WEBSPLOIT TUTORIAL MITM ATTACK ::: KALI LINUX

Websploit is an automatic vulnerability assessment, web crawler and exploiter tool. It is an open source command line utility that composed on modular structure. At the time of writing, there are 16 modules are available on Websploit, it can be downloaded from sourceforge project website but it is available on Kali Linux by default.

Websploit can be synchronize with Metasploit WMAP project for web vulnerability scanning, there are four categories of modular are available and they are:

• Web Modules
• Network Modules
• Exploit Modules
• Wireless Modules

In Wireless module we can run some interesting WiFi attacking vector including the WiFi jammer and WiFi DDOS attack. For exploitation, websploit is working on the basis of Metasploit Autopwn service and metasploit browser autopwn service. A large number of interesting attacking vectors are available on the network modules, and they are but not limited to:

• ARP cache DOS attack
• Middle Finger Of Doom Attack
• Man In The Middle Attack
• Man Left In The Middle Attack
• Fake Update Attack Using DNS Spoof
• And more....

Some modules of websploit are depends on Metasploit for example

• Information Gathering From Victim Web Using (Metasploit Wmap)

So it is recommended to configure Metasploit before using these modules, the demonstration of every modules are not possible on this single article, but the basic command and usage of the software mentioned below and it surely help you to use websploit in a professional manner.

If you are on Kali Linux, then click on Applications → Kali Linux → Web Applications → Web Vulnerability Scanners → Websploit

The list of commands that can applicable on websploit are:

Commands                   Description

---------------                  ----------------

set                              Set Value Of Options To Modules

scan                            Scan Wifi (Wireless Modules)

stop                            Stop Attack & Scan (Wireless Modules)

run                             Execute Module

use                             Select Module For Use

os                               Run Linux Commands(ex : os ifconfig)

back                           Exit Current Module

show modules            Show Modules of Current Database

show options              Show Current Options Of Selected Module

upgrade                     Get New Version

update                        Update Websploit Framework

In the demonstration mentioned below: the web directory scanner attack will be performed.

wsf > show modules

..

..

wsf > use web/dir_scanner

wsf:Dir_Scanner > show options

Options Value

--------- --------------

TARGET http://google.com

wsf:Dir_Scanner > set TARGET http://ehacking.net

TARGET => ehacking.net

wsf:Dir_Scanner > run

[*] Your Target : ehacking.net

[*]Loading Path List ... Please Wait ...

[index] ... [404 Not Found]

[images] ... [404 Not Found]

[download] ... [404 Not Found]

..

..

..

The commands to perform other attacking vector are same, just follow the steps mentioned above.

Truecrypt Encryption Tool Clears The First Phase Of Security Audit .

Is TrueCrypt Audited Yet? Yes, In Part! One of the world's most-used open source file encryption software trusted by tens of millions of users - TrueCrypt is being audited by a team of experts to assess if it could be easily exploited and cracked. Hopefully it has cleared the first phase of the audit and given a relatively clean bill of health.

TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition. 

The program is also capable to do some amazing things, such as can create a hidden operating system on a computer, essentially an OS within an OS where users can keep their most secret files.

EVERYONE HAS SOMETHING TO HIDE
TrueCrypt developers are anonymous and used the aliases “ennead” and “syncon”, perhaps to avoid unwelcome attention from their own governments. But when we talk about Privacy and Security, we can't trust anyone, especially when someone like NSA is out there.

This is a major reason that security community has took an initiative to perform a public Security Audit of TrueCrypt in response to the concerns that National Security Agency (NSA) may have tampered with it.

iSec Research Lab was contracted to carry out  public cryptanalysis and security audit of TrueCrypt by the cryptography community, Open Crypto Audit Project (OCAP) and they has ‪found “no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.”

11 VULNERABILITIES FOUND, BUT NOT CRITICAL
Auditors review more than 70,000 lines of TrueCrypt source code and architecture. Finally yesterday they have turned up 11 vulnerabilities in the full disk and file encryption software's source code, but no "high-severity" issues, which means nothing particularly found inappropriate and certainly nothing looks like a backdoor or intentional flaws.

According to the researchers, none of the vulnerabilities seems as an intentional flaw or immediate exploitation vectors, rather all of the identified findings appeared to be accidental.

“Overall, iSEC does think changes can be made to improve code quality and maintainability, and that the build process should be updated to rely on recent tools with trustworthy provenance. In sum, while TrueCrypt does not have the most polished programming style, there is nothing immediately dangerous to report,” reads the audit report [PDF released on April 14].

These results are from the first phase of the audit, focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code review.

PHASE 2 - CRYPTOGRAPHIC TESTS
Now, TrueCrypt is about to get a second phase exam that may hopefully give the software a clean bill of health too, because the project to audit TrueCrypt has raised tens of thousands of dollars to peer into TrueCrypt's deepest recesses. Second Phase test will include a thorough analysis of the various encryption cipher suites and  implementation of random number generators and critical key algorithms.

Hacking Facebook Account With Just A Text Message .

Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing, keylogger etc. ?

Today we are going to explain you that how a UK based Security Researcher, "fin1te" is able to hack any Facebook account within a minute by doing one SMS.

Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username.

According to hacker, the loophole was in phone number linking process, or in technical terms, at file /ajax/settings/mobile/confirm_phone.php

This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form having two main parameters, one for verification code, and second is profile_id, which is the account to link the number to.

As attacker, follow these steps to execute hack: 

1. Change value of profile_id to the Victim's profile_id value by tampering the parameters.
2. Send the letter F to 32665, which is Facebook’s SMS shortcode in the UK. You will receive an 8 character verification code back.
3. 
4. Enter that code in the box or as confirmation_code parameter value and Submit the form.

Facebook will accept that confirmation code and attacker's mobile number will be linked to victim's Facebook profile.

In next step hacker just need to go to Forgot password option and initiate the password reset request against of victim's account.

Attacker now can get password recovery code to his own mobile number which is linked to victim's account using above steps. Enter the code and Reset the password!

Facebook no longer accepting the profile_id parameter from the user end after receiving the bug report from the hacker.

In return, Facebook paying $20,000 to fin1te as Bug Bounty.

Snoopy Drones Can Hack Your Smartphones .

The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for land surveillance, Delivering Pizza's, then equipped with bombs that changed the way nations conduct war and now these hovering drones are ready to hack your Smartphones.

London-based Sensepoint security researchers have developed a drone called 'Snoopy' that can intercept data from your Smartphones using spoofed wireless networks, CNN Money reported.

The Drone will search for WiFi enabled devices and then using its built-in technology, it will see what networks the phones have accessed in the past and pretends to be one of those old network connections.

Spoofing WiFi networks that device has already accessed allows Snoopy Drone to connect with targeted Smartphone without authentication or interaction. In technical terms, The Drone will use 'Wireless Evil Twin Attack' to hack Smartphones.

Once connected, Snoopy Drone can access your WiFi enabled Smartphones, allowing the attacker to remotely capture login credentials, personal data, and more.

Snoopy is self-powered and extremely mobile and researchers have successfully stolen Amazon, PayPal, and Yahoo credentials while testing it out in the skies of London.


The collection of metadata, including Wireless Network Names and Device IDs is not illegal, but intercepting personal data would likely violate wiretapping and identity theft laws.

If the technology got in the hands of criminals, there are all kinds of things they could do. Researchers said they have no malicious intent in developing Snoopy Drone, they are demonstrating the technology to highlight how vulnerable Smartphone users can be.

WiFi hacking is very simple to execute and are becoming far more common these days. If you are concerned about such attacks, just turn off that automatic WiFi network-finding feature.

Hack ATM Machines With Just An SMS .

As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million ATM machines are run on it. Microsoft's decision to withdraw support for Windows XP poses critical security threat to the economic infrastructure worldwide.

MORE REASONS TO UPGRADE

Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs.

"What was interesting about this variant of Ploutus was that it allowed cybercriminals to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible, but this technique is being used in a number of places across the world at this time." researchers said.

HARDWIRED Malware for ATMs

According to researchers - In 2013, they detected a malware named Backdoor.Ploutus, installed on ATMs in Mexico, which is designed to rob a certain type of standalone ATM with just the text messages.

To install the malware into ATMs machines, hacker must connect the ATM to a mobile phone via USB tethering and then to initiate a shared Internet connection, which then can be used to send specific SMS commands to the phone attached or hardwired inside the ATM.

"Since the phone is connected to the ATM through the USB port, the phone also draws power from the connection, which charges the phone battery. As a result, the phone will remain powered up indefinitely."

HOW-TO HACK ATMs

• Connect a mobile phone to the machine with a USB cable and install Ploutus Malware.
• The attacker sends two SMS messages to the mobile phone inside the ATM.
• SMS 1 contains a valid activation ID to activate the malware
• SMS 2 contains a valid dispense command to get the money out
• Mobile attached inside the ATM detects valid incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
• Network packet monitor (NPM) module coded in the malware receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus
• Amount for Cash withdrawal is pre-configured inside the malware
• Finally, the hacker can collect cash from the hacked ATM machine.

Researchers have detected few more advanced variants of this malware, some attempts to steal customer card and PIN data, while others attempt man-in-the-middle attacks.

This malware is now spreading to other countries, so you are recommended to pay extra attention and remain cautious while using an ATM.

Hacking Someone's Facebook Password Using Some Software Or Website? No Sir You Can't!

Do you know there are over thousands of websites and software that claim to hack Facebook password of any account? They'd ask you the victim's profile ID, maybe your credentials and some money too and will reportedly tell you the password which, to be honest, never works. Ever wonder why? Let me tell you why, they're FAKE! They're a scam which tricks you somehow in losing your money or your own Facebook account. Just give it a thought, why would Zuckerberg and his team spend Billions of Dollars on Facebook if one could hack it in less than a minute? Today, we'll take a look at this topic in detail with some example websites and software and get answers to some common related questions.

Back in 2005, I came across a mechanism that reportedly hacked Yahoo mail password for a user using some simple tricks. It didn't work for me for obvious reasons but I didn't stop believing the possibility until I grew up to realize how helpless I am here. One of the major concerns of large organizations like Facebook and Yahoo is security because of the super sensitive information about people they have. Several hundred million dollars are spend yearly by these organizations to ensure security and then there's these websites that claim to undo all that protection in less than a minute.

The Facebook password cracking Websites and Software

Let's start with some examples here. I googled the subject and picked the top results without order. Didn't care to search harder because there are thousands such and I know that all are FAKE.

So let's look at this GETFBHACK.com.

Their FREE Facebook hacker program is said to be capable of cracking the password of any Facebook user within a day. Sounds cool, I could try it out, but my Norton Antivirus rejected the file straight away.

I also picked up another one. This Hack-Fbook-Password asks me to enter the profile ID of a user and it will crack the password. I said Okay and began the process.

It ran certain algorithms to determine the password and finally landed me on a page that said I could DOWNLOAD the password IF I fill an online survey first. Those of you who've been redirected to surveys would know they don't work and are put just so to get traffic and earn money.

I said maybe I should leave the website now but hey, they gave me a prize!

So I just became the luckiest person in my city just like that!

Now tell me, how can a sane person believe in all this?

The truth!

Let me get this straight to you, these websites do nothing at all just waste your time and are never able to do the job. In fact, downloaded programs just make the situation worse when you run them. I had my Norton Antivirus to guard me otherwise I could be in severe danger currently.

These software are mostly keyloggers and tracking programs that record your keystrokes and action and steal personal information from your computer in the background and send it to their master servers. So ultimately a hacker wannabe gets hacked, how ironic!

From now on in the post, I'll be using the word 'Hacker' for these websites and software since you're no more in the position to be called that.

Why do these 'Hackers' do all that?

Setting up websites, maintaining them and developing software is not an easy task. It requires some money. So why do these 'hackers' do all the hassle? It's because they get equivalent or more money in return. They can extract your credit card details and other banking info from your system and use it for their advantage. They can hack your account and use it for wrong purposes. Give me one reason why one wouldn't steal money and hack accounts for no loss.

Why people fall in their webs?

Why do people try to use such unreal hacking procedures? It's because it's unreal to me, it's unreal to you but not to those who are not much familiar with the working of a software. They get in the web of these hackers and eventually get screwed up pretty bad without consent.

The websites give guarantees and also portray their 'imaginary' happy customers so as to trick a reader. Such tactics are simple but really powerful and serves to their advantage in most cases. This is also why there are thousands of such websites available.

So is Facebook account an 'unbreakable fortress'?

Well, NO. Facebook accounts can be hacked. No online service is foolproof and that is because of the flaws and bugs in their software. There are several ACTUAL hackers in the world who can analyse a website's security and use that against it thus making hacking a reality.

But I'm 100% sure none of them uses these scam and fake websites that claim to do the impossible. You can check out our hacking section to know more.

I'll end the 'lesson' with an idiom, "look before you leap". Focus, think and then follow. In case of any queries or confusions head over to the comments section. Cheers :)

Access Your Facebook Account with 3 Passwords .

Yes, You can access your Facebook account with 3 different passwords . I was surporised when i read this message posted by one of my friend in Facebook. So , immediately, i tested whether it is true one or not. Yes, it is working.

Facebook allows the following variation of your passwords:

1. Your Original Password:
Let us assume that you are using "breakTheSecurity" as password.  Yeah, you can log in with your default password ;)

2. Your original password with the case reversed(Toggle case):
This one will be interesting one.  You can toggle the case of your Password and use it.

For instance, your are using "breakTheSecurity" as your default password. In this password, 'T' and 'S' is Capitalized.

if you toggle the password case, then your password will become "BREAKtHEsECURITY".

3. Your original password with the first letter capitalized:

If the first character of your password is in lower case and you change it to Upper case, you can still login with this one.

For instance, the original password is "breakTheSecurity" .  In this password, the first character 'b' is in lower case.  If you capitalize the first character, then your password is "BreakTheSecurity".

The reason for 3 Passswords for your facebook account
It is not security flaw.  It is just feature provided by Facebook.

"We accept three forms of the user's password to help overcome the most common reasons that authentic logins are rejected. In addition to the original password" Zdnet quoted as Facebook spokesperson saying. " we also accept the password if a user inadvertently has caps lock enabled or their mobile device automatically capitalizes the first character of the password."

Three different Usernames:

1.  You can use your Facebook 'Username' as user name(if you have created)

2.  You can use your email address

3.  You can use use your mobile number ( if you have added your mobile number in Fb).

Yeah, i know this is one of the old one. Now only i come to know about this and like to share with BTS readers. Hope you enjoyed this article..!