Hacker 10 – Security Hacker

Category: Other

Other computing tips

  • Linux penetration testing distribution NetSecL OS

    Linux penetration testing distribution NetSecL OS

    NetSecL OS is a penetration testing OpenSuse based Linux distribution with the lightweight Xfce window manager. The distribution’s kernel has been hardened with grsecurity patches, a set of rules that allows for more extensive system auditing and protects you from stack overflows by making them non executable.

    The latest NetSecL OS 5.0 removes Firefox and incorporates the Chromium browser, not to be confused with Chrome. Even thought they both use the same source code, Chromium does not release binaries, it has to be built from source, and it does not send data to Google, the Chromium browser has improved privacy over Chrome.

    Other privacy enhancing features in NetSecL OS include Macchanger, a Unix utility to view, fabricate or forge a  MAC network card address and a Firewall GUI builder to set your own system access rules.

    Linux security distribution NetSecL OS
    Linux security distribution NetSecL OS

    You can run NetSecL OS as a live DVD or install it in a USB or hard drive. A .ova virtual  machine is available for download from Suse Studio website for testing. The default users are root and tux and the password for both of them is linux

    You can find specific penetration testing tools like the Metasploit framework , packet sniffer Wireshark, network monitor EtherApe, Open Vulnerability Assessment System OpenVas, port scanning Nmap, security reconnaissance Skipfish along password manager KeePassX, text editor Abiword, FTP client FileZilla and the open source Windows API implementation Wine, to run Windows programs in Unix.

    NetSecL OS has all the tools a security professional needs to break into a network, I can see this operating system complementing BackTrack. The main difference in between both being that NetSecL OS is fixated with offensive security and not digital forensics, for example,NetSecL OS does not have image acquisition tools, in lieu BackTrack covers both fields.

    If you don’t like Backtrack Ubuntu base or just want to try something new, NetSecL OS is a valuable OpenSuse pen testing distribution.

    Visit NetSecL OS homepage

  • Crack wireless networks encryption with WifiSlax

    Crack wireless networks encryption with WifiSlax

    WifiSlax is a Slackware based Linux distribution specially designed to break into wireless networks to test their security. It can run as a live CD or installed in your laptop saving personal settings.

    Make sure to select  “English Menu”,when you first boot the CD as the default instructions will be shown in Spanish otherwise. Another available option is selecting the Linux desktop of your choice. WifiSlax comes with KDE, an eye candy graphical interface and XFCE for low resource systems and a command line only option for experts. You can also select your prefered Linux Kernel, if you run a high end computer with more than 4GB of RAM choosing the PAE (Physical Address Extension) kernel will improve performance. WifiSlax default root password is toor, for security it should be changed typing passwd.

    WifiSlax KDE comes with few packages for day to day use, mainly the Libre Office suite, The Gimp, FileZilla P2P programs and a handful of games. It is unlikely that this 650MB distribution will be your main desktop without adding additional software. Luckily this can be easily done using WifiSlax package manager and downloading prebuilt software .xzm modules for WifiSlax, there you will find TV streaming utilities like Zatoo and media players like XBMC.

    WifiSlax Linux to crack Wifi
    WifiSlax Linux to crack Wifi

    If all you want is to break into a WPA network you have everything you need already installed in WifiSlax. Tools that will help you test a wiereless network security are dictionary list generators Datelist and Crunch, usual WEP vulnerability cracking tools, even if hardly anybody uses WEP nowadays, it is a nice thing to have. To crack WPA networks you will find WPA GPU cracking taing advantage of advanced graphics card with a processing unit that can be used to brute force passwords, the always useful packet sniffer WireShark is also included along with man in the middle attack packages AirSSL and Yamas.

    There are other security tools not directly linked to wireless, like Grampus, used to extract documents, image and video metadata that could reveal who the author was and BleachBit to securely wipe Internet browsing history to stop anybody with access to your computer from learning what sites you have visited.

    This is a good wireless hacking Linux distribution except for the fact that the website is only available in Spanish but after burning the .iso the interface can be set to English.

    Visit WifiSlax homepage

  • Exploit residential router vulnerabilities with Routerpwn

    Exploit residential router vulnerabilities with Routerpwn

    Routerpwn is a web application listing dozens of ready to run local and remote exploits for, largely, home routers. It covers all major brands, all you have to do to test if your personal router is vulnerable to one of the exploits is to search for the make and model of your router and click on the exploit name to execute a javascript window testing a known vulnerability that will automatically break into the network or open up the default router IP, 192.168.1.1 and try a default admin password or privilege escalation.

    To learn more about the exploit click on the plus sign next to the listed bug and you will be taken to a security list like SecurityFocus or Seclist displaying full details of the exploit and the date it was first discovered.

    The site also contains links to lists of default router administrator username and passwords. Another tool can be used to find out an Access Point vendor entering the MAC address of the device, which hex number can be discovered with a simple network scan.

    Routerpwn javascript router exploit
    Routerpwn javascript router exploit

    It is not necessary to be connected to the Internet to use Routerpwn, the site can be stored offline, javascript exploits in local routers will work regardless of Internet access.

    Exploiting a router does not necessarily mean to be able to get into the network finding out a WPA key, some of the exploits in Routerpwn launch a denial of service attack against a router by pinging it non stop and bringing down the whole network. Other exploits show your router configuration, some vendors store keys to reset passwords in plain text inside configuration files that can be seen by mistake using a cross site scripting attack.

    There was an Android application for Routerpwn in Google Play but that link has now been removed, however the website can be accessed from any mobile device or game console that has an Internet browser. Everything has been optimized for access on the go coding it entirely in HTML and javascript.

    New exploits can be submitted to the site and if you would like to find out your own router vendor, the URL http://www.routerpwn.com/detect.html will show you the brand, if it can’t identify it a form will come up inviting you to submit the information.

    Routers are seldom upgraded or flashed by home users, even a exploit that is a few years old will still work against many devices. Routerpwn is a very powerful tool for penetration testers for a very important often overlooked security item that antivirus software does not screen.

    Visit Routerpwn homepage

  • How mobile phone accelerometers are used for keylogging

    How mobile phone accelerometers are used for keylogging

    Massachusets and Georgia Insititute of Technology researchers have developed a method to log computer keystrokes by placing a smartphone next to a computer keyboard and major its sound and vibration using the smartphone accelerometer. The researchers employed an iPhone 4 for this and noted that sensors in older models are not good enough to pick up remote vibrations.

    Mobile devices accelerometers are used to re-orient your screen using a differential capacitor to measure changes in gravitational pull. Researchers used it to listen in to typing sounds and translate them into text by estimating volume and force produced during keystroking.

    Mobile phone accelerometer
    Mobile phone accelerometer

    The phone was enginereed to interpret what dictionary words sounded like and translate them into text. Accuracy was next to 80% and it only went down after an extensive number of dictionary words were added. Since an attacker might now what kind of information they are after, a customised dictionary with likely terms can be built to increase accuracy.

    In order for this attack to work the smarphone has to be placed on the same table where the keyboard is and there must be no ambient vibrations, like a printer or scanner working in the background.

    The only mitigation strategy proposed by the researchers against this type of attack is to prevent anybody from placing a mobile phone next to your keyboard, not even your own since it could have been infected with this kind of malware to spy on you.

    There has also been previous research showing how a smartphone microphone could be used to pick up typing patterns. With this is mind it is important to never forget that smartphones have the necessary equipment to spy on you, the reason why many government departments do not allow them into the office.

    The research is a proof of concept, do not be surprised if you see NSA spooks showing interest in this and taking it to a step further in the future as smartphones sensors improve even more.

    Smarpthone Keylogging Research Paper

  • How Egyptian police quickly cracked journalist’s computer password

    How Egyptian police quickly cracked journalist’s computer password

    According to Mike Giglio, a NewsWeek correspondent, Egyptian police got hold of his laptop during his coverage of the latest Egyptian protest in Tahrir Square against the ousting of Mohammed Morsi,  cracking his password protected computer on the street to check what was inside, with just a few seconds of time and very little cost in terms of software and training.

    See below screenshot of Mike Giglio Twitter account explaining Egyptian police password cracking quick method:

    Mike Giglio password cracking Egypt
    Mike Giglio password cracking Egypt
  • Decentralized payment exchange network Ripple

    Decentralized payment exchange network Ripple

    Ripple is a peer to peer network to trade currencies, at the moment Bitcoins make up the bulk of trading but it can work with any currency and accept Dollars, Yen or Euros. Ripple also has its own native currency called ripples, represented by the letters XRP, ripples do not have to be necessarily used to trade with others, they are there to stop network abuse by imposing a ripple tax on transactions and they could be used for direct trading as a last resort.

    Ripples do not need mining, the founding company, OpenCoin, has already premined one hundred billion ripples, instead of creating more units, like the Bitcoin network does, Ripple works the other way around and reduces the fixed number of available ripples by distributing them to others.

    An example of a Ripple trade could consist in you loading Bitcoins to your Ripple address (they all start with r and look like a Bitcoin address, example of my public ripple: rpzoTc4YVnRig39MqZqYVM9ae1LhPAnMLj), transfer that money to a different Ripple account and convert it back to Dollars using a gateway. Ripple to Ripple transfer fees are tiny or free, but when you use an intermediary gateway to exchange different digital currencies, the intermediary will charge you for the service, in that sense is not any cheaper than a Bitcoin exchanger.

    The gateway software is open source and can be set up by anyone, you can choose which gateway to trust and avoid the nodes you don’t like. Gateways are all connected in between them in peer to peer fashion, transactions should be authorized within seconds.

    Advantages of using Ripple over Paypal are that opening an account requires no ID verification, transactions can not be reserved, fees are tiny and it can be used worldwide to buy anything you like without worrying about terms and conditions. The huge disadvantage over Paypal is that unless it takes off, it will not be easy to convert ripples into physical items or hard currency.

    A comparison of Ripple vs Bitcoin should not apply here because Bitcoin is a digital currency and Ripple a currency exchange network and payment processor more similar to Paypal or MtGox.

    Cryptocurrency Ripple wallet
    Cryptocurrency Ripple wallet

    There are Ripple detractors pointing out that Ripple founders, OpenCoin, keep 20% of the mined ripples for themselves, many Bitcoiners make profit too so I can’t really hold that against them, more worrying to me is Ripple being vulnerable to collapse if the authorities raid all of the trading gateways or they force the gateway operator to allow bugging equipment to be installed in the server. Unlike Bitcoin, where the customer can also be a miner, in Ripple you can’t do anything without a gateway administering transactions.

    It is good to have alternatives, and perhaps one could use Ripple to make money transactions harder to track but I don’t see too many reasons to use them over let’s say Bitcoin exchanger MtGox. Even with redundant P2P servers, Ripple is still vulnerable to server seizure, just not as much as a single server system.

    Visit Ripple homepage

  • Autonomy Central email encryption and secure notes

    Autonomy Central email encryption and secure notes

    Autonomy Central is a cross platform and portable Java based email service to encrypt email messages, files and notes using 2048-bit RSA key and AES 256-bit, that level of security should stop well funded attackers. Creating an account is a fast five step process for beginners, or you can choose a “Control Mode” for power users giving you more options.

    You will be given a @valeso.com email address that can be used to securely communicate with other users, encryption and decryption will be automatic. If someone is using a Outlook or Yahoo address and does not have an Autonomy Central account, you can send them a Special Delivery message with a link to an online SSL viewer where the recipient can decrypt the information entering the right password that could be transmitted via SMS or phone call.

    Autonomy Central Valeso encrypted email
    Autonomy Central Valeso encrypted email

    Other features of this security suite include a secure notes section where you can keep personal reminders encrypted, and a file storage service that will encrypt any file you drag and drop inside the Window. Data will be stored locally in your computer or in Valeso cloud servers depending on settings.

    Autonomy Central is a highly configurable email service, advantageous for those who like to decide every single detail of their email habits but it could complicated for beginners given how many options it has.The default settings are safe for everyone in case you don’t want to spend time reading the manual or playing around with the software.

    This service could be an alternative to Hushmail, with some  important differences that one should consider, like not being able to use your own encryption keys, which means you have to trust the company behind Autonomy Central, and not being able to use webmail.

    Visit Autonomy Central homepage

    Update 2014: Program no longer supported, link erased.