Monthly Archives: April 2014

Has anything changed for best yet?

20140426-124940.jpg

For over a month now, tens of thousands of Venezuelans have taken to the streets in protest.

These students were standing for basic human freedoms and engaging in the right to protest, which is a sacred right whether in Boston, Belarus, or Venezuela. The government of Venezuela responded with heavy-handed repression. Within two weeks Leopoldo Lopez, the leader of the opposition party, Voluntad Popular, called for nationwide peaceful demonstrations to address the problems facing the country. These problems include chronic food shortages, the highest inflation in the world and ongoing censorship of the media. Even the Oscars were not allowed to be broadcast – for the first time in Venezuelan history.

More than 1,400 students were arrested, there are more than 40 confirmed cases of torture and Leopoldo Lopez still sits in a Venezuelan military prison. He has urged the students to exercise their legal rights to peaceful protest and free speech and he repeatedly emphasized they must do so without violence. President Maduro has blamed Lopez for the violence that has beset the country and ordered his arrest on charges of murder, arson and terrorism. To date, the government has presented no evidence of the charges against him and their legal case is falling apart.

Amnesty International said the charges against Lopez recall “politically motivated attempts to silence dissent.” Human Rights Watch says “the Venezuelan government has openly embraced the classic tactics of an authoritarian regime: jailing its opponents, muzzling the media and intimidating civil society.”


Beware of unflod virus on jailbroken devices!!!

20140421-221138.jpg

Users on a jailbreak subreddit have discovered a new kind of malicious software on iOS phones. The malware, which comes as a library called unfold.dylib, was uncovered after a Reddit user complained of crashes in Google Hangout and Snapchat.
The threat, which has been nicknamed “unflod baby panda,” is rumored to be of Chinese origin. There are several factors that support this theory. According to German mobile security firm SektionEins, the infection is digitally signed with an iPhone developer certificate under the name Wang Xin. Also, the malware, which steals the Apple ID and password of users, sends the information in plain text to 23.88.10.4, which appears to be a Chinese website from the error message it displays. However, these could all be fake. SektionEins even raised the possibility of certificate theft. So for now, no one knows where the malware came from and how it got into iOS devices.
Continue reading


Jailbreak iOS 7.1: Everything I know

20140418-143017.jpg

There is currently no tool available that allows users to jailbreak iOS 7.1. Apple has patched several vulnerabilities in iOS 7.1, which has killed the evasi0n7 jailbreak, which allowed users to jailbreak iOS 7 – iOS 7.0.6.
Though hackers have demonstrated a jailbreak for iOS 7.1 on iPhone 4S and iPhone 4, it seems unlikely that they will release a jailbreak anytime soon. evad3rs, hackers behind the evasi0n7 jailbreak have said that they don’t plan to work on a jailbreak for iOS 7.1.
Please note that any site claiming to have a jailbreak for iOS 7.1 is a scam, so stay clear from such sites. If there is a jailbreak for iOS 7.1, it will be available for free, so beware!


Hacking with mobile devices PART IV (FINAL)

20140415-175740.jpg

DATA SMUGGliNG

Collecting data at a remote site requires that we remove it somehow – if we have a continuous connection, such as a reverse shell, then we can collect the data real time. However, if we deposit our mobile device with the intention of concealing it for an extended period of time, then we need to worry about a few issues as follows:
1. Preventing discovery of our collected data while on-site
2. Providing concealment during the duration of the event
3. Extracting the data safely

Encryption

If we use mobile devices to collect and transmit data, we should be selective in our choices of devices and ensure that they are capable of encrypting any data at rest or in motion. Earlier models of most mobile devices are incapable of full disk encryption, which puts the device and us at risk if discovered and forensically examined; we, therefore, need to look for devices that will allow us to keep our
activities secret or provide a mechanism for covering our tracks if discovered.

Data at Rest

The newer mobile devices claim to provide something similar to full disk encryption. Although the ability of these devices to be able to protect data against forensic analysis is questionable, the devices are getting better at addressing the security of data at rest. We can do a few additional tasks to encrypt data at rest on our mobile devices to increase our comfort level about our hacking data.
Naturally, we cannot encrypt scripts that we need to run during our collection or attack phases; however, once we have collected the data, we can encrypt the data using strong passwords. The program gpg is one method of securing a file through symmetric encryption. It is possible to encrypt a file with the GNU Privacy Guard (GNU PG) application, which can be installed on a jailbroken iPod touch.
Continue reading


Tools Installed on iPod Touch Through Cydia for Hacking

20140410-140014.jpg

adv-cmds
Base structure
Core utilities Darwin tools
Diff utilities
Find utilities
GNU cryptography
Grep
iPhone Firmware Libnet
Libxslt
mDNSResponder
APT Berkeley DB
csu
Debian packager diskdev-cmds Gawk
GNU debugger
gzip
less
libpcap
Link identity editor
Metasploit
AutomaticSSH
Bourne again shell
Cydia installer Dev-Team dns2tcp gettext
GNU privacy guard
iBrowser libffi libutil Lynx
Mobile substrate
Backgrounder bzip2
Darwin CC Tools developer-cmds Docs
GNU C Compiler GNU PG errors
inetutils libgcc libxml2 Make
nano

Continue reading


Hacking with mobile devices PART III

20140409-133806.jpg

Web Hacking

Although we cannot get more robust applications loaded onto the iPod touch, such as Core IMPACT or HP WebInspect, there are still some good applications available. For example Nikto open-source (GPL) Web server scanner version information; Nikto is a Perl application available for download at http://cirt .net/nikto2.
Ranked #12 of the top 100 network security tools by Insecure.org, Nikto will scan a server for configuration files, cgi applications, outdated version information, and a multitude of other bits of data that can be useful in a penetration test. Although most of the work done by Nikto focuses on information gathering, it does a pretty good job of identifying potential vulnerabilities when found.

Wireless Attacks

Unfortunately, the iPod touch’s wireless chip cannot be placed into promiscuous or monitor mode, meaning we cannot obtain wireless data necessary to conduct brute force attacks against wireless access points using encryption. There are other mobile devices that can be set for promiscuous or monitor mode, so if a brute force attack is an absolute necessity, there are options available. However, there is an application that can intercept traffic on a wireless network called “Pirni,” written by Axel Moller also available through Cydia.
The program is configured to intercept all traffic intended for the default router (192.168.1.1 in this particular network) through ARP spoofing. Based on the Berkley Packet Filter (BPF) values, the only traffic that will be collected is TCP segments leaving the network, destined for port 80. The BPF can be modified to capture whatever type of traffic we are after. The Regex Options are used to immediately capture interesting packets, such as usernames and passwords.
Continue reading


Hacking with mobile devices PART II

20140408-185020.jpg

Vulnerability Identification

There are numerous commercial tools available to a professional penetration tester who conducts vulnerability identification analysis – unfortunately, none have been ported to the iPod touch.
The Nmap application has the ability to use scripts that interpret the Nmap findings and attempt to identify vulnerability; however, the development of Nmap as a vulnerability scanning application does not have the support that other programs do, like Nessus or Core IMPACT (to name a couple).
Perhaps a better alternative is to use the iPod touch as a pivot for more robust vulnerability scanners.

I would say that the use of the iPod touch as a platform to conduct a pivot attack seems to be the best option for conducting a vulnerability identification scan than trying to use Nmap or do the identification manually.

Vulnerability Exploitation

We can use an agent deployed on the iPod touch to conduct vulnerability exploita- tion, similar to the way an agent can be used to perform vulnerability identification. Again, Core IMPACT would be a good choice for such an attack. However, there is an application framework that can perform vulnerability exploitation, which can be installed using Cydia – the Metasploit 3.0
Similar to the traditional application installed on laptops or desktops, the Metasploit application can be run from the command line from the iPhone touch where we can launch exploits against servers with greater certainty of stability and accuracy.
Continue reading


Hacking with mobile devices PART I

20140407-120547.jpg

To understand the true capabilities of idevices, let us look at some of the different stages conducted during a professional penetration test and see how we can use mobile devices in each stage. Although availability of tools will vary with each
mobile device, we will examine those tools available to the iPod touch.

Information Gathering

To gather information about a target network, we can use functionality already built into most mobile devices. An Internet Web browser is a natural starting tool to gather information on corporations, employees, and networks. However, a browser can only give us so much information – additional tools we can install include Nmap and Telnet, which allows us to scan a target system or network and connect with discovered systems.

The advantage of using a repository like Cydia is that the program has already been compiled and can be installed on the iPod touch with no more than a click of a button. In fact, the number of applications available for the iPod touch through the Cydia repository are so numerous that very few hacker applications need to be compiled separately – the work has almost been entirely done for us.
Continue reading


Hacking with mobile devices an INTRODUCTION

20140404-125008.jpg

Mobile Devices
Mobile phones and personal data assistant (PDA) appliances used to be limited in their functionality; however, today there are wireless devices that operate using advanced operating systems and support applications that are incredibly useful for conducting clandestine activities. As an example, Apple’s iPod touch runs on the UNIX-Darwin kernel, which is open source,2 POSIX compliant, and single UNIX specification version 3 (SUSv3) compliant. Because of this, advanced hacker appli- cations can be built and installed onto the device, making the iPod touch a powerful hacking platform.

Regardless, there are some interesting trends that we can examine and use to our advantage.
The first trend is the use of open-source operating systems. As already mentioned, the iPod touch and the iPhone, both products of Apple Inc., uses the Darwin operating system. Additional proprietary applications, including graphic interface software, have been added to these portable devices; however, the core system is undeniably UNIX based.
The second trend is the increase in computing power and memory. Although the iPod touch does not have the processing capabilities of desktops or even laptops, they are quite capable of processing large amounts of data rapidly. As a benchmark test, the iPod touch (first generation) was able to process 577 MD5 hashes per second using the password cracking tool “John the Ripper.” In comparison, the MacBook Pro with a 2.8GHz Intel Core Duo processor was able to process 7674 per second. Although about one-twelfth the capability of the MacBook Pro, the iPod touch results are still impressive for what many consider as simply a fancy MP3 player.
The method of obtaining applications needed for penetration testing or covert audio and video communication will vary, depending on the mobile platform. In the case of the Droid and Palm Pre, access to the underlying operating system is avail- able by design. However, in the case of the iPod touch, access to the operating system can only be achieved by “jailbreaking” the phone, which circumvents protection mechanisms installed by Apple.
The actual method of jailbreaking varies, depending on the generation of the iPod touch and the version of the installed software (HOW TO jailbreak is explained in another post -same hack section). Once jailbroken, we can place applications on our device through different repositories – the most notable is called “Cydia.” More information on Cydia can be found at http://cydia.saurik.com/.
Continue reading


Is Venezuela finally waking up? Here is a review

20140403-115813.jpg

One goes to Caracas and picks up so many stories, that when you return you don’t know where to start. But I thought I would lead up with the story of the students in front of the United Nations office in Caracas. In some sense it encompasses a number of stories of what is going on in Caracas in the protest movement an its relationship with the Maduro Government.

Essentially, a bunch of students (or not) have set up camp in front of the United Nations office which is in Avenida Francisco de Miranda in Los Palos Grandes. I may not like the #SOSVenezuela hashtag, but, as you can see in the picture above, they have focused on what the hell is the UN doing, or not, in Venezuela. But their reality, their plan is a bit more complicated than that.

The first day, the students set up maybe a couple of rows of tents. But, as you can see in the picture above, by now they are up to four rows and growing.

It is very colorful as the picture below shows, but this is more than just a spur of the moment plan.

When you first talk to them,there are a number of surprises. First, they are not all from Caracas. Second, they are not middle class. Finally, they are not all students, as many of them are part of radical, left wing groups 8yes!, real left wing not imitation Chavistas!) which oppose the Government. So, for fools that claim that these protests are somehow motivated by the US, driven my middle class students, please come down and talk to them. You will be surprised, really surprised.

The second interesting aspect, is that the UN is just a way of focusing on something. They know that the UN will do not much more than make a statement or two. But they also know, that where they are, they should be safe, they are close to Altamira where they can go protest every night and in a location where the protests can grow, as they have grown in the last week.

But more importantly, they think that Maduro is playing a game of patience. They believe Maduro wants the students to get tired, wear out the opposition with repression and nightly fights, which, much like in 2002 in Plaza Altamira, will lead to the students or the opposition getting tired and giving up.

But they have no plans of giving up.

Their plan is to grow the camp, as long as it is livable. To make their presence a nuisance, but one that gets the approval of the neighbors. But it has to be livable and sustainable. They have received donations, they have a couple of Porta Toilets, they cook for everyone, they organize protests. But more importantly, they rotate. The tents may have someone’s name on it, or State, but the truth is that they alternate. Each person has someone to occupy their place. The idea is to outlast the Government, to out-tire the National Guard or the Bolivarian Police. After all, nobody can say they are violent (even if they go help in Altamira) but if the Government were to decide to move them out, repress them, it would be the Government that would look bad.
Continue reading


%d bloggers like this: