Monday, August 31, 2020

CEH: Fundamentals Of Social Engineering


Social engineering is a nontechnical method of breaking into a system or network. It's the process of deceiving users of a system and convincing them to perform acts useful to the hacker, such as giving out information that can be used to defeat or bypass security mechanisms. Social engineering is important to understand because hackers can use it to attack the human element of a system and circumvent technical security measures. This method can be used to gather information before or during an attack.

A social engineer commonly uses the telephone or Internet to trick people into revealing sensitive information or to get them to do something that is against the security policies of the organization. By this method, social engineers exploit the natural tendency of a person to trust their word, rather than exploiting computer security holes. It's generally agreed that users are the weak link in security; this principle is what makes social engineering possible.

The most dangerous part of social engineering is that companies with authentication processes, firewalls, virtual private networks, and network monitoring software are still wide open to attacks, because social engineering doesn't assault the security measures directly. Instead, a social-engineering attack bypasses the security measures and goes after the human element in an organization.

Types of Social Engineering-Attacks

There are two types of Social Engineering attacks

Human-Based 

Human-based social engineering refers to person-to-person interaction to retrieve the desired information. An example is calling the help desk and trying to find out a password.

Computer-Based 

​Computer-based social engineering refers to having computer software that attempts to retrieve the desired information. An example is sending a user an email and asking them to reenter a password in a web page to confirm it. This social-engineering attack is also known as phishing.

Human-Based Social Engineering

Human-Based further categorized as follow:

Impersonating an Employee or Valid User

In this type of social-engineering attack, the hacker pretends to be an employee or valid user on the system. A hacker can gain physical access by pretending to be a janitor, employee, or contractor. Once inside the facility, the hacker gathers information from trashcans, desktops, or computer systems.

Posing as an Important User

In this type of attack, the hacker pretends to be an important user such as an executive or high-level manager who needs immediate assistance to gain access to a computer system or files. The hacker uses intimidation so that a lower-level employee such as a help desk worker will assist them in gaining access to the system. Most low-level employees won't question someone who appears to be in a position of authority.

Using a Third Person

Using the third-person approach, a hacker pretends to have permission from an authorized source to use a system. This attack is especially effective if the supposed authorized source is on vacation or can't be contacted for verification.

Calling Technical Support

Calling tech support for assistance is a classic social-engineering technique. Help desk and technical support personnel are trained to help users, which makes them good prey for social-engineering attacks.

Shoulder Surfing 

Shoulder surfing is a technique of gathering passwords by watching over a person's shoulder while they log in to the system. A hacker can watch a valid user log in and then use that password to gain access to the system.

Dumpster Diving

Dumpster diving involves looking in the trash for information written on pieces of paper or computer printouts. The hacker can often find passwords, filenames, or other pieces of confidential information.

Computer-Based Social Engineering

Computer-based social-engineering attacks can include the following:
  • Email attachments
  • Fake websites
  • Pop-up windows


Insider Attacks

If a hacker can't find any other way to hack an organization, the next best option is to infiltrate the organization by getting hired as an employee or finding a disgruntled employee to assist in the attack. Insider attacks can be powerful because employees have physical access and are able to move freely about the organization. An example might be someone posing as a delivery person by wearing a uniform and gaining access to a delivery room or loading dock. Another possibility is someone posing as a member of the cleaning crew who has access to the inside of the building and is usually able to move about the offices. As a last resort, a hacker might bribe or otherwise coerce an employee to participate in the attack by providing information such as passwords.

Identity Theft

A hacker can pose as an employee or steal the employee's identity to perpetrate an attack. Information gathered in dumpster diving or shoulder surfing in combination with creating fake ID badges can gain the hacker entry into an organization. Creating a persona that can enter the building unchallenged is the goal of identity theft.

Phishing Attacks

Phishing involves sending an email, usually posing as a bank, credit card company, or other financial organization. The email requests that the recipient confirm banking information or reset passwords or PINs. The user clicks the link in the email and is redirected to a fake website. The hacker is then able to capture this information and use it for financial gain or to perpetrate other attacks. Emails that claim the senders have a great amount of money but need your help getting it out of the country are examples of phishing attacks. These attacks prey on the common person and are aimed at getting them to provide bank account access codes or other confidential information to the hacker.

Online Scams

Some websites that make free offers or other special deals can lure a victim to enter a username and password that may be the same as those they use to access their work system.
The hacker can use this valid username and password once the user enters the information in the website form. Mail attachments can be used to send malicious code to a victim's system, which could automatically execute something like a software keylogger to capture passwords. Viruses, Trojans, and worms can be included in cleverly crafted emails to entice a victim to open the attachment. Mail attachments are considered a computer-based social-engineering attack.Related articles

Sunday, August 30, 2020

APT Hackers Exploit Autodesk 3D Max Software For Industrial Espionage

It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information. Bitdefender's Cyber Threat Intelligence Lab discovered yet another instance of an espionage attack targeting an unnamed international

via The Hacker News
Related word

Airba.sh - A POSIX-compliant, Fully Automated WPA PSK Handshake Capture Script Aimed At Penetration Testing



Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP). Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng. If one or more handshakes are captured, they are entered into an SQLite3 database, along with the time of capture and current GPS data (if properly configured).
After capture, the database can be tested for vulnerable router models using crackdefault.sh. It will search for entries that match the implemented modules, which currently include algorithms to compute default keys for Speedport 500-700 series, Thomson/SpeedTouch and UPC 7 digits (UPC1234567) routers.

Requirements
WiFi interface in monitor mode aircrack-ng SQLite3 openssl for compilation of modules (optional) wlanhc2hcx from hcxtools
In order to log GPS coordinates of handshakes, configure your coordinate logging software to log to .loc/*.txt (the filename can be chosen as desired). Airbash will always use the output of cat "$path$loc"*.txt 2>/dev/null | awk 'NR==0; END{print}', which equals to reading all .txt files in .loc/ and picking the second line. The reason for this way of implementation is the functionality of GPSLogger, which was used on the development device.

Calculating default keys
After capturing a new handshake, the database can be queried for vulnerable router models. If a module applies, the default keys for this router series are calculated and used as input for aircrack-ng to try and recover the passphrase.

Compiling Modules
The modules for calculating Thomson/SpeedTouch and UPC1234567 (7 random digits) default keys are included in src/
Credits for the code go to the authors Kevin Devine and [peter@haxx.in].
On Linux:
gcc -fomit-frame-pointer -O3 -funroll-all-loops -o modules/st modules/stkeys.c -lcrypto
gcc -O2 -o modules/upckeys modules/upc_keys.c -lcrypto
If on Android, you may need to copy the binaries to /system/xbin/ or to another directory where binary execution is allowed.

Usage
Running install.sh will create the database, prepare the folder structure and create shortlinks to both scripts which can be moved to a directory that is on $PATH to allow execution from any location.
After installation, you may need to manually adjust INTERFACE on line 46 in airba.sh. This will later be determined automatically, but for now the default is set to wlan0, to allow out of the box compatibility with bcmon on Android.
./airba.sh starts the script, automatically scanning and attacking targets that are not found in the database. ./crackdefault.sh attempts to break known default key algorithms.
To view the database contents, run sqlite3 .db.sqlite3 "SELECT * FROM hs" in the main directory.

Update (Linux only ... for now):
Airbash can be updated by executing update.sh. This will clone the master branch into /tmp/ and overwrite the local files.

Output
_n: number of access points found
__c/m: represents client number and maximum number of clients found, respectively
-: access point is blacklisted
x: access point already in database
?: access point out of range (not visible to airodump anymore)

The Database
The database contains a table called hs with seven columns.
id: incrementing counter of table entries
lat and lon: GPS coordinates of the handshake (if available)
bssid: MAC address of the access point
essid: Name identifier
psk: WPA Passphrase, if known
prcsd: Flag that gets set by crackdefault.sh to prevent duplicate calculation of default keys if a custom passphrase was used.
Currently, the SQLite3 database is not password-protected.


More info


  1. Hacker Tools Github
  2. Hacker Tools For Windows
  3. Physical Pentest Tools
  4. Pentest Tools Download
  5. Hacking Tools For Games
  6. Hack And Tools
  7. Pentest Recon Tools
  8. New Hacker Tools
  9. Hacking Tools Mac
  10. Hacker Tools For Mac
  11. World No 1 Hacker Software
  12. Pentest Tools Alternative
  13. Hacker Search Tools
  14. Nsa Hacker Tools
  15. Hacker Search Tools
  16. Hackers Toolbox
  17. Hack Rom Tools
  18. Pentest Automation Tools
  19. Hacker Search Tools
  20. How To Install Pentest Tools In Ubuntu
  21. Hacks And Tools
  22. Pentest Reporting Tools
  23. Hack Tools For Ubuntu
  24. Pentest Tools Framework
  25. Ethical Hacker Tools
  26. What Are Hacking Tools
  27. Hacker Tools Mac
  28. Hacker Tools List
  29. Hacking Tools For Windows Free Download
  30. Pentest Tools Alternative
  31. Hacker Tools Apk Download
  32. Hack Tool Apk
  33. Best Pentesting Tools 2018
  34. Hacking Tools And Software
  35. Hacker Tools Hardware
  36. Hack Tool Apk
  37. Pentest Tools Website
  38. Pentest Tools Free
  39. Pentest Tools For Windows
  40. Hackrf Tools
  41. Hack Tools For Games
  42. Termux Hacking Tools 2019
  43. Hacking Tools 2019
  44. Hacking Tools For Windows Free Download
  45. Pentest Tools Kali Linux
  46. Hack Tool Apk
  47. Hack Tools Pc
  48. Pentest Tools Free
  49. How To Hack
  50. Hack Tools
  51. Hack Tools For Games
  52. Hacks And Tools
  53. Hacker Tools List
  54. Pentest Tools Alternative
  55. Hacking Tools 2019
  56. Hacking Tools Hardware
  57. Pentest Recon Tools
  58. Hacking Tools And Software
  59. Hacker Hardware Tools
  60. Pentest Tools Download
  61. Hak5 Tools
  62. New Hack Tools
  63. Hacker Tool Kit
  64. Pentest Tools For Ubuntu
  65. Pentest Tools Review
  66. Top Pentest Tools
  67. Hack Tools
  68. Computer Hacker
  69. Hacker Tools Github
  70. Black Hat Hacker Tools
  71. How To Install Pentest Tools In Ubuntu
  72. Hacker Tools Mac
  73. Pentest Tools Github
  74. Hacker Tools For Pc
  75. Hack Tools Online
  76. Pentest Tools Windows
  77. Pentest Automation Tools
  78. Hacking Tools
  79. Pentest Tools Github
  80. Hack Apps
  81. Pentest Tools Online
  82. Pentest Tools Nmap
  83. How To Make Hacking Tools
  84. Hacker Tools 2020
  85. Hack Tools For Mac
  86. Hacker Tools Software
  87. Pentest Tools Url Fuzzer
  88. Pentest Tools
  89. Hacker Tools For Windows
  90. Hacking Tools Name
  91. Hacking Tools For Pc
  92. Hacking Tools For Windows
  93. Pentest Tools For Mac
  94. Hacker Tools Apk Download
  95. Pentest Tools Linux
  96. Best Hacking Tools 2020
  97. Pentest Tools Open Source
  98. Hacking Tools For Pc
  99. Hacker Tools Hardware
  100. Pentest Tools Review
  101. Usb Pentest Tools
  102. Best Pentesting Tools 2018
  103. Hacker Tools Linux
  104. New Hack Tools
  105. Pentest Tools Windows
  106. Best Hacking Tools 2020
  107. Pentest Tools Subdomain
  108. Pentest Tools Kali Linux
  109. Best Hacking Tools 2019
  110. Pentest Automation Tools
  111. Hacker Tools For Mac
  112. Pentest Tools Website
  113. Hacking Tools Usb
  114. Growth Hacker Tools
  115. Tools 4 Hack
  116. Nsa Hack Tools Download
  117. Wifi Hacker Tools For Windows
  118. Best Pentesting Tools 2018
  119. Hacker Search Tools
  120. Physical Pentest Tools
  121. Pentest Tools Windows
  122. Hacking Tools For Pc
  123. Hacking Tools Hardware
  124. Hacker Tools Linux
  125. Hacking Tools For Windows 7
  126. Hacking Tools Windows 10
  127. Tools Used For Hacking
  128. Pentest Tools Android
  129. Hacker Tools
  130. Pentest Tools Bluekeep
  131. Pentest Tools Website
  132. Hacker Tools Apk
  133. Hack Website Online Tool
  134. Hack Apps
  135. Hacker Tools Linux
  136. Hacker Tools 2019
  137. Hacking Tools Pc
  138. Pentest Box Tools Download
  139. Ethical Hacker Tools
  140. Game Hacking
  141. Hacker Tools Linux
  142. Bluetooth Hacking Tools Kali
  143. Hacking Tools For Pc
  144. Hack Tools For Ubuntu
  145. Pentest Tools For Android
  146. Hacking Tools Windows 10
  147. New Hacker Tools

WiFiJammer: Amazing Wi-Fi Tool


The name sounds exciting but really does it jam WiFi networks? Yes, it is able to do the thing which it's name suggests. So today I'm going to show you how to annoy your friend by cutting him/her short of the WiFi service.

Requirements:


  1. A computer/laptop with WiFi capable of monitoring (monitor mode).
  2. A Linux OS (I'm using Arch Linux with BlackArch Repos)
  3. And the most obvious thing wifijammer (If you're having BlackArch then you already have it).


How does it work? You maybe thinking!, it's quite simple it sends the deauth packets from the client to the AP (Access Point) after spoofing its (client's) mac-address which makes AP think that it's the connected client who wants to disconnect and Voila!

Well to jam all WiFi networks in your range its quite easy just type:

sudo wifijammer



but wait a minute this may not be a good idea. You may jam all the networks around you, is it really what you want to do? I don't think so and I guess it's illegal.

We just want to play a prank on our friend isn't it? So we want to attack just his/her AP. To do that just type:

sudo wifijammer -a <<AP-MAC-ADDRESS>>

here -a flag specifies that we want to jam a particular AP and after it we must provide the MAC-ADDRESS of that particular AP that we want to jam.
Now how in the world am I going to know what is the MAC-ADDRESS of my friend's AP without disturbing the other people around me?
It's easy just use the Hackers all time favorite tool airodump-ng. Type in the following commands:

sudo airmon-ng

sudo airodump-ng

airmon-ng will put your device in monitor mode and airodump-ng will list all the wifi networks around you with their BSSID, MAC-ADDRESS, and CHANNELS. Now look for your friend's BSSID and grab his/her MAC-ADDRESS and plug that in the above mentioned command. Wooohooo! now you are jamming just your friend's wifi network.

Maybe that's not what you want, maybe you want to jam all the people on a particular channel well wifijammer can help you even with that just type:

sudo wifijammer -c <<CHANNEL-NUMBER>>

with -c we specify to wifijammer that we only want to deauth clients on a specified channel. Again you can see with airodump-ng who is on which channel.

wifijammer has got many other flags you can check out all flags using this command that you always knew:

sudo wifijammer -h



Hope you enjoyed it, good bye and have fun :)

Related articles


My Blog List

Blog Archive

Kiwi Arts Now Sold at Image Spa!

Kiwi Arts Now Sold at Image Spa!
Buy Natural Wood Bangles at Image Spa!

Kiwi Arts on Artfire

Store not available