Archive for category hacking
Sniffing/MITM Attacks on Tor network
Posted by Mourad Ben Lakhoua in Internet, hacking on January 1, 2010
Tor is wonderful tool to ensure your privacy on the Internet ,Tor software is a program that you can run on your computer to helps keep you safe on the Internet.Tor prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. but if you think that this is the only role than you are wrong, since this is just one function of the main purposes of Tor, because another good role of Tor is to create a server and make it available for other users to pass through it.
By installing a sniffer on the server you will be able to see all non encrypted traffic, and you will be able to gather data and sensitive information…
To start you have to get Linux distribution like Backtrack or Ubuntu on a virtual machine it is free and available online. Next download the latest Tor version (currently O.2.1.20). After installing the packages it is better to create a new user on the system trouser: uid=111(toruser) gid=10(wheel) groups=0(wheel),10(wheel). Now Tor use to store the config file .tor in the home directory (/home/toruser) so you need to open this file on the text editor.
In the setting we customize the following:
ControlPort – this is the port used for the remote management of Tor server. Most use the value of 9051.
DirPort – Advertise the directory service on this port. The value is 9030.
ControlPort 9051
DirPort 9030
ExitPolicy – determines what traffic we will receive and forward. By default the policy is as follows:
reject *: 25 , reject *: 119 ,reject * :135-139 , reject *: 445, reject *: 563, reject *: 1214
reject * :4661-4666 ,reject * :6346-6429 ,reject *: 6699 ,reject * :6881-6999 ,accept *: *
here we need to choose the services that we need to receive on our Node and forward (HTTP,HTTPS,POP3,IMAP,IMAPS, POP3S) .so it will be as follows:
ExitPolicy
accept *: 80, accept *: 443, accept *: 110, accept *: 143,accept *: 993, accept *: 995, reject *: *
HashedControlPassword – this to configure the password for remote Tor server configuration and to not allow a malicious user control the server.
Nickname – the server name.
ORPort – port to connect with other nodes 9001.
SocksListenAddress – this will be the localhost (127.0.0.1)
Save the changes and close the file. Now the server is ready to lunch:
$ Tor-f /home/toruser/.tor/torrc
You will take approximately 20 minutes to check the system and ports. Than you can go to http://moria.seul.org:9032/tor/status/authority and you will find our server among other server names.
So Excellent our server is working and it’s time to choose the favorite sniffer Wireshark , Wireshark is already exists in the Backtrack4 select the interface and enable packets capturing. Wireshark will give you all non encrypted traffic like website browsing and other HTTP navigation while it’s in clear. Not bad so far.
Now what about the encrypted traffic, here it’s time to use SSLStrip to get it you go to the official Moxie Marlinspike website and download the last version there is already an update released 2 days ago.
Run the command:
$ Python sslstrip.py-a-l 8080-w today.log
If we are not the last node the traffic will be transmitted in an encrypted form so to decrypt this traffic before it goes to the final destination we need to pass it over the sslstrip by adding this rule to iptable:
$ Iptables-t nat-I OUTPUT-p tcp-m owner-uid-owner 111 – dport 80-j DNAT – to-destination 127.0.0.1:8080
This will make all outdoing HTTP-traffic from user toruser pass through sslstrip automatically, and at this point we need just to wait till that we collect some logs and check the log file.
On next post we will explain the way to perform scanning for Blackbox peneteration testing behind a Tor Proxy.
It is important to note that all programs are used just for educational purposes.
make sure you subscribe to my RSS feed!
Twitter Was Owned.. No it was a Compromised DNS trick!
Posted by Mourad Ben Lakhoua in Internet, News, hacking on December 18, 2009
Today Morning Twitter website was out of service for two hours and the reason of this service disruption is a DNS-attack. Many users thought that the website was compromised by hackers from “Iranian cyber army” by exploiting WordPress vulnerabilities but that was not the case, the attack was made on the DNS server by redirecting users attempting to enter Twitter website to Hackers Website IP address.
The Twitter Team posted the following on their Blog:
As we tweeted a bit ago, Twitter’s DNS records were temporarily compromised tonight but have now been fixed. As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we’ve investigated more fully.
This is not the first DNS attack we read about in the news there were a big number of incidents that are related to the DNS record and it is now very important to start using and implementing the DNSSec to protect the DNS servers.
make sure you subscribe to my RSS feed!
US CERT Warns of PhoneSnoop Attack Against BlackBerry
Posted by Mourad Ben Lakhoua in Tools, Vulnerabilities & attacks, hacking on October 28, 2009
US-CERT Issued a new warning concerning a free application that allows a hacker to spy on phone conversation, the program should be installed on the victim device and after the installation a hacker will be able to listen to all victims call.
This free application called PhoneSnoop and despite the fact that this application provides a similar functionality as FexiSPY, this is the first free program of its kind. Chirashi Zensay the creator of this tool posted on his Blog: “PhoneSnoop demonstrates how a BlackBerry can be used to spy on its owner. While the BlackBerry remains one of the more secure devices out there, user awareness and education is paramount to remaining completely safe from spyware. I tweaked the application since my first post now allowing anyone to download, install and try it. PhoneSnoop now has the ability for a user to customize the ‘trigger number’; rather than me having to give out customized versions.”
This program has been released to demonstrate how it is easy to exploit vulnerability on the BlackBerry devices and currently there is an effort to release new software that can rout SMS over a hacker.
US-CERT currently encourages users to only download BlackBerry applications from trusted sources and to password protect and lock BlackBerry devices.
make sure you subscribe to my RSS feed!
4shared.com Owned!
Posted by Mourad Ben Lakhoua in News, hacking on September 14, 2009
Yesterday it has been reported that 4shared.com was compromised by members of the Anti-sec group. At first many people didn’t believe that the popular file share portal was hacked till that the official sources confirmed the incident.
This attack was made by the end of last week and all users that attempted to visit or check there files on http://www.4shared.com they got another page on it written “I love Morocco” till now there still no details about the attack (if it is DNS poisoning or PHP include…) and what type of vulnerability was exploited.
Maybe this incident brings a big doubt in the security level at the 4shared.com portal even if many users confirmed that everything seems to be there. Any information stored anywhere can be extracted by hackers and there is nothing to prevent us from encrypting our stored information in any desired form. The most important is to be able to decrypt those files 
.
Now the site is working and open to upload your files but do not leave your data unsecure.
make sure you subscribe to my RSS feed!
SecurityTubeCon: first online Hacker Conference
Posted by Mourad Ben Lakhoua in Webcasts, hacking on September 11, 2009
SecurityTubeCon is the name of the first online hacker conference, this event will be held on the 6th, 7th and 8th November and aims to provide researchers a way to share and exchange their thoughts online regardless of their physical location.
Procedure for Speakers selection is unusual because the organizers will not intend to approve or deny participant so it makes all people heard but they will put the talk abstracts online and attendee will choose the presentation they want to join. Well for who are not able to attend the presentation on time all videos will be freely available for download after a week from the conference.
The conference main topics will include:
a. Research Track: Show your bleeding edge research and zero days.
b. Tutorials Track: In-depth Tutorials on security technologies can be given by domain experts
c. Tool Demos: Demonstration of new and cutting edge tools by their original authors
d. Security Product Demos: Demos of state of the art security products by companies and organizations
more information can be found here while Interested Speakers are requested to submit their talk abstracts before the deadline.
make sure you subscribe to my RSS feed!
Astalavista.com Owned!
Posted by Mourad Ben Lakhoua in News, hacking on June 6, 2009
Astalavista website was hacked by hackers referring themselves as anti-sec group.
Astalavista used to be a hacking and security community that started in 1994 and was one of the first search engines for exploit and computer security information. It has provided a board for hacking & security community to share the latest techniques for software cracking, spyware editing, and viruses.
According to anti-sec group they targeted http://astalavista.com to the fact that they are not doing any of this for the “community” but for the money, they spread exploits for kids, claim to be a security community (with no real sense of security on their own servers), and they charge you $6.66 per months to access a dead forum with a directory filled with public releases and outdated / broken services. We wanted to see how good that “team of security and IT professionals” really is.
And they also shared the shell command to getting into the webserver which you can find on the Zone-h website.
HACKING AT RANDOM 2009
Posted by Mourad Ben Lakhoua in News, hacking on April 10, 2009
Preparations are going well for this year’s European outdoor hacker festival, Hacking At Random, this event will be taking place in The Netherlands August 13-16, 2009. The special discounted rate for people buying tickets early has now been extended to April 14.
The Dutch hacker camps take place every four years. The last one (What The Hack) was held in 2005 and was a great experience overall. Those of you who vowed not to miss the next one should be especially careful not to miss this one.
To subscribe and receive the latest news visit the official website
-
You are currently browsing the archives for the hacking category.
SUBSCRIBE
