Setting up your Virtual Lab : Two Machines for SET

1.  This post will be useful for those looking to setup a virtual lab on their laptops/PCs that can be used to play with Backtrack/Kali Linux like similar images.Here I am sharing exact screen shots of configuration required to set up two machines who would access internet independently and would also at the same time ping each other on a local LAN setup...subsequently can be used to work with SET(Social Engineering Toolkit) as discussed in my last post.I have two machines here with Kali Linux and a Windows 7 machine.

2.  Both have been setup with two NICs each and configured as shown below :

(Windows 7 Machine NIC 1 Setting)

(Windows 7 Machine NIC 2 Setting)

(Kali Machine NIC 1 Setting)

(Kali Machine NIC 2 Setting)

(IPCONFIG output at Windows machine)

(ifconfig output at Kali machine)

(Ping to Windows Machine)

(Ping to Kali Machine)

(Kali Access to Internet)

(Windows Access to Internet)

Computer-based Social Engineering Tools : Kali LINUX

1.   The Social-Engineering Toolkit (SET) is a product of TrustedSec. SET is a Python-driven suite of custom tools and is a menu-driven attack system that mainly concentrates on attacking the human element of security. With a wide variety of attacks available, this toolkit is an absolute must-have for penetration testing.SET comes preinstalled in Kali Linux. You can simply invoke it through the command line using the command se-toolkit:

/usr/share/set# ./set
root@Kali:/usr/share/set/# python set

Or, you can choose it through the Applications menu:

Once the user clicks on the SET toolkit, it will open with the options shown in the
following screen shot:

Website cloning

In this attack, we will mirror a web page and send that mirror page link to the target. As this is the first attack that takes place, I would suggest you to go through the options available in the different sections of the SET toolkit.Select  Social-Engineering Attacks to receive a listing of possible attacks that can be performed.

Here I start with the Website Vectors. Enter 2 to move to the next menu. For this example, on the list, we will take a look at the third option, Credential Harvester Attack Method.The following menu provides three options. We will be using one of the provided templates for this example:

 The second method will completely clone a website of your choosing and allow
you to utilize the attack vectors within the same web application that you were
attempting to clone.The IP address the user needs to enter is the IP address of Kali Linux, which can be found using the following command:

ifconfig –a

For instance, the IP address of my machine comes out as 10.0.2.15. Enter the URL to clone, for example, http://www.facebook.com, as shown in the following screenshot:

Now we have created a cloned Facebook login page that is listening on port 80. We can check the source code of the clone of the website that we have created for the phishing attack. It is stored at /usr/share/set/src/program_junk/Web Clone/~Index.html.This is the source of the web page the attacker has cloned through the SET toolkit.Navigate to the 127.0.0.1:80 (localhost port 80) URL in the browser. The phishing page is hosted on your machine's IP address.The following IP address needs to be sent to the target; this can be sent through an e-mail or can be uploaded on any web hosting site.Once the user visits the link and enters the username and password, the login credentials are redirected to our Kali Linux server that we have set up as shown in the preceding screenshot.

Snowden Reveals : Projects to Profile YOU

1.  Documents revealed by Edward Snowden pertaining to the National Security Agency (NSA), US surveillance programs and US Intelligence Community partners abroad were released about a year back and revealed a horde of code named projects that were all intruding our lives in some way or the other.This post brings out the glossary of codenamed PROJECTS along with a small brief of what was the intent of the project.These have been listed here after I read " The Snowden Files" by Luke Harding.This long list is actually a miniscule of thousands hidden projects which all are after every bit of info that we all share digitally....skype...sms...mms..whatapp...fax,emails,chat,photos etc...thats all in all everything!!!!!

Blackfoot

The codename given to an NSA operation to gather data from French diplomats' offices at the United Nations in New York and this information was collected from bugged computer screens.

Accumulo

The name given to an open-source database created by the National Security Agency (NSA) but later made available to others via the Apache Foundation. It stores large amounts of structured and unstructured data across many computers and can use it to create near real-time reports.

Blackpearl

NSA has been spying on Petrobas, Brazil's largest oil company, through the "Blackpearl" program that extracts data from private networks.

Evening Esel

The NSA conducts its surveillance of telephone conversations and text messages transmitted through Mexico's cell phone network under the internal code name "Eveningeasel."

Angry Birds

Leaked documents indicate that the NSA and GCHQ routinely try to gain access to personal data from Angry Birds and other mobile applications.

Bullrun/Edgehill

The revelations claim that "vast amounts of encrypted Internet data which have up till now been discarded are now exploitable vide  Bullrun,a clandestine, highly classified decryption program run by the United States National Security Agency (NSA) and The British signals intelligence agency Government Communications Headquarters (GCHQ) with a similar program codenamed Edgehill.

Boundless Informant

A tool used by the NSA to analyse the metadata it holds. It aims to let analysts know what information is currently available about a specific country and whether there are trends can be deduced.

Cheesy Name

A GCHQ program designed to identify encryption keys that could be cracked by the agency's computers.

Dishfire

The codename for a system used to process and store SMS message data.A leaked 2011 NSA presentation, published by the Guardian, indicated it was used to collect about 194 million texts a day, adding that the content was shared with GCHQ.

Dropmire

The name for a way to bug security-enhanced fax machines to provide the NSA with access to documents that have passed through encrypted fax machines based in other countries' foreign embassies.

Genie

An NSA programme, identified in a leaked memo analysed by the Washington Post, which is said to involve the remote delivery of spyware to devices on foreign-controlled networks.

Marina

The NSA's tool to gather metadata about the online activity of targets and other internet users.The Marina metadata application tracks a user's browser experience, gathers contact information/content and develops summaries of target.

Thinthread

A proposed NSA system to chart relationships between people in real-time.

Muscular

A joint project operated by the NSA and GCHQ used to intercept data from the cable links that are used by Google and others to connect up their computer servers, which are located across the world .

Fallout

Identified by an alleged NSA slide, the term appears to refer to an effort to screen out metadata collected about US citizens as part of the Prism programme before it is analysed by the Marina and Mainway systems.

Nucleon

An NSA tool used to analyse voice data gathered via the Prism programme.

EgotisticalGiraffe

The alleged codename given to an NSA effort to track users of Tor (The Onion Router) - a project that aims to let people browse the web anonymously by bouncing their traffic through other people's computers.

Perdido

The codename for an NSA surveillance operation targeting the EU's offices in New York and Washington.

Prism

A surveillance system launched in 2007 by the NSA allows the organization to "receive" emails, video clips, photos, voice and video calls, social networking details, log-ins and other data held by a range of US internet firms including Apple, AOL, Facebook, Google (including YouTube), Microsoft (including Skype), Paltalk and Yahoo.

QuantumInsert

A technique used to redirect a target's computer to a fake website where it can be infected with malware.

Stellarwind

A metadata-collecting scheme from communications in which at least one party was outside the US, and none of the other parties could be known to be US citizens.

 

Tempora

The codename given to an operation to create a "buffer" to allow huge amounts of data to be temporarily stored for analysis and is run by GCHQ to hold content gathered from tapped fibre-optic cables for three days and metadata for 30 days so that both it and the NSA can search and analyse it before details are lost.

FoxAcid

A tool reportedly used by the NSA to study what vulnerabilities a target's computer has. It then uses this knowledge to infect the machine with malware via a web browser.

 

Harden PRIVACY : PRIVACY BADGER Tool

1.    Till few years back PRIVACY as a word meant the state of being free from unsanctioned intrusion in physical life from your peers/friends/strangers but the whole meaning has taken a new dimension since Snowden released his HIDDEN FILES last year around June.Today not only NSA but a plethora of third party agencies are after you all to track you..profile you...read you.Though in my earlier posts here,I had given a mention of few tools like disconnect.me,Adblock Plus,Ghostery etc but with time technology has further improved and here in this post I discuss about PRIVACY BADGER that is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.  If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.  To the advertiser, it's like you suddenly disappeared.Looks Interesting..!!!

3.   Once installed as seen above we get a red hexagon..indicating installed and this has color indicators as follows :

• Green means there's a third party domain, but it hasn't yet been observed tracking you across multiple sites, so it might be unobjectionable. When you first install Privacy Badger every domain will be in this green state but as you browse, domains will quickly be classified as trackers.

• Yellow means that the thirty party domain appears to be trying to track you, but it is on Privacy Badger's cookie-blocking "whitelist" of third party domains that, when analyzed, seemed to be necessary for Web functionality. In that case, Privacy Badger will load content from the domain but will try to screen out third party cookies and supercookies from it.

• Red means that content from this third party tracker has been completely disallowed.

4.   Currently available for CHROME,here I have used the beta for Mozilla browser ...though the site says they will soon release the extension for other browsers incl opera and safari too.....!!!!

Kali Linux 1.0.8 - New Release Supports UEFI Boot

1.    The long awaited Kali Linux USB UEFI boot support feature has been added to newly released Kali Linux 1.0.8 release. This new feature simplifies getting Kali installed and running on more recent hardware which requires EFI as well as various Apple Macbooks Air and Retina models.

2.   If you already have Kali installed on your system, need not to download the new setup since it can easily be upgrade to the latest version of the Kali Linux using the following commands:

    root@kali:~# apt-get update
    root@kali:~# apt-get dist-upgrade

3.   Btw..this is my 500th post on this blog!!!hurrah!!!

Determining Network Range @ Kali Linux

This post will focus on determining the IP addresses range from the target network. Here I will explore the tools needed to achieve it.

Let's begin the process of determining the network range by opening a terminal window:

1.     DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C language.DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more. The information are gathered with following methods:

 

·         Perform an Internet Number whois lookup.

·         Retrieve possible uptime data, system and server data.

·         Perform a SubDomain search on a target host.

·         Perform an E-Mail address search on a target host.

·         Perform a TCP Portscan on the host target.

·         A Modular program allowing user specified modules

2.     Open a new terminal window and issue the following command:

dmitry -wnspb targethost.com -o /root/Desktop/dmitry-result

3.     When finished, we should now have a text document on the desktop with filename dmitry-result.txt, filled with information gathered from the target:

4.    To issue an ICMP netmask request, type the following command:

netmask -s targethost.com

 
5.    Using scapy, we can issue a multiparallel traceroute. To start it, type the
following command:
scapy

6.    Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc.Now with scapy started, we can now enter the following function:

ans,unans=sr(IP(dst="www.targethost.com/30", ttl=(1,6))/TCP())


7.    To exit scapy, type the following function:

exit()

Nessus @ Kali Linux

1.  Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment and is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey.Nessus allows scans for the following types of vulnerabilities:
 

-  Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.

-  Misconfiguration (e.g. open mail relay, missing patches, etc.).
-  Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.

-  Denials of service against the TCP/IP stack by using mangled packets
-  Preparation for PCI DSS audits

2.   This post brings you screenshots for installing Nessus in Kali Linux for home users that's the free edition I am using here :

Firstly after installing Nessus from the site,Obtain the activation code for Nessus by registering at 

http://www.nessus.org/products/nessus/nessus-plugins/obtain-an-activation-code

Secondly Activate Nessus by executing the following command:

/opt/nessus/bin/nessus-fetch --register S56X-XXXX-XXXX-XXXX-4122

Where  S56X-XXXX-XXXX-XXXX-4122 should be your activation code received vide registered email.

Create a user account for the Nessus web interface:

/opt/nessus/sbin/nessus-adduser

To start the Nessus server, we simply invoke the following command:

/etc/init.d/nessusd start

KALI LINUX : UPDATING IN 3 TERMINAL COMMANDS

1.   No big deal for these three terminal commands which actually can suffice for updating any package.As Kali packages are constantly updated between releases, a newer set of tools are available than what were originally downloaded on your DVD ROM or came with any old iso image.

2.  So these go like this :

- Update the local package index with the latest changes made in the repositories:

apt-get update

- Upgrade the existing packages:

apt-get upgrade

- Upgrade to the latest version (if available):

apt-get dist-upgrade

3.  That's it.....do it as Root or add sudo su before u start

Installing Broadcom drivers : Kali Linux

1.     This post will show the installation of Broadcom's official Linux hybrid wireless driver. Using a Broadcom wireless USB adapter gives us the greatest possibility of success in terms of getting our wireless USB access point to work on Kali.

2.    Open a terminal window and download the appropriate Broadcom driver from http://www.broadcom.com/support/802.11/linux_sta.php

cd /tmp/

wget http://www.broadcom.com/docs/linux_sta/hybrid-portsrc_
x86_64-v5_100_82_112.tar.gz

3.     Extract the downloaded driver using the following script:

mkdir broadcom

tar xvfz hybrid-portsrc_x86_64-v5_100_82_112.tar.gz –C /tmp/broadcom

4.     Modify the wl_cfg80211.c file since there's a bug in version 5.100.82.112 that prevents compiling the code under kernel version 2.6.39

vim /tmp/broadcom/src/wl/sys/wl_cfg80211.c

Look at the following piece of code at line number 1814:

#if LINUX_VERSION_CODE > KERNEL_VERSION(2, 6, 39)

Replace it with the following:

#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 39)

Save the changes.

5.     Compile the code:

make clean
make
make install

6.     Update the dependencies:

depmod -a

7.     Find loaded modules by issuing the following:

lsmod | grep b43\|ssb\|bcma

8.     Remove the modules found by executing the following command:

rmmod b43

Where could be b43 or ssb or bcma.

9.     Blacklist the modules to prevent them from loading at system startup:

echo "blacklist " >> /etc/modprobe.d/blacklist.conf

Where could be b43 or ssb or bcma or wl.

10.     Finally, add the new module to the Linux Kernel to make it a part of the boot process:

modprobe wl

KALI LINUX : INSTALLATION SCREENSHOTS

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution.Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.This post brings you the screen step wise shots during installation....