DSploit Android Toolkit for Security Testing

dSploit is a very comfortable tool that you can install on Android to run a pentest or network security assessment. The toolkit allows fingerprinting the remote operating systems and identifying different hosts, scans the network for system vulnerabilities and performing MITM to sniff sensitive information such as user’s password.
The features included in dSploit are:

  • WiFi Scanning & Common Router Key Cracking
  • Deep Inspection
  • Vulnerability Search
  •  Multi Protocol Login Cracker
  • Packet Forging with Wake On Lan Support
  • HTTPS/SSL Support ( SSL Stripping + HTTPS -> Redirection )
  • MITM Real-time Network Stats
  • MITM Multi Protocol Password Sniffing
  • MITM HTTP/HTTPS Session Hijacking
  • MITM HTTP/HTTPS Hijacked Session File Persistence
  • MITM HTTP/HTTPS Real-time Manipulation

dSploitMITM module screenshot from http://dsploit.net/ (click to enlarge)

The toolkit will help security officer or penetration tester to demonstrate how it is possible to exploit vulnerabilities and take control on targeted systems. the team have officially announced that they have a new nightly builds that you can download over this link: http://update.dsploit.net/nightly


End User Considerations For OpenSSL Vulnerabilities

OpenSSL vulnerabilities could enable a remote hacker to gain access to sensitive data, including secret keys and authentication credentials, via incorrect memory handling. Some of these vulnerabilities could also cause potential leak of non-encrypted information and DTLS (Datagram Transport Layer Security) data to be decrypted.

More than 50% of the web servers on the internet utilize OpenSSL to safeguard user accounts and data. Servers can take the form of chat servers, email servers, network applications, social media servers, virtual private networks (VPNs) and open source serves such as nginx and Apache.

Problems occur when OpenSSL trusts the length field from cyber criminals while it creates a response packet. The latest Heartbleed Bug vulnerability is a reminiscent; it was detected in OpenSSL implementations using the OpenSSL/DTLS Heartbeat extension. The attacker can exploit it on a server to read a portion of the server’s memory at a time – up to 64 KB – without any traces.

With the installed SSL certificates on a host running the effected version of OpenSSL, the private keys could be potentially compromised. With no method of finding which certificates are comprised, server hosts must generate new SSL certificates.

For end users, the biggest problem is that they have to wait for website operators to take appropriate measures to patch these vulnerabilities. So even if security breakdowns like the Heartbleed bug exposes sensitive data on your computers and company devices, you can only take measures to alleviate the risk(s) as the root issue must be fixed by server operators.

While enterprises should always perform a comprehensive assessment of their digital identity, incorporating these measures can significantly mitigate the risks of OpenSSL vulnerabilities:


Network monitoring could be the difference maker to your cyber security as it can detect an adversary’s intention before any harm is caused to your system. More specifically, advanced monitoring systems enable enterprises to receive proactive insights on network-related activities, allowing for the appropriate action for neutralizing OpenSSL vulnerabilities and other threats.

Monitoring services can also protect your organization’s reputation by intercepting threats to your digital identity before the public does. Reputable services are also backed by a proactive staff following strict process for quickly communicating up-to-date information to clients.

Updating passwords

The most recommended measure for enterprise users is to change passwords for all major web-connected services. Taking this action also updates the authorization tokens that usually get compromised in an OpenSSL breach. Password management apps like LastPass work well for generating strong passwords, and you can even generate passwords in OS X on Mac computers.

Administration should also ensure employees are not sharing passwords with people outside the company. Additionally, previously entered passwords should not be reused because if attackers gain access to one of the systems, they can exploit components running the same code.

Two-step authentication

A lot of frequently used web services let users enable a two-step authentication process that can add an additional layer of authentication by asking for a code through a smartphone application, or a text message.

Entering the password from a device other than the main system in order to gain access may not prevent all risks, but it can make the job difficult for people looking to grab your credentials. Two-factor authentication also works with enterprise social media tools such as Buffer and HootSuite.


PayPal released a fingerprint payments mobile application

PayPal payment system launched a mobile application to allow Samsung smartphone owners in 25 countries have the ability to authorize payments using the fingerprint. New biometric authentication procedure replaces the traditional user name and password.

Survey of users in the United States showed that the majority of them ( 53 %) believe the new procedure to be more comfortable .

While the press release have not disclosed the key characteristics for PayPal biometric authentication  , including the percentage of false positives. this new innovative solution can be a good enhancement to the system usability but from the security prospective there is no changes compared to traditional authentication.

Heartbleed vulnerability, made it clear that any new technology should consider several factor authentication. Standard authentication using login and password will not totally prevent attacks on remote system.


Subterfuge Automated Man-in-the-Middle Attack Framework

Subterfuge is a python based tool that you can use for testing Man-In-The-Middle attacks. the program will start to sniff network traffic and wait to have user login to online websites such as gmail , twitter, facebook and more.  Next it will display accounts information.

Beside the session hijacking module there are other modules that can be used for scanning the network, perform an HTTP code injection or Denial of service.  there is also a Tunnel Block to prevent certain protocols from accessing the internet including PPTP, Cisco IPSec, L2TP, OpenVPN, SSH.

Another module is the Network View where it provides a rapid sync to represent victim information in real-time. another addition is Evilgrade which allow attacker to spoof operating system update and provide victim patches shipped with backdoor.

subterfugescreenshot for Subterfuge with modules (click to enlarge)

 You can read more about Subterfuge on the following link: http://code.google.com/p/subterfuge/


Heartbleed Critical Vulnerability in OpenSSL

The security community is actively discussing over this week the openssl vulnerability that allows attacker to exploit the Heartbeat TLS and receive 64KB in the RAM memory. The attack can be repeated continuously to get sensitive information from end users such as their passwords.

Many online servers were affected by this critical vulnerability while patching openssl will not totally solve the situation. Administrators need to install new certificate for the servers and all account passwords should be changed.

The vulnerability was reported last Friday by codenomicon and on Monday a security fix were released and included in openssl 1.0.1g. Script based on python for Nmap were also issued to detect the vulnerable server and published for testing any active bug.

Heartbleed is one of the more serious bugs up to now because the attacker can take all the information without any traces which makes it complex to monitor and identify the attack. The real number of the attack is unknown up to now.

This makes that security testing for software’s and programs is one of the best way to secure the applications and end users and such glitches can rise at any moment. If you are using openssl make sure that you have applied the entire security requirement and you can also use snort signature to detect and monitor Heartbleed exploitation on your facilities.


passivedns network sniffer to log DNS query

Domain name servers may contain several type of security vulnerabilities that allow a malicious user to redirect website visitors to a third party website. The attack can be cache poisoning or ARP spoof and this in case that the DNS server is not patched or hardened.

Passivedns is an open source tool that you can use to investigate an incident related to DNS attack. The tool allows security analyst to collect DNS traffic passively to read them in form of pcap file or log files. This helps to identify the answer of the DNS and find out where the redirection or the issue with the server.

Passivedns can be used as a standard DNS packet sniffer to monitor network traffic and search history to provide a list of what the URL is resolving so it will display the first time URL seen with query and the IP answered by the DNS.

passivdnsPassivedns screenshot during sniffing the DNS packets (click to enlarge)

Logs are going to be stored in passivedns.log. This will be useful for the security analyst and can be used for creating report related to the incident. You can download the tool on the following link: https://github.com/gamelinux/passivedns


Smbexec rapid post exploitation tool

Smbexec is a tool that you can use for penetration testing domain controllers, the program allows to run post exploitation for domain accounts and expand the access to targeted network. this makes pentester have a full access without any privilege requirement.

Latest release include improvements so it runs faster and there are more options in configuration and a module that support file search. using smbexec allows to easily go through all machines on the network and collect the necessary information such as the UAC configuration or other system settings beside where the domain administrators credentials are in use.

SMBexecScreenshot for the smbexec options

To install smbexec it will be possible to make the following:

  1. git clone https://github.com/pentestgeek/smbexec.git
  2. Run the install.sh script, select your operating system, and supply any required information
  3. Run the install.sh script and compile the binaries
  4. Type smbexec

you can find more information on the release notes: https://github.com/pentestgeek/smbexec