Looking at North Korea’s IP Space with Shodan

With all the news about North Korea’s online capabilities being shutdown I figured I would take a quick look at their IP space with Shodan, the “hacker’s Google”.

First I pulled up North Korea’s main IP space of 175.45.176.0 – 175.45.176.255 and found about 755  returns, 234 being SIP or Voice over IP – basically some sort of voice/video device.

But what if we filter the search to just look for regular servers?

8 results! You read that right, just eight! Most of them run some sort of CentOS Linux version with Apache. Looking at the rest of their IP space I found the following:

• net:175.45.177.0/24 server turned up 2 more.
• net:175.45.178.0/24 server turned up 8.
• And finally net:175.45.179.0/24 server returned with 2.

So according to these searches with Shodan, N. Korea has around 20 servers active. Not a massive internet presence by any stretch of the imagination.

North Korea – Massive Internet Outage – Really?

The latest news in the Sony/ North Korea hacking saga is a reported wide internet outage in North Korea. As President Obama said that the US would respond to the Sony hack, many are already assuming that the US is responsible for the internet outage.

When I heard about this “wide spread” outage in North Korea, I laughed, I really did – As N. Korea is one of the least connected countries in the world!

As of latest estimates, North Korea has a grand total of 1,024 internet capable addresses. In 2012 they ranked 212th in the connected world with a grand total of 8 (8!!) internet hosts. Compare that with the 505 Million hosts in the US and you can quickly see why the US is at greater risk of hacker type attacks than the North Koreans.

It would seem that electricity is also in limited supply as this night picture of N. Korea shows:

According to one silly report, North Korea’s internet was down, because “glorious leader” Kim Jong-un needed the land line to make a call to Russian leader Vladmir Putin as “The entire country’s Internet is currently sourced to a 54k modem in the presidential palace.“

Any direct online or Denial of Service “Internet Outage” type attacks against N. Korea will have limited, if any success as a deterrent. North Korea cyber war forces work very closely with the Chinese and if the N. Korean’s did hack Sony (which is still very doubtful) chances are that China would also be involved either directly or indirectly.

Installing Veil Framework on Kali Linux

I have been notified that they are problems installing Veil Framework (AV bypass) in Kali using the apt-get install command. From the creator’s website it looks like the recommended install is to now clone Veil from the Github repository and then run the included setup routine.

Instructions can be found at the Veil Framework updates page, but I will include a tutorial here.

For advanced users:

$ git clone https://github.com/Veil-Framework/Veil-Evasion.git
$ cd Veil-Evasion/setup/
$ ./setup.sh

Then just follow through the install, taking the defaults.

Step-by-Step Guide

From a Kali terminal prompt type, “git clone https://github.com/Veil-Framework/Veil-Evasion.git. This will clone Veil into the “Veil-Evasion” directory. When done change to the “Veil-Evasion/setup” directory and run “./setup.sh”:

Type, “Y” when prompted to continue with install, then sit back and relax, as the next part can take a while.

At the Python setup screen just click, “Next”:

At the Select Destination Directory screen, leave the default destination and click “Next”, then click “Yes” when prompted to overwrite existing Python files:

Continue through Python install leaving default settings, click “Finish” when done.

The install then begins the pywin32 setup.

At the main pywin32 setup screen, press “Next” to continue:

Leave default values on the Python directory location screen and click “next”, then “next” again, and “finish” to complete install.

The install then begins the pycrypto setup.

At the main pycrypto setup screen, press “Next” to continue:

Again leave the Python information that is populated by default and click “Next”, “next” again and then “Finish” when done.

Setup will then complete. And that is it; we are now ready to run Veil!

Running Veil Evasion

From the Veil-Evasion directory, run “./Veil-Evasion.py”, and you will see the main Veil Screen:

And there you go, you are now all set to use Veil Evasion on Kali Linux!

(** Note: My book, Basic Security Testing with Kali Linux which includes a tutorial on using Veil Evasion, is in the process of being updated to reflect the install tutorial changes.)

Hacking the Holidays! Computer Security Book Gift Ideas

Got a computer security guru on your shopping list and don’t know what to get them? Or tired of getting socks and sweaters for Christmas and want something you can really use? We have put together a list of some of the best selling security books for 2014!

Check out these excellent computer security books:

 

Basic Security Testing with Kali Linux

Great book for those new to the security field or seasoned expert looking for a reference guide. Learn computer security testing with easy to follow, step-by-step tutorials using Kali Linux. In-depth sections on Metasploit,  Exploiting Windows and Linux Systems, Wi-Fi security testing, Social Engineering attacks and much more. If you are looking for a security book to get you started in the field, this is it!

 

RTFM: Red Team Field Manual

A no fluff, but thorough reference guide for serious Red Team members who routinely find themselves on a mission without Google or the time to scan through a man page. The RTFM contains the basic syntax for commonly used Linux and Windows command line tools, but it also encapsulates unique use cases for powerful tools such as Python and Windows PowerShell.

 

 

Black Hat Python: Python Programming for Hackers and Pentesters

A follow-up to the perennial best-seller Gray Hat Python, Justin Seitz’s Black Hat Python explores the darker side of Python’s capabilities—writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, extending the popular web hacking tool Burp Suite, and more.

 

 

The Art of Memory Forensics

Memory forensics provides cutting edge technology to help investigate digital attacks Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. Experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics-now the most sought after skill in the digital forensics and incident response fields.

 

The Hacker Playbook: Practical Guide To Penetration Testing

Just as a professional athlete doesn’t show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either. The Hacker Playbook provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the “game” of penetration hacking features hands-on examples and helpful advice.

 

Looking for more ideas?

• Kali Linux Network Scanning Cookbook
• Metasploit: The Penetration Tester’s Guide
• The Practice of Network Security Monitoring
• Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
• Blue Team Handbook: Incident Response Edition
• BackTrack 5 Wireless Penetration Testing Beginner’s Guide

We hope you enjoyed the list, have a great Holiday season!