-
Posts
20 -
Joined
-
Last visited
-
Days Won
1
Everything posted by john.doe
-
WiFi Krack (key reinstallation attacks) - all WiFi vulnerable
john.doe replied to QuoVadis's topic in Stiri securitate
Interesting article about the subject http://securityaffairs.co/wordpress/64601/hacking/krack-attack-nsa.html -
WiFi Krack (key reinstallation attacks) - all WiFi vulnerable
john.doe replied to QuoVadis's topic in Stiri securitate
@QuoVadis OFF: Thanks for correction. Is good to receive feedback, this way you can update your skills. I chose English for writing (although I am a Romanian) and I am not going to change this. I won`t spend time explaining way. ON: If you want to be smart try to give solutions to the actual problem. #1 - WPA2 Enterprise with EAP-TLS. EAP-TLS info When you implement WPA2-Enterprise you are basically using the IEEE802.1X for device authentication. EAP-TLS is used by the IEEE802.1X to enforce certificate exchange between the AP and the mobile device prior to use the network. Although I do not know any vulnerabilities of EAP-TLS, I cannot say is bulletproof. EAP-TLS allows your Wi-Fi network to be used only be authenticated devices. The next step is to authorize the use of the mobile device and log its activity. #3 - You are right, SMBs should use these security features. Hence, you increase the level of security, but an experienced attacker will find no difficulties in bypassing all these security features. They are mandatory but not enough to stop all attacks. #4 - Zero-day attacks exist and will always exist. What`s important is how you address them. Surely an unpatched system is worse then an up-to-date with zero-day vulnerabilities. For instance, Apple patched this vuln on their Beta program for IOS some time ago (this attack is not "fresh", it was discovered 3 weeks ago if I am not mistaken). I see things differently: A device is just a tool, what you do with the device is another thing. We should address security concerns by using a solution focused not on the device itself, but on what the device can do to my network. Update: http://resources.infosecinstitute.com/krack-attack-earthquake-wi-fi-security/ http://blog.erratasec.com/2017/10/some-notes-on-krack-attack.html#.WemWtPlS3mE https://www.linux.com/blog/2017/10/tips-secure-your-network-wake-krack Latest info The attack can make a device reuse old encryption keys so the attacker can decrypt the traffic. Even worse, the attacker can force your device to not use encryption at all. It depends on the device implementation of the standard. For bad implementations, the only solution to the problem is to change the firmware/upgrade OS. WPA2-Enterprise with EAP-TLS may or may not protect you. It depends on the manufacturer`s implementation. Basically, by using EAP-TLS you form a key out of the certificate and encrypt all traffic between the AP and the mobile device with that key. This key is changed on at regular time intervals. When the re-initialization process of the key takes place, the attacker can force the mobile device to ignore encryption or to use old keys. In my opinion the only viable solutions are: - patch firmware/OS - use HTTPS sites whenever possible - ensure there are no rogue AP on premise of Wi-Fi network - always be cautious. Do not put your trust on the device (use your judgment instead) -
WiFi Krack (key reinstallation attacks) - all WiFi vulnerable
john.doe replied to QuoVadis's topic in Stiri securitate
Hi, If you pay attention to the attack is based on a Rogue AP which disconnects your device (mainly Android/Linux) from the AP and then reconnects to the Rogue AP which in turn acts as a MiTM. It then performs some sort of SSL strip which again only works on some sites (mainly poor configured sites). It has to do with some drawbacks of IEEE 802.11 standard. Anyway, from the beginning wireless has been a compromise solution between an actual need and a proper way of fulfillment this need. There are solutions to the problem (depending on existing Wi-Fi setup): 1. WPA2-Enterprise with TLS + extra magic 2. Detect Rogue AP inside your Wi-Fi network area 3. Enforce security settings for Wi-Fi (MAC based rules, IP firewalling, AP isolation, etc) 4. Always keep in up-to-date system (IOS/Android/Linux/Windows) Not all devices are subject to a cracker`s interest. Yet again not all Wi-Fi networks are an easy target. For instance, on a corporate business network this kind of attack may be very hard to develop as IT may have ways of not only controlling but also detecting unknown devices (although I have seen big corporations falling at security seriously). But there is a point in this particular attack. It is obvious that nowadays we need to be able to address these kind of attacks and vulnerabilities even if we do not have the support of a system or classical method of prevention. Stay safe! -
ADS stands for Alternate Data Stream. It is a file attribute only found on the NTFS file system. ADS is the lesser known feature of Windows NTFS file system which provides the ability to put data into existing files and folders without affecting their functionality and size. It is used legitimately by Windows and other applications to store additional information (for example summary information) for the file. Even 'Internet Explorer' adds the stream named 'Zone.Identifier' to every file downloaded from the internet. ADS have been given a bad reputation because their capability to hide data from us on our own computer, has been abused by malware writers in the past. More info: Technet Microsoft Blog Malware Bytes Blog on ADS ADS on rootkitanalytics.com More on NTFS Tool to identify ADS on Windows Systems: ADS-Revealer Stay safe!
-
- 3
-
Hi MrGrj, I agree with you. Unfortunately, not all Python users can be endorsed as developers, some are just using it because its simplicity. For a developer (I mean a PRO) you need to follow some best practices and guidelines (not true for everyone though). For instance, recently I started to work for a big company which, to my surprise, does not implement any procedures at all regarding this. Either they do not realize the impact of such attacks or just ignore it. I did my job and informed my colleagues about this threat. In my opinion signing packages is good but not enough (CCleaner is a good example). Anyway, is up to every PRO/Business to implement a strategy to protect from this threats until further actions from PyPi community. Stay safe
-
From what i know the Python Package Index is just a simple repo without any "special' security. For instance, the PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online. Definitely things need to change.
-
There is a brand new hack out there that has very quietly affected many of people. Malicious developers uploaded slightly misspelled library names in Python’s package installer PyPi. Prominent examples include urllib vs. urrlib3, bzip vs. bzip2, etc.). These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code. It is very similar to what happens when you type in http://cnnn.com/ vs. http://cnn.com/ Possible fix: https://github.com/williamforbes/pypi_hacked_names Source: http://www.bytelion.com/pypi-python-package-hack/ More info: https://news.ycombinator.com/item?id=15256121
-
Hi, The zip file contains the following: Android Security and Exploitation for Pentesters Javascript for Pentesters Linux Forensics Log File Analysis Make your own Hacker Gadget Network Pentesting Pentesting Android Apps - DIVA Course Videos Pentesting iOS Applications Real World Pentesting Scripting Wi-Fi Pentesting Tools in Python USB Forensics and Pentesting Web Application Pentesting Windows Forensics
-
Hi, If anyone needs the entire collection here is the link: aHR0cHM6Ly9tZWdhLm56LyMhQjNoU0ZBUUEhRjRwMFZWYU9qM2hrRy1Ub1NVQ2FzemNZeGw2S2ZsbVB2eHQ2R0M0cTRmOA== PS: I agree with what Nytro said. The only reason for posting the entire collection is that I want to help the community and specially the ones that cannot afford the money yet. I am posting the link for a definite amount of time and then it will disappear. The link is base64 for those who do not know. By the way, Vivek`s English is ok (believe me, others are far worst at English than he is). Fave fun!
-
Salut, Capitve Portal este o solutie care functioneaza doar pentru trafic de HTTP. Daca spre exemplu te conectezi cu un telefon si accesezi HTTPS vei avea surpize. Deasemenea, daca te conectezi la Wi-Fi si ai aplicatie de Facebook s-ar putea sa nu ai Internet (depinde cum e setat Captive Portal) si sa nu sti de ce. Din practica pot sa iti spun ca unele telefoane mai vechi nu sunt in stare sa detecteze un Captive Portal (in special Android); am intalnit si cazuri de Windows (< 8). Daca este pentru acasa nu m-as obosi sa fac asta. Oricum success in ce vrei sa faci.
-
The Portable Executable (PE) format is a file format for executables, object code, DLLs, FON Font files, and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code. [1] It is called "portable" because you can use it between different versions of Windows OS not among different distros (Linux/OSX). Hope you find it useful! Detect it Easy Exeinfo PE ExplorerSuite PEiD PEStudio Resource Hacker FileAlyzer PEBrowser PEview RunPE Detector [1]: Wikipedia
-
Policy Analyzer ========= Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies. It can also compare GPOs against current local policy settings and against local registry settings. And you can export its findings to a Microsoft Excel spreadsheet. Policy Analyzer is a lightweight standalone application that doesn’t require installation, and doesn’t require administrative rights (except for the “local policy” feature). Link: Policy Analyzer
-
Mr. Looquer MrLooquers is an IPv6 Intelligence search engine. It supports full-text searches (see Doc). Demo Doc Python API for Mrlooquer.com Happy harvesting!
-
- 1
-
Vulnerability scanner for Linux, agentless, written in golang. https://github.com/future-architect/vuls
-
- 1
-
Some useful resources for Wi-Fi learning Awesome-learn-wifi-security Wireless-penetration-testing-cheat-sheet IEEE_802.11_WLAN.pdf Wifi-pentesting-series-rwsps
-
- 1
-
Background -------------- Shodan is basically a search engine which helps to find devices (mainly vulnerable systems) on the internet. It is widely known as Google for hackers. For more info please see https://en.wikipedia.org/wiki/Shodan_(website). =========================== Requirements ---------------- Before running the script you will need to install Python, Shodan library for Python and create an account at https://www.shodan.io. The code is tested on Python 3.4. For installing Shodan library for Python: easy_install shodan or easy_install -U shodan to upgrade it. You will need to use the API_KEY from Shodan account previously created and integrate it into the script (line 14). Usage: python [path_to_script] [ip_address|string] =========================== Python Script --------------- import shodan import sys from sys import exit import os #import argparse try: import shodan except: print ('You need the Shodan Python module') sys.exit() ## Connect to SHODAN SHODAN_API_KEY = "YOUR_API_KEY_GOES_HERE" shodan_object = shodan.Shodan(SHODAN_API_KEY) ## Prints title, version, contact info, etc. def banner(): title = "App.py" version = "Version 1.0" contact = "me@me.com" print ("-" * 45) print (title.center(45)) print (version.center(45)) print (contact.center(45)) print ("-" * 45) # Input validation if len(sys.argv) == 1: print ('Usage: %s ' % sys.argv[0]) sys.exit(1) ## Wrap the request in a try/ except block to catch errors try: ## Show the banner banner() # Generate a query string out of the command-line arguments query = ' '.join(sys.argv[1:]) ## Setup Shodan the api and perform the search #results = shodan_object.search('apache') results = shodan_object.search(query) # Show the results. Loop through the matches and print each IP print ('Results found: %s' % results['total']) for result in results['matches']: print ('IP: %s' % result['ip_str']) print (result['data']) print ('') except (shodan.APIError, e): print ('Error: %s ' % e) #except Exception as e: # print ('Error: %s' % e) # sys.exit(1) =========================== Useful links ------------- Shodan-Python Documentation [https://media.readthedocs.org/pdf/shodan/latest/shodan.pdf] SHODAN for Penetration Testers [https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer-SHODAN.pdf] Searching Shodan For Fun And Profit [https://www.exploit-db.com/docs/33859.pdf]
-
Unfortunately, all links are not working. I would appreciate if you re-upload it. Thanks
-
liv2and@gmail.com Multumesc