Archive | November, 2017

Mr.SIP – SIP Attack And Audit Tool

Use Netsparker


Mr.SIP was developed in Python as a SIP Attack and audit tool which can emulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defence approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has been redeveloped into the current version.

Mr.SIP - SIP Attack And Audit Tool


Mr.SIP – SIP Attack Features

Mr.SIP currently comprises of four sub-modules named SIP-NES, SIP-ENUM, SIP-DAS and SIP-ASP. Since it provides a modular structure to developers, more modules will continue to be added by the authors and it is open to being contributed to by the open-source developer community.

  • SIP-NES needs to enter the IP range or IP subnet information. It sends SIP OPTIONS message to each IP addresses in the subnet and according to the responses outputs the potential SIP clients and servers on that subnet.
  • SIP-ENUM outputs which SIP users are valid according to the responses in that network by sending REGISTER messages to each client IP addresses on the output of SIP-NES.
  • SIP-DAS (DoS Attack Simulator) is a module developed to simulate SIP-based DoS attacks. It comprises four components: spoofed IP address generator, SIP message generator, message sender and scenario player. It needs outputs of SIP-NES (Network Scanner) and SIP-ENUM (Enumerator) along with some pre-defined files.
  • SIP-DAS basically generates legitimate SIP INVITE message and sends it to the target SIP component via TCP or UDP. It has three different options for spoofed IP address generation, i.e., manual, random and by selecting spoofed IP address from subnet. IP addresses could be specified manually or generated randomly. Furthermore, in order to bypass URPF filtering, which is used to block IP addresses that do not belong to the subnet from passing onto the Internet, we designed a spoofed IP address generation module. Spoofed IP generation module calculated the subnet used and randomly generated spoofed IP addresses that appeared to come from within the subnet.

There is also:

ohrwurm – RTP Fuzzing Tool (SIP Phones)
SIPcrack – SIP Login Dumper & Hash/Password Cracker
Sipflanker – Locate SIP (VoIP) Device Web Interfaces
SIP Proxy – VoIP Security Testing Tool
SIPVicious SIP Scanner – VoIP Hacking Security Auditing Tool

You can download Mr.SIP here:

Mr.SIP-master.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Uber Paid Hackers To Hide 57 Million User Data Breach

The New Acunetix V12 Engine


Uber is not known for it’s high level of ethics, but it turns out Uber paid hackers to not go public with the fact they’d breached 57 Million accounts – which is a very shady thing to do. Getting hacked is one thing (usually someone f*cked up), but choosing as a company to systematically cover up a breach to the tune of $100,000 – that’s just wrong.

Uber Paid Hackers To Hide 57 Million User Data Breach


57 Million is a fairly significant number as well with Uber having around 40 Million monthly users, of course, it’s not the scale of Equifax with 143 Million (or more).

It includes both riders and 600,000 driver information, Uber says nothing fraudulent appears to have happened since the breach and compromised accounts are flagged in the system for extra monitoring.

By Now, the name Uber has become practically synonymous with scandal. But this time the company has outdone itself, building a Jenga-style tower of scandals on top of scandals that has only now come crashing down. Not only did the ridesharing service lose control of 57 million people’s private information, it also hid that massive breach for more than a year, a cover-up that potentially defied data breach disclosure laws. Uber may have even actively deceived Federal Trade Commission investigators who were already looking into the company for distinct, earlier data breach.

On Tuesday, Uber revealed in a statement from newly installed CEO Dara Khosrowshahi that hackers stole a trove of personal data from the company’s network in October 2016, including the names and driver’s license information of 600,000 drivers, and worse, the names, email addresses, and phone numbers of 57 million Uber users.

As bad as that data debacle sounds, Uber’s response may end up doing the most damage to the company’s relationship with users, and perhaps even exposed it to criminal charges against executives, according to those who have followed the company’s ongoing FTC woes. According to Bloomberg, which originally broke the news of the breach, Uber paid a $100,000 ransom to its hackers to keep the breach quiet and delete the data they’d stolen. It then failed to disclose the attack to the public—potentially violating breach disclosure laws in many of the states where its users reside—and also kept the data theft secret from the FTC.


It’s definitely possible there could be some serious consequences for Uber in a legal context as they’ve certainly breached some federal laws concerning disclosure to the FTC and in general not disclosing a breach that has leaked customer records.

They previously fired their Chief Security Officer, which obviously hasn’t helped much (more of a PR/Blame exercise most likely).

According to Bloomberg, Uber’s 2016 breach occurred when hackers discovered that the company’s developers had published code that included their usernames and passwords on a private account of the software repository Github. Those credentials gave the hackers immediate access to the developers’ privileged accounts on Uber’s network, and with it, access to sensitive Uber servers hosted on Amazon’s servers, including the rider and driver data they stole.

While it’s not clear how the hackers accessed the private Github account, the initial mistake of sharing credentials in Github code is hardly unique, says Jeremiah Grossman, a web security researcher and chief security strategist at security firm SentinelOne. Programmers frequently add credentials to code to allow it automated access to privileged data or services, and then fail to restrict how and where they share that credential-laden software.

“This is all too common on Github. It’s not a forgiving environment,” says Grossman. He’s far more shocked by the reports of Uber’s subsequent coverup. “Everyone makes mistakes. It’s how you respond to those mistakes that get you in trouble.”

It’d be interesting to get a bit more details on what happened, were the credentials accidentally pushed to a Github repo that was public? Or did the hacker(s) actually get access to a private Github repo that contained critical credentials?

Sadly both are pretty common, even with Github having an option to enforce 2FA across an entire organsiation – many people are not using it.

Source: Wired

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


RDPY – RDP Security Tool For Hacking Remote Desktop Protocol

Use Netsparker


RDPY is an RDP Security Tool in Twisted Python with RDP Man in the Middle proxy support which can record sessions and Honeypot functionality.

RDPY - RDP Security Tool For Hacking Remote Desktop Protocol


RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication (through ntlmv2 authentication protocol).

RDPY RDP Security Tool Features

RDPY provides the following RDP and VNC binaries:

  • RDP Man In The Middle proxy which record session
  • RDP Honeypot
  • RDP Screenshoter
  • RDP Client
  • VNC Client
  • VNC Screenshoter
  • RSS Player

RDPY is fully implemented in python, except the bitmap decompression algorithm which is implemented in C for performance purposes.

RDPY Hacking RDP Binaries

rdpy-rdpclient

rdpy-rdpclient is a simple RDP Qt4 client.

You can use rdpy-rdpclient in a Recorder Session Scenario, used in rdpy-rdphoneypot.

rdpy-vncclient

rdpy-vncclient is a simple VNC Qt4 client.

rdpy-rdpscreenshot

rdpy-rdpscreenshot saves login screen in file.

rdpy-vncscreenshot

rdpy-vncscreenshot saves the first screen update in file.


rdpy-rdpmitm

rdpy-rdpmitm is a RDP proxy allows you to do a Man In The Middle attack on RDP protocol. Record Session Scenario into rss file which can be replayed by rdpy-rssplayer.

Output directory is used to save the rss file with following format (YYYYMMDDHHMMSS_ip_index.rss) The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer If one of both parameters are omitted, the server use standard RDP as security layer.

rdpy-rdphoneypot

rdpy-rdphoneypot is an RDP honey Pot. Use Recorded Session Scenario to replay scenario through RDP Protocol.

The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer. If one of both parameters are omitted, the server use standard RDP as security layer. You can specify more than one files to match more common screen size.

rdpy-rssplayer

rdpy-rssplayer is use to replay Record Session Scenario (rss) files generates by either rdpy-rdpmitm or rdpy-rdpclient binaries.

There’s also another related tool which can extract RDP sessions:

SessionGopher – Session Extraction Tool

And there is of course Seth – RDP Man In The Middle Attack Tool.

You can download RDPY here:

rdpy-v1.3.2.zip

Or read more here.

Posted in: Networking Hacking

Topic: Networking Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Terabytes Of US Military Social Media Spying S3 Data Exposed

The New Acunetix V12 Engine


Once again the old, default Amazon AWS S3 settings are catching people out, this time the US Military has left terabytes of social media spying S3 data exposed to everyone for years.

Terabytes Of US Military Social Media Spying S3 Data Exposed


It’s not long ago since a Time Warner vendor and their sloppy AWS S3 config leaked over 4 million customer records and left S3 data exposed, and that’s not the only case – there’s plenty more.

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing “dozens of terabytes” of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.

The archives were found by UpGuard’s veteran security-breach hunter Chris Vickery during a routine scan of open Amazon-hosted data silos, and the trio weren’t exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive.

CENTCOM is the common abbreviation for the US Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for US Pacific Command, covering the rest of southern Asia, China and Australasia.

Vickery told The Register today he stumbled upon them by accident while running a scan for the word “COM” in publicly accessible S3 buckets. After refining his search, the CENTCOM archive popped up, and at first he thought it was related to Chinese multinational Tencent, but quickly realized it was a US military archive of astounding size.

“For the research I downloaded 400GB of samples but there were many terabytes of data up there,” he said. “It’s mainly compressed text files that can expand out by a factor of ten so there’s dozens and dozens of terabytes out there and that’s a conservative estimate.”


I’m curious to know if anyone else found these buckets before, I should hope being the US Military they at least have access logging turned on for these buckets, but considering the fact they were open to World – that may not be the case.

It just goes to show (as with MongoDB) you can’t trust people with lax defaults because most of the time developers wont change them.

Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens.

The databases also reveal some interesting clues as to what this information is being used for. Documents make reference to the fact that the archive was collected as part of the US government’s Outpost program, which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism.

Vickery found the Outpost development configuration files in the archive, as well as Apache Lucene indexes of keywords designed to be used with the open-source search engine Elasticsearch. Another file refers to Coral, which may well be a reference to the US military’s Coral Reef data-mining program.

“Coral Reef is a way to analyze a major data source to provide the analyst the ability to mine significant amounts of data and provide suggestive associations between individuals to build out that social network,” Mark Kitz, technical director for the Army Distributed Common Ground System – Army, told the Armed Forces Communications and Electronics Association magazine Signal back in 2012.

“Previously, we would mine through those intelligence reports or whatever data would be available, and that would be very manual-intensive.”

I guess tools like this are just making it easier to find exposed buckets:

AWSBucketDump – AWS S3 Security Scanning Tool.

There is definitely going to be more of these cases popping up and more people jump on the cloud bandwagon without really understanding the security implications, “Hey the URL is not public so we don’t need to protect it because no one can find it” – etc.

Source: The Register

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


SNIFFlab – Create Your Own MITM Test Environment

The New Acunetix V12 Engine


SNIFFlab is a set of scripts in Python that enable you to create your own MITM test environment for packet sniffing through a WiFi access point.

SNIFFlab - Create Your Own MITM Test Environment


Essentially it’s a WiFi hotspot that is continually collecting all the packets transmitted across it. All connected clients’ HTTPS communications are subjected to a “Man-in-the-middle” attack, whereby they can later be decrypted for analysis

What is SNIFFLab MITM Test Environment

In our environment, dubbed Snifflab, a researcher simply connects to the Snifflab WiFi network, is prompted to install a custom certificate authority on the device, and then can use their device as needed for the test.

All traffic on the network is logged by a Raspberry Pi dedicated to that task. The traffic is cloned by a Great Scott Gadgets Throwing Star LAN Tap, which routes it both to its destination, and to our Raspberry Pi. The Pi continually collects packet data, creating new packet capture (pcap) files at a regular interval, or once the active file reaches a configurable size. Saved files are regularly transferred to another machine for persistent storage. Users with SSH access to the Pi can also manually restart the pcap service, to get instant access to the captured packets, instead of waiting for the interval.

The custom certificate that each client must install enables the proxy server through which SNIFFlab routes its traffic to intercept HTTPS requests to the outside world, and re-encrypt them using certificates generated on-the-fly. This allows for the researcher to later decrypt most captured network traffic sent over HTTPS.


Using SNIFFLab MITM Enivronment

There are some other related tools here:

mitmproxy – Intercepting HTTP Proxy Tool aka MITM
MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
BetterCap – Modular, Portable MiTM Framework
MITMf – Man-In-The-Middle Attack Tool

You can download SNIFFlab here:

snifflab-master.zip

Or read more here.

Posted in: Networking Hacking

Topic: Networking Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Skype Log Viewer Download – View Logs on Windows

Use Netsparker


Skype Log Viewer allows you to download and view the Skype history and log files, on Windows, without actually downloading the Skype client itself.

Skype Log Viewer Download - View Logs on Windows


What does Skype Log Viewer do?

This program allows you to view all of your Skype chat logs and then easily export them as text files.

It correctly organizes them by conversation and makes sure that group conversations do not get jumbled with one on one chats.

Skype Log Viewer Features

  • Download Skype Logs
  • Broken Database Support
  • Change Export Format
  • Organized by conversation in Skype

It’s been a while since anything regarding Skype has been in the news, honestly, since Hangouts, Bluejeans, Appear.in, Facetime and all the other options have emerged I don’t think that many people are still using it – other than perhaps Skype for business.

There was a Skype worm WAY back in 2006 – Skype Worm in the Wild – W32.Chatosky

You can download Skype Log Viewer here:

Compiled – SkypeLogViewerLGGv1.3.exe
Source – skype-log-viewer-v1.3.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.