OS fingerprinting

What is OS fingerprinting?
OS fingerprinting can be defined as the process of pinging a device and detecting which OS it is running. This can be don't using various tools on various operating system.



Why you need to do this?
 By detecting the OS running on a system you can filter and use the exploits which have the higher probability to give you access of the system and maintain it with ease. It also helps you save time as you need to try the vulnerabilities which the system is patched.

 How to?
  •  For android:- The best tool which you can use for OS fingerprinting on an android device is Dsploit. The time required for OS detection is mostly dependent on device's RAM. To detect the OS first you need to select the device o which you what to do the OS detection. After that you need to select the inspector and then hit start. After a few minutes you will see the results.
  • For Kali liunx:- Kali Linux has 2 tools to do this task:- 
Nmap is a port scanning tool which can be used for OS fingerprinting. There are various parameters which can be used to detect different details about the system. The one which we used was "nmap -sV -n -T4 -O -F --version-light 192.168.1.* "(without quotes). The * helps you to detect all the devices and  their OS on the network. You can experiment with different parameters for help you can type "nmap -h" (without quotes) for help or you can refer the official site

Armitage is an GUI tool which is mostly used for network exploitation. This tool comes with an host scan option which can help you to scan an detect the OS. There is an quick scan(OS detection) option under host scan which can be used for OS fingerprinting. And after the scan ends the result is displayed in and graphical format which can be changed as per your wish. You can observe that it runs the nmap command in the command line. The main advantage is that you need not to type the command and the graphical format is easy to understand.










Note:-
In our tests we found that this methods were unable to detect the phone's operating systems like android, Blackberry OS,etc.
If you are unable to detect the exact system then you can use the guess command in nmap to find out the probabilities of the system running different operating systems.   
Posted by No comments :

Kick Off with Dsploit

What you need?
For this attack you will only need a rooted android phone and of course the app Dsploit.

How to??
  1. Open the app Dsploit on your phone.
  2. It will show you all that devices connected to the wireless network. If not then hit the refresh symbol on the left hand side of the screen.
  3. Now select the specific target which you would like to kick out of the network. If you want to attack the entire wireless network then select the router.
  4. Now select MITM(man-in-the-middle) from the list.
  5. Now it will open a new list. Select kill connections to kick the target which can be a single devices or all of them from the network. 
  6.  After a few seconds you will see that your devices will be unable to connect to the net through the browser.

  7. Select it once again to stop it...
Note:-
You can also select the other options like redirect, replace images, etc. We will advice you not to try on corporate networks. If caught you could be sent to jail. You can still use it to annoy your siblings or friends. 
If you are using an android phone with android 4.0+ then you can use Zanti 2 which is an updated version of Dsploit.

 
Posted by No comments :

How to select a phone to build a bad phone?

Why you need to hack from a phone???
 Phones are devices which were made to be portable. Since the 1990's hacker have been trying to use the networks for malicious purpose. As time passed the phones become more smarter and smarter as the number of features were added to them. And and and the best thing about these devices that you can enter and exit without getting into trouble..


Which operating system you need???
Phones come with various operating systems. But now most phones have android or ios this is mostly dependent on the phone which you buy for example you buy a Sony, Samsung, Motorola, etc then the OS is android and if you buy an apple product you might be having ios. There are other operating systems which are good but the development for these operating systems is not sufficient and coding your own exploits for these systems can be an headache. Let's compare ios and android as these operating systems are the major operating systems in the smartphone market. ios is a good operating system and has a significant development. But this is a little secured OS and hence it is a little hard to work in such an locked system. This as far as hacking is concerned the best operating system is android. It is obvious that we need to get the root access of the system to perform some hardcore hacking...

What hardware you need in your phone??
  1. processor:- Most android phones have snapdragon or Intel or ARM. The only difference between them is that snapdragon is a high graphics processor and ARM & Intel are good utility processor which support most of the apps. We would personally advice you to use ARM as it is stable and most apps work on it as some apps like Dsploit require an ARM processor. You can check this with apps like AnTuTu benchmark app and similar apps.
  2. NFC:- NFC(Near field communication) is an new feature which has been added in a few smartphones this feature can be use for RFID hacking and some smart credit card skimming. This feature was added for easy and fast data sharing over short distance.You can check if your phone has NFC or not from nfcworld.com.
  3. USBOTG compatibility:- This is also a new feature which allows you to connect USB devices to your phone through a connecting wire. This can be used to connect with devices like SDR, drives, antennas, wifi dongles,etc which might be used for a wide range of attacks over different types of networks. You need to check your user manual to find out if it compatible or not. You can also Google search for this answer..

Conclusion:-
We would advice you to buy a phone in your budget which has as many features as possible so that you can experiment with it. There are various apps you can download and have fun with them.....

  
   
Posted by No comments :

Network analysis with a non-rooted android phone

Introduction:-
Network analysis is the first step toward an network penetration test. Both windows and Linux have many tools to analyze an network on the bases of different standards. But these operating systems usually run on devices which are a little to large for an usual pant or shirt pocket and another problem with these tools are that most of the don't have an GUI which means you might go retard trying to explain an professional who doesn't have an IT baground. Thus a set of tools were required which can be installed on an normal android which could be deployed instantly. So I decide to find out a few tools which could be used for network analysis on an out of the box android phone.


What you need?
An android phone or tablet with 4.0 or above. You can also try it on phones with lower versions of android but we can't tell you if it will work or not. The phone used to test is an Samsung galaxy grand 2 with android 4.4.2 operating system.

Apps:-
Wifi Analyzer:- This is mostly an wireless network analysis tool. It's main advantage is that it scans the network and tells you which are the wifi channels have are having the most signal strength. It has 5 different views which are channel graph, time graph, signal meter, AP list, channel rating. The 2 best views are the signal meter and the channel graph. Our personal favorite was signal meter view which is a meter like GUI which notifies you about the wifi signal strength with a beeping sound similar to that of a mental detector. download
Landroid:- Landroid is a little geeky app as the interface requires a little knowledge about networks. It has features like ping, traceroute, publicIP, netstat, whois, etc which are mostly the features which network admins and network penetration tester requires to check the servers and the network connectivity. We would advice you not to download this app if you are not used to an less graphical user interface. It is a pure geek and pro stuff. download


Network signal info:- This is mostly an info app which can be used to find out information regarding cellular & wireless networks. This app has a nice GUI in which it displays various information like mac address, ip, ssid ,bssid, etc. The most interesting feature of this app is that this app shows you the location of the nearest cell tower under an feature called "cell
location". Some of the features of this app might be blocked as they require you to buy an pro version to use them. In all an fairly good app to find out information regarding various stuff about your cellular as well as wireless network.download
Fing-network tools:- This app is an wireless newtork scanning app which is similar to nmap. This app scans the networks and shows you the ip address assigned to different devices in the network. This is mostly a scanning app and can be used with Dsploit for an inside attack on a computer on the network.download
Posted by

Level 1 vulnerablilty scanning using vega

What is vulnerability scanning?
  Vulnerability scanning is checking an website or a network or a device for vulnerability that can be exploited. Vulnerability can be define as a bug that is present on any website,network or device...

 What you need:-
  1.  Kali linux installed on VMware 
  2. Internet connection
How to do it:
  1. Click on application menu on the home screen of Kali Linux.
  2. Then from the drop down list select Kali Linux and then select web applictions.
  3. Then select web vulnerability scanner and then click on Vega.(You can omit the above given steps by just typing Vega in the terminal and hitting enter)
  4. Now to start the scan click on scan then click start new scan..
  5. A window will open now enter the base URL for scan.
  6. Then click on finish..
 After a few minutes it will start showing you some results and will show you all possible vulnerable links to that particular website..
Limitations:-
This is one the most basic scanning software and hence the results many not be perfect and these results should be verified manually or using other more complex software and exploits..
Posted by

Overclocking systems

What is Overclocking system?
Overclocking is increasing the frequency at which a system works which makes the system work faster. For example you are making a 2.5Ghz processor to run at 3.2Ghz.

Which processors can be overclocked?
 Most of the older processors can be easily overclocked as they were not locked. But now a days we can only overclock the processors which are not locked. All the ARM processors used in android smartphones can be overclocked. In some smartphones we need to put a custom kernel to allow this. Most of the Intel k series processor are unlocked so we can only overclock the k series processors if the motherboard is compatible.

Some points to remember:-
  1. Make sure that you don't overclock it too much.
  2. Try to use a suitable voltage so that you don't end up frying the chip.
  3. Make sure that your cooling system works fine. If you are planning to overclock it too much then install a liquid cooling system in your CPU.  

I would rather advice you not to overclock it unless you are working with software which needs a lot of processing power as it is a bit of a headache to implement.


Software which you may need:-
Posted by

Arp posioning with Kali Linux

What you need?
 Kali Linux installed on Vmware and you would also require a USB WiFi dongle.

How to do it?
  1. First of all you will need to connect the USB dongle to your computer.
  2. Then power on Kali Linux installed on Vmware.
  3.  Now open a terminal window then type "iwconfig"(without quotes) and hit enter. Make sure that you note the interface
  4. Now exit the terminal window. And then go to applications then click on internet and at last click on ettercap.
  5. After stating ettercap select click on sniff then click on unified sniffing.
  6. Then select the interface in our case it was wlan0.
  7. Then click on OK. 
  8.  After the sniff is done click on hosts and then click on scan for hosts. And then open the host list. 

                                                   
  9.  Now select the first one from the list that is the router and add it to target one.
  10. Now click on mitm and then select the first option which will be arp poisoning.
  11.   Then at last click on the second check-box and press OK. And at last start panel and then start sniffing.
Results:-
Various devices will be kicked out of the network.
 
Till then stay Gray and #Hack_For_Fun...



Posted by

Installing kali linux on Vwmare.

What is Vmware?
Vmware is a virtual machine software which can be used to create and install virtual machine having a different OS.
What is Kali Linux?
Kali Linux is a dedicated Linux OS for penetration testing which is a newer version of the Backtrack5 developed by offensive security.

How to do?
  1. Now you will have to download 3 software namely 7zip, Kali Linux(Vmware image), Vmware workstation9. We will advice you to use torrent if your net connection is slow.
    Kali Linux, Vmware workstation 9, 7zip
  2. After the download is complete then install 7zip and extract the files from the kalilinux.rar file.
  3. Now install Vmware workstation 9 on the system. After the installation is done open Vmware workstation. Now click on open a virtual machine.And then open the Vmware image file of Kali Linux from the extracted files.
  4. After this it will ask you to configure various things like memory space, ram, etc. Follow the wizard. Make sure that you select the ram to be the half of the inbuilt ram of your computer.
  5. Now at last click on the power on this virtual machine button(this is like your power on button of your computer).
  6. Now the system will start. At the end it will ask you username and password. The default username is "root" and the password is "toor".
  7. After entering the username and password hit enter.
Advantages:-
  • We can use 2 machines simulataniously.
  • It is easy to delete it. 
  • It is easy to install.
 Till then stay Gray & #Hack_For_Fun......................
Posted by

WIFI hacking with android

what you need? 
Android phone with ARM processor and it should also be rooted. 

Apps to hack:-
  1. WIFIKill:- This is one of the most basic app to knock out someone from a WIFI netwrok. You can select any device from the list and the app kills its network access as easy as one click hack. The app displays the devices by IP address. Download.
  2. Dsploit:- This app is like a Swiss knife. The app is available on play store and has various features like replacing images & videos, kill connection, cookie sniffer, etc. This app is a bigger app and is more complex than WIFIKill.The interface of this app is better than that of WIFIKill.Download 

Both these apps are great to use but Dsploit is better as it gives us more options. Use of this apps for malicious purpose is illegal and if you are caught then you can be punished.
Till then stay gray and #Hack_For_Fun......  
Posted by

Rooting andorid

what is rooting?
In simple words rooting is providing access to /root folder of an android system to applications(apps) which require it.

Is it illegal?
Absolutely not, rooting is not illegal it. As per laws in different countries rooting is fully or partially considered legal. In many countries like Australia, Canada, Europe, India, USA, Singapore, UK and New Zealand unless the copyrights are not disturbed rooting is not considered illegal.

How to do it?
 Rooting is not that complex task it is as easy as clicking a link. Now a days the method used to root your device depends on the operating system which is running on your device. In this article we will only discuss the most easy way to root a device.

If your device has android 2.3+ then the best way to root is through a software called "Kingo". 
  1. To root your device form this software you would need to download the software from cnet.com on your PC and install it. Link                                      
  2. Now you would need to activate USB debugging on your phone. For that go to settings, then developer options then select USB debugging.
  3. Now connect the device with your PC using the USB cable.
  4. Now run the software an click on root.
  5. Now wait till the device restarts.
If your device has android 4.0+ then you can use "Towelroot".
  1. To root your device form this software you world need to download the app form the link on your device by clicking on the image of the site.link
  2. Then after the download is done install the app. If your phone doesn't allow then activate unknown source options in the settings.
  3. After installation open the app and touch on "make it rain" button.
  4. After the app is done manually reboot your device.


some basic apps you would require too check and permit root access to various apps.
  1.  To check weather the root is working properly you would need to install root checker app.play store link
  2. To give root access to various apps you would require SuperSu. play store link 
 Till then stay tuned and #Hack_For_Fun......

Posted by
Subscribe to: Posts ( Atom )