Category Archives: (U) Tools

BootStomp – Find Android Bootloader Vulnerabilities

BootStomp is a Python-based tool, with Docker support that helps you find two different classes of Android bootloader vulnerabilities and bugs. It looks for memory corruption and state storage vulnerabilities.

BootStomp - Find Bootloader Vulnerabilities

 

Note that BootStomp works with boot-loaders compiled for ARM architectures (32 and 64 bits both) and that results might slightly vary depending on angr and Z3’s versions. This is because of the time angr takes to analyze basic blocks and to Z3’s expression concretization results.

How does BootStomp find Android Bootloader Vulnerabilities?

BootStomp implements a multi-tag taint analysis resulting from a novel combination of static analyses and dynamic symbolic execution, designed to locate problematic areas where input from an attacker in control of the OS can compromise the bootloader’s execution or its security features.

Using the tool the team found six previously-unknown vulnerabilities (of which five have been confirmed by the respective vendors), as well as rediscovered one that had been previously reported. Some of these vulnerabilities would allow an attacker to execute arbitrary code as part of the bootloader (thus compromising the entire chain of trust), or to perform permanent denial-of-service attacks.

The vulnerabilities impact the Trusted Boot or Verified Boot mechanisms implemented by vendors to establish a Chain of Trust (CoT). The team using BootStomp discovered vulnerabilities in the bootloaders used by Huawei, Qualcomm, MediaTek, and NVIDIA.

The team analyzed bootloader implementations in many platforms, including Huawei P8 ALE-L23 (Huawei / HiSilicon chipset), Sony Xperia XA (MediaTek chipset), Nexus 9 (NVIDIA Tegra chipset), and two versions of the LK-based bootloader (Qualcomm).

 

How to use BootStomp

The easiest way to use BootStomp is to run it in a docker container. The folder docker contains an appropriate Dockerfile, these are the commands to use it:

 

You can download BootStomp here:

BootStomp-master.zip

BackTrack 3 Final Hacking LiveCD Released For Download

f you don’t know, BackTrack 3 is a top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

BackTrack 3 Final Hacking LiveCD Released For Download

 

Back in January we mentioned the BackTrack Live Hacking CD BETA 3 was released, at last the final version is ready for download!

New Stuff in BackTrack 3

SAINT
SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.

Maltego
The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.

Nessus
Tenable would not allow for redistribution of Nessus on BackTrack 3.

Kernel
2.6.21.5. Yes, yes, stop whining….We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.

 

Tools
As usual, updated, sharpened, SVN’ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.

Availability

For the first time we distribute three different version of Backtrack 3:

  • CD version
  • USB version
  • VMWare version

You can download BackTrack 3 Final here:

Softpedia

Want more privacy online? SuperVpn brings its free VPN to Android

SuperVpn

 

People use VPNs to get around geo-blocking and take cover from online tracking, but in some cases, the VPN service tracks the users themselves and sells that data to third parties.

The Android version of ProtonVPN can be downloaded for free from Google Play and is free to use, but like ProtonMail and ProtonVPN for the desktop, the service has a number of paid tiers with more features and higher speeds.

Hijacker – Reaver For Android Wifi Hacker App

Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.

Hijacker - Reaver For Android Wifi Hacker App

 

It offers a simple and easy UI to use these tools without typing commands in a console and copy & pasting MAC addresses.

Features of Hijacker Reaver For Android Wifi Hacker App

Information Gathering

  • View a list of access points and stations (clients) around you (even hidden ones)
  • View the activity of a specific network (by measuring beacons and data packets) and its clients
  • Statistics about access points and stations
  • See the manufacturer of a device (AP or station) from the OUI database
  • See the signal power of devices and filter the ones that are closer to you
  • Save captured packets in .cap file

Reaver for Android Wifi Cracker Attacks

  • Deauthenticate all the clients of a network (either targeting each one or without specific target)
  • Deauthenticate a specific client from the network it’s connected
  • MDK3 Beacon Flooding with custom options and SSID list
  • MDK3 Authentication DoS for a specific network or to every nearby AP
  • Capture a WPA handshake or gather IVs to crack a WEP network
  • Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)

Other Wifi Hacker App Features

  • Leave the app running in the background, optionally with a notification
  • Copy commands or MAC addresses to clipboard
  • Includes the required tools, no need for manual installation
  • Includes the nexmon driver and management utility for BCM4339 devices
  • Set commands to enable and disable monitor mode automatically
  • Crack .cap files with a custom wordlist
  • Create custom actions and run them on an access point or a client easily
  • Sort and filter Access Points and Stations with many parameters
  • Export all gathered information to a file
  • Add a persistent alias to a device (by MAC) for easier identification

 

Requirements to Crack Wifi Password with Android

This application requires an ARM Android device with an internal wireless adapter that supports Monitor Mode. A few android devices do, but none of them natively. This means that you will need a custom firmware. Any device that uses the BCM4339 chipset (MSM8974, such as Nexus 5, Xperia Z1/Z2, LG G2, LG G Flex, Samsung Galaxy Note 3) will work with Nexmon (which also supports some other chipsets). Devices that use BCM4330 can use bcmon.

An alternative would be to use an external adapter that supports monitor mode in Android with an OTG cable.

The required tools are included for armv7l and aarch64 devices as of version 1.1. The Nexmon driver and management utility for BCM4339 are also included.

Root is also necessary, as these tools need root to work.

net-creds – Sniff Passwords From Interface or PCAP File

net-creds is a Python-based tool for sniffing plaintext passwords and hashes from a network interface or PCAP file – it doesn’t rely on port numbers for service identification and can concatenate fragmented packets.

net-creds - Sniff Passwords From Interface or PCAP File

 

Features of net-creds for Sniffing Passwords

It can sniff the following directly from a network interface or from a PCAP file:

  • URLs visited
  • POST loads sent
  • HTTP form logins/passwords
  • HTTP basic auth logins/passwords
  • HTTP searches
  • FTP logins/passwords
  • IRC logins/passwords
  • POP logins/passwords
  • IMAP logins/passwords
  • Telnet logins/passwords
  • SMTP logins/passwords
  • SNMP community string
  • NTLMv1/v2 all supported protocols: HTTP, SMB, LDAP, etc.
  • Kerberos

 

You can download net-creds here:

net-creds-master.zip

dirsearch – Website Directory Scanner For Files & Structure

dirsearch is a Python-based command-line website directory scanner designed to brute force site structure including directories and files in websites.

dirsearch - Website Directory Scanner For Files & Structure

 

dirsearch Website Directory Scanner Features

dirsearch supports the following:

  • Multithreaded
  • Keep alive connections
  • Support for multiple extensions (-e|–extensions asp,php)
  • Reporting (plain text, JSON)
  • Heuristically detects invalid web pages
  • Recursive brute forcing
  • HTTP proxy support
  • User agent randomization
  • Batch processing
  • Request delaying

dirsearch Web Directory Structure Scanner & Wordlists

Dictionaries must be text files. Each line will be processed as such, except that the special word %EXT% is used, which will generate one entry for each extension (-e | --extension) passed as an argument.

Example:

Passing the extensions “asp” and “aspx” will generate the following dictionary:

 

You can also use -f | --force-extensions switch to append extensions to every word in the wordlists (like DirBuster).

 

You can download dirsearch here:

dirsearch-v0.3.8.zip

Or read more here.

WhatsApp Spy Tool

What is a WhatsApp Spy Tool?

Spy tool is something that is used to check all the data and details of any device anonymously. You can access to your target’s SMS, calls, and all the multimedia stuff virtually.

Spy software is widely used by parents for their child security from online scam and other +18 content. Parents can check out all the stuff from their child’s phone like web history call, their WhatsApp messages and they can Listen to the calls also. Spy software is critical because with this you can check out your child’s real-time location if your child is going to any restricted area.

Best WhatsApp Spy App

There are hundred of spy software available in the market at this time. But only a few are working fine. So we have selected the best available Whatsapp Spy software for you. This software can hack almost anything from your victim’s phone. You just need to download this Program and start WhatsApp hacking.

Online whatsapp Hacking

As you all Know that Whatsapp is the widely used these days by people of all age groups. So many people want to spy their friend/GF/bf ‘s Whatsapp account to get all of their Messages.We want to say that in many countries spying is not a legal act. So we are not responsible for any problem you will face. Please use this Spy software at your risk. This spy software works in a hidden mode, and you will not be caught quickly.

Are you ready For Spying on your Victim, If yes then you are at the right Place. You can easily get a WhatsApp Spy App here for you. As we had shared a very effective method to hack WhatsApp with Whatsapp Web.


We have provided an online WhatsApp hacking tool on this site HackingAdda, but if you want to get our hacker in your pocket, then you have to Whatsapp Spy Tool Download from here.Our online WhatsApp Hacker’s success rate is excellent, so if you do not want to download this Whatsapp Hacking Tool, then you only hack your friend’s account by using our online hacker.

How can I spy on someone’s Whatsapp account for free?

You May Be Searched For Whatsapp Hacking Tool then you are at right place. We are a Group Of Indian and Japanese hacker which works for Banks, Police, and all legal companies. Recently we have Developed our Personal tools for WhatsApp hacking and  And then Started this Blog For You.We have more than 20000 satisfied customers till now. Thank you all for showing your trust in us.

 

Click HERE To DOWNLOAD

10 Best Security Live CD Distros Pen-Test Forensics & Recovery

1. BackTrack

The newest contender on the block of course is BackTrack. An innovative merge between WHax and Auditor (WHax formely WHoppix).

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.

Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

Get BackTrack Here.

2. Operator

Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).

Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.

Get Operator Here

3. PHLAK

PHLAK or [P]rofessional [H]acker’s [L]inux [A]ssault [K]it is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf.

Mainly based around Penetration Testing, PHLAK is a must have for any pro hacker/pen-tester.

Get PHLAK Here (You can find a PHLAK Mirror Here as the page often seems be down).

4. Auditor

Auditor although now underway merging with WHax is still an excellent choice.

The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.

Get Auditor Here

5. L.A.S Linux

L.A.S Linux or Local Area Security has been around quite some time aswell, although development has been a bit slow lately it’s still a useful CD to have. It has always aimed to fit on a MiniCD (180MB).

Local Area Security Linux is a ‘Live CD’ distribution with a strong emphasis on security tools and small footprint. We currently have 2 different versions of L.A.S. to fit two specific needs – MAIN and SECSERV. This project is released under the terms of GPL.

Get L.A.S Linux Here

6. Knoppix-STD

Horrible name I know! But it’s not a sexually trasmitted disease, trust me.

STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.

Get Knoppix-STD Here

 

7. Helix

Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry.

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Get Helix Here

8. F.I.R.E

A little out of date, but still considered the strongest bootable forensics solution (of the open-source kind). Also has a few pen-testing tools on it.

FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.

Get F.I.R.E Here

9. nUbuntu

nUbuntu or Network Ubuntu is fairly much a newcomer in the LiveCD arena as Ubuntu, on which it is based, is pretty new itself.

The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.

Get nUbuntu Here

10. INSERT Rescue Security Toolkit

A strong all around contender with no particular focus on any area (has network analysis, disaster recovery, antivirus, forensics and so-on).

INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM.

The current version is based on Linux kernel 2.6.12.5 and Knoppix 4.0.2

Get INSERT Here

Extra – Knoppix

Remember this is the innovator and pretty much the basis of all these other distros, so check it out and keep a copy on you at all times!

Not strictly a security distro, but definately the most streamlined and smooth LiveCD distribution. The new version (soon to be released – Knoppix 5) has seamless NTFS writing enabled with libntfs+fuse.

KNOPPIX is a bootable CD or DVD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk.

Get Knoppix Here

Nipe script to make Tor Network your default gateway

Imagem

[+] AUTOR: Heitor Gouvêa
[+] SITE: http://heitorgouvea.me
[+] EMAIL: hi@heitorgouvea.me
[+] GITHUB: https://github.com/GouveaHeitor
[+] TWITTER: https://twitter.com/GouveaHeitor
[+] FACEBOOK: https://fb.com/GouveaHeitor
[+] TELEGRAM: @GouveaHeitor

Tor enables users to surf the Internet, chat and send instant messages
anonymously, and is used by a wide variety of people for both Licit and
Illicit purposes. Tor has, for example, been used by criminals enterprises,
Hacktivism groups, and law enforcement agencies at cross purposes, sometimes
simultaneously.

Nipe is a Script to make Tor Network your Default Gateway.

This Perl Script enables you to directly route all your traffic from your
computer to the Tor Network through which you can surf the Internet Anonymously
without having to worry about being tracked or traced back.

See the tutorial on how to use the Nipe

Download and install:

git clone https://github.com/GouveaHeitor/nipe
cd nipe
cpan install Switch JSON LWP::UserAgent

Commands:

 

 

COMMAND FUNCTION

install Install dependencies

start Start routing

stop Stop routing

status See status

 

 

Examples:

perl nipe.pl install

perl nipe.pl start

perl nipe.pl stop

perl nipe.pl status

 

pemcracker – Tool For Cracking PEM Files

pemcracker is a tool for cracking PEM files that are encrypted and have a password. The purpose is to attempt to recover the password for encrypted PEM files while utilising all the CPU cores.

pemcracker - Tool For Cracking PEM Files

Inspired by Robert Graham’s pemcrack, it still uses high-level OpenSSL calls in order to guess the password. As an optimisation, instead of continually checking against the PEM on disk, it is loaded into memory in each thread.

 

Usage

Example:

If you are looking for the fastest possible method of brute forcing PEM files, you may wish to try out John the Ripper. Its little known ssh2john allows for converting PEM files to a format that can be fed into ./john.

You can download pemcracker here:

pemcracker-master.zip