Hacking techniques discovered in 2015 :

#1 FREAK Attack

Freak attack is a SSL/TLS Vulnerability that would allow attackers to intercept HTTPS connections and force them to use weakened encryption. The vulnerability was first reported in May, 2015 and can be read here.

Researchers: Karthikeyan Bhargavan at INRIA in Paris and the miTLS team. You can get further details about Freak attack research here.

#2 LOGJAM vulnerability

Logjam vulnerability was discovered in October, 2015. It was another TLS vulnerability that allows man-in-the-middle attacks by downgrading vulnerable TLS connections to 512-bit encryption.

A researcher team of David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann discovered this vulnerability and you can read additional information about ithere.

#3 Web Timing Attacks

Web Timing attacks have been revealed many years back but this is the first time that researchers showed how it can be executed. Black Hat talk on how to tweak timing side-channel attacks to make it easier to perform remote timing attacks against modern web apps.

The lead researchers of web timing attack are Timothy Morgan and Jason Morgan.

#4 Evading All* WAF XSS Filters

Security researcher Mazin Ahmed discovered that it is  it is possible to evade cross-site scripting filters of all popular web-application firewalls. Once exploited the hackers can do pretty much anything they want.

The research paper can be read here.

#5 Abusing CDN’s with SSRF Flash and DNS

Now a days almost all big websites use content delivery networks (CDN). Research highlighted at Black Hat looking at a collection of attack patterns that can be used against content delivery networks to target a wide range of high availability websites.

The two Researchers, Mike Brooks and Matt Bryant discovered this hacking technique.

#6 IllusoryTLS

IllusoryTL is an attack pattern that can wreck the security assurances of X.509 PKI security architecture by employing CA certificates that include a secretly embedded backdoor. The vulnerability was discovered by a security researcher, Alfonso De Gregorio.

You can get additional information about illusorytls here.

#7 Exploiting XXE in File Parsing Functionality

Cyber criminals can exploit the XXE in file parsing functionality. A Black Hat talk examining methods in exploiting XML Entity vulnerabilities in file parsing/upload functionality for XML-supported file formats such as DOCX, XSLX and PDF.

The security researcher who discovered this vulnerability was Will Vandevanter.

#8 Abusing XLST

The vulnerability in XLST was known for a long time but security researcher Fernando Arnaboldi demonstrated it for the first time at the Black Hat conference.

Research and proof-of-concept attacks highlighted at Black Hat that show how XSLT can be leveraged to undermine the integrity and confidentiality of user information.

#9 Magic Hashes

Security researchers, Robert Hansen and Jeremi M. Gosney discovered a vulnerability in the way PHP handles hash comparisons.

Looks into a weakness in the way PHP handles hashed strings in certain instances to make it possible to compromise authentication systems and other functions that use hash comparisons in PHP.

You can get further information about magic hashes here.

#10 Asynchronous Vulnerabilities

Security researcher James Kettle presented a research at 44CON delves which explains how to use exploit-induced callback methods to find vulnerabilities hiding in backend functions and background threads.

Websites to learn ethical hacking

Everybody wants to learn hacking in today’s age. However, this is not an easy task until you have basic knowledge about computers and network security. For beginners to know, there are two types of Hacking Ethical (White Hat) and Unethical (Black Hat). Unethical hacking is considered illegal while ethical hacking may be regarded as legal.

We provide you with a list of websites that offers you white hat content. However, it is important to note that as a beginner to not perform any hacking & cracking tactics that breach any cyber law.

Hackaday

Hackaday is one of the top ranked sites that provide hacking news and all kinds of tutorials for hacking and networks. It also publishes several latest articles each day with detailed description about hardware and software hacks so that beginners and hackers are aware about it. Hackaday also has a YouTube channel where it posts projects and how-to videos. It provides users mixed content like hardware hacking, signals, computer networks and etc. This site is helpful not only for hackers but also for people who are in the field of Digital Forensics and Security Research.

Evilzone Forum

This hacking forum allows you see the discussion on hacking and cracking. However, you need to be a member on this site to check out queries and answers regarding ethical hacking. All you need to do is register to get your ID to get an answer for your queries there. The solution to your queries will be answered by professional hackers. The Remember not to ask simple hacking tricks, the community people here are very serious.

HackThisSite

HackThisSite.org, commonly referred to as HTS, is an online hacking and security website that gives you hacking news as well as hacking tutorials. It aims to provide users with a way to learn and practice basic and advanced “hacking” skills through a series of challenges, in a safe and legal environment.

Break The Security

The motive of the site is explained in its name. Break The Security provides all kind of hacking stuff such as hacking news, hacking attacks and hacking tutorials. It also has different kind of useful courses that can make you a certified hacker. This site is very helpful if you are looking to choose the security and field of hacking and cracking.

EC-Council – CEH Ethical Hacking Course

The International Council of Electronic Commerce Consultants (EC-Council) is a member-supported professional organization. The EC-Council is known primarily as a professional certification body. Its best-known certification is the Certified Ethical Hacker. CEH, which stands for Comprehensive Ethical Hacker provides complete ethical hacking and network security training courses to learn white hat hacking. You just have to select the hacking course package and join to get trained to become a professional ethical hacker. This site helps you to get all kinds of courses that make you a certified ethical hacker.

Hack In The Box

This is a popular website that provides security news and activities from the hacker underground. You can get huge hacking articles about Microsoft, Apple, Linux, Programming and much more. This site also has a forum community that allows users to discuss hacking tips.

SecTools

As the name suggests, SecTools means security tools. This site is devoted to provide significant tricks regarding network security that you could learn to fight against the network security threats. It also offers security tools with detailed description about it.

Best Android hacking apps and tools of 2016

Hacking, which was once considered the exclusive domain of the “experts” has become very common phenomenon with the rise of technology and advancements in the mobile field. With most people relying on their smartphones and other portable devices to carry out their day to day activities, it is very important to know about the (ethical) hacking tools available on your Android smartphone.

Android smartphones can run penetration testing and security test from hacking Android apps. With the help of a few applications and basic knowledge of the true capabilities of your Android smartphone, you, too, could dig into the world of hacking.

So, here we are sharing a list of 15Android hacking tools and apps that will turn your Android smartphone into a hacking machine.

1. Hackode

Hackode is one of the best applications for people who want to hack their android devices. The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like Google Hacking, Reconnaissance, DNS Dig, Exploits, Security Rss Feed and many more.

2. AndroRAT

AndroRAT, short for Remote Administration Tool for Android, is a client/server application developed in Java Android for the client side and in Java/Swing for the Server, which is used to control a system without having physical access to the system.

3. SpoofApp

SpoofApp is definitely used for fun over functionality. It allow you to spoof (Place) calls with any caller ID number. Basically you can manipulate what number shows up on your friend’s phone when you call. Some other features includes voice changer using which we can change our voice and can even record the entire conversation. To spoof calls, you need to buy SpoofCards which are sold separately.

4. WhatsApp Sniffer

WhatsApp Sniffer is a great android hacking app, which works in tandem with the WhatsApp application. Using this app, you can hack private WhatsApp chats, pictures, audios and videos of your friends who are using your WiFi Hotspot. You can manipulate pictures, videos, account info at your pleasure. It is detected by antivirus so disable your antivirus before using this app.

5. APK Inspector

APK Inspector is a great tool that any general app user will love. It’s main purpose is to reverse engineer any android application. This means that you can get the source code of any android application and edit it in order to remove licence and credits. However, most analysts use it as a powerful GUI tool to see the workings of an Android app as well as understand the coding behind it.

6. Eviloperator

This app automatically connects two person in a phone call making them feel that they called each other. Eviloperator’s biggest merit would probably have to be that you can record and save the conversation.

7. Kill Wi-Fi

his open source ethical hacking app is one of the most popular ones in this field. Similar to the net cut app in Windows, this app is capable of cutting off anyone’s WiFi over your network. Kill Wifi is extremely useful when you have an open WiFi not protected by a strong password. You can cut off the WiFi of the intruder by just a few clicks on your device. This app is easy to use owing to its lucid and interactive interface and easy-to-use tools.

8. DroidSheep

DroidSheep is a fantastic hacking app for beginners and anyone else who wants to dabble into the hacking world. This app can be easily used by anybody who has an Android device and only the provider of the web service can protect the users. So, anyone can test the security of his account by himself and can decide whether to continue using the web service.

9. Burp Suite

Burp Suite is kind of like a proofreader or fail safe. It is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and evaluation of potential security threats.

10. dSploit

dSploit is an Android network analysis and penetration suite to perform network security assessments on mobile phones. It is a complete toolkit so that you can perform various attacks like password sniffing, real time traffic manipulation, etc.

11. Zanti

ZAnti is one of the best android app related to hacking from android phone. It has almost all security tools related to hacking any Wi-Fi networks.

12. Shark for Root

Shark for Root is a traffic sniffer app for Android device. By using this, tools you can sniff any network and gather lots of data from any Wi-Fi network. It works fine on 3G and Wi-Fi also in Froyo tethered mode.

13. AnDOSid

AnDOSid is a tool designed only for security professionals to let them carry out DOS attack. It is used to perform a DOS attack on websites or web servers using the android device.

14. FaceNiff

FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to. It also finds password of Facebook, Blogger, Twitter, Amazon, Tumblr, and more online accounts.

If you are using the same network as your victim is using and if your FaceNiff is turned on, then it will capture all Facebook ID and password which is logged in from the same Network. It comes with paid version but also there are many cracked versions on the internet.

15) Nmap for Android

Nmap is a popular network security scanner, which is also available for android devices. It is used by professionals for network exploration. It works on both non-rooted and rooted phones. However, if your device is rooted then you have access to some more features. You can download this app for your Android device. This app allows you to scan networks for finding ports and system details.

VPN over DNS

Overview

For some time now, we've been usingDNSCat as a means to covertly transmit data during engagements where clients IDS's or Firewalls might otherwise block us.  The DNS protocol is often overlooked by system's administrators and as a result this tool has been immensely useful.

And while there are a other DNS tunneling solutions out there, this is the only one, to our knowledge, that supports 1) encryption 2) a centralized server for simple management 3) Command queuing.  4) Is free.

The one thing it does not support, is the ability to tunnel network traffic, from the client to the server.  

The Goal

What if we could setup a bi-directional vpn across dns that would allow all protocols, not just TCP?  This sort of thing is great for situation where you're at an Airport, Hotel, or some other captive portal situation where DNS resolves, but everything else is blocked.  This is also great for penetration testers who want to route/tunnel traffic through system that has been compromised.  And while DNSCat does support tunneling of TCP traffic, its unidirectional. i.e. From the server to the client only (Similar to SSH -L)

The Work Around

Ron (Primary author of DNScat) has mentioned that he intends to build in this feature at some point but for now, lets see if we can hack our way into getting what we want.  To do this we need the following:

Domain

For this setup, you will need to register a domain to use. As an example we use mooo.com from freedns.afraid.org. Note that we only care about the NS record which points to our server running the DNScat server software.

Server

On the server side we need to setup a few things. First is to setup ssh keys:

ssh-keygen

Next, we enable routing on the server:

echo 1 > /proc/sys/net/ipv4/ip_forward

Next we run we run the DNSCat Server.  Lets go through some of the switches we used:

 The -c switch is the preshared crypto key we want to use between the client and the server. This is optional, since we're going to be running a vpn across this, but why not add the extra layer of encryption. The -u switch tells the server to automatically attach to each inbound dnscat client session. The -a switch tells the server that we want to automatically run the following command on each new session.  As per the documentation, the 'listen' command will establish a tunnel between the server and the client where on the server a listening socket is created on port 2222 and all connections are forwarded to the client to 127.0.0.1:22.  This could easily be changed to forward browser traffic to www.google.com by changing it to read 'listen 127.0.0.1:8080 www.google.com:80'.

After the server is started, we switch to the client.

Client

We wont go into to details on how to compile the client, you can find those instructions on the github/readme page.  However for this to work, we compile the client and run it locally as root. But before we do that we need to make some modifications to the sshd config. Three changes need to be made to the standard sshd_config

Comment out 'PermitRootLogin without-password'Add 'PermitRootLogin yes'Add 'PermitTunnel yes'

Next restart the service and enable IP routing

# /etc/init.d/ssh restart # echo 1 > /proc/sys/net/ipv4/ip_forward

Once forwarding is enabled, we can connect our client to the server.

We can see that the session has been established, and on the server we see the following:

Next step is to push our keys from the server to the client. To do this, on the server run the following command:

scp /root/.ssh/id_rsa.pub root@127.0.0.1:/root/.ssh/authorized_keys -P 2222

Note, when being prompted for creds, this is the root password on the client machine.

Once the server ssh key has been pushed to the client. Now establish a SSH based vpn tunnel (-w) from the server to the client.

ssh -i /root/.ssh/id_rsa root@127.0.0.1 -p 2222 -w 1:1 -o TCPKeepAlive=yes -o ServerAliveInterval=50 &

If successful, you should now have an interface tun1 on both the client and the server. On both machines you'll need to provision IP's, Routes and IPTables for natting.

On Server

ifconfig tun1 address 172.16.254.2 netmask 255.255.255.252 ifconfig tun1 up route add [client network]/[netmask] via 172.16.254.1 dev tun1 iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

On client (via SSH):

ssh -i /root/.ssh/id_rsa root@127.0.0.1 -p 2222 'ifconfig tun1 address 172.16.254.1 netmask 255.255.255.252' ssh -i /root/.ssh/id_rsa root@127.0.0.1 -p 2222 'ifconfig tun1 up' ssh -i /root/.ssh/id_rsa root@127.0.0.1 -p 2222 'route add [server network]/[netmask] via 172.16.254.2 dev tun1' ssh -i /root/.ssh/id_rsa root@127.0.0.1 -p 2222 'iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE'

So now, traffic from the server or the client should be able to reach either sides network. If you want to forward all traffic out, you could even put in a default route.

Final Thoughts

This solution, while effective, is slow. Not to mention, this will only work on *nix systems. But on the plus side, all TCP, UDP and ICMP traffic is properly routed across the tunnel allowing for such things as full port scans and streaming Netflix.

Quick and Easy Way to Create a Printable List of Google Contacts

  

All your contacts in Gmail can be downloaded to your PC to keep them with you offline. However, the downloaded file is in .csv format which is just a big mess. You will need at least an hour to line up all the contacts, and if you are thinking of printing them, you are going to have a difficult time. Thankfully, there is a software available for this that can save you hours of work.

GoogleTel is a tiny freeware software that will automatically arrange your downloaded Google contacts in .html format so you can easily print them. In this post we will show you how to create a printable list of Google contacts using GoogleTel.

Note: GoogleTel will only arrange contacts that have a dedicated number, unlike the .csv file that may even contain names and emails of people who you may have interacted with. GoogleTel is for Windows only.

Download Contacts from Gmail

Before you arrange Google contacts for printing, you need to download them first. To do so, go to Gmail and click on the “Gmail” drop-down menu button above the “Compose” button. From the menu, click on “Contacts,” and all your contacts will be shown.

Now click on the “More” button, and select “Export” from the menu. A dialog will open where you can select which contacts to download; you can either specify a specific type of contacts – like Friends or Family – or just download all the contacts. When you are done selecting contacts, click on “Export” and the .csv file will be downloaded to your Downloads folder.

Convert .CSV file into Printable .HTML Format

After downloading GoogleTel you will have to extract it to your desired location as it will be in .zip format. Once extracted, you will see two main files: GoogleTel.css and GoogleTel.exe. GoogleTel.css contains formatting options such as font style, size and margins, etc., but you will have to edit them manually, so be careful. GoogleTel.exe will be used for converting the .csv file.

To convert, the .csv file must be located inside the GoogleTel folder which you just extracted. Copy the Google contacts .csv file and paste it into the GoogleTel folder just like in the image below.

Once the file is copied, launch the “GoogleTel.exe” file, and an .html file will be immediately created in the same folder.

All you need to do is open the new .html file, and your default browser will open all your contacts in a new tab. The contacts will be arranged in numerical order by name, phone number and email address (if available) with a complete white background perfect for printing.

Right-click anywhere in the window and select “Print” from the context menu (or directly press “Ctrl + P”). You will see the options to make your print perfect, such as change layout, paper size, margins and quality, etc. Just click on the “Print” option below when you are done customizing to print the Google contacts.

Tip: You cannot edit the .html file when it is opened in the browser. If you need to make any edits before printing, right-click on the .html file and select “Edit” from the context menu. Your contacts will load in your default editor, such asMicrosoft Word.

Conclusion

GoogleTel is a great little application that should come in very handy if you need to manage your Google contacts. The default options work fine, and you should have no problem using the software. You can check out the official GoogleTel website for more details or comment below if you need any clarification.

How to Steal Secret Encryption Keys from Android and iOS SmartPhones

Unlike desktops, your mobile devices carry all sorts of information from your personal emails to your sensitive financial details. And due to this, the hackers have shifted their interest to the mobile platform.

Every week new exploits are discovered for iOS and Android platform, most of the times separately, but the recently discovered exploit targets both Android as well as iOS devices.

A team of security researchers from Tel Aviv University, Technion and The University of Adelaide has devised an attack to steal cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other highly sensitive services from Android and iOS devices.

The team is the same group of researchers who had experimented a number of different hacks to extract data from computers. Last month, the team demonstrated how to steal sensitive data from a target air-gapped computer located in another room.

Past years, the team also demonstrated how to extract secret decryption keys from computers using just a radio receiver and a piece of pita bread, and how to extract the cryptographic key just by solely touching the chassis of the computer.

Side-Channel Attacks

According to the researchers, the recent exploit is a non-invasive Side-Channel Attack: Attack that extracts the secret crypto key from a system by analyzing the pattern of memory utilization or the electromagnetic outputs of the device that are emitted during the decryption process.

The exploit works against the Elliptic Curve Digital Signature Algorithm (ECDSA), a standard digital signature algorithm that is most widely used in many applications like Bitcoin wallets and Apple Pay and is faster than several other cryptosystems.

How to Steal Secret Encryption Keys?

During the experimental hack, the researchers placed a $2 magnetic probe near an iPhone 4 when the phone was performing cryptographic operations.

While performing cryptographic operations, the security researchers measured enough electromagnetic emanations and were able to fully extract the secret key used to authenticate the end user's sensitive data and financial transactions.

The same hack can be performed using an improvised USB adapter connected to the phone's USB cable, and a USB sound card to capture the signal.

"Using such measurements, we were able to fully extract secret signing keys from OpenSSL and CoreBitcoin running on iOS devices," the researchers wrote in a blog post published Wednesday. "We also showed partial key leakage from OpenSSL running on Android and from iOS's CommonCrypto."

The researchers also experimented their exploit on a Sony-Ericsson Xperia X10 Phone running Android and said they believe such an attack is feasible.

The security researchers also cited a recent independent research by a separate team of security researchers that discovered a similar Side-Channel flaw in Android's version of the BouncyCastle crypto library, making the device vulnerable to intrusive electromagnetic key extraction attacks.

Currently, the hack requires an attacker to have physical control of, or, at least, a probe or cable in proximity to, a vulnerable mobile device as long as it performed enough tasks to measure a few thousand of ECDSA signatures.

Affected Devices

Older iOS versions 7.1.2 through 8.3 are vulnerable to the side-channel attack. The current iOS 9.x version includes defenses against side-channel attacks, so are unaffected.

However, nothing can save iPhone and iPad users even running current iOS versions if they are using vulnerable apps. One such vulnerable iOS app is CoreBitcoin that is used to protect Bitcoin wallets on iPhones and iPads.

Developers of CoreBitcoin told the security researchers that they are planning to replace their current crypto library with one that is not susceptible to the key extraction attack. Meanwhile, the recent version of Bitcoin Core is not vulnerable.

Both OpenSSL versions 1.0.x and 1.1.x are vulnerable except when compiled for x86-64 processors with the non-default option enabled or when running a special option available for ARM CPUs.

The team has already reported the vulnerability to the maintainers of OpenSSL, who said that hardware side-channel attacks are not a part of their threat model

- See more at: http://thehackernews.com/2016/03/encryption-keys-android.html?m=1#sthash.MkYd8vvz.dpuf