Category Archives: (I) Linux Hacking

VoIP Pentest using Kali Linux

ACE (Automated Corporate Enumerator) is a simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface. In the same way that the “corporate directory” feature of VoIP hard phones enables users to easily dial by name via their VoIP handsets.

ACE was developed as a research idea born from “VoIP Hopper” to automate VoIP attacks that can be targeted against names in an enterprise Directory. The concept is that in the future, attacks will be carried out against users based on their name, rather than targeting VoIP traffic against random RTP audio streams or IP addresses. ACE works by using DHCP, TFTP, and HTTP in order to download the VoIP corporate directory. It then outputs the directory to a text file, which can be used as input to other VoIP assessment tools. ACE is a standalone utility, but its functions are integrated into UCSniff.

ACE currently supports the VoIP corporate directory used in Cisco Unified IP Phones. It works in the following way:

1)Spoofs CDP to get VVID
2)Adds Voice VLAN Interface (VLAN Hop) – subsequent traffic is tagged with VVID
3)Sends DHCP request tagged with VVID
4)Decodes TFTP Server IP Address via DHCP Option 150
5)Sends a TFTP request for IP Phone configuration file
6)Parses file, learning Corporate Directory URL
7)Sends an HTTP GET request for Directory
8)Parses XML Data, writing directory users to a formatted text file


What is VoIP ?
Voice over IP (VoIP) is an exciting technology which provides many benefits and cost effective solutions for communication.
it is is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks
More and more small and enterprise businesses are replacing their old traditional telephony systems with an IP based ones. A VoIP based PBX can provide many features such as: Multiple Extensions, Caller ID, Voice mail, IVR capabilities, Recording of conversations, Logging, Usage with hardware based telephones or software based (aka soft phones). Now days there are many vendors for PBX, IP telephones, VoIP services and equipment such as: CISCO, AVAYA and ASTERISK, SNOM, THOMSON… With new technology comes a new challenge for both the defensive and offensive side of security, One of the “great” dangers of traditional phone lines was that it was susceptible to eavesdropping. The “old school” way to eavesdrop on somebody’s phone line was to physically connect a small transmitter which was connected inside or outside their premises somewhere along the phone cord.

IP telephony systems are also susceptible to eavesdropping, doing so in an IP environment is a little bit more difficult to execute, detect and require more the knowledge and the right set of tools.

Usage
ACE can be used in one of two ways. First, it can auto-discover the TFTP Server IP Address via DHCP, or (second) the user can specify the TFTP Server IP address as a command line parameter of the tool. In either case, you must supply the MAC Address of the IP Phone with the -m option in order for the tool to correctly download the configuration file via TFTP.

Example Usages:
Usage requires MAC Address of IP Phone supplied with -m option
Usage:

Mode to automatically discover TFTP Server IP via DHCP Option 150 (-m)
Example:

Mode to specify IP Address of TFTP Server
Example:

Mode to specify the Voice VLAN ID
Example:

Verbose mode
Example:

Mode to remove vlan interface
Example:

Mode to auto-discover voice vlan ID in the listening mode for CDP
Example:

Mode to auto-discover voice vlan ID in the spoofing mode for CDP
Example:

Source: http://ucsniff.sourceforge.net/ace.html
ace-voip Homepage
Author: Sipera VIPER Lab
License: GPLv3

LaZagne – Password Recovery Tool For Windows & Linux

The LaZagne project is an open source password recovery tool used to retrieve passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases and so on). This tool has been developed for the purpose of finding these passwords for the most commonly-used software. At this moment, it supports 22 Programs on Microsoft Windows and 12 on a Linux/Unix-Like operating systems.

LaZagne - Password Recovery Tool For Windows & Linux

It supports a whole bunch of software including things like CoreFTP, Cyberduck, FileZilla, PuttyCM, WinSCP, Chrome, Firefox, IE, Opera, Jitsi, Pidgin, Outlook, Thunderbird, Tortoise, Wifi passwords and more.

Usage

Retrieve version

Launch all modules

Launch only a specific module

Launch only a specific software script

Write all passwords found into a file (-w options)

Use a file for dictionary attacks (used only when it’s necessary: mozilla masterpassword, system hahes, etc.). The file has to be a wordlist in cleartext (no rainbow), it has not been optimized to be fast but could useful for basic passwords.

Change verbosity mode (2 different levels)

You can download laZagne here:

Windows – laZagne-Windows.zip
Source – Source-1.1.zip

Tiger – Unix Security Audit & Intrusion Detection Tool

Tiger is a Unix security audit tool that can be use both for auditing and as an intrusion detection system. It supports multiple Unix platforms and it is free and provided under a GPL license. Unlike other tools, Tiger needs only POSIX tools and is written entirely in shell language.

Tiger has some interesting features that merit its resurrection, including a modular design that is easy to expand, and its double edge, it can be used as an audit tool and a host intrusion detection system tool.

Tiger - Unix Security Audit & Intrusion Detection Tool

Free Software intrusion detection is currently going many ways, from network IDS (with Snort), to the kernel (LIDS, or SNARE for Linux and Systrace for OpenBSD, for example), not mentioning file integrity checkers (many of these: aide, integrit, samhain, tripwire…) and logcheckers (even more of these, check the Log Analysis pages). But few of them focus on the host-side of intrusion detection fully.

Tiger complements these tools and also provides a framework in which all of them can work together. Tiger is not a logchecker, nor it focused in integrity analysis. It does “the other stuff”, it checks the system configuration and status. Read the manpage for a full description of checks implemented in Tiger. A good example of what Tiger can do is, for example, check_findeleted, a module that can determine which network servers running in a system are using deleted files (because libraries were patched during an upgrade but the server’s services not restarted).

BackTrack 3 Final Hacking LiveCD Released For Download

f you don’t know, BackTrack 3 is a top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

BackTrack 3 Final Hacking LiveCD Released For Download

 

Back in January we mentioned the BackTrack Live Hacking CD BETA 3 was released, at last the final version is ready for download!

New Stuff in BackTrack 3

SAINT
SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.

Maltego
The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.

Nessus
Tenable would not allow for redistribution of Nessus on BackTrack 3.

Kernel
2.6.21.5. Yes, yes, stop whining….We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.

 

Tools
As usual, updated, sharpened, SVN’ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.

Availability

For the first time we distribute three different version of Backtrack 3:

  • CD version
  • USB version
  • VMWare version

You can download BackTrack 3 Final here:

Softpedia

EvilAbigail – Automated Evil Maid Attack For Linux

EvilAbigail is a Python-based tool that allows you run an automated Evil Maid attack on Linux systems, this is the Initrd encrypted root fs attack. An Evil Maid attack is a type of attack that targets a computer device that has been shut down and left unattended.

EvilAbigail - Automated Evil Maid Attack For Linux

An Evil Maid attack is characterized by the attacker’s ability to physically access the target multiple times without the owner’s knowledge.

 

Scenarios

  • Laptop left turned off with FDE turned on
  • Attacker boots from USB/CD/Network
  • Script executes and backdoors initrd
  • User returns to laptop, boots as normal
  • Backdoored initrd loads:
    • (Debian/Ubuntu/Kali) .so file into /sbin/init on boot, dropping a shell
    • (Fedora/CentOS) LD_PRELOAD .so into DefaultEnviroment, loaded globally, dropping a shell.

Supported Distros

  • Ubuntu 14.04.3
  • Debian 8.2.0
  • Kali 2.0
  • Fedora 23
  • CentOS 7

You can download EvilAbigail here:

EvilAbigail-master.zip

Or read more here.

How To Hack WI-FI Using Social Engineering Tool-Fluxion on Kali Linux.

“Note:Please, Do Not Use This Method In Any Illegal Or Malicious Activities”

Requirements
1.Kali-Linux Operating System-download
2.Fluxion Tool-download
3.Patience And Presence of mind.

What is Kali Linux?

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali comes with the hundreds of Social-Engineering and Testing Tools. Kali Linux is developed using a secure environment with only a small number of trusted people that are allowed to commit packages, with each package being digitally signed by the developer. Kali also has a custom-built kernel that is patched for 802.11 wireless injection. This was primarily added because the development team found they needed to do a lot of wireless assessments.It Is Open Source and Free To Download.

What is Fluxion?

A Fluxion is a power Social Engineering tool used in Security Testing And Wi-Fi-Network Cracking. While hacking WEP, WPA and WPA2 We Require an Advance Tool Like This. Fluxion is the future—a blend of technical and social engineering automation that trick a user into handing over the Wi-Fi password in a matter of keystrokes.

Steps To Go:-
1.Download And Install Kali-Linux Operating System.
2.Download Fluxion and Paste It On Your Kali-Desktop(Do not Edit Any File Or Folder).

3.Open Kali-Linux terminal window and type the following commands:-
    “cd Desktop”
    “cd fluxion”
     “ls”
Note:You Must Be Connected To Internet Connection in order to install Fluxion correctly.
     type “./fluxion.sh” then Press Enter.
6.Open Fluxion And Select Your Language.

7.Select All Channels.

8.Choose Network To Attack.

9.Select-“Fake-AP”.

10.Select-“Enter”.

11.Select-“aircarck-ng”.

10.Select-“Deauth All”.

And Wait For 2 Minutes While Fluxion is Capturing the Target Handshake(It is a File Containing Victims Password But Encrypted in Hashes).
11.Then Select “Check Handshake”

12.Then Select-“Create a SSl Certificate”.

13.Choose-“Web-Interface”

Then,a Window will Pop-Up Showing Phishing Site For Hacking. Fluxion have many phishing sites and these phishing sites can be edit as per users need.
You can make your own phishing site or If you want any custom phishing site. Just mail me on Gmail.

So,here is a Catch Fluxion Will Just Block The Real Access Point And Will Open A Fake Access Point. So, that Victim must be Connected To The Fake AP(Access Point)Which was Created By us in above Step.
As the Victim is Connected by our Network it take user to the browser’s login page and there he just enter his WI-FI-password.That come to us by Phishing Site,hosted by us through Fluxion.

Fake Access Point

Phishing Site

So,I Hope You Have Understood the Concept Of Hacking Via Fluxion.

besside – ng :- crack a WEP or WPA key without user intervention and collaborate with WPA cracking

besside-ng – crack a WEP or WPA key without user intervention and collaborate with WPA cracking statistics 

SYNOPSIS

besside-ng [options] <interface>

DESCRIPTION

besside-ng is a tool wich will crack all the WEP networks in range and log all the WPA handshakes. WPA handshakes can be uploaded to the online cracking service at wpa.darkircop.org. Wpa.darkircop.com also provides useful statistics based on user-submitted capture files about the feaseability of WPA cracking.

-b <target mac>
Specifies the target’s BSSID
-s <WPA server>
Where to upload capture file for cracking. A good choice is wpa.darkircop.org
-c <chan>
Channel lock
-p <pps>
Packages per second to send (flood rate).
-W
Crack only WPA networks
-v
Verbos mode. Use -vv for more verbose, -vv for even more and so on.
-h
Help screen

How to hack facebook using kali linux : CREDENTIALS HARVESTER ATTACK

STEPS:

1. Boot up kali linux on your machine and open terminal.
2. Type this command in the kali linux terminal.
                    root@kali~# setoolkit
3. Enter ‘y’ to agree the social engineering toolkit terms and conditions.
4. Select the following options one by one from the menu
                ‘1’ (Social Engineering Attacks) then
                ‘2’(Website Attack Vectors) then
                ‘3’(Credential Harvester Attack) then
5. Type ‘2’ (Site cloner)
          set:webattack> IP address for the post back in harvesting:192.168.x.xxx (your ip address)
          set:webattack>Enter the url to clone: www.fb.com
6. Go to  Places > Computer > VAR > WWW and move all the files from www folder to html folder.
7.  Shorten your ip address with tinyurl.com and send it to the victim. When the victim open the link and enter the login details , you will get the username and password in a harvester text file which is located at Places > Computer > VAR > WWW.

Install Kali Linux On Raspberry Pi 3 : Creation of a Hacking Machine

INSTALLATION REQUIREMENTS :

DOWNLOAD LINKS :

STEPS:

1. Download all files from the above links.
2. Insert SD CARD and open Win32DiskImager . Locate your kali linux image file and sd card. Hit        write.
3. After the writing process is done. Insert SD card in Raspberry Pi and do setup as shown
4. Open Network sharing. Do the settings as shown.
5. Open cmd and type arp -a .Note your ip address.
6. Open Putty () and do configuration as shown.
7. Commands to install GUI
     apt-get update
     apt-get install lxde
     apt-get install lightdm
8. Open Xming  and type startlxde
9. Successfully Installed

How to use urlcrazy in kali linux

Intro – URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

  1. How to open
  2. GUI Method

Application → kali Linux → information gathering → DNS analysis → UrlCrazy

                                                                  (click image for large view)

Open Terminal type urlcrazy and hit enter.

  • This command is used to scan a url after scanning we can see names of the characters on the wrong web, Spelling reversed etc kindly use this command and see yourself I cant show you whole image here.

Syntax – urlcrazy domain

Ex – urlcrazy www.google.com

  • This command is used to check domain popularity.

Syntax – urlcrazy –p domainname

EX – urlcrazy –p www.mcdonalds.com

  • This command is used to show invalid domain name

Syntax – urlcrazy –I domainname

EX – urlcrazy –I www.mcdonalds.com

  • This command is used to do not resolve the DNS

Syntax – urlcrazy –r domainname

Ex- urlcrazy –r www.mcdonalds.com