” says Todd Reagor, Chief Executive Officer of Rivalhost. Once compromised machines are under control of the attackers, it’s simply a matter of launching the attack.

Here’s how the itsoknoproblembro toolkit works:

• The toolkit attacks infrastructure and application layers simultaneously
• SYN floods are used to attack multiple network entry points on the target machine
• ICMP, UDP, and SSL encrypted attacks are implemented as well
• UDP packet floods are used to overwhelm the target DNS infrastructure
• Legitimate IP addresses are used that make detection difficult

How DDoS Protection Stops Attacks

DDoS protection is a combination of sophisticated anti-ddos tools, human knowledge, and experience in mitigation. At its simplest level, it can be divided into three distinct steps:

• Monitor: Flow data from edge routers is pulled and analyzed. Potential attack patterns trigger an alert that notifies the team monitoring your server.

• Detection: Attacks are detected from dynamic profiling by comparing traffic deviations against an organizations normal patterns. Signature analysis is also used to compare known attack triggers with the traffic on your site.

• Mitigation: Typically, malicious traffic is rerouted away from the victim and “scrubbed” by the mitigation company. Then, legitimate traffic is forwarded back to its original destination.

About Bio

Rob Lons is the Director of Digital at Rivalhost, a DDoS Protection company specializing in mitigation and protected web hosting. Follow on Twitter @rivalhost

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ mardi 29 janvier 2013 0 commentaires

MiTM Attacks Against Mobile Devices

Normally when one thinks of MiTM (Man In The Middle) attacks over wireless802.11 protocols, thoughts of ARP Poisoning and Wifi-Pineapples come to mind. Traditionally these attacks were conducted against laptops using embedded wireless functionality. Now that most mobile phones and tablet devices have Wifi capabilities in addition to access to their cellular networks, they have added themselves to the list of potential victims.


Wifi only devices, such as Google Android tablets and Apple Ipads, are particularly at risk to these kinds of attacks, especially in public environments such as airports.

If you use an Android or iOS device to connect to a Microsoft Exchange server over WiFi, security researcher Peter Hannay a PhD student, researcher and lecturer based at Edith Cowan University in Perth Western Australia has taken readily available security tools and prepared a rather damaging MiTM attack targeting mobile devices over WiFi.

The purpose of this attack is to impersonate an application the mobile device is attempting to connect to (MS Exchange Server in this case). Once the connection is established, the bogus Exchange Serve sends provisioning commands back to the device. Among commands that can be sent is the option to remotely wipe the device of its data.

How it works:

The attacker would enable their wifi-pineapple or similar platform to perform DNS spoofing and offer up a self-signed SSL certificate to clients that connect to i. This would prompt the connecting victim to accept this bogus certificate and make the connection. Unfortunately most end users aren’t particularly security savvy, click through the warning message, and are then subjected to what the attacker has in store for them. In this case, possibly the issuance of a command to remotely wipe the device.

The future does not look particularly bright for mobile device owners. Pending research is attempting to add the implementation of an open source software protocol library with the objectives of emulating the ActiceSync protocol and serving as a translation layer between mobile MS Exchange clients and other types of servers. This could ultimately provide such nefarious activities as retrieving data from the mobile device such as address books, contacts, emails, calendar entries and similar data using remote backup facilities or pushing policy to the phone and change configuration options such as what server the device wants to communicate with by default. There are, however, mobile hacking and security training classes available to help people learn countering techniques (and other attack techniques).

This attack is not viewed as a flaw in MS Exchange Server or the client software, according to Microsoft, but a flaw in the implementation of the aforementioned client in the Google Android and Apple iOS mobile operating systems. One has to at least question the trust model that is in place. The server component goes through great measures to ensure that a trusted client and end user is connecting while the client doesn’t follow suit. Microsoft Windows Phones are not vulnerable to this attack.

About the Author

Anthony Williams is the founder of IT security consulting firm, IRON::Guard Security, LLC. Anthony is an active member of the hacking and forensics community, he teaches advanced hacking courses for an international training leader (TrainACE) and is a noted speaker and contributor to major security publications.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ samedi 29 décembre 2012 0 commentaires

Subterfuge - Man-in-the-Middle Attack Framework Tutorial

Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions.

Subterfuge is a small but devastatingly effective credential-harvesting program which exploits a vulnerability in the Address Resolution Protocol. It does this in a way that a non-technical user would have the ability, at the push of a button, to harvest all of the usernames and passwords of victims on their connected network, thus equipping information and network security professionals with a “push-button” security validation tool.  

The video below show you how to configure subterfuge on your computer, the operating system shown in the video is backtrack 5 but you can install subterfuge in other Linux distribution because subterfuge install dependencies by itself.

So this is a small video in the subterfuge tutorial I will show you how to perform the various attack. Do not forget to comment about this wonderful tool and do not forget to share your experiences regrading the framework.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ lundi 30 avril 2012 0 commentaires

DNS Spoofing- Ettercap Backtrack5 Tutorial

Spoofing attack is unlike sniffing attack, there is a little difference between spoofing and sniffing. Sniffing is an act to capture or view the incoming and outgoing packets from the network while spoofing is an act to forging one's source address. In spoofing attack an attacker make himself a source or desire address. This is basically done by using some tricks.

Spoofing is so general word and it contains attack like DNS spoofing, IP spoofing and others.

What Is DNS Spoofing?

DNS spoofing is an attack that can categorize under Man-In-The-Middle-Attack, beside DNS Spoofing MIMA contain:

• ARP poisoning
• Sessions hijacking
• SSL hijacking
• DNS Spoofing

Each attack has its own importance but to be sure it is very difficult to discuss all attacks in single article, I will post some more articles related to MIMA.

DNS spoofing is an attack in which an attacker force victim to enter his credential into a fake website, the term fake does not mean that the website is a phishing page while. To understand DNS spoofing refer to this pictures.

In the normal communication a user send request to the real DNS server while if an attacker spoof the DNS server than this attack is called Man-In-The-Middle-Attack.

Now the question is how to perform DNS spoofing attack, the term spoofing is very similar with sniffing and the sniffing tools can used to perform spoofing attack. For this article I will use ettercap.

What Is Ettercap?

According to official website “Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks”.

It is support cross operating system like it can run on Windows, Linux, BSD and MAC.

DNS Spoofing Tutorial With Ettercap-Backtrack5

If you want to learn more background theory than you can ask question by using comment box, now this section will teach you how to perform Spoofing (Man-In-The-Middle-Attack) attack.

Requirement:

• An Operating system (Linux, Windows etc)
• Ettercap
• SET

I am using backtrack 5 for this tutorial you can use some other OS, social engineering toolkit is not a necessary part but as discussed before about SET tutorial for hacking windows by using fake IP so you can use Spoof your IP into a website. So this is little advance tutorial.

It is recommended to use DNS spoofing attack with Social engineering toolkit attack to make the job done effectively.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Other Readings

• DNS, ISA and 2003 server (edugeek.net)
• MIT researchers craft defense against wireless man-in-middle attacks (infoworld.com)
• Responsibilities of the DNS: "Oh YES you will!", "Oh NO you will not!" (via CommunityDNS Blog) (chrisbuijs.com)

Read more

by Malik korrich ~ vendredi 26 août 2011 0 commentaires