NACKered

NACKered is a small bash script based off the work of Alva Lease ‘Skip’ Duckwall IV to bypass 802.1x Network Access Control. Tested and working on a raspberrypi running a cut down version of Kali.

Hardware Prerequisites

  • You’ll need a system with two ethernet ports, you’ll need physical access to place your device inline.
  • If you’re running this on a box you’ve dropped into a network and you need to set up a remote connection to it, for example, 3G/4G, you’ll need to do some minor edits, adding your new interface into the bridge etc.

Software Prerequisites

Very limited software prerequisites are needed:

  • Debian Based OS (with usual tools bash/ipconfig/route etc)
  • brctl (bridge control – used to create the bridges)
  • macchanger (alters mac addresses)
  • mii-tool (forces a reauth by cycling connections)
  • tcpdump (packet capture stuff)
  • arptables/ebtables/iptables (does rewriting and NAT’ing)

Execution Flow

The script currently has debugged breakpoints in it (it does “Press Enter” to do next step”), I’ll release a fully automatic one at some point.

  1. We set up the environment, killing services we don’t like, disabling IPv6, removing dns-cache etc
  2. We set some variables, obtaining MAC addresses from interfaces etc
    • The BridgeIP is set to 169.254.66.66, the “secret” SSH callback port is set to 2222, the NAT ranges is set to 61000-62000
  3. We kill all connections from the laptop and set up the bridge
  4. We do the little kernel trick to forward EAPoL packets
  5. We bring up the legit client and the switch side connection on the bridge – should auth now and be happy.
  6. We start packet capturing the traffic running through our device (but we are still dark!)
  7. We use arptables/iptables to drop any traffic from our machine
  8. A rule is made in ebtables to rewrite all MAC addresses leaving the device to look like the Victims.
  9. A default route is made such that all traffic is sent to our fake gateway, which has the mac of the real gateway (which we only know the mac address of). Because layer 2 is fine it will get to where it needs to go to.
  10. Sneeky ssh callback is created victim-ip:2222 will actually SSH into ourmachine:22
  11. Rule is made in iptables to rewrite all TCP/UDP/ICMP traffic with Victim-IP
  12. SSH server is started on attack machine in case it wasn’t
  13. Everything should be working so we take off the traffic drops made in line 7, and in theory, we can get going, doing what we need to do.

Download

git clone https://github.com/p292/NACKered.git

Use

./nackered.sh

Source: https://github.com/p292/NACKered

Advertisements

In capsule:

  • New ransomware named DoubleLocker infects android devices
  • Discovered by security researchers in ESET antivirus
  • The ransomware not only encrypts data but also changes the pin
  • Ransomware is spread through fake adobe flash player app
  • A ransom amount of 0.0130 BTC is demanded to retrieve the data

Security researchers have discovered a new ransomware called DoubleLocker which infects Android devices.

The specialty of DoubleLocker ransomware is that it can change device’s PIN which prevents users from accessing their device and also encrypts the data found in the device.

According to researchers from ESET antivirus, the ransomware is spread via fake adobe flash player app using compromised websites.

After installation, the app request for activation of google play service for obtaining accessibility permissions. The app uses them to activate device administrator rights to make itself as the default home application.

ESET malware researcher Lukas Stefanko said that “Setting itself as a default home app – a launcher – is a trick that improves the malware’s persistence. Whenever the user clicks on the home button, the ransomware gets activated, and the device gets locked again. Thanks to using the accessibility service, the user doesn’t know that they launch malware by hitting Home.”

The new pin set by the attacker is of a ransom value which is neither stored or sent anywhere making it impossible to recover it. When the ransom is paid the attacker resets the pin remotely and unlock the device.

The files are encrypted using AES encryption algorithm through “.cryeye” extension. The attacker has implemented the encryption properly so without the decryption key it is impossible to recover the files said stefanko.

A ransom amount of 0.0130 BTC (approximately USD 74) is demanded to retrieve the data.The only option for the user to retrieve their device other than paying ransom is factory reset, but files will be lost if not backed up properly.

Researchers said there is a possibility to bypass the pin in rooted devices if the device was in debugging mode before getting infected.

“The user can connect to the device by ADB and remove the system file where the PIN is stored by Android. This operation unlocks the screen so that the user can access their device. Then, working in safe mode, the user can deactivate device administrator rights for the malware and uninstall it. In some cases, a device reboot is needed.”

To prevent your device from infection, do follow the instructions below:

  1. Always switch off “Allow installation from unknown sources” in security settings thereby restricting download apps from a third party and anonymous sources.
  2. Always backup your data regularly.
  3. Don’t download attachments from unknown sources.
  4. Always Use google play store to install apps, don’t use any third party app stores.
  5. Download apps from verified developers and check their app rating and download counts before installing an app.
  6. Verify app permission before installing an app.
  7. Install the best and updated antivirus/antimalware software which can detect and block these type of malware.
 A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers. By inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security mis-configurations.

These days we all get so many friend requests, but there is no way to identify if the account is fake or a real person. So don’t worry we are going to tell you simple method to detect fake Facebook account.

How To Identify Fake Facebook Accounts?

So this is a Facebook account which named by Sarikha Agarwal. Now we need to verify if this account is real or fake, so our first step is going to the URL images.google.com and click on camera image.

So when you click on search by image you will get popup like below image.

Now go to the the requester’s profile, right click on image and click on copy image URL

Now the profile picture URL has been copied.. now again go to images.google.com Tab and paste image URL.

When you enter then you will see related images search…

Now you can better see if the profile is real or fake and as you can see the image in this case is fake. Hope this helps.

 

Image result for password cracking nvidia

WPA algorithm is very secure, and to get the password usually we have only one way – to brute force it, which could take huge time if password is strong enough. But what if instead of using regular CPUs we would use a power of GPU? Amazon says, that we can use up to 1,536 CUDA cores on g2.2xlarge instance, which costs $0.65 (around 50p sterling) per hour. Sounds very promising, so let’s see how it can help us to speed up password brute force.

Below I will give step-by-step tutorial on how to deploy Amazon GPU instance and run pyrit (python tool) to crack password using GPU. In this article I assume that you are already familiar with aircrack-ng wi-fi cracking tools. And you’ve already captured handshake into .cap file.

Cracking WiFi Password with Pyrit and NVIDIA GPU on Amazon AWS

Go to Amazon EC2 panel and click Launch new instance

Select Ubuntu Server 14.04 LTS (HVM) 64 bit > GPU instances g2.2xlarge > Review and launch

SSH to your new instance

Now, Go to Nvidia website and download latest CUDA installer (choose runfile for Ubuntu 14.04). At the time of writing it is cuda_7.5.18

Install build tools

To avoid ERROR: Unable to load the kernel module ‘nvidia.ko’, install also

To avoid ERROR: The Nouveau kernel driver is currently in use by your system.

To avoid ERROR: Unable to find the kernel source tree for the currently running kernel:

Reboot Now!

Extract Nvidia installers

Run driver installation

Download and unzip pyrit and cpyrit-cuda:

Install additional libs

Install pyrit and cpyrit-cuda

Run pyrit list_cores and make sure CUDA cores are detected

Create file gen_pw.py, modify chars variable which is our characters dictionary. In my case I’m cracking password containing only digits.

Run brute force to crack password from 8 to 12 characters length

I tried to brute force password with and without CUDA, and result is 4k pw/sec vs 30k pw/sec. I’m a bit disappointed, because I expected much faster results with CUDA. But anyway I got an experience of setting up CUDA driver on Amazon AWS. Hope this can help someone else to crack their wifi password with CUDA

Top 10 Testing Tools for Mobile

Posted: 10/08/2017 in Apple, Apps
Tags: ,

With each passing day, the word automation is growing as the meat of the matter for organizations. And why not? Ultimately, automation saves time and energy of humans by performing monotonous work as per the pre-defined standards. Undoubtedly, automation streamlines business operations and establishes smooth organizational processes. But along with other industries, IT is also leveraging automation to simplify the various technically complex activities.

Testing is one of the very crucial parts of Information Technology. The web or mobile application without testing is not considered as a reliable one. Users might encounter with bugs, low system performance, malfunctioning of the features, etc. Eventually, it reduces the client base. So, an accurate and appropriate testing is a primary need to launch a highly efficient system.

A variety of automation testing tools is available in the market that enables developers to check out the quality and effectiveness of their web and mobile software or hardware with detailed analysis. Such automated testing software helps developers by saving time and reducing errors occur due to human intervention. Have a quick overview of the 10 best automated testing tools for mobile apps.

1. Appium

An open-source mobile test automation tool to test Android and iOS applications. Developers can test native, mobile web and Hybrid mobile apps on this software. To run the tests, Appium uses WebDriver interface. It supports C#, Java, Ruby, and many other programming languages that belong to WebDriver library.

Testers can test native apps that are written in Android and iOS SDKs, mobile web apps that can be accessible through mobile browser, and hybrid apps that contain web view. Being a cross-platform tool, it allows programmers to reuse the source code amongst Android and iOS.

2. Robotium

Again an open-source tool to test Android applications of all versions and sub-versions. It tests all Android hybrid and native apps. The tests of Robotium are written in Java. Using the tool, it is quite easy to write powerful automatic black box test cases for Android applications. It automates multiple Android activities and creates solid test cases in minimal time.

3. MonkeyRunner

MonkeyRunner is specifically designed for the testing of devices and applications at the framework/functional level. The tool contains amazing features such as multiple device control, regression testing, extensible automation, and functional testing to test Android apps and hardware. The tests of MonkeyRunner are written in Python. Developers need not to make changes in source code to automate the testing.

4. UI Automator

In order to test the user interface of an app, UI Automator creates functional Android UI test cases. It has been recently expanded by Google. The tool seamlessly interacts with all Android software and applications. It works with the all devices that support Android version 4.1 and others that are released after 4.1. In the previous version, testers need to use other testing tools. Additionally, UI Automator can lock and unlock a tablet or a smartphone.

5. Selendroid

Being one of the leading test automation software, Selendroid tests the UI of Androids based hybrid and native applications and mobile web. Client API tests are written using Selendroid 2. The tool supports plugging of hardware devices. Moreover, it holds exceptional capabilities to interact with multiple Android devices at the same time. Selendorid is highly compatible with the JSON wire protocol.

6. MonkeyTalk

MonkeyTalk automates the functional testing of Android and iOS apps. Non-technical person can also run the testing on this platform as it doesn’t require in depth knowledge of techie scripting and programming. The scripts of MonkeyTalk are quite understandable and simple. Testers can also create XML and HTML reports using this tool. Additionally, it also takes screenshots when failure happens. MonkeyTalk supports emulators, network devices, and tethered.

7. Testdroid

It’s a cloud based program for mobile app testing that helps developers in saving development cost, eliminating the unpredictable operational cost, and improving time-to-market. It is one of the best platforms to test your iOS and Android devices that are having different screen resolutions, OS versions, and HW platforms. Testdroid is a tool that reduces the risk with agile and real devices testing. It also improves the daily users of the app along with review rating.

8. Calabash

Calabash works efficiently with .NET, Ruby, Flex, Java and other programming languages. It tests native and hybrid mobile apps. Programmers can have APIs that enable native apps to run on touch screen devices. Calabash involves libraries that permit test-code to interact with hybrid and native apps programmatically. It also supports the framework Cucumber.

9. Frank

Frank allows to test only iOS applications and software. The framework combines JSON and Cucumber. The tool contains an app inspector “Symbioate” that enables developers to have detailed information about the running app. It is most suitable for web based apps and emulators. It can be integrated with CI and run the tests on the devices and simulators.

10. SeeTest

SeeTest Automation is a cross-platform solution. It allows to run the same scripts on different devices. It enables developers to run the test on several devices in parallel. Being a powerful test automation tool, it is capable of testing websites/mobile apps. It supports iOS, Android, Symbian, Blackberry, and Windows Phone. The most important features of this tool are phone testing, battery, browser testing, etc.

  • Bandicoot

    is Python toolbox to analyze mobile phone metadata. It provides a complete, easy-to-use environment for data-scientist to analyze mobile phone metadata. With only a few lines of code, load your datasets, visualize the data, perform analyses, and export the results.
  • ACF – This software enables a forensic investigator to map each connection to its originating process. It doesn’t require root privliges on the system, but do require adb & USB debugging.
  • Android Forensics – AFLogical OSE: Open source Android Forensics app and frameworkThe Open Source Edition has been released for use by non-law enforcement personnel, Android aficionados, and forensics gurus alike. It allows an examiner to extract CallLog Calls, Contacts Phones, MMS messages, MMSParts, and SMS messages from Android devices. The full AFLogical software is available free for Law Enforcement personnel. More information is available at https://www.nowsecure.com/
  • Android Data Extractor Lite
    This Python script dumps all important SQLite Databases from a connected Android smartphone to the local disk and analyzes these files in a forensically accurate workflow. If no smartphone is connected you can specify a local directory which contains the databases you want to analyze. Afterwards this script creates a clearly structured XML report. If you connect a smartphone you need a rooted and insecure kernel or a custom recovery installed on the smartphone.
  • BitPim 
    BitPim is a program that allows you to view and manipulate data on many CDMA phones from LG, Samsung, Sanyo and other manufacturers. This includes the PhoneBook, Calendar, WallPapers, RingTones (functionality varies by phone) and the Filesystem for most Qualcomm CDMA chipset based phones. To see when phones will be supported, which ones are already supported and which features are supported, see online help.
  • Fridump – Fridump (v0.1) is an open source memory dumping tool, primarily aimed to penetration testers and developers. Fridump is using the Frida framework to dump accessible memory addresses from any platform supported. It can be used from a Windows, Linux or Mac OS X system to dump the memory of an iOS, Android or Windows application.
  • LiME – A Loadable Kernel Module (LKM) which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
  • Project RetroScope
    The majority of RetroScope’s code is in the dalvik/vm/zombie directory.Please be sure to read the RetroScope paper before working with RetroScope.A demo of RetroScope recovering a suspect’s chat session from a memory image of the Telegram app is available on YouTube at: https://youtu.be/bsKTmZEgxiE.
  • PySimReader – This is a modified version of Todd Whiteman’s PySimReader code. This modified version allows users to write out arbitrary raw SMS PDUs to a SIM card. Additionally, debugging output has been added to allow the user to view all APDUs that are sent between the SIM card and PySimReader.
  • Andriller – Android Forensic Tools
    Andriller  is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has other features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data from Android (and some Apple iOS) databases for decoding communications. Extraction and decoders produce reports in HTML and Excel (.xlsx) formats.