Wifite Walkthrough part 1

By Prateek Gianchandani

In this article series, we will look at a tool named Wifite suitable for automated auditing of wireless networks. Most of you who have experience in wireless pentesting would use tools like airmon-ng, aireplay-ng, airodump-ng, aircrack-ng to crack wireless networks. This would involve a sequence of steps, like capturing a specific numbers of IV’s in case of WEP, capturing the WPA handshake in case of WPA etc, and then subsequently using aircrack-ng to crack the password required for authentication to the network. Wifite aims to ease this process by using a wrapper over all these tools and thus making it super easy to crack Wifi networks Here is a list of features of Wifite as per its official homepage. sorts targets by signal strength (in dB); cracks closest access points first automatically de-authenticates clients of hidden networks to reveal SSIDs numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc) cus…

» Read more

Backtrack 5 R3 Walkthrough part 2

By Prateek Gianchandani

This article is in continuation to part 1 of the Backtrack Walkthrough Series. In the previous articles we discussed some of the most important new tools that were added in the most recent revision of Backtrack 5 like Dnmap, Fern-Wifi-Cracker etc. In this article we will look at some of the other main tools added in Backtrack 5 R3. HTExploit HTExploit was released at Blackhat 2012 by Matias KATZ and Maximiliano SOLER. HTExploit (HiperText access Exploit) is a tool that is used to bypass authentication mechanisms which is deployed on websites using .htaccess files. The tool is written in Python. Once the restriction is bypassed, it will be possible to figure out the contents of a directory and even download those files. The tool works in a recursive manner,i.e once it downloads the first chunk of files, it looks for links inside those files and downloads those files as well. This process keeps on going until it has downloaded the entire content of the directory. It then generates a…

» Read more

TP Link Archer C5 Router Hacking

Today we got our hands on a brand new TP Link Archer C5 router which we will be testing for known vulnerabilities such as hidden backdoors and vulnerabilities, brute force default passwords and WPS vulnerabilities. In this new WiFi hacking tutorial we will be using different tools on Kali Linux 2.0 like Reaver, pixiewps and the Aircrack-ng suite to exploit possible vulnerabilities. TP Link is known to use easy to break default passwords such as the WPS PIN as default wireless password or a password which is derived directly from the MAC address. Especially the last one would make it very easy to retrieve the password because the MAC address is not meant to be secret and is actually send with every single wireless packet send from the router. With a packet analyser like Wireshark it is very easy to retrieve MAC addresses from sending and receiving devices, including the router. In this tutorial we’ll be using airodump-ng for this purpose.

» Read more

The Big Chill: Legal Landmines that Stifle Research and How to Disarm them

By Trey Ford, Marcia Hofmann, Kevin Bankston

Security research is a dangerous business. The threat of lawsuits or even prosecution hangs heavy over the heads of white hat hackers as well as black hats. From Dmitry Skylarov being prosecuted for cracking ebook crypto back in 2001, to Weev being prosecuted today for exposing flaws in AT&T’s website security, the legal landscape is littered with potential landmines for those trying to improve Internet and software security. When a major company like Google can be sued for billions over its interception of unencrypted WiFi signals, what’s a wireless security researcher to do? When an Internet luminary like Aaron Swartz can be threatened with decades of jail time for his open data activism, what’s your average pen tester supposed to think? How serious are these threats – and what can researchers do to avoid them, and maybe even fix the law?

» Read more

Alternative Wi-Fi Cracking

By Warlock

“WiFi” is the short form for Wireless Fidelity. It is a high speed internet and network connection without the use of wires or cables. It means a type of wireless networking protocol that allows devices to communicate and transfer data wirelessly without cords or cables. Wi-Fi is the registered trademark of Wi-Fi Alliance organization who own it. It defines any wireless local area network which is based on Institute of Electrical and Electronics Engineers (IEEE) 802.11 standards.Devices like video game consoles, camera, mobile etc. which have Wi-Fi functionality can connect to internet by using any wireless access point. Such an access point has a range of about 20 meters (65 feet) indoors and a greater range outdoors. Below is an example of an outdoor wireless access point.

» Read more

ICSCorsair: How I Will PWN Your ERP Through 4-20 mA Current Loop

By Alexander Bolshev, Gleb Cherbov

ICSCorsair is an open hardware tool for auditing low-level ICS protocols. It can communicate with various systems using HART FSK and P8CSK, Foundation Fieldbus H1, Profibus, and Modbus protocols. You can control ICSCorsair via USB cable or remotely over WiFi, Bluetooth, or other wireless connection. Different software will be presented to work with ICSCorsair: Metasploit modules, apps for iOS, and Android, etc. In this talk, it will be shown how to trigger such vulnerabilities as XXE, DoS, XSS, and others in SCADA, PAS, ERP, and MES systems using only ICSCorsair and the opportunity to connect to low-level ICS protocol line.

» Read more

Penetration Testing for iPhone Applications- Part 2

By Satish B.

In the first part of this article, we discussed the iPhone application traffic analysis. In this part, we will take a look at the privacy issues and the application local data storage. Privacy issues Every iPhone has an associated unique device Identifier derived from a set of hardware attributes called UDID. UDID is burned into the device and one cannot remove or change it. However, it can be spoofed with the help of tools like UDID Faker. UDID of the latest iPhone is computed with the formula given below – UDID = SHA1(Serial Number + ECID + LOWERCASE (WiFi Address) + LOWERCASE(Bluetooth Address)) UDID is exposed to application developers through an API which would allow them to access the UDID of an iPhone without requiring the device owner’s permission. The code snippet shown below is used to collect the UDID of a device, later which can used to track the user’s behavior

» Read more

Ghost Push Trojan still a major threat two years later

By Derek Kortepeter

Early last year, a Trojan virus by the name of Ghost Push infected 900,000 Android devices. Researchers at Google and elsewhere discovered that the Trojan was able to evade security measures on Google Play and third party sites. After the defenses were bolstered at these app stores, Ghost Push coders developed different offshoots of the Trojan. Now it appears that the virus is affecting Android users in catastrophic numbers once again. In a report published by Cheetah Mobile Security, researchers have identified the most recent infection pathways affecting Android devices. Pornographic links, malicious ad links (in apps and browsers), and apps themselves appear to be the most prevalent infection vectors. In particular, Cheetah Mobile found that two Android applications, Wireless Optimizer and WiFi Master Pro, not only carried Ghost Push but used the Trojan to gain root access.

» Read more

pWeb Suite – A Set of Web Pentesting Tools

By Jay Turla
pWeb Suite (formerly known as pCrack Suite) is a set of Perl-based penetration testing tools primarily focused on web application security and vulnerability testing. This tool is brought to you by Douglas Berdeaux, a.k.a Trevelyn, who is the founder of Weaknet Laboratories and the lead developer of known open source security projects and tools like WEAKERTHAN Linux (a penetration testing distro aimed for wireless penetration testing and web application security), Warcarrier OS (Live DVD for WiFi, GPS, Bluetooth, and Radio hacking), WiFiCake-NG, WardriveSQL, GPS-Parser-ng, WPA Phishing Attack for EAP Phishing, SSWR (Scripted Security for Wireless Routers), Catchme-NG, Perlwd (Perl UNiX MD5 HASH Cracking application), and many more.

» Read more

QR Code: USSD attack

By Bhavesh Naik

The QR code or Quick Response code was originally designed for industrial applications, and has quickly gained popularity in the advertising industry. With the huge popularity and sales in smartphone and tablets every year, these QR codes are beloved by marketers. What a typical QR contains A QR code can contain an electronic version of the contact information. A QR code can contain event information. Scan the code on a poster and the app automatically adds its name and location to the agenda on your smartphone. A QR code can contain WIFI configuration data. In my previous article: http://resources.infosecinstitute.com/what-is-behind-that-qr-code/ , I mentioned how attackers depend on human curiosity and the innate obfuscation of the QR codes to craft an attack. Various protocols invoking service set commands on the mobile devices are misused by exploiting vulnerabilities on mobile platform. QR codes are used as an attack vector to harm mobile users.

» Read more

1 5 6 7 8 9 28