Archive | October, 2015

HookME – API Based TCP Proxy Including SSL


HookME is an API based TCP Proxy software designed for intercepting communications by hooking the desired process and hooking the API calls for sending and receiving network data (even SSL clear data). HookME provides a nice graphic user interface allowing you to change the packet content in real time, dropping or forwarding the packet.

HookME - API Based TCP Proxy Including SSL

It also has a Python plug-in system to extend the HookME functionality.

Features

It can be used for a lot of purposes such as:

  • Analysing and modifying network protocols
  • Creation of malware or back-doors embedded into network protocols
  • Protocol vulnerability memory patching
  • Firewall at protocol layer
  • As a post-explotation tool

You can download HookME 0.2.1.0b here:

0.2.1.0b.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking Tools

Topic: Hacking Tools, Networking Hacking Tools


Latest Posts:


APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.


WinRAR Vulnerability Is Complete Bullshit


So Twitter exploded earlier with calls of a remote code execution WinRAR vulnerability leaving half a BILLION users open for some hardcore exploitation.

I got interested (obviously..as that’s what I do here) and went to read about it, I have to call pretty sketchy, non-technical reporting from the The Register for once, it seems like it was written by an intern.

WinRAR Vulnerability Drama Is Unfounded

To summarise the news…shocker, executing an executable leads to code execution – yah really, no shit?

The fact that it allows you to download a file from the SFX (Self Extracting RAR files basically) panel and execute that, that’s a little shady, but you’ve already executed the .exe self unpacking file..so if it’s from a dubious source, you kinda deserve whatever happens from there on in.

Half a billion users are at risk from a public zero day remote code execution exploit affecting all versions of the popular WinRAR compression software.

A proof-of-concept exploit has been published. Its creator reckons it works on all versions of WinRAR, making it very likely that it will be used by criminals in phishing attacks. WinRAR has been a popular shareware unzipping tool for Windows users over the last two decades. It is plugged heavily thanks to many reviews by software download sites like CNET and Softpedia.

Iranian researcher Mohammad Reza Espargham reported the hole to the Full Disclosure security mailing list.

“The vulnerability allows unauthorised remote attackers to execute system specific code to compromise a target system,” Espargham says. “The issue is located in the text and icon function of the ‘text to display in SFX’ window module.”

“Remote attackers are able to generate [their] own compressed archives with malicious payloads to execute system specific codes for compromise.”


Now if this trick worked when opening a .rar file with WinRAR, I’d say that could be a serious problem. But only for SFX (self extracting executable archive) files – not an issue really.

You can watch the PoC of the ‘exploit’ here.

I’m honestly surprised all the major sites are reporting on this like it’s a big thing. Did anyone stop and actually read what’s happening here?

Espargham puts the severity score at 9.2 since it requires a low competency to exploit and requires that users only open the file. Torrent files for games and applications would be a nice attack vector given attacks could be made stealthy.

The vulnerability has not yet received a CVE number by which major bugs are tracked and scored. Users could be owned if the decompress malicious SFX files. Attackers can write HTML code to WinRAR’s window that will run on a target machine when the archive is opened.

MalwareBytes researcher Pieter Arntz says the proof of concept needs subtle tweaking out of the tin for it to work properly. “The proof-of-concept requires some trivial changes before I got it to work,” Arntz says, but that might have been down to a Perl version conflict.

And honestly, why is anyone still using WinRAR since 7zip came out? There’s no excuse at all.

I’m not really surprised this has no CVE, and honestly don’t really expect it to get one. Might WinRAR fix this hole? Probably not, as it’s how SFX works. Why go to such trouble when you could bind malware directly to the SFX archive and have that execute.

Is it serious?

NO.

Source: The Register

Posted in: Exploits/Vulnerabilities, Windows Hacking

Topic: Exploits/Vulnerabilities, Windows Hacking


Latest Posts:


APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.