Thursday, April 16, 2020

DSploit

DSploit

After playing with the applications installed on the Pwn Pad, I found that the most important application (at least for me) was missing from the pre-installed apps. Namely, DSploit. Although DSploit has tons of features, I really liked the multiprotocol password sniffing (same as dsniff) and the session hijacking functionality.

The DSploit APK in the Play Store was not working for me, but the latest nightly on http://dsploit.net worked like a charm.

Most features require that you and your target uses the same WiFi network, and that's it. It can be Open, WEP, WPA/WPA2 Personal. On all of these networks, DSploit will sniff the passwords - because of the active attacks. E.g. a lot of email clients still use IMAP with clear text passwords, or some webmails, etc. 

First, DSploit lists the AP and the known devices on the network. In this case, I chose one victim client.


In the following submenu, there are tons of options, but the best features are in the MITM section. 


Stealthiness warning: in some cases, I received the following popup on the victim Windows:


This is what we have under the MITM submenu:


Password sniffing

For example, let's start with the Password Sniffer. It is the same as EvilAP and DSniff in my previous post. With the same results for the popular Hungarian webmail with the default secure login checkbox turned off. Don't forget, this is not an Open WiFi network, but one with WPA2 protection!


Session hijack

Now let's assume that the victim is very security-aware and he checks the secure login checkbox. Another cause can be that the victim already logged in, long before we started to attack. The session hijacking function is similar to the Firesheep tool, but it works with every website where the session cookies are sent in clear text, and there is no need for any additional support.

In a session hijacking attack (also called "sidejacking"), after the victim browser sends the authentication cookies in clear text, DSploit copies these cookies into its own browser, and opens the website with the same cookies, which results in successful login most of the time. Let's see session hijacking in action!

Here, we can see that the session cookies have been sniffed from the air:


Let's select that session, and be amazed that we logged into the user's webmail session.




Redirect traffic

This feature can be used both for fun or profit. For fun, you can redirect all the victim traffic to http://www.kittenwar.com/. For-profit, you can redirect your victim to phishing pages.


Replace images, videos

I think this is just for fun here. Endless Rick Rolling possibilities.


Script injection

This is mostly for profit. client-side injection, drive-by-exploits, endless possibilities.

Custom filter

If you are familiar with ettercap, this has similar functionalities (but dumber), with string or regex replacements. E.g. you can replace the news, stock prices, which pizza the victim ordered, etc. If you know more fun stuff here, please leave a comment (only HTTP scenario - e.g. attacking Facebook won't work).

Additional fun (not in DSploit) - SSLStrip 

From the MITM section of DSploit, I really miss the SSLStrip functionality. Luckily, it is built into the Pwn Pad. With the help of SSLStrip, we can remove the references to HTTPS links in the clear text HTTP traffic, and replace those with HTTP. So even if the user checks the secure login checkbox at freemail.hu, the password will be sent in clear text - thus it can be sniffed with DSniff.

HTML source on the client-side without SSLstrip:


HTML source on the client-side with SSL strip:


With EvilAP, SSLStrip, and DSniff, the password can be stolen. No hacking skillz needed.

Lessons learned here

If you are a website operator where you allow your users to login, always:
  1. Use HTTPS with a trusted certificate, and redirect all unencrypted traffic to HTTPS ASAP
  2. Mark the session cookies with the secure flag
  3. Use HSTS to prevent SSLStrip attacks
If you are a user:
  1. Don't trust sites with your confidential data if the above points are not fixed. Choose a more secure alternative
  2. Use HTTPS everywhere plugin
  3. For improved security, use VPN
Because hacking has never been so easy before.
And last but not least, if you like the DSploit project, don't forget to donate them!
More articles
  1. Ethical Hacker Tools
  2. Hack Tools For Games
  3. Hacker Tools Hardware
  4. Hacking Tools Windows
  5. Pentest Tools For Mac
  6. Best Hacking Tools 2019
  7. Hack Website Online Tool
  8. Hacking Tools Windows 10
  9. Hackers Toolbox
  10. What Are Hacking Tools
  11. Pentest Box Tools Download
  12. Hacker Tools For Pc
  13. Hacks And Tools
  14. Hacking Tools For Kali Linux
  15. Hack Tools For Mac
  16. Hack Tools Github
  17. Hacking Tools Free Download
  18. How To Hack
  19. Termux Hacking Tools 2019
  20. Hacker Tools For Ios
  21. Pentest Tools For Android
  22. Hack App
  23. Hacking Tools Usb
  24. Blackhat Hacker Tools
  25. Hacking Tools For Windows 7
  26. Pentest Tools Apk
Posted by at No comments:

Memoryze


"MANDIANT Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems can include the paging file in its analysis." read more...

Download: http://fred.mandiant.com/MemoryzeSetup.msi

Related articles

  1. Hack Tools Online
  2. Hacking Tools For Games
  3. Github Hacking Tools
  4. Hack Tools Mac
  5. Hacker Tools For Pc
  6. How To Hack
  7. Hacks And Tools
  8. Pentest Tools Bluekeep
  9. Best Hacking Tools 2019
  10. Easy Hack Tools
  11. Hack Apps
  12. Pentest Tools Bluekeep
  13. Pentest Tools For Windows
  14. Hack Tools 2019
  15. Pentest Tools Kali Linux
  16. World No 1 Hacker Software
  17. Android Hack Tools Github
  18. Hacking Tools 2020
Posted by at No comments:

Removing Windows 8/8.1 Password With CHNTPW



[Update] If you want to recover Windows 8/8.1 passwords instead of removing them see this tutorial

So we are back. About a Year ago I wrote a post on how to remove Windows Password using CHNTPW but many readers complained that it was not working on Windows 8. I tried myself on many it worked but once I also got stuck. So I did a little work around. In this tutorial I'm going to show you how to remove Windows 8/8.1 passwords using CHNTPW. Well it's little bit tedious than the older one but believe me it's fun too.


Background:

Let's get started with a little bit background. Windows OSs have a User known as Administrator which is hidden by default. This user is there for security reasons (maybe it's the way around). Most of the users who use Windows are lame, sorry to say that but I'm not talking about you, they don't even know that such an invisible account exists so it is almost everytime without a password. But this Administrator user is a SU (Super User), that means you work wonders once you get access to this account. So our first task will be to make it visible and then we'll access it and using it's power privilages we'll remove password of other accounts (which is not really neccessary cuz you can access any user folder or file using Administrator Account).


Requirements:

1. Physical Access to the Victems computer.
2. A Live Bootable Kali/Backtrack Linux Pendrive or DVD.
    (You can downoad Kali Linux here)


Steps:

1. Plug in the Live Bootable Pendrive/DVD into to victim's computer and then boot from it.

2. After accessing kali linux (I'm using Kali Linux) from victim's computer open a terminal.

3. Now we have to mount the drive on which the victim's OS is loaded. In my case it is sda2. So in order to mount that drive I'll type the command:
mount /dev/sda2 /media/temp



this means that I'm mounting the drive in folder /media/temp if you haven't created a temp folder in /media then you must create one by typing these command:
cd /
mkdir /media/temp

4. After mounting the OS we need to access the SAM file and make visible Administrator account using chntpw. It's so simple lemme show you how.
first we'll navigate to /media/temp/Windows/System32/config:
cd /media/temp/Windows/System32/config

now we display the list of users on our victim's computer:
chntpw SAM -l



You'll see an Administrator User there which is disabled. Now we'll enable that:
chntpw SAM -u Administrator



now type 4 and hit return



press 'y' to save changes to SAM file.



OK voila! the hard part is done.

5. Now restart your Computer and take out your Pendrive/DVD from your computer and boot into windows 8 OS. You should be able to see Administrator User on Logon screen now. If not then look for a backward pointing Arrow besides the user Login Picture. Click on that Arrow and you should see an Administrator User. Click on the Administrator Account and wait for a while until windows 8 sets it up.

6. After a while you get Access to the computer and you can access anything. Enjoy :)

7. What you want to remove the password? I don't think it's a stealth mode idea, is it? OK I'll tell you how to do that but It's not a good hacker way of doing.
Open up the command prompt, simple way to do it is:

Press Ctrl + 'x' and then Press 'a' and if prompted click yes.
After that Enter following commands:

net user
(This command will display all users on computer)

net user "User Name" newPassword 
(This Command will change the Password of User Name user to newPassword).
OK you're done now logout and enter the new password. It will work for sure.

8. If you want to disable the Administrator Account again then type in command prompt:
net user Administrator /active:no

I tried it on Windows 8/8.1 all versions and it works. Guess what it works on all windows OSs.

Hope you enjoyed this tutorial. Don't forget to share it and yes always read the Disclaimer.

Related links


  1. Hacker Tools 2020
  2. Hacking Tools For Windows
  3. Pentest Tools Apk
  4. Hacking App
  5. Bluetooth Hacking Tools Kali
  6. Hacking App
  7. Hacker Tools Online
  8. Hacker Tools Linux
  9. Game Hacking
  10. Pentest Tools Framework
  11. Hacking Tools 2019
  12. Hacking Tools Usb
  13. Best Hacking Tools 2020
  14. Game Hacking
  15. Hacking App
  16. Hack Tools Pc
  17. Hacker Security Tools
  18. Hacking Tools For Games
  19. Hack Tools Github
  20. Hacker Search Tools
  21. Hack Tools Online
  22. Physical Pentest Tools
Posted by at No comments:

SANS SEC575 Mentor Class

Hi everyone,

Great news! I will be mentoring SANS 575: Mobile Device Security and Ethical Hacking in Luxembourg on Thursday evenings 18:00-20:00, starting from January 15, 2015.

Mentor classes are special, 10 week-format SANS classroom sessions that give the students time to absorb and master the same material with the guidance of a trained security professional.

Students receive all the same course materials used at SANS conferences and study at a more leisurely pace, so students will have:
  • Hardcopy set of SANS course books
  • Mentor Program study materials
  • Weekly Mentor led sessions
Prior to the weekly Mentor-led classroom sessions, students study SANS course material at their own pace. Each week, students meet with other professionals in their hometown area and the SANS mentor, who leads topical discussions pointing out the most salient features of the weekly material studied, provides hands-on demonstrations, and answer questions. The Mentor's goal is to help student's grasp the more difficult material, master the exercises, demonstrate the tools and prepare for GIAC certification.

On SANS SEC575, we will learn about mobile device infrastructures, policies and management, we will see the security models of the different platforms, like the data storage and file system architecture. We will also see how to unlock, root and jailbreak mobile devices in order to prepare them for data extraction and further testing. In the second half of the course, we will learn how to perform static and dynamic mobile application analysis, the usage of automated application analysis tools and how to manipulate application behavior. Last but not least, we will see how to perform mobile penetration testing that includes fingerprinting mobile devices, wireless network probing and scanning, attacking wireless infrastructures, using network manipulation attacks and attacks against mobile applications and back-end applications.

For more info, here is the link for the class: http://www.sans.org/mentor/class/sec575-luxembourg-15jan2015-david-szili
My Mentor bio: http://www.sans.org/mentor/bios#david-szili 

Information on the class, special discounts and applying for the class: szili_(dot)_david_(at)_hotmail_(dot)_com

Additional info can be also found at: https://www.sans.org/mentor
Some special price is also available for this course. A few examples: http://www.sans.org/mentor/specials

Best regards,
David

Such low price. Very SANS. Much learning. Wow!

Related word

Posted by at No comments:

BEST PASSWORD MANAGERS FOR IOS

As I said, Apple's iOS is also prone to cyber attacks, so you can use some of the best password managers for iOS to secure your online accounts.

BEST PASSWORD MANAGERS FOR IOS

Here I have streamlined few of the best password managers for iOS including Keeper, OneSafe, Enpass, mSecure, LastPass, RoboForm, SplashID Safe and LoginBox Pro.

1. ONESAFE PASSWORD MANAGER (CROSS-PLATFORM)

OneSafe is one of the best Password Manager apps for iOS devices that lets you store not only your accounts' passwords but also sensitive documents, credit card details, photos, and more.
OneSafe password manager app for iOS encrypts your data behind a master password, with AES-256 encryption — the highest level available on mobile — and Touch ID. There is also an option for additional passwords for given folders.
OneSafe password manager for iOS also offers an in-app browser that supports autofill of logins, so that you don't need to enter your login details every time.
Besides this, OneSafe also provides advanced security for your accounts' passwords with features like auto-lock, intrusion detection, self-destruct mode, decoy safe and double protection.
Download OneSafe Password Manager: iOS | Mac | Android | Windows

2. SPLASHID SAFE PASSWORD MANAGER (CROSS-PLATFORM)

SplashID Safe is one of the oldest and best password management tools for iOS that allows users to securely store their login data and other sensitive information in an encrypted record.
All your information, including website logins, credit card and social security data, photos and file attachments, are protected with 256-bit encryption.
SplashID Safe Password Manager app for iOS also provides web autofill option, meaning you will not have to bother copy-pasting your passwords in login.
The free version of SplashID Safe app comes with basic record storage functionality, though you can opt for premium subscriptions that provide cross-device syncing among other premium features.
Download SplashID Safe Password Manager: Windows and Mac | iOS | Android

3. LOGIN BOX PRO PASSWORD MANAGER

LoginBox Pro is another great password manager app for iOS devices. The app provides a single tap login to any website you visit, making the password manager app as the safest and fastest way to sign in to password-protected internet sites.
LoginBox Password Manager app for iOS combines a password manager as well as a browser.
From the moment you download it, all your login actions, including entering information, tapping buttons, checking boxes, or answering security questions, automatically completes by the login box Password Manager app.
For security, the login box Password Manager app uses hardware-accelerated AES encryption and passcode to encrypt your data and save it on your device itself.
Download LoginBox Password Manager: iOS | Android

Related posts


Posted by at No comments:

Wednesday, April 15, 2020

Learn A-Z Kali_Linux Commands For Beginerrs

Iemhacker-linux-command-for-beginner

All commands (A-Z) for Kali Linux here:
A
apropos Search Help manual pages (man -k)
apt-get Search for and install software packages (Debian/Ubuntu)
aptitude Search for and install software packages (Debian/Ubuntu)
aspell Spell Checker
awk Find and Replace text, database sort/validate/index
B
basename Strip directory and suffix from filenames
bash GNU Bourne-Again SHell
bc Arbitrary precision calculator language
bg Send to background
break Exit from a loop •
builtin Run a shell builtin
bzip2 Compress or decompress named file(s)
C
cal Display a calendar
case Conditionally perform a command
cat Concatenate and print (display) the content of files
cd Change Directory
cfdisk Partition table manipulator for Linux
chgrp Change group ownership
chmod Change access permissions
chown Change file owner and group
chroot Run a command with a different root directory
chkconfig System services (runlevel)
cksum Print CRC checksum and byte counts
clear Clear terminal screen
cmp Compare two files
comm Compare two sorted files line by line
command Run a command – ignoring shell functions •
continue Resume the next iteration of a loop •
cp Copy one or more files to another location
cron Daemon to execute scheduled commands
crontab Schedule a command to run at a later time
csplit Split a file into context-determined pieces
cut Divide a file into several parts
D
date Display or change the date & time
dc Desk Calculator
dd Convert and copy a file, write disk headers, boot records
ddrescue Data recovery tool
declare Declare variables and give them attributes •
df Display free disk space
diff Display the differences between two files
diff3 Show differences among three files
dig DNS lookup
dir Briefly list directory contents
dircolors Colour setup for `ls'
dirname Convert a full pathname to just a path
dirs Display list of remembered directories
dmesg Print kernel & driver messages
du Estimate file space usage
E
echo Display message on screen •
egrep Search file(s) for lines that match an extended expression
eject Eject removable media
enable Enable and disable builtin shell commands •
env Environment variables
ethtool Ethernet card settings
eval Evaluate several commands/arguments
exec Execute a command
exit Exit the shell
expect Automate arbitrary applications accessed over a terminal
expand Convert tabs to spaces
export Set an environment variable
expr Evaluate expressions
F
false Do nothing, unsuccessfully
fdformat Low-level format a floppy disk
fdisk Partition table manipulator for Linux
fg Send job to foreground
fgrep Search file(s) for lines that match a fixed string
file Determine file type
find Search for files that meet a desired criteria
fmt Reformat paragraph text
fold Wrap text to fit a specified width.
for Expand words, and execute commands
format Format disks or tapes
free Display memory usage
fsck File system consistency check and repair
ftp File Transfer Protocol
function Define Function Macros
fuser Identify/kill the process that is accessing a file
G
gawk Find and Replace text within file(s)
getopts Parse positional parameters
grep Search file(s) for lines that match a given pattern
groupadd Add a user security group
groupdel Delete a group
groupmod Modify a group
groups Print group names a user is in
gzip Compress or decompress named file(s)
H
hash Remember the full pathname of a name argument
head Output the first part of file(s)
help Display help for a built-in command •
history Command History
hostname Print or set system name
I
iconv Convert the character set of a file
id Print user and group id's
if Conditionally perform a command
ifconfig Configure a network interface
ifdown Stop a network interface
ifup Start a network interface up
import Capture an X server screen and save the image to file
install Copy files and set attributes
J
jobs List active jobs •
join Join lines on a common field
K
kill Stop a process from running
killall Kill processes by name
L
less Display output one screen at a time
let Perform arithmetic on shell variables •
ln Create a symbolic link to a file
local Create variables •
locate Find files
logname Print current login name
logout Exit a login shell •
look Display lines beginning with a given string
lpc Line printer control program
lpr Off line print
lprint Print a file
lprintd Abort a print job
lprintq List the print queue
lprm Remove jobs from the print queue
ls List information about file(s)
lsof List open files
M
make Recompile a group of programs
man Help manual
mkdir Create new folder(s)
mkfifo Make FIFOs (named pipes)
mkisofs Create an hybrid ISO9660/JOLIET/HFS filesystem
mknod Make block or character special files
more Display output one screen at a time
mount Mount a file system
mtools Manipulate MS-DOS files
mtr Network diagnostics (traceroute/ping)
mv Move or rename files or directories
mmv Mass Move and rename (files)
N
netstat Networking information
nice Set the priority of a command or job
nl Number lines and write files
nohup Run a command immune to hangups
notify-send Send desktop notifications
nslookup Query Internet name servers interactively
O
open Open a file in its default application
op Operator access
P
passwd Modify a user password
paste Merge lines of files
pathchk Check file name portability
ping Test a network connection
pkill Stop processes from running
popd Restore the previous value of the current directory
pr Prepare files for printing
printcap Printer capability database
printenv Print environment variables
printf Format and print data •
ps Process status
pushd Save and then change the current directory
pwd Print Working Directory
Q
quota Display disk usage and limits
quotacheck Scan a file system for disk usage
quotactl Set disk quotas
R
ram ram disk device
rcp Copy files between two machines
read Read a line from standard input •
readarray Read from stdin into an array variable •
readonly Mark variables/functions as readonly
reboot Reboot the system
rename Rename files
renice Alter priority of running processes
remsync Synchronize remote files via email
return Exit a shell function
rev Reverse lines of a file
rm Remove files
rmdir Remove folder(s)
rsync Remote file copy (Synchronize file trees)
S
screen Multiplex terminal, run remote shells via ssh
scp Secure copy (remote file copy)
sdiff Merge two files interactively
sed Stream Editor
select Accept keyboard input
seq Print numeric sequences
set Manipulate shell variables and functions
sftp Secure File Transfer Program
shift Shift positional parameters
shopt Shell Options
shutdown Shutdown or restart linux
sleep Delay for a specified time
slocate Find files
sort Sort text files
source Run commands from a file `.'
split Split a file into fixed-size pieces
ssh Secure Shell client (remote login program)
strace Trace system calls and signals
su Substitute user identity
sudo Execute a command as another user
sum Print a checksum for a file
suspend Suspend execution of this shell •
symlink Make a new name for a file
sync Synchronize data on disk with memory
T
tail Output the last part of file
tar Tape ARchiver
tee Redirect output to multiple files
test Evaluate a conditional expression
time Measure Program running time
times User and system times
touch Change file timestamps
top List processes running on the system
traceroute Trace Route to Host
trap Run a command when a signal is set(bourne)
tr Translate, squeeze, and/or delete characters
true Do nothing, successfully
tsort Topological sort
tty Print filename of terminal on stdin
type Describe a command •
U
ulimit Limit user resources •
umask Users file creation mask
umount Unmount a device
unalias Remove an alias •
uname Print system information
unexpand Convert spaces to tabs
uniq Uniquify files
units Convert units from one scale to another
unset Remove variable or function names
unshar Unpack shell archive scripts
until Execute commands (until error)
uptime Show uptime
useradd Create new user account
userdel Delete a user account
usermod Modify user account
users List users currently logged in
uuencode Encode a binary file
uudecode Decode a file created by uuencode
V
v Verbosely list directory contents (`ls -l -b')
vdir Verbosely list directory contents (`ls -l -b')
vi Text Editor
vmstat Report virtual memory statistics
W
wait Wait for a process to complete •
watch Execute/display a program periodically
wc Print byte, word, and line counts
whereis Search the user's $path, man pages and source files for a program
which Search the user's $path for a program file
while Execute commands
who Print all usernames currently logged in
whoami Print the current user id and name (`id -un')
wget Retrieve web pages or files via HTTP, HTTPS or FTP
write Send a message to another user
X
xargs Execute utility, passing constructed argument list(s)
xdg-open Open a file or URL in the user's preferred application.
yes Print a string until interrupted
. Run a command script in the current shell
!! Run the last command again

Related posts


  1. Hacking Tools
  2. Hack Tools For Games
  3. Hacker Tools Linux
  4. Hacking Tools 2020
  5. Best Pentesting Tools 2018
  6. Hacking Tools Github
  7. Pentest Tools Free
  8. Game Hacking
  9. Hacker Tools Free
  10. Tools 4 Hack
  11. Hacking Tools For Pc
  12. Best Hacking Tools 2020
  13. How To Hack
  14. Android Hack Tools Github
  15. Kik Hack Tools
  16. Hacking Tools 2019
  17. Hacker Hardware Tools
  18. Hacker Security Tools
Posted by at No comments:
Subscribe to: Posts (Atom)