Hacker 10 – Security Hacker

Author: John Durret

  • Intercept communications with data tampering tool HookME

    Intercept communications with data tampering tool HookME

    HookME is a free open source Windows tool to intercept network communications hooking up desired processes and API calls, including SSL clear data, the unencrypted SSL headers.

    The software download is initially tiny (125Kb), when you try to install it you will get a message saying it requires supplemental .dll and .db files to work, over 30MB of files will be automatically downloaded by HookME from a third party site, you will also be asked to register the new .dll dependencies giving administrative rights to Windows Command Processor, the installation process could make some people feel uneasy about this tool containing malware, the only guarantee you have is that HookME is developed by well known OSINT FOCA creators.

    Every time you start the software you will be shown a small Netkra Deviare unregistered license splash screen, you don’t have to buy a license but it will get rid of the initial screen if you do.

    TCP data tampering tool HookME
    TCP data tampering tool HookME

    The software has a tabbed user interface that can be used to intercept any hooked API call and read the data that is being sent and received, you can change intercepted packets in real time, dropping or forwarding them, a Python plugin system allows for anyone to create their own custom addon, there are some templates for that. HookME developer showed in BlackHat Europe 2013 conference how to easily intercept MySQL data and inject a backdoor on the fly with a few clicks executing remote commands.

    Real time intercepted data can be seen in the user interface Hex editor showing you hexadecimal numbers and their corresponding text meaning, you can highlight data packets and click on the “Drop” or “Forward” buttons, a small window below the program lets you know what process is hooked, for example it will show firefox.exe if you are eavesdropping on a Firefox browser session.

    This tool can be used for penetration testing creating malware and backdoors in network protocols or to uncover rootkits hooking up API calls, the main challenge for an attacker to use HookME against you would be getting access to your network first.

    Visit HookME homepage

  • Moscrack wireless WPA cracking with cluster computers

    Moscrack wireless WPA cracking with cluster computers

    The Multifarious On-demand Systems Cracker is a Perl application based on Aircrack-NG to crack wireless WPA keys using cluster computers, it can be deployed in Mosix, an operating system distributed across multiple Linux machines taking advantage of conglomerated computer processors or run in collective SSH nodes, clusters can be build up with any Unix operating system, including the iPhone, MacOSX, or Windows and Cygwin, it has also been tested on an Android phone running as a SSH node, best of all you can run Moscrack on the cheap from the Amazon EC2 cloud computing platform.

    The program splits a word list into chunks and processes them in parallel in between all of the nodes. If you don’t have access to a computer cluster it is possible to use Moscrack with CUDA,  an NVIDIA parallel computing platform implemented in graphics cards, you will need to install  aircrack-ng-cuda and adjust moscrack.conf (configuration file).

    Moscrack cloud wireless WPA cracking
    Moscrack cloud wireless WPA cracking

    Moscrack command line interface shows a word list progress expressed in percentage, estimated completion time, running time, server status, cluster speed and other very complete verbose data, GUI interface is optional, it will be more suitable that you run the command line version to feel comfortable from the shell helping you to understand how concepts work, the GUI is pretty basic.

    The program has been designed to run for weeks or months, you can leave it on and forget about the program until the job is done, functions go beyond WPA cracking, adding the Dehasher plugin will compare SHA256/512, DES, MD5 and Blowfish hashes to crack them, if you don’t wish to install this tool in your computer, a Moscrack Live CD running Suse Linux is available for download.

    Visit Moscrack homepage

  • Encrypted chat for iPhone and iPad with ChatSecure

    Encrypted chat for iPhone and iPad with ChatSecure

    ChatSecure is a free iOS app for end to end encrypted chat with the Off The Record messaging system able to communicate with any chat software based on XMPP, like Google Talk, Jabber, Facebook, Oscar IM and ChatSecure in Android, it will not work with Yahoo Messenger or Skype contacts.

    The app settings are simple but effective, you can change chat font size, set to autodelete chats on disconnect and get a warning before automatic sign out, your friends (Buddy list) chat accounts are accessible with a single tab on the side bar, each account has a logo indicating the messaging system your they are using, when you first establish a connection you will be shown the encryption key fingerprint and ask to verify it, this stops man in the middle attacks where someone injects a fake encryption key in between you and the other end to be able to listen in.

    ChatSecure encrypted iPad chat
    ChatSecure encrypted iPad chat

    With this app there is no central server to store or monitor your data and third party eavesdropping is not possible because ChatSecure encrypts communications but you would still need to make sure that your acquaintance mobile device has not been stolen and he is who he claims to be, you also need to be aware that you are not anonymous in ChatSecure, the app will encrypt messaging but not hide the IP behind them, for anonymity add a VPN provider before starting the chat.

    ChatSecure offers perfect forward secrecy, this means that temporary private encryption keys are generated for each session so if you lose them the keys can not be used to decrypt past chat logs or linked to you.

    Visit ChatSecure iTunes homepage

  • Internet Relay Chat encryption with Dirt

    Internet Relay Chat encryption with Dirt

    Dirt is an open source project adding FiSH compatible chat encryption to any IRC client, it can be used as Socks4 proxy or bouncer. Dirt only allows localhost (127.0.0.1) connections, this is to make sure that encrypted text will not leak out of your machine, the listening port for Socks4 is 1088 and the 6666 port is used when acting as a bouncer, settings can be changed modifying “dirt.ini” with a text editor.

    After installation you will notice a Dirt icon in your system tray, to use Dirt in mIRC, a popular Windows IRC chat client, you need to access Tools>Options>Connect>Firewall and enter the appropriate hostname (127.0.0.1) and port number. Once connected you can type /dirt to see a list of all possible commands,

    mIRC dirt encryption IRC chat
    mIRC dirt encryption IRC chat

    For those not aware, FiSH is a widely available IRC plugin providing Blowfish encryption grade to IRC chat, you can find it in the Linux command line irssi IRC client and many others. If you use a Mac computer or Debian Linux you could try FiSHLiM, a plugin for FiSH IRC encryption working in XChat and HexChat IRC chat clients.

    Dirt works in Windows, Linux and BSD but it is still in development, another alternative could be using psyBNC, an IRC bouncer that replaces your computer IP with a virtual host (vHost) and supports channel encryption with Blowfish and IDEA algorithm, you will need a shell account to manage psyBNC, there are many companies offering them at cut-prize with easy configuration instructions, they are normally used by channel administrators to handle abuse.

    Visit Dirt IRC encryption homepage

  • Android and iPhone Radio Police Scanner

    Android and iPhone Radio Police Scanner

    Radio Police Scanner Lite is a free app preconfigured with a list of emergency services radio frequencies, it can listen in to firefighters, ham radio, aircraft and live police radio, each feed comes from a person owning a police scanner in that geographical zone and sharing it via the Internet. Stations are classified by region and country with a built-in emergency services code to interpret what they are talking about, you can add any radio frequency broadcasted over the web in the RSS feeds link, it will automatically reconnect to the feed if it loses connection, favourites can be pinned to the front screen and accessible with a single tap.

    There is only a delay of a couple of seconds in between the real talking and the broadcasting, you can browse the Internet while listening to a feed in the background, the only thing not guaranteed is that your country will be covered but the app is continuously expanding radio feeds, the paid for version of this app comes with thousands more of radio frequencies.

    Radio Police Scanner smartphone
    Radio Police Scanner smartphone

    Many of the radio frequencies will be silent, the best way to spot what are the most active channels is by looking at the popularity of each feed, the more listeners the more likely it is that there is something going on or talking.

    Investigation departments use encrypted radios to communicate during surveillance operations you won’t be able to listen to those, the radio will broadcast a routine police or firefighters working day. Police radio scanners are legal in many US states but is best that you check your local laws before using it as there are some restrictions like for example using a police scanner to impersonate a police officer, alternatively you can also listen to live emergency services online via your browser at Broadcastify.

    Visit Radio Police Scanner Lite in GooglePlay

    Visit Radio Police Scanner Lite in iTunes

  • Hide it Pro hides photos and videos in Android and iPhone

    Hide it Pro hides photos and videos in Android and iPhone

    Hide it Pro is a free app for Android and iPhone to hide pictures, videos, audio files and others. The app is disguised as a functional audio manager, anyone playing with your phone will not realise you have a privacy app installed, the icon looks like a music sound logo, tapping it will launch a menu to adjust the phone ring tone volume.

    When you run the app for the first time you will be asked to enter a numeric pin code or password to lock your screen, an email address can be linked to your account to reset your password if you forget it, it is not compulsory you do that. Using Hide it Pro interface you can select the files you would like to hide vanishing them from gallery view, encrypting the data with AES256-bit and password protecting everything, you can email files from inside the app or view a custom photo slideshow without having to move the photos outside the encrypted folder.

    Hide it Pro hides Android&iPhone photos
    Hide it Pro hides Android&iPhone photos

    Hide it Pro can set up a second escape password, leading the user to a different encrypted container that you can show to people if anyone discovers that you own encrypted data and are forced to reveal the password under threats, the escape password works like Truecrypt hidden container feature but I don’t know how safe this is from a thorough investigation, you just have to trust the developer did everything right.

    If you share your mobile phone with family members or work colleagues Hide it Pro will prevent them from discovering private images stored in your mobile phone, the app is self-explanatory, it can also be used to hide and lock other apps.

    Android Hide it Pro in Google Play

    iPhone Hide it Pro in iTunes

  • Free online image forensic analysis at Fotoforensics

    Free online image forensic analysis at Fotoforensics

    Fotoforensics is a website for advance photo analysis, you can check whether a photo has been modified or not and see embedded metadata that could contain private details, the photos can be uploaded from your PC or directly linked from a URL, there is an optional Firefox browser plugin to make image forensic analysis easier, any image that can be displayed on your browser can be analysed, the plugin gets around sites like Facebook requiring login to view a photograph.

    The service supports .jpeg and .png image formats, the most common image file extensions found on the Internet, the metadata analysis can find out if a graphics editor has been used to modify the image, ACD See for example will embed the program name on the photos it saves, metadata also shows how many times the image has been edited, identity attributes and how the image was managed.

    Image computer forensics Fotoforensics
    Image computer forensics Fotoforensics

    To determine if a photograph has been forged Fotoforensics will use Error Level Analysis to see the image modification percentage, the image will be saved at different compression levels and then compared with a computational algorithm to see the amount of change, this is not an 100% accurate method to detect fake photos, it is possible to defeat image computer forensics algorithms looking at high frequency decomposition by reducing colour, brightness or contrast but there are other photo attributes that can be analysed.

    The website has a very detailed tutorial and FAQ explaining what results you can expect and how to interpret them, you should read it to understand what you are seeing, this is not a tool that will tell you a “Yes” or “No” answer, it is up to you to interpret the results which could turn up to be inconclusive.

    You could use this tool to check that your EXIF image cleaner is working properly but do not upload anything private because the results are saved in a public URL on the server, uploading pornography is not allowed,  to check if an X-rated celebrity photo is real or not you will need to find another place or they will ban your computer IP.

    Visit Fotoforensics homepage