German Hacker Cracks GSM Call Encryption Code

A German computer boffin has worked out a way to crack code used to encrypt most of the world's mobile Internet traffic. Karsten Nohl is going to publish a guide to prompt global operators to improve their safeguards.

Karsten Nohl and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly. Most of the UK's mobile phones use the GSM system and the breach represents a potential threat to the security of mobile phone communication.

The discovery of a way to eavesdrop so-called General Packet Radio Service (GPRS) technology allows a user to read emails and observe the Internet use of a person whose phone is hacked, said Karsten Nohl, head of Security Research Labs." With our technology we can capture GPRS data communications in a radius of 5 km," he told the paper before heading to a meeting of the Chaos Computer Club, a group that describes itself as Europe's largest hacker coalition.

Nohl, who has a doctorate in computer engineering from the University of Virginia, insisted his work was purely academic. " We have written advice from our lawyers stating that our research is within the legal realm," he said. "Obviously the data we produce could of course be used for illegitimate purposes."

His modified phone was used to test networks in Germany, Italy and other European countries. In Germany, decrypted and read data transmissions on T-Mobile, O2 Germany, Vodafone and E-Plus. This was pretty easy because the level of encryption was weak.

Nohl, makes his cash working for mobile operators who hire him to detect vulnerabilities in their systems. He said that many operators run unencrypted data networks because it allows them to more easily filter out competing, unwanted services like Skype. 

Source: http://www.thehackernews.com/2011/08/german-hacker-cracks-gsm-call.html

If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Free Shell Scripting Guide From Apple – Shell Scripting Premier

Apple has updated its free Shell Scripting Premier Guide, which is freely downloadable from Mac OS X Developer Library website.
Chapters included in the freely downloadable Shell Scripting Premier:

Available in PDF format together with zip files containing sample scripts as discussed in the book

Source: http://blog.mypapit.net/2011/08/free-shell-scripting-guide-from-apple-shell-scripting-premier.html

If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Notes on Setting Up an Android Pentest Lab

Setting Up Emulation Environment on Ubuntu (with Marketplace):

Here we are downloading and prepping a basic Ubuntu environment. We need to get Ubuntu up and running with an older version of the SDK (newer ones break proxying), the markeplace apks’s, java, and setup an Android Virtual Device:

1. Install Ubuntu
2. Download  THIS SPECIFIC SDK Version – http://www.securityaegis.com/grabz/android-sdk_r08-linux_86.tgz
3. tar -xzvf android-sdk_r08-linux_86.tgz  /home/[username]/android-sdk-linux_x86

Install Java in Ubuntu via a repository provided by lffl.org:

1. sudo add-apt-repository ppa:ferramroberto/java
2. sudo apt-get update
3. sudo apt-get install sun-java6-jre sun-java6-plugin

Download the marketplace apks: http://www.securityaegis.com/grabz/EmulationFiles.rar

1. Install rar – apt-get install rar
2. Extract marketplace apk files to /home/[username]/Desktop/android-sdk-linux_x86/platform-tools/
3. Start the AVD manager –  /home/[username]/Desktop/android-sdk-linux_x86/tools/android

!!! Important, under available packages click Android Repository BUT, once it has filled everything out with various options, do *NOT* download Android SDK Tools, revision 12. This will screw you over big time. Just download the individual android image versions you need like 1.5 or 2.2. !!!

Click Available Packages – Install Android version you want to test on, check this for version details http://en.wikipedia.org/wiki/Android_(operating_system) , note - 2.2 (Froyo) is easily rootable.

Once your AVD is running:

We need to install the apks for the android market, these are older but worked for me:

1. Cd /home/[username]/Desktop/android-sdk-linux_x86/platform-tools/
2. ./adb install GoogleServicesFramework.apk
3. ./adb install Vending.apk
4. ./adb install Gmail.apk
5. Restart the AVD
6. Start Marketplace and enter Google account

Intro to ADB (from carnal0wnage.attackresearch.com):

The android debug bridge (adb) has lots of useful features. Its documented here: http://developer.android.com/guide/developing/tools/adb.html

Getting ADB basic info:

user@dev:~/android-sdk-linux_86/platform-tools$ ./adb

Android Debug Bridge version 1.0.25

Some of the features you may want to immediately mess with are;

listing devices:

user@dev:~/android-sdk-linux_86/tools$ ./adb devices

* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
emulator-5554 device

getting an interactive shell on the emulator:

user@dev:~/android-sdk-linux_86/platform-tools$ ./adb shell

# ls
sqlite_stmt_journals
cache
sdcard
etc
system
sys
sbin
proc
init.rc
init.goldfish.rc
init
default.prop
data
root
dev

cat’ing useful stuff inside that shell:

# cat /proc/cpuinfo

Processor : ARM926EJ-S rev 5 (v5l)
BogoMIPS : 233.47
Features : swp half thumb fastmult vfp edsp java
CPU implementer : 0×41
CPU architecture: 5TEJ
CPU variant : 0×0
CPU part : 0×926
CPU revision : 5
Cache type : write-through
Cache clean : not required
Cache lockdown : not supported
Cache format : Harvard
I size : 4096
I assoc : 4
I line length : 32
I sets : 32
D size : 65536
D assoc : 4
D line length : 32
D sets : 512

Hardware : Goldfish
Revision : 0000
Serial : 0000000000000000

and probably pulling things off the file system so you can reverse them:

user@dev:~$/android-sdk-linux_86/platform-tools$ ./adb pull /data/app/com.joelapenna.foursquared.apk com.joelapenna.foursquared.apk

2441 KB/s (625416 bytes in 0.250s)

Also installing apk’s from the customer (make sure they are in the /android-sdk-linux_86/platform-tools folder ):

user@dev:~/android-sdk-linux_86/platform-tools$ ./adb install Gmail.apk

Installing Sniffers:

Wireshark:

1. sudo apt-get install wireshark
2. run wireshark on eth0

Burp:

1. Download BurpSuite – http://portswigger.net/burp/downloadfree.html
2. Extract burpsuite_v1.4.jar  to desktop
3. Start BurpSuite :
4. user@dev:~$ java -jar -Xmx1g burpsuite_v1.4.jar
5. Change its proxy from Listen on loopback interface only to Support invisible proxy for non-aware clients

Now start the AVD with the following flags.  Use the following as it’s http proxy server:

1. from your android-sdk-linux_x86/tools directory:
2. ./emulator  –avd [YOUR AVD NAME] –http-proxy http://127.0.0.1:8080

What if you get your APK’s shipped to you on a phone or you got the app through the market?

Use astro file manager to backup the apks for decompilation:

1. Start Astro File Manager
2. Click menu, then tools
3. Then application manager/Backup
4. Check you app, then click menu and backup
5. Now its on you SD card, pug in your android as a usb device and grab it for decompilation.

Decompilation:

Android packages (“.apk” files) are actually simply ZIP files. They contain the AndroidManifest.xml, classes.dex, resources.arsc, among other components.

1. Download apktool1.4.1.tar.bz2 and apktool-install-linux-r04-brut1.tar.bz2 from:
2. http://code.google.com/p/android-apktool/downloads/list
3. Extract to /usr/local/bin
4. In the directory you have you apk in run:
5. Apktool d {YOUR APK NAME}
6. It will output a folder with decompiled java like source, dalvik.

Enumerating SQLITE3 (from Foundstone Guide):

From the ADB shell you can also run the sqlite3 command line program to query databases created by Android applications and stored in the device memory. These also may reveal sensitive information such as passwords or PINs hashed or stored in clear text. Such databases are stored with a “.db” file extension.

1. Navigate to /data/data/<application>/databases/<nameofthedatabase>.db
2. Execute the .table command to list all the tables and .schema <tablename> to list the structure of the table.
3. You can also execute SQL commands like select * from shortcuts;

Download and Install Moshzuk for poking:

http://imthezuk.blogspot.com/2011/07/creating-vulnerable-android-application.html

Contains the following vulnerabilities:

1. Stack Overflow
2. Heap Overflow
3. SQL Injection
4. Command Injection
5. Format Strings
6. Double Free
7. Directory Traversal
8. Race Condition
9. Hardcoded Passwords
10. Bad code habits
11. Overblown permissions
12. Bad file permissions

Source: http://www.securityaegis.com/notes-on-setting-up-an-android-pentest-lab/

If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Multiple vulnerabilities in Symantec Endpoint Protection Manager

Multiple vulnerabilities have been discovered in Symantec Endpoint Protection Manager, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks, according to Secunia.
1. Input appended to the URL after /console/apps/sepm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2. Input passed via the "token" parameter to portal/Help.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3. The portal application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an administrative user by tricking a logged in administrator into visiting a malicious web site.

The vulnerabilities are confirmed in version 11.0.6 Maintenance Patch 2 (11.0.6200.754). Other versions may also be affected.

Solution: Update to version 11.0.7000 RU7.  

Source : http://www.net-security.org/secworld.php?id=11433

If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Remote Access with Your Android Device

If you want to see the full article and picture of program, please go to the Source. 

While mobile devices go a long way to keeping you connected, sometimes you just need to access your PC at home. Let’s take a look at the best Android apps that help you stay connected to your home network.
Whether you forgot a file or you need to make sure your computer is staying on task, having remote access from your Android device is real time-saver. You can use any of the following apps to stay connected from anywhere and get done whatever it is you need to get done.

Remote Desktop/VNC

For remote access to your computer computer, there are two excellent free options. The first is Android-VNC-Viewer, which handles VNC only. It works with most major VNC servers, including TightVNC and Apple’s built-in implementation. You add your connection settings and you’re good to go!
Hitting the Menu button brings up some extra options, such as the ability to send special keys.

You can create lists of special keys for your convenience, too, and you can add practically anything to them. The list is truly comprehensive.


If you’re looking for RDP, the best client I’ve found is Wyse’s Pocketcloud. It’s an amazing little app that handles RDP really well, and also works with VNC! There are no mouse problems like Android-VNC-Viewer’s, and there’s a nice touchpad setting that also comes up with circular quick menu. (If you’re looking to access your Android phone via VNC from your desktop, then you should look at Droid VNC Server beta.)

SSH

Who doesn’t love instant, secure command-line access? I can’t tell you how many times I’ve used SSH to move things into my Dropbox folder that weren’t there, saving the day for multiple people. Connectbot is the hands-down winner, not only because it’s free but because it offers some nice features.

Aside from doing an excellent job of managing your SSH connections and keys, it also does a decent job of trying to mimic special keys like Ctrl and Alt. Here’s a screenshot of the first tutorial page:


It works better than most other SSH clients I’ve used on Android. But with the next tip, using Connectbot is heavenly.

CTRL, ALT, Tab, and the F keys

One of the largest problems with using SSH and VNC is that you don’t have clear-cut access to the Ctrl, Alt, Escape, Tab and function keys that are necessary for speedy shortcuts. Lots of clients on your Android device will offer you software buttons to fill in this functionality but they usually feel clumsy when you’re busy typing away. Enter Hacker’s Keyboard.
That’s right, you get full access to everything you need, and then some. By default, you get a standard looking keyboard, but you can enable an advanced 5-row keyboard like in the above screenshot. There’s a different layout for the landscape keyboard that gives you proper access to all of the keys you need, too.
In the keyboard’s preferences, you can adjust things like keyboard height (individually for portrait and landscape), enable the comprehensive 5-row keyboard, change scaling, and there’s a compatibility option for ConnectBot, too.


To be honest, there’s really nothing else that comes close to providing this functionality on Android, and to top it off, it’s free.

File Synching and Access

If you need access to any of your home files and Dropbox doesn’t cut it, then you should check out BotSync SSH SFTP. BotSync works a lot like Dropbox with your personal SSH/SFTP server at home.


You specify a folder on your Android device and one on your remote server. Then, you can tell it whether it should upload files or download files between the two directories. In the above screenshot, I have it configured to work inside of my network, but you can have it work from outside of your network, too, using a DDNS service. And, for quick file transfers inside of your network with minimal setup, you can check out OnAir.

Miscellaneous

Valence is a beta app that lets you take control of your home theater PC. Sometimes you don’t want a wireless keyboard and mouse cluttering your living room. If you have an Android phone or tablet, you can use Valence to give you a keyboard and touchpad for your awesome HTPC. Combined with Hacker’s keyboard and the built-in options, You won’t really need anything else.


Sometimes you worry about privacy. If you have access to an SSH server, SSH Tunnel gives you a way to stay secure. Here’s a quick peak at some of the options it has.

Source: http://www.howtogeek.com/70266/the-htg-guide-to-remote-access-with-your-android-device/

If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

SpyEye 1.3.45 Download - Loader source code was release

A new fresh and sophisticated web-based bot named SpyEye is around in the markets and looks like to be the possible successor of the famous Zeus Trojan due to its very interesting features, with the main objective to steal bank accounts, credit cards, ftp accounts and other sensitive data from the victim’s computer.SpyEye was written in C++ and the size of the compiled binary is of 60 KB, the operating systems supported are from Windows 2000 to the recent Windows 7, it works in ring3 mode (same as Zeus Trojan). It is sold as undetected from most Antivirus Software and it is invisible from the task managers and other user-mode applications, it hides the files from the regular explorer searches and it hides also its registry keys.


Snorre Fagerland, Senior Virus Analyst at Norman, briefly explains what the SpyEye online banking trojan is and what you need to be on the lookout for when banking online.


SpyEye is actually sold by its author at a price of approximately 500 $ USD for a base bundle, it is cheaper than the price of Zeus Trojan that is sold for more than 1,000 $ USD, but it looks like to have all the requirements, if not more, of the famous Zeus Trojan.


If you want to download another link, please go to the Source.
Download Link: http://www.wupload.com/file/88707618/SpyEye_1.3.45_Loader.rar 

 Source: http://www.thehackernews.com/2011/08/spyeye-1345-download-loader-source-code.html

If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Languagesen>th GoogleCE

แหล่ง

SQL Injection Pocket Reference

If you want to learn about "SQL Injection", this source will be your first step and your reference.

Source: https://docs.google.com/Doc?docid=0AZNlBave77hiZGNjanptbV84Z25yaHJmMjk

If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Slide and Paper Of DefCon#19

If you want to download slide and paper from DefCon#19. You can download from the link [http://good.net/dl/k4r3lj/DEFCON19/].

Or You can download all of it in one link here:  http://www.wupload.com/file/90488577/DefCon19.rar

** Update Link DefCon#19 ISO and Files : http://www.reddit.com/tb/jfqhj 





If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00