Hello aspiring ethical hackers. In our previous blogpost, you learnt what is a payload and about what is a payload generator. In this blogpost, you will learn about one of the payload generators, Arcanus Framework. Arcanus is a customized payload generator that can generate payloads which are undetectable by almost all of the antiviruses (till date ). This could be very useful in penetration testing.
Let’s see how to use Arcanus Framework. To install this tool on Kali Linux, we need to install golang. Install Golang and then clone the Arcanus repository from Github as shown below.
Navigate to the ARCANUS directory created and view its contents. We should see a file ARCANUS_x86. Let’s first generate a Windows payload. We will generate a x_86 payload. First change its permissions as shown below.
Next run this file. You should see an ARCANUS logo as shown below.
You will see five options as shown below. Since we are generating a Windows payload, we will choose option 2.
It will prompt you to set the attacker system’s IP address ( in our case the address of Kali Linux ) and a port on which you want to start a listener for the reverse shell. Enter the values and hit “Enter”.
It will generate the payload and automatically start a listener as shown below.
The payload will be generated with the name “payload.exe” as shown below in the ARCANUS directory.
Next we need to send this payload to the victim using Social engineering. When the target user clicks on the payload we sent, we will get a shell on the target system as shown below.
That’ s all in Windows hacking with Arcanus. Now let’s see how to generate a payload for Linux target. Select the option 3 since we are generating a Linux payload.
The rest of the steps are same as generating a Windows payload. Enter your IP address (Kali Linux in this case) and the listening port as shown below.
It will generate the payload in the same directory start to automatically listen for a reverse shell as shown below.
Send the generated payload to our victim. When he executes it, we should get a shell on his system as shown below.
Hello aspiring ethical hackers. In this blogpost, you will learn everything about Mobile security. Mobile security refers to the measures taken to protect mobile devices, such as smartphones and tablets, from malicious attacks, unauthorized access, and other security threats. With the increasing use of mobile devices for activities such as online banking, shopping, and accessing sensitive information, it is more important than ever to take steps to protect your devices and personal information.
Mobile architecture and operating systems
A mobile device’s architecture refers to its hardware and software components, including the operating system, firmware, and applications. Understanding the components that make up your device can help you identify potential security threats and take steps to protect your device.
There are several types of mobile operating systems, including iOS, Android, and Windows Phone. Each operating system has its own strengths and weaknesses when it comes to security, and it is important to be aware of the risks associated with using a particular device.
Rooting and jailbreaking are methods used to gain access to the root level of a device’s operating system, allowing users to install custom software and make changes to the device that are not possible with a standard setup. While these methods can offer greater flexibility and customization, they can also introduce security risks, such as allowingmalwareto bypass security measures and access sensitive information.
Android Architecture
Android is an open-source operating system for mobile devices developed by Google. The architecture of Android is composed of multiple layers that interact to provide the functionality of a mobile device. The layers of the Android architecture are:
Linux kernel: The Linux kernel is the foundation of the Android operating system. It provides hardware abstraction, power management, and security features to the Android device.
Native libraries: These are libraries that are written in C/C++ and are responsible for providing low-level functionality to the Android operating system. Some of the native libraries include SQLite, WebKit, and OpenSSL.
Application framework: The application framework is a set of APIs that provide the functionality for the Android applications. It is responsible for managing the life cycle of applications, user interfaces, data storage, and many other functionalities.
Applications: The top layer of the Android architecture is the applications that are built using the APIs provided by the application framework. Applications are the software programs that are installed on the Android device and provide the functionality to the user.
iOS Architecture
iOS is a mobile operating system developed by Apple for its devices. The architecture of iOS is based on a layered approach, similar to Android. The layers of the iOS architecture are:
Core OS: This is the lowest layer of the iOS architecture and is responsible for providing the core operating system services such as process management, file system access, and memory management.
Core Services: The Core Services layer is responsible for providing essential services such as networking, database, and threading.
Media Layer: This layer provides support for graphics, audio, and video processing.
Cocoa Touch Layer: The Cocoa Touch layer is the top layer of the iOS architecture and is responsible for providing the user interface and application framework.
Applications: Applications are the software programs that are installed on the iOS device and provide the functionality to the user.
Mobile hacking attacks
Bluetooth Attacks on Mobile
Bluetooth is a wireless technology used to transfer data between devices. Bluetooth attacks refer to the security threats that target Bluetooth-enabled devices. These attacks can compromise the privacy and security of the device and its data.
Types of Bluetooth Attacks
There are several types of Bluetooth attacks that can target mobile devices, some of them are:
Bluejacking: This is a type of Bluetooth attack that involves sending unsolicited messages to another device. The messages can be anything from harmless messages to malicious code.
Bluesnarfing: This is a type of Bluetooth attack that involves stealing data from a device. The attacker can access contacts, calendars, and other sensitive information stored on the device.
Bluebugging: This is a type of Bluetooth attack that involves taking control of a device. The attacker can access and control the device, including making phone calls and sending text messages.
Bluespoofing: This is a type of Bluetooth attack that involves impersonating another device. The attacker can create a fake device and trick a user into pairing with it.
Malware attacks on Mobile
These are malicious software programs that are designed to steal sensitive information or compromise the functionality of your device. Common forms of malware include viruses, Trojans, and spyware. Malware can be spread through downloading infected apps or visiting infected websites, and it can hide in your device’s background, silently collecting information and transmitting it to attackers.
Some Famous Android Trojans
There are several Android trojans that have been discovered in recent years. Some of the most famous Android Trojans are:
TimpDoor:This is a trojan that can steal sensitive information from infected devices. It can also install malicious applications and spread to other devices.TimpDoor Turns Mobile Devices Into Hidden Proxies
Devices running TimpDoor could serve as mobile backdoors for stealthy access to corporate and home networks because the malicious traffic and payload are encrypted. Worse, a network of compromised devices could also be used for more profitable purposes such as sending spam andphishingemails, performing ad click fraud, or launching distributeddenial-of-serviceattacks.
FakeInstaller:This is a trojan that disguises itself as a legitimate app and tricks users into installing it. Once installed, the trojan can steal sensitive information from the device.
Android.FakeInstaller sends SMS messages to premium rate numbers, without the user’s consent, passing itself off as the installer for a legitimate application. There is a large number of variants for this malware, and it is distributed on hundreds of websites and fake markets. The spread of this malware increases every day.
Slempo:This is a trojan that uses phishing techniques to steal sensitive information from the infected device. The trojan can also display fake advertisements and download additional malware onto the device.
JSocket:This is a trojan that opens a back door on the infected device, allowing the attacker to control the device remotely. It can also steal sensitive information and spread to other devices.
The malware is able to remotely control and access microphones and cameras, use a mobile device’s GPS systems to track victims and both modify and view text messages and phone call data.
The JSocket Trojan tends to spread through e-mail attachments masquerading as invoices, purchase orders and other financial documents which vary depending on the campaign.
To infect mobile devices, the Trojan is loaded into apps downloadable outside of the official Google Play store, as the malicious code requires an Android APK to function.
Gemini:This is a trojan that can steal sensitive information, including bank account credentials and credit card numbers, from the infected device.
Some Famous iOS Trojans
Although iOS is considered to be more secure than Android, there have still been instances of trojans affecting iOS devices. Some of the most famous iOS Trojans are:
KeyRaider:This is a trojan that affects jailbroken iOS devices. It can steal Apple account information and purchase data from the App Store.
It implemented the following malicious behaviors:
Stealing Apple account (user name and password) and device GUID, stealing certificates and private keys used by Apple Push Notification Service and preventing the infected device being unlocked by passcode or by iCloud service.
XcodeGhost: This is a trojan that affects iOS applications. It can steal sensitive information from the infected device and spread to other devices through the infected application.
The apps that are infected by the XcodeGhostviruscan collect information about a device user, and then send encrypted messages off to a remote server through the HTTP protocol. Some of the information that is shared includes:
Infected app’s name
Current time
The app’s bundle identifier
Network type
Device name and type
Current system language and country
Current device’s UUID
Network type
Another risk that is associated with the XcodeGhost malware is that it allows an iOS device to receive commands from an attacker. Such attacks can make the app perform any of the following concerning actions:
Create a fake alert message that can trick a device user to give personal information, hijack the opening of various URLs based on their scheme. This opens the possibility of exploiting vulnerabilities in iOS and macOS, read and write data in the user’s clip This can be used to get passwords to various accounts
Pegasus: This is a trojan that can infect an iOS device through a malicious text message or email. It can steal sensitive information and monitor the device’s activity.
As of 2016, Pegasus spyware was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps.
The Pegasus spyware is a Trojan horse computer virus that can be sent “flying through the air” to infect cell phones. The NSO Group states that it provides “authorized governments with technology that helps them combat terror and crime.”
AceDeceiver: This is a trojan that affects jailbroken iOS devices. It can steal sensitive information, such as Apple account credentials, and spread to other devices.
This malware is able to install itself without an enterprise certificate, unlike previous iOS malware that abused enterprise certificates in order to infect devices. This is also the first iOS malware that exploits design flaws in Apple’s DRM protection mechanism, FairPlay, which means that it can infect devices that aren’t jailbroken.
Protecting Yourself from Deceptive Threats
Social engineeringattacks are a common threat in the mobile space, and they involve tricking users into divulging sensitive information or downloading malware.
These attacks can take many forms, including phishing scams, vishing (voice phishing), and baiting (leaving a USB drive with malware in a public place).
To protect yourself from social engineering attacks, be cautious of unsolicited emails and phone calls, and never provide sensitive information or download attachments from unknown sources.
Securing Your Mobile Payments
With the increasing popularity of mobile payments, it is important to consider the security risks associated with using your mobile device for financial transactions. Make sure to only use trusted payment apps and avoid entering sensitive information on public Wi-Fi networks. Consider setting up two-factor authentication for an added layer of security, and be sure to regularly monitor your accounts for unauthorized transactions.
Cloud storage can be a convenient way to store and access data, but it is important to be aware of the security risks associated with storing sensitive information in the cloud. Consider usingencryptionand strong passwords, and be cautious of downloading apps from untrusted sources. Make sure to read the privacy policies of any cloud storage service you use, and be mindful of the types of information you store in the cloud.
Securing Your Physical Device
Physical security refers to protecting your device from theft or unauthorized access. Consider using a password or passcode to lock your device, and keep it in a secure location when not in use. If you lose your device, it is important to act quickly to erase the data on the device to prevent unauthorized access to your sensitive information.
In the Event of Loss or Theft
Remote wipingis a feature that allows you to erase the data on your device in the event of theft or loss. Make sure to enable this feature on your device, and familiarize yourself with how to use it in the event of an emergency. Consider setting up a tracking app to help locate your lost device, and report the loss or theft to your mobile carrier and local law enforcement as soon as possible.
These are malicious software programs that are designed to steal sensitive information or compromise the functionality of your device. Common forms of malware include viruses, Trojans, and spyware. Malware can be spread through downloading infected apps or visiting infected websites, and it can hide in your device’s background, silently collecting information and transmitting it to attackers.
Man-in-the-Middle (MITM) Attacks:This type of attack involves an attacker intercepting and altering the communication between two parties.
In the context of mobile security, this can happen when an attacker is able to intercept a Wi-Fi signal, allowing them to access and steal sensitive information transmitted over the network.
Session Hijacking:This type of attack involves an attacker taking control of a user’s active session by stealing their session ID.
This can occur when an attacker is able to intercept a user’s login credentials, allowing them to access the user’s session and sensitive information.
Rootkit Attacks:Rootkits are malicious software programs that are designed to hide their presence and bypass security measures. They can be particularly dangerous on mobile devices, as they can grant attackers full access to your device, allowing them to steal sensitive information and control the device.
Ransomware Attacks: This type of attack involves an attacker encrypting a user’s files and demanding a ransom payment in exchange for the decryption key. On mobile devices, ransomware can be spread through infected apps or visiting infected websites, and it can lock down the device and make it difficult for the user to access their sensitive information.
SMS Spoofing:This type of attack involves an attacker sending text messages from a fake or spoofed number, tricking the recipient into revealing sensitive information or downloading malware. SMS spoofing can be used for phishing attacks or to spread malware.
Ad Fraud:This type of attack involves attackers using bots or malware to artificially inflate the number of clicks or impressions on an ad, resulting in increased revenue for the attacker.
Ad fraud can impact both the advertisers and users, as it can result in increased costs and decreased security.
BlueBorne Attack:This type of attack involves an attacker exploiting vulnerabilities in the Bluetooth communication protocol to gain access to a device. This can allow an attacker to steal sensitive information, install malware, or take control of the device.
Rogue App Attack:This type of attack involves an attacker offering a fake or malicious app, disguised as a legitimate app, in app stores or through third-party sources. When a user downloads the rogue app, it can steal sensitive information, install malware, or take control of the device.
Cloud Jacking Attack:This type of attack involves an attacker accessing and stealing sensitive information stored in the cloud, such as contacts, photos, or financial information. Cloud Hackers can gain access to the cloud through unsecured Wi-Fi networks or by exploiting vulnerabilities in the cloud storage service.
Protecting Your Mobile Device
To protect your mobile device from hacking and malware attacks, it is important to follow some basic security measures. Here are a few tips:
Keep software up to date:Regular software updates include security patches that fix vulnerabilities in your device. Make sure to regularly check for and install updates for both the operating system and installed applications.
Use strong passwords:A strong password consists of a combination of letters, numbers, and symbols and should be unique to your device. Avoid using easily guessable passwords such as “1234” or “password”.
Be cautious of public Wi-Fi:Public Wi-Fi networks are often unsecured and can provide hackers with an easy way to steal sensitive information. Avoid using public Wi-Fi for financial transactions or entering sensitive information.
Install security software:Consider installingantivirussoftware and a mobile security app to protect your device from malware and hacking attacks.
Avoid downloading from untrusted sources:Only download apps from trusted app stores, such as the Apple App Store or Google Play Store. Avoid downloading apps from untrusted websites, as they may contain malware.
Be aware of phishing scams:Be cautious of emails, text messages, or links that ask for sensitive information, such as login credentials or financial information. Always double-check the sender and look for signs of a phishing scam before providing any information.
Use encryption:Encrypting your device’s data helps to protect it from theft and unauthorised access.
By following these simple tips, you can help to protect your mobile device from security threats. Remember, being proactive about mobile security can help keep your personal information and data safe.
Conclusion
It is clear that there are many different types of mobile hacking attacks that pose a threat to your device and sensitive information. By being aware of these threats and taking steps to protect your device, you can help ensure that your personal information and sensitive data remain safe and secure. Keep your device and software updated, use strong passwords and encryption, and be cautious when downloading apps or visiting websites to minimize your risk of a successful attack.
Mobile security is a growing concern; as mobile devices are becoming increasingly integral to our daily lives. By understanding the different types of threats and taking steps to protect your device, you can help ensure that your personal information and sensitive data remain safe and secure. Stay informed and stay protected by keeping your device and software updated, using strong passwords and encryption, and being cautious when downloading apps or visiting websites. Watch out this blogpost for more updates on mobile security
Hello aspiring hackers. In this article we present you a meterpreter cheat sheet. Since I am writing many howtos on how to exploit different vulnerabilities in both web and operating systems using Metasploit, I thought may be it would be very helpful for beginners to make a guide to Meterpreter since it is the most widely used payload for our exploits. That begs the question as what is a payload which further begs the question of what is an exploit. See how to upgrade normal command shell to meterpreter.
To be put clearly, exploit is “a defined way in which to take advantage of the given vulnerability”. Imagine a house ( containing lots and lots of money ) is locked with a complex number lock decoding which is almost impossible, but the lock has a weakness. If you hit it very hard, the lock may break. This is its vulnerability. Now to take advantage of this vulnerability, we need something like HAMMER to hit it very hard. Here, hammer is our exploit.
Now let us define payload. A payload defines what exactly we want to do after a system is exploited. And here, meterpreter is our payload. Meterpreter has lot of advantages over other payloads. It is powerful, extensible and most importantly stealthy. It uses encrypted communication, writes nothing to disk and doesn’t create any new processes. Ok, Ok, Ok. That’ s lot of theory. Now let’s get to the main concept of this howto. For this howto, I have exploited a Windows system with Kali Linux and acquired a meterpreter session. As soon as you get the meterpreter session, type “?” or “help”. This will give all the commands available with meterpreter. In this Part 1. we will see all the file system commands. As the name implies these commands are used in filesystem manipulation.
1. pwd
The first command we will see is “pwd” which stands for “print working directory”. It shows the current working directory in the remote system as shown below.
2. cd
“cd” stands for “change directory”. This command is used to change our working directory in the remote machine. The command “cd ..” means going one directory back. Here we did it twice to go to the “C:\” directory.
3. ls
The “ls” command is used to list files and directories. For example, I want to see the contents of Desktop in my remote system. Navigate to that directory and type command “ls”. As shown below, we can see the files and directories on Desktop in remote machine.
4. cat
The “cat” command allows us to create single or multiple files, see contents of file, concatenate files and redirect output in terminal or files as we require. Here, we will use the “cat” command to view the contents of the file h323log present on the remote system as shown below.
5. edit
“edit” command is used to edit the file. It will open the file in Vi editor in which we can make changes as shown below.
Here I have deleted two lines in the file.
6. mv
The “mv” command is used to move the files to another directory as shown below. Here, we have moved the file h323log.txt to another directory called “cracked”.
7. search
The “search” command is used to search for specific files in the remote system as shown below.
8. download
The “download” command is used to download any files from the remote system to our system. For example, let us download the samspade file present on the Desktop of remote system to our system as shown below.
9. lpwd, getlwd, getwd
The “lpwd” and “getlwd” commands are used to print local working directory i.e the working directory of attacker system. The “getwd” command is used to get the working directory of remote system.
10. lcd
The “lcd” command is used to change the local working directory as shown below.
11. upload
The “upload” command is used to upload any files to the remote system from our local system. Here, we have to give the exact path of the remote system where we want to upload our file as shown below.
12. rm
The “rm” command is used to delete files in the remote system. We use this command generally to delete any executable files we have uploaded so that our victim doesn’t get any suspicion.
13. rmdir
The “rmdir” command is used to delete directories since “rm” command cannot do it. Its usage is shown below.
14. mkdir
The “mkdir” command is used to create new directories or folders on the remote system as shown below.
Hope this meterpreter cheat sheet was helpful. I will be back with “part 2” of meterpreter cheat sheet soon.
Kali Linux is the most advanced penetration testing distribution with a number of tools. While using these tools a measure of anonymity is required. Today we are going to see how to spoof your IP address in Kali Linux. First, check your IP address by visiting any website which shows your IP address (http://www.whatismyip.com). Then go to the site www.vpnbook.com.
Download the Euro1 Server OpenVPN certificate bundle as shown below. Note down the username and password given. We will need it in later steps.
When you click on the download link, the following window opens. Since it is a zip package, system will prompt whether to open it with unzip ( the default option ). Click on “OK”.
Open the terminal and navigate to the directory where the contents of the zip archive have been unzipped. Type the command “ls” to see the unzipped files. We are going to use the vpnbook-euro1-udp53.ovpn package.
OpenVPN has been installed by default in the Kali Linux distribution. Type the command “openvpn vpnbook-euro1-udp53.ovpn” to start the process.
The installation starts. Enter the username and password we noted above when prompted.
After a short time, the process is completed. Check your IP address again. If everything goes well, your IP address will be changed.
UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).
I am going to configure this in Windows server 2012 i.e IIS 8 but do not worry the configuration steps are similar in IIS 7.5. First and foremost install Web Platform Installer in your machine. This will help us to install all the components we require in simple steps. From web platform installer, select component IIS 6 metabase compatibility. This is compulsory to install URLscan.
Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 ).
Click on Install. You are shown a review of components you selected to install. Click on I accept.
The components are installed and will show you a Finish screen. Click on Finish.
We are all set to install UrlScan. Download Urlscan and click on the msi package. On the window, select the option “I select the terms of license agreement” and click on “Install”.
The installation is very quick. Once it finishes,click on “Finish”.
Now open IIS Manager. Click on ISAPI filters.
If everything went well, we should see a filter already set like below.
Click on it. We can see that there is already a filter named URLscan 3.1 linking to the executable urlscan.dll.
Before configuring UrlScan, let’s try a little banner grabbing to check whether UrlaScan is working or not. For this, we will use tool Idserve to fingerprint the server on which we have configured UrlScan. (www.shunya.com is fictional website i set on my server ).
We can see that the version is Microsoft-IIS/8.0. Now let’s go to the configuration file of urlscan (urlscan.ini) to make some changes to it. It is located by default at “C:WindowsSystem32inetservurlscan”and change the value of “RemoveServerHeader” to “1” from “0”. Save the file.
Now let’s again try to banner grab using Idserve. Restart the web server.
We can see that the server version has not been disclosed hence our UrlScan is working successfully. Hope it was helpful.
