Backtrack Team: Network Security

Affichage des articles dont le libellé est Network Security. Afficher tous les articles

A Critical Vulnerability in Inteno Routers

Security researchers are warning users regarding new critical vulnerabilities in Inteno routers, which could allow remote attackers to replace the firmware on a device to take complete control over it and monitor the internet traffic.

According to F-Secure, the issue affects the Inteno EG500, FG101, DG201 routers. However, more models could be affected, but it couldn’t be sure due to the vendor’s unwillingness to cooperate.

F-Measure claimed the issue in January but, when the vendor replied two months later it argued that software issues are dealt with the operators that sell the equipment to the end users.

The vulnerability itself is associated with the fact that several router models don’t validate the Auto Configuration Server (ACS) certificates. This means that it will allow an attacker to launch Man in the Middle (MITM) attack between ACS and the device and gain full administrative access to the router, allowing them to refresh the firmware.

The implications of such a flaw are potentially serious, according to F-Secure cyber security expert, Janne Kauhanen. He warned:

“By changing the firmware, the attacker can change any and all rules of the router. Watching video content you’re storing on another computer? So is the attacker. Updating another device through the router? Hopefully it’s not vulnerable like this, or they’ll own that too”.

Although, HTTPS traffic is encrypted and won’t be beneficial if hacked by the attacker, but they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine.

However, if HTTPS is not implemented and the attacker is able to launch Man in the Middle attack, then there is no way left to prevent a successful exploitation. Janne Kauhanen told Infosecurity:

“Gaining a MitM position is not trivial, but it’s not outside the realm of possibilities either, whether physically attacking a whole building by breaking into the distribution trunk in the building or using software tricks to route network traffic through a malicious site”.

F-Secure recommended users to keep browsers and other software updated to prevent hackers exploiting any flaws. The use of effective and well known antivirus software is suggested to prevent any malware downloads and to use a VPN to encrypt internet traffic and prevent hackers gaining that initial foothold into the network.

by Malik korrich ~ vendredi 2 septembre 2016 0 commentaires

4 Best Port Scanners

Port scanners are the application that scans server or host for available ports that are used for communication. These applications are often used by network administrators and security specialist to verify security policies; attacker uses this application to find the running services on host and to exploit them.

Here we discussed 4 most popular and best port scanners widely used by network administrators and hackers.

Angry IP Scanner

The Angry IP scanner is a Java based application that discovers host through ping scan. It is cross platform, lightweight and very fast port scanner. It simply pings each host and gather information like hostname, MAC address, port scan etc. Additionally, it also contain features like, NetBIOS information (computer name, logged in user), web server detection etc. It uses multi-threading to speed up scanning.

Superscan

Superscan is a free Windows based port scanner that only detects open TCP and UDP ports on the target computer. Superscan is used by both network administrator and hackers to determine which service is running on different ports and provide queries like ping, whois, ICMP, traceroute and host name lookups. This tool is not maintained, the latest release was in 2004.

NetScan Tools

NetScan is the application that scans the network based on user provided IP range. NetScan is the collection of more than 40 network utilities for windows, designed with easy to use interface. It includes port scanner, DNS tools, traceroute and other utilities.

Unicornscan

Unicornscan is asynchronous TCP and UDP scanner used by many network administrators all over the world. It includes asynchronous stateless TCP scanning with all variations of TCP flags, active passive remote OS and other hundreds of features. Unicornscan intended to provide a researcher a superior interface to stimulate response from TCP/IP enabled devices. Many used this tool as IP port scanner.

by Malik korrich ~ lundi 20 juin 2016 0 commentaires

Offensive Network Security Framework

This git stream is considered a live and unstable build. All stable entries are committed into a release package.

Fully manages system states automatically for Airbase-ng with bridging and ipv4_forwarding ability.
Configures all necessary elements and performs MITM, ARP, WPA Cracking, Sniffing and SSLstrip attacks.

offers an advanced section

Configuration file modified by user. All Access Point options, devices, and attacking methods are set here. The user may modify options before launching new attacks without interrupting current attack, as long as the current attack window remains open.

You may not comment out option lines but you may disable options if you decide on storing multiple possible options for testing. This is done by e.g. #IFACE1\=

Flexibility of ettercaps options have been preserved by allowing the user to change the options passed during execution.

Ettercap default switches are -Tqz the user could simply change that value to -Tq if they wanted to enable initial arp.

N4P uses it's own DHCP configuration for its Access Point creation. We do this so that connected targets can not view our machine inside the local network.

View of Access Point Airbase-ng running along with the custom connected clients monitor window. As clients connect to our AP their ip address will display here. Other monitor options are available by changing the MONITOR_MODE= option in n4p.conf file from option 2

Download and read more about the project.

by Malik korrich ~ mardi 12 avril 2016 0 commentaires

How to save time doing passive discovery in Kali Linux using discover or backtrack script framework

   Passive discovery is an activity of looking and searching information about certain organization or a network.While Kali Linux has massive tools that we can utilize to do this, it might take us a lot of time in learning each tools.

To solve this problem, we can use discover scripts or previously known as backtrack scripts in our Kali Linux system.The framework was written by
Lee Baird .Discover script not only incorporate various kali tools but it is also easy to use .

   In this tutorial I'll share on how to setup the framework with Kali Linux and then I will share on how you can use this framework top ook for a network or any network or company passive information.

1)Installing Discover script

1.1) Clone git to Kali Linux.

orca@omura:~$ cd /opt
orca@omura:/opt$ sudo git clone https://github.com/leebaird/discover.git

1.2)Setup and install the necessary file for your system .

orca@omura:~$ cd /opt/discover
orca@omura:/opt/discover$ sudo ./setup.sh

2 ) Using the framework for passive discovery

2.1) Go to discover folder and execute the "discover.sh" file .

orca@omura:~$ cd /opt/discover
orca@omura:/opt/discover$ sudo ./setup.sh

2.2)The framework will load and you will be given a list of task that can be executed .Use the number in the left for the selection.

Discover framework

2.3)In this example, I will run a script and get information base on domain , I choose "1" .

discover script selection

2.4)Then Choose "2" and key in the domain name. in this example, i look for information for "www.google.com" .The framework will then run and execute the required tools for this task.

key in the domain url

2.5) Grab a cup of coffee and enjoy it while the scripts doing it's job. :-)

the system is working hard!

2.5) Upon completing, the result and report will be prepared and you can view it using internet browser.

2.6) To access this file, from the terminal, go to "/root/data/(domain name)/"

orca@omura:~$ cd /opt/discover
orca@omura:/opt/discover$ firefox /root/data/www.google.com

by Malik korrich ~ mercredi 22 avril 2015 0 commentaires

Australia’s Tier-3 launches Huntsman Security in the US to provide Security Systems

An Australian IT security company, Tier-3 has announced to enter the U.S. market Thursday with a plan to both disrupt and complement established security vendors in the threat management market.

Tier-3 is established on a global scale, including in Australia, the United Kingdom and Japan. The company is recognized for developing a patented behavior anomaly detection technology.

Huntsman Security that will be launched in the United States, offers a portfolio that includes a wide range of Security Information Event Management (SIEM) technology that provides real-time cognizance into preventing cyber attacks.

The Huntsman launch, a centralized enterprise security platform, will aggregate the output of SIEM environments from multiple vendors, including Splunk, Hewlett-Packard ArcSight, Q1 Labs and Huntsman Security's own technology, into a single dashboard for a consolidated view of enterprise threats.

Tier-3 used Behaviour Anomaly Detection as the DNA for Huntsman integrates existing security assets to provide a single view across the whole security environment.

Ultimately Huntsman adds a layer of intelligence above traditional enterprise security systems, to detect network behaviour that is unusual, suspicious or risky. This means that your security staff isn’t distracted by background noise when simplistic thresholds are crossed, and can focus on the events that pose a genuine threat.

This is how Tier-3’s Huntsman:
• makes connections between seemingly innocent isolated security events
• detects the complex, sophisticated or less obvious threats that other systems miss
• assesses their risk in context with normal network and system activities
• ensures that your IT staff can focus on genuine risks that threaten your operations

Huntsman is an innovative security platform for enterprises that need to adapt quickly and cost-effectively to unexpected new threats, new forms of data theft and new compliance requirements. It goes beyond traffic and network behavior analysis and focuses on "real" behaviour over the whole environment.

Tier-3 is globally accepted for providing expert, responsive service to local and global enterprises. It also provides security services for large corporations, and national infrastructure providers.

by Malik korrich ~ vendredi 17 avril 2015 0 commentaires

93 Percent of U.S Enterprises feels Vulnerable

A report revealed that around 93% of the major Enterprises in the U.S feels Vulnerable after seeing some major security breaches last year. The report is based on the survey respondents of more than 800 senior business manager and IT professionals from the US market. Survey was also conducted in UK, Germany, Japan and ASEAN countries.

The report says mostly the threat for these major enterprises are from the inside. Because Insider threats are caused by a wide range of offenders who either maliciously or accidentally do things that put an organization and its data at risk. The insider threats are more difficult to tackle for the companies and their IT professionals. The attacker can gain access to the company's network by stealing valid user authorization like Business partners, suppliers or contractors and lastly third-party app providers who are provided with the access right.

Enterprises are investing million of dollars on their budget of IT and Network security. But still the most shocking thing from this report is this that even after spending all this money 40% organizations has faced the data breaches and failed a compliance audit in 2014.

On the other hand only a small number of 11% of the surveyed enterprises feels that after paying such big bucks to security firm they not vulnerable from the inside attacks.While the other 89% enterprises feels that they are still vulnerable and need to improve their network security to avoid further data breaches from an inside attack.

The numbers from this report are also shocking for everyone because all these major enterprises which are surveyed put aside a big budget for their IT and Security department. From those 89% enterprises who feels that they are vulnerable to an inside attack, while the 34% of those feels that their networks can be easily breached from an insider attack.

There are a big number of enterprises who had no idea where they should invest their security budget. That is one of the biggest reason behind those numbers. But still a staggering number of 92% of major enterprises from U.S , U.K , Germany, Japan, and other surveyed countries are planning to increase or maintain existing budget on their IT security and Data protection.

The report also reveled the top three volumes where data is at risk for these enterprises :

Databases - 49%
File Servers - 39%
Cloud - 36%

The position is fairly consistent across most major geographies and mainstream verticals including financial services, healthcare, and the retail sector. Healthcare sector becomes another major sector for attackers to steal the personal information of people. Which will be used afterwords for their own interests.

In the light of this report by Vormetic data security we learned that the majority of enterprises are willing to increase their budget on the IT and Security this and coming years. While there are also some who are willing to invest the same as they did last year. Because these enterprises feels that they are vulnerable and can be easily breached.

by Malik korrich ~ mercredi 1 avril 2015 0 commentaires

Over 12 Million Routers are Exposed to Critical hijacking Hack

More than 12 million routers in homes and small offices are vulnerable to attacks that allow hackers anywhere in the world to monitor user traffic and take administrative control over the devices, researchers said.

Source: thehackernews

The vulnerability resides in "RomPager" software, embedded into the residential gateway devices, made by a company known as AllegroSoft. Versions of RomPager prior to 4.34 contain a critical bug that allows attackers to send simple HTTP cookie files that corrupt device memory and hand over administrative control. Attackers can use that control to read plaintext traffic traveling over the device and possibly take other actions, including changing sensitive DNS settings and monitoring or controling Web cams, computers, or other connected devices. Researchers from Check Point's malware and vulnerability group have dubbed the bug Misfortune Cookie, because it allows hackers to determine the "fortune" of an HTTP request by manipulating cookies. They wrote:
"If your gateway device is vulnerable, then any device connected to your network—including computers, phones, tablets, printers, security cameras, refrigerators, toasters or any other networked device in your home or office network—may have increased risk of compromise. An attacker exploiting the Misfortune Cookie vulnerability can easily monitor your Internet connection, steal your credentials and personal or business data, attempt to infect your machines with malware, and over-crisp your toast."

Determining precisely what routers are vulnerable is a vexing undertaking. Devices frequently don't display identifying banners when unauthenticated users access them, and when such banners are presented, they often don't include information about the underlying software components. Beyond that, some device manufacturers manually patch the bug without upgrading the RomPager version, a practice that may generate false positives when automatically flagging all devices running versions prior to 4.34. To work around the challenges, Check Point researchers performed a comprehensive scan of Internet addresses that probed for vulnerable RomPager services. The results showed 12 million unique devices spanning 200 different models contained the bug. Manufacturers affected included Linksys, D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL.

Check Point has uncovered no evidence the vulnerability has been actively exploited, but researchers couldn't rule out such attacks, either. In-the-wild exploits might at least partially explain a rash of hacks earlier this year that remotely hijacked hundreds of thousands of routers on two separate occasions. What's more, Thursday's disclosure is likely to spur blackhats to begin exploiting the vulnerability.

The critical vulnerability was introduced in 2002, and a fix was made available three years later. As demonstrated by Check Point's finding that 12 million devices are susceptible to Misfortune Cookie attacks, the fix has yet to make its way into a significant number of routers. The bug has been assigned the identifier CVE-2014-9222.

Read Full Article on arstechnica

by Malik korrich ~ vendredi 19 décembre 2014 0 commentaires

Google releases 'nogotofail' A Network Traffic Security Testing Tool

Google has released Nogotofail as an open source project available on GitHub, meaning anyone can use it, contribute new features, provide support for more platforms, and do anything else with the end goal of helping to improve the security of the Internet.

Called 'nogotofail' and apparently named in honour of the 'goto fail' bug that affected Mac and iOS systems earlier this year, the tool offers a way to confirm that internet-connected devices and applications aren't vulnerable to transport layer security (TLS) and secure sockets layer (SSL) encryption issues, such as known bugs or misconfigurations.

Nogotofail tests for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, and cleartext issues. The tool can be deployed on a router, a Linux machine, or a VPN server and works for Android, Chrome OS, iOS, Linux, OS X, and Windows — basically any device used to connect to the internet.

Following is the official release of Google:

"Google is committed to increasing the use of TLS/SSL in all applications and services. But “HTTPS everywhere” is not enough; it also needs to be used correctly. Most platforms and devices have secure defaults, but some applications and libraries override the defaults for the worse, and in some instances we’ve seen platforms make mistakes as well. As applications get more complex, connect to more services, and use more third party libraries, it becomes easier to introduce these types of mistakes.

The Android Security Team has built a tool, called nogotofail, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.

We’ve been using this tool ourselves for some time and have worked with many developers to improve the security of their apps. But we want the use of TLS/SSL to advance as quickly as possible. Today, we’re releasing it as an open source project, so anyone can test their applications, contribute new features, provide support for more platforms, and help improve the security of the Internet."

by Malik korrich ~ vendredi 7 novembre 2014 0 commentaires

How to install Kali Linux in Ubuntu Virtualbox for penetration testing and hacking

In this post, I'm going to share step by step how to install Kali Linux in Ubuntu Virtualbox for penetration testing and hacking.Before we go further , please make sure you have Virtualbox installed in your Ubuntu system.Please check my previous tutorial on how to install Virtualbox in Ubuntu .

Requirement

Kali Linux require

1.A minimum of 10 GB disk space for the Kali Linux install

2.For i386 and amd64 architectures, a minimum of 512MB RAM.

What we will do in this tutorial

1. Download Latest Kali Linux

2. Check Sha1sum (optional)

3. Create Kali Linux Virtual Machine on Virtualbox

4. Configure Kali Linux Virtual Machine additional settings

5. Install Kali Linux on Hard Drive

6. Reboot and login to Kali Linux Virtual Machine

Steps

1.Download kali linux from their website.

1.1) Choose the right software version compatible with your system by checking in the terminal

shark_attack@Positive-Space:~$ file /sbin/init

Checking System CPU bit

Choose the right file to download

1.2)Choose either to download using torrent or direct.

Saving Torrent

Downloading Torrent

Downloading in progress

2. Check Sha1sum (optional) once the download completed.This step is to make sure the downloaded file is not corrupted

2.1) Open the terminal and navigate to the downloaded file location.

2.2) Run command to check sha1sum and use Sha1sum given in Kali Linux download page. In my case, my Sha1sum is "6edfe99df28747d828ef6de17ded66fed6659a86"

shark_attack@Positive-Space:~/Downloads/kali-linux-1.0.8-i386$ sha1sum kali-linux-1.0.8-i386 | grep 6edfe99df28747d828ef6de17ded66fed6659a8

Copy the Sha1sum from website

2.3) Check the file on your system terminal .

Sha1sum checking

3. Create Kali Linux Virtual Machine on Virtualbox

3.1) Open Oracle Virtualbox Manager from 'Dash Home'

Search Ora

3.2)Click 'New' to add new virtual system

Adding new Virtual system

3.3)Give your Virtual machine 'Name ,Type and Version > Next'

Name,Type,Version

3.4)Allocate memory size for your virtual system. I'm using 1024MB for my Kali Linux. The RAM amount depends on what you plan to do with your Virtualbox, how many client you want to run concurrently on Ubuntu host and don't forget Ubuntu host also needs RAM to work . Then proceed with 'Next' button .

RAM size

3.5) Click 'Create virtual hard drive' > 'Create' . Kali Linux require at least 10 GB of hard drive size.

3.6) Choose VDI to install Kali Linux on your hard drive. For further reading on virtual storage, please visit here.

Choose VDI

3.7)Choose 'Dynamically allocated' for more flexible storage system. And click 'Next' .For further reading, please visit here.

Dynamically allocated

3.7)Choose file location and size. I Choose 20GB for my Kali Linux virtual system . Then click 'Create'

Adding disk size

4. Configure Kali Linux Virtual Machine additional settings

4.1) Click 'Settings'

Settings

4.2)Go to System on the left hand panel and click 'Processor'

4.3)Tick 'Enable PAE/NX' function . PAE is short form of 'Physical Address Extension'. his setting will enables 32-bit processors to access more than 4 GB of physical memory. If your client is running on 32 bit processor, This is made possible by adding 4 bit to memory addresses. if a system is running on 32 bit x86, it will have 36 bit and can addressed up to 64 GB of RAM.

NX means 'No Execute' . This means your CPU know how to prevent memory safer by prevent programs from executing code in that part.

You can check your processor details in BIOS .

Enable PAE/NX

4,4) 'Start' Kali Linux virtual machine .

Click Start

5. Install Kali Linux on Hard Drive

5.1)Choose Kali Linux image in location where you download it. Then click 'Start'

Choose Kali Linux ISO

Click Start

5.2) Choose 'Install'

Install

5.3) Choose 'Language'

Language

5.4)Choose 'Country'

5.5) Configure the 'Keyboard'

5.6)Configure 'Hostname' . Key in any name you want for your Kali host and 'Continue'

5.7)Configure network 'domain' . you can skip if you want. Then 'Continue'

Network domain

5.8)Configure root password for Kali Linux.Make sure you remember your root password .Press 'Continue' for root password verification

root password

verify root password

5.9)Configuring the clock

Choose your state

5.10)Choose 'Guided-use entire disk' . For more information on other selection, please visit here.

5.11)Choose disk to partition.

5.12)Choose 'All files in one partition (recomended for new users)'

5.13) Choose 'Finish partitioning and write changes to disk'

Confirm and finished

5.14) Choose 'Yes' .The system will then begin to install and will prompt if needs any feedback from the user.

5.15) You will be prompted with using Network mirror ,I Choose 'No' in this steps.It will continue to install.

(p/s: I think I should choose 'YES' on this step as I face some linux headers issue when creating kali linux guest addition .I will share it in my next post .Please let me know how you go on this step)

Network mirror

5.16)The system will then ask to install GRUB boot loader to master boot record. Choose 'Yes' . It will complete the installation and will then request for system reboot.Choose 'Continue'