Transcription Outsourcing

Thursday, May 7, 2020

SigPloit SS7 Tool

Related word

System Hacking: Password Cracking Techniques And Types Of Passwords

This blog based on two major concepts:

Understand password-cracking techniques
Understand different types of passwords

The simplest way to crack the passwords

The first step is to access the system is that you should know how to crack the password of the target system. Passwords are the key element of information require to access the system, and users also selects passwords that are easy to guess such as mostly people has a passwords of their pet's name or room number etc to help them remember it. Because of this human factor, most password guessing is successful if some information is known about the target. Information gathering and reconnaissance can help give away information that will help a hacker guess a user's password.

Once a password is guessed or cracked, it can be the launching point for escalating privileges, executing applications, hiding files, and covering tracks. If guessing a password fails, then passwords may be cracked manually or with automated tools such as a dictionary or brute-force method.

Types of Passwords

Only numbers
Only letters
Only special characters
Letters and numbers
Only letters and special characters
Numbers, letters and special characters

A strong password is less susceptible to attack by a hacker. The following rules, proposed by the EC-Council, should be applied when you're creating a password, to protect it against attacks:

Must not contain any part of the user's account name
Must have a minimum of eight characters
Must contain characters from at least three of the following categories:
- Non alphanumeric symbols ($,:"%@!#)
- Numbers
- Uppercase letters
- Lowercase letters

A hacker may use different types of attacks in order to identify a password and gain further access to a system. The types of password attacks are as follows:

Passive Online

Eavesdropping on network password exchanges. Passive online attacks
include sniffing, man-in-the-middle, and replay attacks. Moreover, a passive online attack is also known as sniffing the password on a wired or wireless network. A passive attack is not detectable to the end user. The password is captured during the authentication process and can then be compared against a dictionary file or word list. User account passwords are commonly hashed or encrypted when sent on the network to prevent unauthorized access and use. If the password is protected by encryption or hashing, special tools in the hacker's toolkit can be used to break the algorithm.

Another passive online attack is known as man-in-the-middle (MITM). In a MITM attack, the hacker intercepts the authentication request and forwards it to the server. By inserting a sniffer between the client and the server, the hacker is able to sniff both connections and capture passwords in the process.

A replay attack is also a passive online attack; it occurs when the hacker intercepts the password en route to the authentication server and then captures and resend the authentication packets for later authentication. In this manner, the hacker doesn't have to break the password or learn the password through MITM but rather captures the password and reuses the password-authentication packets later to authenticate as the client.

Active Online

Guessing the Administrator password. Active online attacks include auto-
mated password guessing. Moreover, The easiest way to gain administrator-level access to a system is to guess a simple password assuming the administrator used a simple password. Password guessing is an active online attack. It relies on the human factor involved in password creation and only works on weak
passwords.

Assuming that the NetBIOS TCP 139 port is open, the most effective method of breaking into a Windows NT or Windows 2000 system is password guessing. This is done by attempting to connect to an enumerated share ( IPC$ or C$ ) and trying a username and password combination. The most commonly used Administrator account and password combinations are words like Admin, Administrator, Sysadmin, or Password, or a null password.
A hacker may first try to connect to a default Admin$ , C$ , or C:\Windows share. To connect to the hidden C: drive share, for example, type the following command in the Run field (Start ➪ Run):

\\ip_address\c$

Automated programs can quickly generate dictionary files, word lists, or every possible combination of letters, numbers, and special characters and then attempt to log on using those credentials. Most systems prevent this type of attack by setting a maximum number of login attempts on a system before the account is locked.

In the following sections, we'll discuss how hackers can perform automated password guessing more closely, as well as countermeasures to such attacks.

Performing Automated Password Guessing

To speed up the guessing of a password, hackers use automated tools. An easy process for automating password guessing is to use the Windows shell commands based on the standard NET USE syntax. To create a simple automated password-guessing script, perform the following steps:

Create a simple username and password file using Windows Notepad. Automated tools such as the Dictionary Generator are available to create this word list. Save the file on the C: drive as credentials.txt.
Pipe this file using the FOR command: C:\> FOR /F "token=1, 2*" %i in (credentials.txt)
Type net use \\targetIP\IPC$ %i /u: %j to use the credentials.txt file to attempt to log on to the target system's hidden share.

Offline Attacks

Offline attacks are performed from a location other than the actual computer where the passwords reside or were used. Offline attacks usually require physical access to the computer and copying the password file from the system onto removable media. The hacker then takes the file to another computer to perform the cracking. Several types of offline password attacks exist.

Types of Attack	Characteristics	Password Example
Dictionary attack	Attempts to use passwords from a list of dictionary words	Administrator
Hybrid attack	Substitutes numbers of symbols for password characters	Adm1n1strator
Brute-force attack	Tries all possible combinations of letters, numbers, and special characters	Ms!tr245@F5a

A dictionary attack is the simplest and quickest type of attack. It's used to identify a password that is an actual word, which can be found in a dictionary. Most commonly, the attack uses a dictionary file of possible words, which is hashed using the same algorithm used by the authentication process. Then, the hashed dictionary words are compared with hashed passwords as the user logs on, or with passwords stored in a file on the server. The dictionary attack works only if the password is an actual dictionary word; therefore, this type of attack has some limitations. It can't be used against strong passwords containing numbers or other symbols.

A hybrid attack is the next level of attack a hacker attempts if the password can't be found using a dictionary attack. The hybrid attack starts with a dictionary file and substitutes numbers and symbols for characters in the password. For example, many users add the number 1 to the end of their password to meet strong password requirements. A hybrid attack is designed to find those types of anomalies in passwords.

The most time-consuming type of attack is a brute-force attack, which tries every possible combination of uppercase and lowercase letters, numbers, and symbols. A brute-force attack is the slowest of the three types of attacks because of the many possible combinations of characters in the password. However, brute force is effective; given enough time and processing power, all passwords can eventually be identified.

Wednesday, May 6, 2020

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.

Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
3f201a8984d6d765bc81966842294611 libgmpopenh264.so
44aef3cd6b755fa5f6968725b67fd3b8 gmpopenh264.info

The info file:
Name: gmpopenh264
Description: GMP Plugin for OpenH264.
Version: 1.6.0
APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

DSniff

"dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI." read more...

Website: http://www.monkey.org/~dugsong/dsniff/

More articles

Linux Command Line Hackery Series - Part 3

Welcome back, hope you are enjoying this series, I don't know about you but I'm enjoying it a lot. This is part 3 of the series and in this article we're going to learn some new commands. Let's get started

Command: w
Syntax: w
Function: This simple function is used to see who is currently logged in and what they are doing, that is, their processes.

Command: whoami
Syntax:   whoami
Function: This is another simple command which is used to print the user name associated with the current effective user ID.

Try it and it will show up your user name.

If you want to know information about a particular user no matter whether it is you or someone else there is a command for doing that as well.

Command: finger
Syntax: finger [option] [username]
Function: finger is a user information lookup program. The [] around the arguments means that these arguments are optional this convention is used everywhere in this whole series.

In order to find information about your current user you can simply type:

finger username

Here username is your current username.
To find information about root you can type:

finger root

and it will display info about root user.

Command: uname
Syntax: uname [options]
Function:   uname is used to display information about the system.

uname is mostly used with the flag -a, which means display all information like this:

uname -a

Command: df
Syntax: df [option] [FILE ...]
Function:   df is used to display the amount of space available.
If you type df in your terminal and then hit enter you'll see the used and available space of every drive currently mounted on the system. However the information is displayed in block-size, which is not so much human friendly. But don't worry we can have a human friendly output as well using df by typing:

df -h

the -h flag is used to display the used and available space in a more user friendly format.
We can also view the info of a single drive by specifying the drive name after df like this:

df -h /dev/sda2

That's it for now about df, let's move on.

Command: free
Syntax:   free [options]
Function: free is used to display the amount of free and used physical memory and swap memory in the system.
Again the displayed information is in block-size to get a more human readable format use the -h flag like this:

free -h

Command: cal
Syntax: cal [options]
Function: cal stands for calendar. It is used to display the calendar.

If you want to display current date on the calendar you can simply type:

cal

and wohooo! you get a nice looking calendar on screen with current date marked but what if you want to display calendar of a previous month well you can do that as well. Say you want to display calendar of Jan 2010, then you'll have to type:

cal -d 2010-01

Nice little handy tool, isn't it?

Command: file
Syntax: file filename ...
Function:   file is an awesome tool, it's used to classify a file. It is used to determine the file type.

Let's demonstrate the usage of this command by solving a Noob's CTF challenge using file and base64 commands. We'll talk about base64 command in a bit. Go to InfoSecInstitute CTF Website. What you need to do here is to save the broken image file on your local computer in your home directory. After saving the file open your terminal (if it isn't already). Move to your home directory and then check what type of file it is using the file command:

cd
file image.jpg

Shocking output? The file command has identified the above file as an ASCII text file which means the above file is not an image file rather it is a text file now it's time to see it's contents so we'll type:

cat image.jpg

What is that? It's some kind of gibberish. Well it's base64 encoded text. We need to decode it. Let's learn how to do that.

Command: base64
Syntax:   base64 [option] FILE ...
Function: base64 command is used to encode/decode data and then print it to stdout.

If we're to encode some text in base64 format we'd simply type base64 hit enter and then start typing the text in the terminal after you're done hit enter again and then press CTRL+D like this:

base64
some text here
<CTRL+D>
c29tZSB0ZXh0IGhlcmUK # output - the encoded string

But in the above CTF we've got base64 encoded data we need to decode it, how are we going to do that? It's simple:

base64 -d image.jpg

There you go you've captured the flag.
The -d flag here specifies that we want to decode instead of encode and after it is the name of file we want to decode.

Voila!
So now you're officially a Hacker! Sorry no certificates available here :)

That's it for this article meet ya soon in the upcoming article.

Friday, May 1, 2020

Avis Kitchen Appliances

Oceanhorn 2 In Development!

I can't believe it has been five years since we announced the development of the first Oceanhorn game on this blog. Now the time has come for another major announcement.

We are proud and excited to reveal the next installment of the Oceanhorn franchise, Oceanhorn 2: Knights of the Lost Realm. Here's how it looks!

Oceanhorn 2 has been in development for little over a year

The boy has grown up? That's right! But he is a different boy altogether! Oceanhorn 2: Knights of the Lost Realm is set in another time period on the Oceanhorn timeline. The game has a new Hero, a boy who has been trained to become a Knight of Arcadia.

Oceanhorn 2 will be built upon the same elements that were the heart and soul of the first Oceanhorn game: exploring a colorful world, a deep backstory with secrets and twists, amazing music, and most importantly – classic Action RPG gameplay with items, puzzles, battles, and badass bosses!

The Caster is a magical weapon that only Knights carry

The game is played from a third person camera angle that will take players right into the heat of action and allows them to explore even the smallest details of Arcadia. Our battle system consists of sword fighting, utilizing powerful spells and finding creative ways to use various items that Hero discovers on his travels.

One of the key items in the game is the Caster, a gun that shoots magical projectiles! It will have many uses on the player's adventure, from puzzle solving to luring enemies and casting directed spells.

The game will feature a traversable world map

Oceanhorn 2 will also feature a traversable and vast world map that consists of fields, forests, mountains, and water. It works as a hub between levels, dungeons and towns, much like in many of the classic JRPGs.

"For us, Oceanhorn 2 is the fulfillment of a JRPG dream."

Oceanhorn 2 is an opportunity to create something new from the strong background that we established with our previous game. In Oceanhorn 2, we want to emphasize the elements that people loved and create something new and brave on that foundation.

The world of Oceanhorn has grown and so has our team. The core team working on Oceanhorn 2 is now a team of five!

Heikki Repo, Creator and Lead Artist
Jukka Viljamaa, Lead Programmer
Antti Viljamaa, Lead Programmer
Kalle Hämäläinen, Graphics Programmer
Miko Kiuru, Game Artist

Also, Kalle Ylitalo will return to compose soundtrack for Oceanhorn 2 and the famed sound designer and foley artist Tapio Liukkonen will be in charge of the audio experience.

For us, Oceanhorn 2 is the fulfillment of a JRPG dream. It is a dream of running down green fields with the warmth of the sun on your face. It is a dream of learning the secrets of ancient ruins despite the danger. It is also a dream of finding yourself looking at beautiful mountains on the horizon and imagining what's beyond them. It will be an amazing journey ahead of us and we hope that you will join us on that journey!

In the upcoming months, we will have many things to show to you and many secrets to unveil regarding Oceanhorn 2: Knights of the Lost Realm. This is a dream project for us, but even more importantly, we are making this game for you to enjoy and experience. So, please feel free to share your thoughts and ideas on Twitter and Facebook!

And make sure to check out Oceanhorn: Monster of Uncharted Seas on PS4 and Xbox One this fall!