Saturday, 28 May 2016

Free Phishing Simulators for hackers and security researchers

In our attempt to make this world free from cyber criminals, we have brought out different articles about hacking tools and apps. The attempt of putting such articles in public domain is to educate readers about the clear and present dangers about surfing online without taking necessary precautions. They are also meant to educate wannabe hackers about new tools, apps and techniques.

In continuation to our above, goal we bring this article on phishing tools. Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

So, if you are essentially looking for a free phishing simulator or tools for your company, you have only three options: (1) Simple tools that allows you to create a simple email message and send it to one or numerous recipients using a specified mail server, (2) Open-source phishing platforms, and (3) Demo versions of commercial products.

You can use this tools to test the cyber defences of your company, provide cyber security training to your employees and friends.

(1) SecurityIQ PhishSim

Developed by InfoSec Institute, one of the many first benefits of SecurityIQ PhishSim is that after filling out a short online form, you get access to all benefits of software-as-a-service (SaaS) without having to pay for anything. It has no installation, no scripts to modify, and no servers to configure. All you need to do is simply sign up for a free account and start phishing and educate yourself. But, there are limitations, which include limited number of learners, branding and other customization options. However, the important components, such as using multiple templates (with over 100 templates to select from) in one campaign, report delivery and exporting features, campaign scheduling options, and an interactive phishing awareness education module, are included in the free account that allows you to run numerous extremely effective phishing campaigns.

(2) Gophish

Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations. The installation process is as simple as downloading and extracting a ZIP folder, as it is supported by most operating systems. While the limited features are considerately applied, the interface is simple and intuitive. Users can be easily added either manually or via bulk CSV importing. Email templates are easy to create and modify, creating campaigns is a direct process, and reports are pleasing to look at and can be exported to CSV format with many levels of detail. However, the most important disadvantage is that there no campaign scheduling options and no awareness education components.

(3) LUCY

LUCY is a hassle-free download of the free (community) version of the platform. You can download LUCY as a Debian install script or a virtual appliance. All you need is your email address and name for the same. While the web interface is attractive and maybe a bit confusing, there are many other features to explore. Designed as a social engineering platform, LUCY goes beyond phishing. It has awareness element along with interactive modules and puzzles. However, the community version of LUCY has too many restrictions to be efficiently used in an enterprise environment. Some important features such as campaign scheduling options, exporting campaign stats, and performing file (attachment) attacks, are not available under community license.

(4) Simple Phishing Toolkit (sptoolkit)

Simple Phishing Toolkit is a super easy to install and use phishing framework built to help information security professionals find human vulnerabilities. It offers an opportunity to combine phishing tests with security awareness education, with a feature that (optionally) directs phished users to a landing page with an awareness education video. Additionally, there is a tracking feature for users who completed the training. Ironically, the sptoolkit project was abandoned back in 2013. While a new team is trying to infuse new life in it, the documentation currently is rare and distributed all over the internet, making it a difficult task to realistically apply in an enterprise environment.

(5) Phishing Frenzy

Designed as a penetration testing tool, this open-source Ruby on Rails application has many features that could make it an effective solution for internal phishing campaigns. Compared to other similar tools, one of the main advantages is that you can manage your phishing tests more effectively as you can include the scope of your engagement as well when you create a new phishing campaign. Another advantage of Phishing Frenzy is that it can generate statistics regarding the users in scope (i.e. how many clicked the link?) which is always essential for the clients who order this type of test and the penetration tester as this information can be included as well in the final report. The stats can be viewed and easily saved into a PDF or an XML file, which is perhaps the most important feature of Phishing Frenzy. However, Phishing Frenzy is a Linux-based application, whose installation should not to be handled by a beginner.

(6) King Phisher

King Phisher is an open source Phishing Campaign Toolkit from SecureState. It has several features, which includes the ability to run multiple campaigns concurrently, web cloning capabilities, geo location of phished users, etc. Templates for both messages and server pages are contained in a separate template repository. While the user interface is clean and simple, it’s installation and configuration is not that easy. King Phisher server is only supported on Linux, with additional installation and configuration steps needed based on flavor and existing configuration.

(7) SpeedPhish Framework (SPF)

Created by Adam Compton, this python tool has many features that let you to quickly configure and carry out effective phishing attacks, including data entry attack vector. A tech-savvy security professional will be able to run phishing campaigns against several targets and can have a lot of fun with SPF. However, it will still remain a pentesting tool having many outstanding features (such as email address gathering) that may be hardly have importance for someone who is carrying out internal phishing tests.

(8) Social-Engineer Toolkit (SET)

Created and written by the founder of TrustedSec, the Social-Engineer Toolkit (SET) is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. It has no graphical user interface (GUI). SET is the standard for social-engineering penetration tests and supported heavily within the security community. For phishing, SET allows to send spear-phishing emails, running mass mailer campaigns along with some more advanced options, such as adding list of target emails from a file and flagging your message with high priority. While it is effective as a penetration testing tool, but it is very restricted as a phishing simulation solution and does not include any campaign management features or reporting.

(9) SpearPhisher BETA

Developed by TrustedSec, SpearPhisher is a tool that doesn’t try to cheat anyone other than its phishing targets. It says it correctly in the description: “A Simple Phishing Email Generation Tool.” With an emphasis on ‘simple.’ SpearPhisher is a Windows-based program with a direct GUI designed for non-technical users. It lets you to swiftly craft a phishing email with customized From Email, From Name, and Subject fields and includes a WYSIWYG HTML editor and an option to include one attachment. By adding email addresses to To, CC, and BCC fields, you can send the crafted email to many recipients. Since 2013, the program has been in Beta, and hence it is likely that there may not be any updates in the near future

Tuesday, 17 May 2016

Hacking techniques discovered in 2015 :


#1 FREAK Attack

Freak attack is a SSL/TLS Vulnerability that would allow attackers to intercept HTTPS connections and force them to use weakened encryption. The vulnerability was first reported in May, 2015 and can be read here.

Researchers: Karthikeyan Bhargavan at INRIA in Paris and the miTLS team. You can get further details about Freak attack research here.

#2 LOGJAM vulnerability

Logjam vulnerability was discovered in October, 2015. It was another TLS vulnerability that allows man-in-the-middle attacks by downgrading vulnerable TLS connections to 512-bit encryption.

A researcher team of David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann discovered this vulnerability and you can read additional information about ithere.

#3 Web Timing Attacks

Web Timing attacks have been revealed many years back but this is the first time that researchers showed how it can be executed. Black Hat talk on how to tweak timing side-channel attacks to make it easier to perform remote timing attacks against modern web apps.

The lead researchers of web timing attack are Timothy Morgan and Jason Morgan.

#4 Evading All* WAF XSS Filters

Security researcher Mazin Ahmed discovered that it is  it is possible to evade cross-site scripting filters of all popular web-application firewalls. Once exploited the hackers can do pretty much anything they want.

The research paper can be read here.

#5 Abusing CDN’s with SSRF Flash and DNS

Now a days almost all big websites use content delivery networks (CDN). Research highlighted at Black Hat looking at a collection of attack patterns that can be used against content delivery networks to target a wide range of high availability websites.

The two Researchers, Mike Brooks and Matt Bryant discovered this hacking technique.

#6 IllusoryTLS

IllusoryTL is an attack pattern that can wreck the security assurances of X.509 PKI security architecture by employing CA certificates that include a secretly embedded backdoor. The vulnerability was discovered by a security researcher, Alfonso De Gregorio.

You can get additional information about illusorytls here.

#7 Exploiting XXE in File Parsing Functionality

Cyber criminals can exploit the XXE in file parsing functionality. A Black Hat talk examining methods in exploiting XML Entity vulnerabilities in file parsing/upload functionality for XML-supported file formats such as DOCX, XSLX and PDF.

The security researcher who discovered this vulnerability was Will Vandevanter.

#8 Abusing XLST

The vulnerability in XLST was known for a long time but security researcher Fernando Arnaboldi demonstrated it for the first time at the Black Hat conference.

Research and proof-of-concept attacks highlighted at Black Hat that show how XSLT can be leveraged to undermine the integrity and confidentiality of user information.

#9 Magic Hashes

Security researchers, Robert Hansen and Jeremi M. Gosney discovered a vulnerability in the way PHP handles hash comparisons.

Looks into a weakness in the way PHP handles hashed strings in certain instances to make it possible to compromise authentication systems and other functions that use hash comparisons in PHP.

You can get further information about magic hashes here.

#10 Asynchronous Vulnerabilities

Security researcher James Kettle presented a research at 44CON delves which explains how to use exploit-induced callback methods to find vulnerabilities hiding in backend functions and background threads.

Websites to learn ethical hacking


Everybody wants to learn hacking in today’s age. However, this is not an easy task until you have basic knowledge about computers and network security. For beginners to know, there are two types of Hacking Ethical (White Hat) and Unethical (Black Hat). Unethical hacking is considered illegal while ethical hacking may be regarded as legal.

We provide you with a list of websites that offers you white hat content. However, it is important to note that as a beginner to not perform any hacking & cracking tactics that breach any cyber law.

Hackaday

Hackaday is one of the top ranked sites that provide hacking news and all kinds of tutorials for hacking and networks. It also publishes several latest articles each day with detailed description about hardware and software hacks so that beginners and hackers are aware about it. Hackaday also has a YouTube channel where it posts projects and how-to videos. It provides users mixed content like hardware hacking, signals, computer networks and etc. This site is helpful not only for hackers but also for people who are in the field of Digital Forensics and Security Research.

Evilzone Forum

This hacking forum allows you see the discussion on hacking and cracking. However, you need to be a member on this site to check out queries and answers regarding ethical hacking. All you need to do is register to get your ID to get an answer for your queries there. The solution to your queries will be answered by professional hackers. The Remember not to ask simple hacking tricks, the community people here are very serious.

HackThisSite

HackThisSite.org, commonly referred to as HTS, is an online hacking and security website that gives you hacking news as well as hacking tutorials. It aims to provide users with a way to learn and practice basic and advanced “hacking” skills through a series of challenges, in a safe and legal environment.

Break The Security

The motive of the site is explained in its name. Break The Security provides all kind of hacking stuff such as hacking news, hacking attacks and hacking tutorials. It also has different kind of useful courses that can make you a certified hacker. This site is very helpful if you are looking to choose the security and field of hacking and cracking.

EC-Council – CEH Ethical Hacking Course

The International Council of Electronic Commerce Consultants (EC-Council) is a member-supported professional organization. The EC-Council is known primarily as a professional certification body. Its best-known certification is the Certified Ethical Hacker. CEH, which stands for Comprehensive Ethical Hacker provides complete ethical hacking and network security training courses to learn white hat hacking. You just have to select the hacking course package and join to get trained to become a professional ethical hacker. This site helps you to get all kinds of courses that make you a certified ethical hacker.

Hack In The Box

This is a popular website that provides security news and activities from the hacker underground. You can get huge hacking articles about Microsoft, Apple, Linux, Programming and much more. This site also has a forum community that allows users to discuss hacking tips.

SecTools

As the name suggests, SecTools means security tools. This site is devoted to provide significant tricks regarding network security that you could learn to fight against the network security threats. It also offers security tools with detailed description about it.

Monday, 16 May 2016

Best Android hacking apps and tools of 2016


Hacking, which was once considered the exclusive domain of the “experts” has become very common phenomenon with the rise of technology and advancements in the mobile field. With most people relying on their smartphones and other portable devices to carry out their day to day activities, it is very important to know about the (ethical) hacking tools available on your Android smartphone.

Android smartphones can run penetration testing and security test from hacking Android apps. With the help of a few applications and basic knowledge of the true capabilities of your Android smartphone, you, too, could dig into the world of hacking.

So, here we are sharing a list of 15Android hacking tools and apps that will turn your Android smartphone into a hacking machine.

1. Hackode

Hackode is one of the best applications for people who want to hack their android devices. The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like Google Hacking, Reconnaissance, DNS Dig, Exploits, Security Rss Feed and many more.

2. AndroRAT

AndroRAT, short for Remote Administration Tool for Android, is a client/server application developed in Java Android for the client side and in Java/Swing for the Server, which is used to control a system without having physical access to the system.

3. SpoofApp

SpoofApp is definitely used for fun over functionality. It allow you to spoof (Place) calls with any caller ID number. Basically you can manipulate what number shows up on your friend’s phone when you call. Some other features includes voice changer using which we can change our voice and can even record the entire conversation. To spoof calls, you need to buy SpoofCards which are sold separately.

4. WhatsApp Sniffer

WhatsApp Sniffer is a great android hacking app, which works in tandem with the WhatsApp application. Using this app, you can hack private WhatsApp chats, pictures, audios and videos of your friends who are using your WiFi Hotspot. You can manipulate pictures, videos, account info at your pleasure. It is detected by antivirus so disable your antivirus before using this app.

5. APK Inspector

APK Inspector is a great tool that any general app user will love. It’s main purpose is to reverse engineer any android application. This means that you can get the source code of any android application and edit it in order to remove licence and credits. However, most analysts use it as a powerful GUI tool to see the workings of an Android app as well as understand the coding behind it.

6. Eviloperator

This app automatically connects two person in a phone call making them feel that they called each other. Eviloperator’s biggest merit would probably have to be that you can record and save the conversation.

7. Kill Wi-Fi

his open source ethical hacking app is one of the most popular ones in this field. Similar to the net cut app in Windows, this app is capable of cutting off anyone’s WiFi over your network. Kill Wifi is extremely useful when you have an open WiFi not protected by a strong password. You can cut off the WiFi of the intruder by just a few clicks on your device. This app is easy to use owing to its lucid and interactive interface and easy-to-use tools.

8. DroidSheep

DroidSheep is a fantastic hacking app for beginners and anyone else who wants to dabble into the hacking world. This app can be easily used by anybody who has an Android device and only the provider of the web service can protect the users. So, anyone can test the security of his account by himself and can decide whether to continue using the web service.

9. Burp Suite

Burp Suite is kind of like a proofreader or fail safe. It is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and evaluation of potential security threats.

10. dSploit

dSploit is an Android network analysis and penetration suite to perform network security assessments on mobile phones. It is a complete toolkit so that you can perform various attacks like password sniffing, real time traffic manipulation, etc.

11. Zanti

ZAnti is one of the best android app related to hacking from android phone. It has almost all security tools related to hacking any Wi-Fi networks.

12. Shark for Root

Shark for Root is a traffic sniffer app for Android device. By using this, tools you can sniff any network and gather lots of data from any Wi-Fi network. It works fine on 3G and Wi-Fi also in Froyo tethered mode.

13. AnDOSid

AnDOSid is a tool designed only for security professionals to let them carry out DOS attack. It is used to perform a DOS attack on websites or web servers using the android device.

14. FaceNiff

FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to. It also finds password of Facebook, Blogger, Twitter, Amazon, Tumblr, and more online accounts.

If you are using the same network as your victim is using and if your FaceNiff is turned on, then it will capture all Facebook ID and password which is logged in from the same Network. It comes with paid version but also there are many cracked versions on the internet.

15) Nmap for Android

Nmap is a popular network security scanner, which is also available for android devices. It is used by professionals for network exploration. It works on both non-rooted and rooted phones. However, if your device is rooted then you have access to some more features. You can download this app for your Android device. This app allows you to scan networks for finding ports and system details.

VPN over DNS

Overview

For some time now, we've been usingDNSCat as a means to covertly transmit data during engagements where clients IDS's or Firewalls might otherwise block us.  The DNS protocol is often overlooked by system's administrators and as a result this tool has been immensely useful.

And while there are a other DNS tunneling solutions out there, this is the only one, to our knowledge, that supports 1) encryption 2) a centralized server for simple management 3) Command queuing.  4) Is free.

The one thing it does not support, is the ability to tunnel network traffic, from the client to the server.  

The Goal

What if we could setup a bi-directional vpn across dns that would allow all protocols, not just TCP?  This sort of thing is great for situation where you're at an Airport, Hotel, or some other captive portal situation where DNS resolves, but everything else is blocked.  This is also great for penetration testers who want to route/tunnel traffic through system that has been compromised.  And while DNSCat does support tunneling of TCP traffic, its unidirectional. i.e. From the server to the client only (Similar to SSH -L)

The Work Around

Ron (Primary author of DNScat) has mentioned that he intends to build in this feature at some point but for now, lets see if we can hack our way into getting what we want.  To do this we need the following:

Domain

For this setup, you will need to register a domain to use. As an example we use mooo.com from freedns.afraid.org. Note that we only care about the NS record which points to our server running the DNScat server software.

Server

On the server side we need to setup a few things. First is to setup ssh keys:

ssh-keygen

Next, we enable routing on the server:

echo 1 > /proc/sys/net/ipv4/ip_forward

Next we run we run the DNSCat Server.  Lets go through some of the switches we used:

 The -c switch is the preshared crypto key we want to use between the client and the server. This is optional, since we're going to be running a vpn across this, but why not add the extra layer of encryption. The -u switch tells the server to automatically attach to each inbound dnscat client session. The -a switch tells the server that we want to automatically run the following command on each new session.  As per the documentation, the 'listen' command will establish a tunnel between the server and the client where on the server a listening socket is created on port 2222 and all connections are forwarded to the client to 127.0.0.1:22.  This could easily be changed to forward browser traffic to www.google.com by changing it to read 'listen 127.0.0.1:8080 www.google.com:80'.

After the server is started, we switch to the client.

Client

We wont go into to details on how to compile the client, you can find those instructions on the github/readme page.  However for this to work, we compile the client and run it locally as root. But before we do that we need to make some modifications to the sshd config. Three changes need to be made to the standard sshd_config

Comment out 'PermitRootLogin without-password'Add 'PermitRootLogin yes'Add 'PermitTunnel yes'

Next restart the service and enable IP routing

# /etc/init.d/ssh restart # echo 1 > /proc/sys/net/ipv4/ip_forward

Once forwarding is enabled, we can connect our client to the server.

We can see that the session has been established, and on the server we see the following:

Next step is to push our keys from the server to the client. To do this, on the server run the following command:

scp /root/.ssh/id_rsa.pub root@127.0.0.1:/root/.ssh/authorized_keys -P 2222

Note, when being prompted for creds, this is the root password on the client machine.

Once the server ssh key has been pushed to the client. Now establish a SSH based vpn tunnel (-w) from the server to the client.

ssh -i /root/.ssh/id_rsa root@127.0.0.1 -p 2222 -w 1:1 -o TCPKeepAlive=yes -o ServerAliveInterval=50 &

If successful, you should now have an interface tun1 on both the client and the server. On both machines you'll need to provision IP's, Routes and IPTables for natting.

On Server

ifconfig tun1 address 172.16.254.2 netmask 255.255.255.252 ifconfig tun1 up route add [client network]/[netmask] via 172.16.254.1 dev tun1 iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

On client (via SSH):

ssh -i /root/.ssh/id_rsa root@127.0.0.1 -p 2222 'ifconfig tun1 address 172.16.254.1 netmask 255.255.255.252' ssh -i /root/.ssh/id_rsa root@127.0.0.1 -p 2222 'ifconfig tun1 up' ssh -i /root/.ssh/id_rsa root@127.0.0.1 -p 2222 'route add [server network]/[netmask] via 172.16.254.2 dev tun1' ssh -i /root/.ssh/id_rsa root@127.0.0.1 -p 2222 'iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE'

So now, traffic from the server or the client should be able to reach either sides network. If you want to forward all traffic out, you could even put in a default route.

Final Thoughts

This solution, while effective, is slow. Not to mention, this will only work on *nix systems. But on the plus side, all TCP, UDP and ICMP traffic is properly routed across the tunnel allowing for such things as full port scans and streaming Netflix.