One extremely enjoyable read and a succinct example of a complete and effective attack, with some great background on the phases of a breach, ethical or otherwise. Hack Back.
Tuesday, 19 April 2016
Wednesday, 13 April 2016
Tuesday, 12 April 2016
Caution: nethunter can swallow up large amounts of valuable time. Only use it if you have time to spare and don't mind hacking (as in close to the true sense of the word) in order to fix issues that arise. Having reached a stable state now, I will think twice about changing anything anytime soon!
I've used nethunter for fun stuff on my oneplus One for around a year now. There were a very small number of minor niggles that annoyed me a little, but that I chose to just live with, and everything was fine. The user interface wasn't amazing, but the tools mostly worked as intended. It was awesome, running on CM 11 and nethunter 2.x. BDFProxy did what it said on the tin, BEeF worked nicely with MITMProxy injecting hooks, I could run vulnerability scans with openVAS, and it generally rocked my world. The Swiss army knife for ethical hackers and script kiddies alike.
Around January this year I spotted that a new version of nethunter had been released, and I was pretty excited. As soon as I was able to, I followed the upgrade instructions on the nethunter site through CM 12 and installed nethunter 3.0. Things have been far less awesome since then. I'll describe some of the issues and then the resolution at the end of this post.
Issue number 1: drivedroid just stopped working. Drivedroid is great because it allows you to host an ISO or other disk image from your phone, over a USB cable and make it appear as though it is a CD drive, writeable USB stick, or read only USB. It's amazing knowing that you can boot into tails, kali, DEFT, or any other favourite live CD distro or tool of your choosing, even konboot. With CM12, none of this worked. In CM 13 it does.
Issue number 2: The phone crashed randomly and frequently. It could happen overnight while I was asleep, meaning that my alarm wouldn't go off. It could happen when I disabled WiFi tethering. Rebooting the phone would sometimes fix, but sometimes required 3 or 4 reboots. Clearing the cache would increase the chance of success but was still not full-proof. CM 13 fixed this.
Issue number 3: Sound and video playback would just stop. Again, rebooting didn't always help. CM 13 fixed this.
Issue number 4: If you are running the TWRP recovery manager, you cannot apply over the air updates for your OS. There is no fix for this that I have found.
Resolution: Most of the issues above have been fixed by upgrading to CM 13, and now things are much more awesome again. It was a painful upgrade process, but worth it. Some advice if you are about to embark upon this endeavour:
Make sure you have backed up your precious data. You don't want to lose those pictures of your cat or mum or whatever.
Clear the cache, and preferably factory-reset the device before every step. Failing to do so can lead to crashing applications, failed startups and other such delights.
Download the latest stable CM 13 and store it in the root of your device. This may appear as /sdcard in TWRP. Do the same with the latest nethunter build, openGapps, and SuperSU.
With TWRP, first install CM 13, then openGapps. Boot up and make sure everything seems OK. If things don't seem good, then go back into recovery and factory reset.
Next, install SuperSU, and then boot up and download and install busybox from the play store.
Finally, go back into recovery and install nethunter.
If all has gone well then you should have a stable installation.
Happy scripting, kiddie!
Monday, 11 April 2016
Thursday, 7 April 2016
Monday, 4 April 2016
A rainbow table, on the other hand, consists of precomputed "chains" of hashes, where a reduction function is repeatedly performed on each output hash along the chain to create a new password candidate according to the desired length and complexity. Once a chain is complete, which is typically thousands of hashes long, only the start and end hash are stored in the rainbow table.
There are instructions online for generating your own rainbow tables or for downloading or purchasing precomputed rainbow tables. This effectively allows any password within a given character set and length to be cracked in a very short space of time, as long as it has not been salted, and as long as you have the storage available for your rainbow table.
When you have a hash for which you wish to find the password, you begin by running the same reduction function on it repeatedly until you match the end hash for one of your chains. You then start the repeated reductions again from the start of that same chain until you find the hash that matches the one you wish to crack. At this point you have successfully guessed the password, if all has gone according to plan. Software such as rtgen will do all of this for you and it is much quicker than a standard brute force, and will take far less storage space than a complete hash table for a character set.
- Acquire your AD backup NTDS.dit, and SYSTEM file.
- Remember to tidy up files as you go, leave no trail.
- Extract the hashes using 2014 version of libesedb and latest esedbextract.py.
- Filter the accounts and hashes to only show active user accounts that have not expired.
- For the worst offenders, just use the worst password lists freely downloadable from the net, in NT format, and no rules.
- For slightly less bad offenders, use more wordlists such as rockyou from previous breaches.
- For more offenders, use a dictionary containing company names and usernames, etc. and start adding rules.
- For users who do at least make some effort to choose their own password, use a dictionary containing months, days, seasons, town names, countries, etc. with rules.
- Crack in LM mode and use the output passwords to create a new dictionary for NT mode
- Larger dictionaries with harder rules
- Incremental mode
- Another tool such as rainbow tables.
Sunday, 3 April 2016
Simple tip for Kali Nethunter:
You don't have to run any mana or karma, hostapd or use an external WiFi adapter for credential harvesting. Just openly share your normal WiFi access point and run the net-creds.py tool that comes with mana. Any unencrypted creds will be caught and stored.
Important: don't do this in public unless you are willing to risk being arrested. Also be aware that when you share your WiFi for open tethering, you may be incriminated for the actions of anyone who connects.
The discussion is informed by a review of recent literature focusing on attacks against anonymous systems such as Tor, i2p, and Freenet and can be found here http://www.sciencedirect.com/science/article/pii/S1353485816300289
Quite a change in direction from my previous publication on performance enhancing substances in Freediving but then my career took a sharp change in direction circa 15 years ago.
This blog is going to be a place for me to share my personal experiences and adventures into the world of cyber. If that sounds like your bag then welcome on board, friend!