Thursday, October 16, 2014

VULNERABLE : Poodle SSLv3 Vulnerability

What is Poodle Vulnerability?

Google researchers have discovered a security vulnerability in SSL 3.0 that allows attackers to decrypt encrypted website connections. The details is in here.

However, some security experts disagree that the bug is particularly serious and they think that it only affect the public wifi.

How to exploit it?

Daniel Fox Franke wrote in his blog to explain how to exploit the vulnerability.

How to test the browsers vulnerability?

Qualys provides a tester online for the browsers testing. Or, you can try another tester online.

How to fix the browsers vulnerability?

There is a tutorial to show you how to fix them.

How to fix the common servers vulnerability?

There is a tutorial to show to you how to fix the vulnerability on common servers.

That's all! See you.

Thursday, October 02, 2014

HOWTO : CUDA with Kali Linux 1.0.9

Hardware

CPU : Intel i7-3930K
RAM : 32GB DDR3
Hard Drive : 3TB
Display Card : Two nVidia GeForce GTX 590

Install Kali

Install Kali Linux 1.0.9 on the box as usual. Make sure "secure boot" is disabled in your BIOS before installing. After that, you update the Kali accordingly.

apt-get update
apt-get dist-upgrade


Install nVidia Driver

apt-get install -y linux-headers-$(uname -r)
apt-get install nvidia-kernel-dkms nvidia-cuda-toolkit nvidia-xconfig

nvidia-xconfig

sed 's/quiet/quiet nouveau.modeset=0/g' -i /etc/default/grub
update-grub
reboot


Fix the nvidia_uvm error

After the reboot :

cd /usr/src/nvidia-current-331.67
make

cp Module.symvers uvm/
make -C uvm

cp uvm/nvidia-uvm.ko /lib/modules/`uname -r`/updates/dkms


Install cudaHashcat

mkdir hacking
cd hacking

wget http://hashcat.net/files/cudaHashcat-1.30.7z

7za x cudaHashcat-1.30.7z


Test the cudaHashcat

cd /root/hacking/cudaHashcat-1.30/
./cudaExample0.sh

cd /root/hacking/cudaHashcat-1.30/
./cudaExample400.sh

cd /root/hacking/cudaHashcat-1.30/
./cudaExample500.sh


Install John the Ripper

apt-get install libssl-dev

cd hacking

wget http://www.openwall.com/john/g/john-1.7.9-jumbo-7.tar.gz
tar -xvzf john-1.7.9-jumbo-7.tar.gz
cd john-1.7.9-jumbo-7/src

make
make clean linux-x86-64-cuda


** If your hashes or passwords are longer than 8 characters, you need to change the following before compiling the John.

cd john-1.7.9-jumbo-7/src
nano params.h


Then change from "8" to "18" or "20" and etc.

#define CHARSET_LENGTH 8

Test the John the Ripper

cd /root/hacking/john-1.7.9-jumbo-7/run

./john --device=0,1,2,3 --format=sha512crypt-cuda /etc/shadow


* since I have 4 GPUs, so the --device should be 4.

*** When you changed the CHARSET_LENGTH, you need to generate a new charset. Do it once only.

wget http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2
bunzip2 -d rockyou.txt.bz2
cp rockyou.txt /root/hacking/john-1.7.9-jumbo-7/run

cd /root/hacking/john-1.7.9-jumbo-7/run

cat rockyou.txt | sed 's/^/:/' > rockyou.pot

mv all.chr all.chr-original
mv alnum.chr alnum.chr-original
mv alpha.chr alpha.chr-original
mv digits.chr digits.chr-original
mv lanman.chr lanman.chr-original

./john --pot=rockyou.pot --make-charset=all.chr
./john --pot=rockyou.pot --make-charset=alnum.chr --external=filter_alnum
./john --pot=rockyou.pot --make-charset=alpha.chr --external=filter_alpha
./john --pot=rockyou.pot --make-charset=digits.chr --external=filter_digits
./john --pot=rockyou.pot --make-charset=lanman.chr --external=filter_lanman


Then your cracking command will be :

./john --pot=rockyou.pot --device=0,1,2,3 --format=sha512crypt-cuda /etc/shadow

Install and Test Cryptohaze

cd hacking
wget http://sourceforge.net/projects/cryptohaze/files/Cryptohaze-Linux_x64_1_31a.tar.bz2/download -O Cryptohaze-Linux_x64_1_31a.tar.bz2

tar xjvf Cryptohaze-Linux_x64_1_31a.tar.bz2

cd /root/hacking/Cryptohaze-Linux
./Cryptohaze-Multiforcer -h NTLM -c charsets/charsetall -f test_hashes/Hashes-NTLM-Full.txt


That's all! See you.

Wednesday, October 01, 2014

HOWTO : Uninstall a specific software/package in Kali Linux 1.0.9

Since I need to run Ollydbg for a while, I then installed Wine in Kali Linux. When I no longer require Ollydbg, I would like to uninstall Wine. However, there are a lot of dependencies for the Wine. When you uninstall Wine with the following command, you will uninstall a lot of software or packages that may be useful for you, such as Gnome.

apt-get --purge remove wine

A more safety way to uninstall Wine should be as the following :

dpkg --remove --force-depends wine-bin
dpkg --remove --force-depends wine


That's all! See you.

Sunday, September 28, 2014

Rise of the Hackers



That's all! See you.

Kali Linux Nexus NetHunter

The official site is here. The setup guide is here.


Kali Linux NetHunter HID Attack from Offensive Security on Vimeo.

A quick demonstration of the Kali Linux NetHunter HID attack (Teensy like), by Offensive Security.



Kali Linux NetHunter "Bad USB" MITM Attack from Offensive Security on Vimeo.

The Kali Linux NetHunter implementation of the "Bad USB" MITM attack as demonstrated by the guys from srlabs.de at BlackHat 2014.




That's all! See you.

Thursday, September 04, 2014

REVIEW : ZOTAC ZBOX C1320 Nano Plus

I am going to test ZOTAC ZBOX C1320 Nano Plus with Kali Linux 1.0.9 64bit.

CPU : Intel Celeron N2930 (Quad-core, 1.83GHz, up to 2.16GHz)
GPU : Intel HD Graphic
RAM : 1 x DDR3L-1333 SO-DIMM (2GB Included)
HDD : 1 x 2.5-inch SATA 3.0Gb/s (64GB SSD Included)
Ethernet : Realtek Gigabit LAN
Wireless : IEEE802.11ac Intel Wifi
Bluetooth : 4.0
Remarks : 1 x SD/SDHC/SDXC Card Reader, 1 x HDMI, 1 x DisplayPort, 1 x eSATA, 4 x USB 3.0, 2 x USB 2.0

You can select UEFI or BIOS when doing setup. You also can disable the Secure Boot.

It is no problem to boot up Kali Linux 1.0.9 64bit. However, the wifi is partially working. It detects the signal but cannot work. The bluetooth is malfunction too. 1080p MKV video cannot be played on default Kali Linux install. The CPU has no Hyper-Threading feature. However, this box can use standard DDR3 RAM up to 8GB. You are not required to use DDR3L RAM. Meanwhile, the sound card is quite good.

This box is working very well with VMWare Workstation 10.x (64-bit). The 64bit guest virtual machine is working properly.

The power consumption is between 13W and 20W.

I recommend this box as its low power consumption with high performance.

Update :

HD video playback with the following drivers. However, the chipset is too new and it cannot be loaded properly :

sudo apt-get install i965-va-driver libva-intel-vaapi-driver vainfo

That's all! See you.

Tuesday, August 19, 2014

HOWTO : SQLMap for Cloudflare protected sites

When you suspect your target site is vulnerable to SQLi and you find out that it is protected by Cloudflare, you can still to launch SQLMap against the target.

First of all, you need to make sure the target site is protected by Cloudflare, you can add "--identify-waf" or "--check-waf" to confirm. However, do not set "--thread=" larger than 1 as the target will give you "403 Forbidden" error. Once you get the "403 error", your IP address is banned. Therefore, you are required to consider to use proxy servers or TOR to access the target.

Secondary, you need to add "--tamper='between,randomcase,space2comment'" and "-v 3", if the target is confirmed being protected by Cloudflare. You may also consider to add "--random-agent" and "--tor" when necessary.

Finally, do not use Kali Linux provided SQLMap scripts as it has no "WAF" scripts pre-installed. You are better to download the latest version of SQLMap from the official site.

git clone https://github.com/sqlmapproject/sqlmap.git

This hint can be applied to other WAFs, IDSs and IPSs, such as mod_security or other Cloudflare like service providers.

For example :

python sqlmap.py -u "https://www.cloudflare.com/" --check-waf --tamper="between,randomcase,space2comment" -v 3 --random-agent --tor

That's all! See you.

Friday, July 18, 2014

Defense your Network and Servers

Intruders will conduct reconnaissance on your network and servers before performing the attack. After that, intruders will perform the attack based on the information in hand.

In my opinion, the best way to defense your network and servers from being attacked is to interfere with the intruders' reconnaissance. When intruders cannot get any valuable information, they cannot perform the attack properly.

Most of the intruders use automatic tools, such as vulnerability scanners, to perform the reconnaissance and they seldom do it manually as it is harder for them especially for web applications. However, a small portion of advanced intruders may do it manually.

Hiawatha, a secure and advanced web server, can be configured to block vulnerability scanners from scanning the web server. Since the vulnerability scanners do not work properly, intruders cannot get any valuable information on the web server in order to launch an attack.

Suricata, a high performance network IDS, IPS and network security monitoring engine, used with Emerging Threats rules can be configured to drop the packet of the vulnerability scanners from scanning.

Web Application Firewall (WAF) and Intrusion Detection/Prevention System (IDS/IPS) as well as firewall can be bypassed by some of the advanced intruders. Therefore, blocking the vulnerability scanners is one of the good ways to defense your network and server from being attacked.

That's all! See you.

Tuesday, July 15, 2014