NetHunter Article Featured in Hakin9 Magazine

The latest Hakin9 Magazine is out! This issue is all about Android security and features my article on using Kali NetHunter and Responder together for getting quick user credentials.

Front Cover

In my article I explain how you could recover network credentials from a Windows network using the Android based Kali NetHunter and Responder (an LLMNR, NBT-NS & MDNS poisoner). I also show how you can “pass the hash” with credentials obtained and gain remote shell access to an unsecured or improperly secured Windows Server.

Other Articles in this Issue Include:

Mobile Penetration Testing Tutorial

by Olivia Orr

The objective of this tutorial is to learn the most common vulnerabilities in mobile applications using an app intentionally designed to be insecure. This tutorial will be based on the Windows platform, but you can use other systems if you wish.

Quick Android Review Kit (QARK) – A comrade for Android security analysis

by Vinayak Joshi and Venkatesh Sivakumar (Pranav Venkat)

QARK stands for Quick Android Review Kit. A quirky companion to get the hidden potential vulnerabilities of any Android applications. It is an open community tool designed to assist mobile application security pentesters to leverage its capabilities to reverse engineer mobile applications and conduct static analysis on the hidden vulnerabilities that can potentially create critical breaches. This article will explain how to use it.

Peeping Inside Android Applications: Reverse Engineering with Androguard

by Ajit Kumar

Reverse engineering is one of the ways to find out what’s inside of any Android applications; it also helps developers to learn, test and debug their and applications as well as applications written by others. Reverse engineering is a complex and cumbersome task, so tools like Androguard make this task automated and hence ease the job of reverse engineers. This tutorial provides a brief introduction of Androguard, explains various tools available inside Androguard and provides some examples of basic reverse engineering with Androguard.

And much more, check it out!


Malware Infection Rate by Country – Who has the most Viruses?

Ever wonder what the world virus infection rate is? Or how your country stands in protecting their system from viruses? Well, look no further than BitDefender’s Real Time Virus Reports at

Setting the sample rate to 7 days and you find that:

  • US sits at a 58%
  • UK – 55.05%
  • India – 62.53%
  • Russia – 83.92%
  • Germany – 34.13%
  • Italy – 35.55%

Iran takes the prize as most infected, 97.95% of systems scanned had malware!

Okay, a look at the top viruses for each country shows a lot of cookie based viruses. Which may or may not be real viruses, but the rates are high none the less.

But how does this compare to what other vendors are finding?

According to the latest Panda Labs virus report, the countries that had the most viruses for the 3rd Quarter of 2011 are:

And the least infected countries for Q3 2011:

That is a lot of infected machines. You have to wonder how many of those systems are infected with Bot malware, credential stealing viruses or backdoor trojans.

Always install your operating system and application software updates, keep your anti-virus up to date, use a firewall and a script blocking program like NoScript.

25 Passwords NOT to use on the Internet

Are you using the password “password” or “123456”? If so congratulations! You are using one of the top two worst and easiest to guess passwords on the internet!

Splashdata creates an annual list of the worst passwords to use on the net and here are the top 10 for 2011:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon

If you are using any of these or the other 15, change them now.

This is very interesting, but how does this compare to lists that have been released from actual hacker attacks? Surely no one would use ‘password’ or ‘123456’ as a password in real life. Or would they?

Last year the Wall Street Journal released a list of the top 50 passwords pulled from the Gawker Media hack. Gawker Media runs numerous websites including the popular Lifehacker, and Gizmodo sites. The hackers publicly posted a list of user names, e-mail addresses, and you guessed it, passwords.

The top 10?

  1. 123456
  2. password
  3. 12345678
  4. lifehack
  5. qwerty
  6. abc123
  7. 111111
  8. monkey
  9. consumer
  10. 12345

And if we expand the Gawker password list to include 12 – 14 we also get:

  1. letmein
  2. trustno1
  3. dragon

Do you see any passwords that match between those two lists? How about most of them…

The majority of these make sense, common keys next to each other, and common phrases, but what is up with “monkey” and “dragon”?

The best bet when creating a strong password is to use a long complex sequence of upper and lowercase letters, numbers  and symbols. Something like:


Also, don’t use the same password for several sites, or use your work passwords at home. Using complex passwords will go a long way in securing your online activities.

Duqu Installer Contained Microsoft Word Zero-Day Exploit

Earlier this week Symantec released an update on Duqu. Apparently an installer was found for Duqu (dubbed Stuxnet II) that used a Microsoft Zero-day:

“The installer file is a Microsoft Word document (.doc) that exploits a previously unknown kernel vulnerability that allows code execution. We contacted Microsoft regarding the vulnerability and they’re working diligently towards issuing a patch and advisory. When the file is opened, malicious code executes and installs the main Duqu binaries.”

So far Duqu infections have been confirmed in six organizations in eight countries. The locations include France, India, Iran and Sudan.

In a short release on Tuesday, Microsoft stated that they know of the threat and are working on getting it patched, “We are working diligently to address this issue and will release a security update for customers.”