Packet Squirrel

On these days I could get my hands on a really cool device from hak5, the Packet Squirrel, which can be used for an Ethernet man-in-the-middle attack, being able to use it as a sniffer or to get remote access to a network.

Capture.PNG

This tiny device has a button to turn it in, an Ethernet in port, an Ethernet out port, a microusb por for power, a usb port for storage and a switch to select which of the payloads to run.

31948633_10156605872783311_5151475695712468992_n.jpg

squirrel

The default payloads the packet squirrel has are:

  • TCP Dump: . It allows the user to display TCP/IP and other packets being transmitted or received over a network
  • DNS Spoof: Alters the DNS directions from the victim to show a different page
  • OpenVPN: Provide remote acces to the network or client tuneling

To use de TCP dump you just need to select the first payload, moving the swithc until the left and connect it to the device you want to see the traffic. Then the led will start to flash yellow indicating it is saving the traffic in the usb flash until you push the button to indicate you are done. Finally plug the usb to you PC to see a pcap file, which you can inspect the traffic with a protocol analyzer, like Wireshark.

dumptrafico

In the case of the DNS spoof you need to enter the arming mode of the packet squirrel (rightmost side), and configure the spoofhost file with the domain and the ip you want to set.

putty

With the OpenVPN you can provide remote access to the network, the target device will have access to the network in the Ethernet out port without interruption, the OpenVPN will be established enabling remote acces to the pcket squirrel

Also it can be used to tunnel the traffic from the target device through the OpenVPN connection, by changing the configuration to allow 1 client.

sjfad

To set the OpenVPN server side there is a set of videos from hak5 that can be quite useful.

From the shell in the cloud server you need to write to start setting the OpenVPN

wget https://git.io/vpn -o openvpn.sh && bash openvpn.sh

This will generate a client.ovpn file that needs to be copied on /root/payloads/switch3/config.ovpn. With all that you can try the OpenVPN moving the swith of the packet squirrel to the third position.

From all I could see while using the Packet Squirrel I think it is a great device, it is really small, so you can carry it easily with you, it is simple to use, just moving the switch to adifferent position and it can be configured in no time with the default payloads or create your own payloads.

 

*I didn’t receive any money for this post.

Master Key for hotels

There are may things someone takes i count to select a hotel to stay, the luxury, wifi connection, pool, air conditioner and many others. but something really important is that your stuff remains safe, knowing that no one can enter without your permission, including the cleaning staff.

Blog-Post-3-Photo-1.jpg

That is why a new exploit discovered by F-Secure researchers is important,  a vulnerability in a popular and widely used electronic lock system (Assa Abloy) that can be exploited to unlock every locked room in a facility

 

For this hack, the attacker needs access to any target hotel key, even though it isn’t from a room or it has expired. Then he would need a portable programmer with a custome code they created, it is hold near the lock to open and in a minute it will be unlocked.

 

 

The researchers, for obvious reasons didn’t released the code for the master key and, in fact, showed the findings to the affected company. With Assa, the worked for over a year to recently release an update that fixes the problem

References:

https://thehackernews.com/2018/04/hacking-hotel-master-key.html

Researchers Find Way to Create Master Keys to Hotels

Honeypot

A way to be prevented in case someones is trying to access your server is to put a fake system, a trap to detect when an attacker is trying to access without the administrator’s permission. It is a great way to protect a system because it turns the tables tpo the hackers, not letting them access,helping the admin to know when he is being attacked, learn from it and improve the security.

honey

In general there are two main types of honeypots:

Production Honeypot: Used by companies and corporations for the purpose of researching the motives of hackers as well as diverting and mitigating the risk of attacks on the overall network.

Research Honeypot: Used by nonprofit organizations and educational institutions for the sole purpose of researching the motives and tactics of the hacker community for targeting different networks.

When configuring your honepot you should have logs for all devices in the honeypot sent to a centralized logging server, and all the security stuff must be noticed when someone is doing an attack, that way the staff will be ready to monitor al keep track of what the hacker is doing and make sure the real environment is not compromised.

It is also important that your honeypot system is attractive to a potential attacker. This can be done by keeping it not so secure to encourage the attacker to go for the honeypot:

  • It should have ports that respond to port scans, have user accounts and various system files.
  • Passwords to fake accounts should be weak,
  • certain vulnerable ports should be left open.

 

 

 

honey2

Advantages

  • Collects real attacks data.
  • Reduced false positives.
  • Does not require high-performance resource.
  • Hacker activity is captured, even if its encrypted.
  •  Simple to understand, deploy and maintain.

 

References:

http://www.thewindowsclub.com/what-are-honeypots

https://www.techopedia.com/definition/10278/honeypot

https://www.networkworld.com/article/3234692/lan-wan/increase-your-network-security-deploy-a-honeypot.html

Skygofree

Most of mobiles Malware do relatively simple stuff, stealing data, mining cryptocurrency or encrypting files, but some months ago a very sophisticated one was discorevered, Skygofree.

ChessMaster_s-Recovered-Recovered

Some of the functions that make Skygofree terrifying are:

  • It can turn on the microphone for audio recording when the device is in a determined location
  • It can connect to networks controlled by the hackers, even with Wi-Fi disabled on the device, giving access to all the user’s traffic (passwords, credit cards, sites visited).
  • The stealing of WhatsApp messages via Accessibility Services
  • Secretly turning on the front-facing camera and take photos or videos

The main way on infection is through fake Mobile operators pages, where the user downloads an “update” and get infected. Once on the Phone, it shows a progress bar while waiting for instructions on what to do from the attackers.

The virus also has a way to protect itself, it can show a fake notification to prevent killing the background services it use.

Skygofree uses exploits to get the root privileges by looking for the device in a database of mobiles, to adjust itself on what it is attacking and exploiting its vulnerabilities.

180115-skygofree-13

So far Skygofree has only been seing on some parts of Italy, however, due to all the damage it can cause it is better to be prevented by only downloading apps from official sources and disabling installation of third-party apps.

References:

https://www.kaspersky.com/blog/skygofree-smart-trojan/20717/

https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/

Let others mine for you

Why bothering in using your own resources, GPU, CPU, etc. zxcon mining cryptocoins when you can trick others to make it for you? That’s what the people who use Coinhive think.

According to Krebs, “Coinhive is a cryptocurrency mining service that relies on a small chunk of computer code designed to be installed on Web sites. The code uses some or all of the computing power of any browser that visits the site in question, enlisting the machine in a bid to mine bits of the Monero cryptocurrency.”

zcvThat means that when someone visits site with Coinhive on it part of the resources from the device the user is using to browse the page will be used to mine for the person who put the code there.

 

Even though Bitcoin is the most famous cryptocurrency, Coinhive uses Monero for a good reason, it has a better privacy than Bitcoin. It is virtually untraceable, without a way others besides the parts of the transaction can track it. Their transactions  automatically have privacy features applied. You never have to request and then verify whether other people have enabled a privacy mechanism when sending you funds.

zbx

The most common use of Coinhive is adding directly on the page, without the administrators permission many times, a part of code in the <head> </head>  tags. With that and adding your public key for all the the Moneros you earn you are ready to let others do the mining

como-agregar-el-codigo-de-coinhive-a-mi-web

For more information on setting Coinhive and all of its uses you can check the documentation at https://coinhive.com/documentation/miner

 

 

References:

https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/

https://moneyonlinenow.top/coinhive-espanol-que-es-como-funciona/

https://coinhive.com/documentation/miner

https://www.monero.how/why-monero-vs-bitcoin

Your facebook data

Recently, there has been seeing in the news that the information facebook gathers of its users has been used by private companies, like Cambridge Analytica, more specifically in the use of information for electoral purposes in many countries, like USA.

A man poses with a magnifier in front of a Facebook logo on display in this illustration taken in Sarajevo

After that scandal, Facebook has been the center of the atenttion on all the media, because Facebook’s users has realized all the information it keeps from them. if you would like to know all they have about you, it is posible to download that data.

Steps:

First you go to the drop-down menu at the rightest part of the navigation bar and select settings.

1qaz

It will open the General Account Settings, where below the account info you can find a link to download a copy of your facebook data.

2wsx

It will take some time to download a kind of heavy zip file with the data. After downloading it, it’s time to extract it and see all they have about you.

 

If you would like to go a little step further you can check de script by Dylan Mckay on Ruby to collect phone statitics from your facebook user data. To use this script you need Ruby 2.1 or greater and the Nokogiri library.

To run the script you put in in your facebook folder alongside hrml, messages, and photos folder and run ruby facebook-contact-info-summary.rb

qsqsqs

In my case I am glad I didn’t give the permissions in my cellphone, but it is interesting to look at all the could get from me if I had.

References: https://gist.github.com/dylanmckay/2b191a10068bd87d0fffba242db44b52

Autosploit

Autosploit is a tool developed by a cyber security enthusiat that combines two tools, Metasploit and Shodan, making it pretty easy to hack someone by using automated tools anyone could use without lots of skills.AmateurHacker-TopArt

According to its author, “AutoSploit attempts to automate the exploitation of remote hosts.” To do that, the Python script uses command line interfaces and text files to extract data from the Shodan database, which is a search engine that taps into scan data on millions of Internet-connected systems. AutoSploit then runs shell commands to execute the Metasploit penetration testing framework.

You just ype in keywords to locate certain devices or targets, and AutoSploit will both list available targets and allow hackers to launch a menu of pre-loaded hacking techniques against them.

In the Shodan part, you type the query you want it it will return you the IP address from the device, then in Metasploit it uses the text that was used for Shodan and run the exploit, if everything works well, the script will then kick off Metasploit attacks against all the hosts.

AutoSploit

The release of Autosploit caused a controversy, security experts thought that releasing automated tools that would do the hacking easier is a terrible error,  because anyone could do something with the tool even without hacking knowledge. Personally I think releasing Autosploit can make a lot of damage, giving scripts anyone could use is very wrong, people may not know what they are really doing and create a great damage, and it also makes hackers job easier, putting in risk thousands of devices.

 

Bibliography

https://github.com/NullArray/AutoSploit

Gallagher, S. (2018). Threat or menace? “Autosploit” tool sparks fears of empowered “script kiddies”. Arstechnica. Recovery date: February 2nd 2018. Recovered from: https://arstechnica.com/information-technology/2018/02/threat-or-menace-autosploit-tool-sparks-fears-of-empowered-script-kiddies/

Greenberg, A. (2018). SECURITY NEWS THIS WEEK: ‘AUTOSPLOIT’ TOOL MAKES UNSKILLED HACKING EASIER THAN EVER. Wired. Recovery date: February 2nd 2018. Recovered from: https://www.wired.com/story/autosploit-tool-makes-unskilled-hacking-easier-than-ever/