Security Flux

ver 1.21

First Raspberry Pi Project! —

$_57Today I received my Raspberry Pi GPIO Electronics Starter Kit which extends the functionality of the PI to operate virtually any electronic device connected to the PI. The starter kit I received basically came with the following:

 

 

  • 1 X T-Cobbler for Raspberry Pi
  • 1 X  GPIO cable
  • 1 X IR remote controller
  • 1 X IR receiver module with cable
  • 1 X DS18B20 Temperature sensor module with cable
  • 1 Bundle Jumper cables
  • 1 X high quality Breadboard .
  • 1 X Blue 1602 LCD
  • 1 X header for 1602 lcd
  • 1 X color LED
  • 2 X Red 5mm LEDs
  • 2 X Green 5mm LEDs
  • 4 X bigger Swithes
  • 10 X 560 ohm resistors for the LEDs
  • 10 X 10K resistors for pullups on the buttons
  • 1 X 10k Rotation resistor for 1602 LCD

So as geek’d up as I was about the kit I decided to get my feet a little wet with using the PI’s GPIO (General Purpose Input Output)

pi_gpioSo the first project that I stumbled upon was a Gmail LED Notifier which essentially powers on a green LED if I have new mail or a red LED if I do not have new mail. See the Python code below which was very straight forward.(This was not written by me)

Essentially the script imports the RPI.GPIO python module and a mail feed parser, initializes the GPIO pins and then a loop is run basically containing a condition to power the green or red LED.

 

The result of my first project… Success!!

IMG_3320

 


Wireless SSID Sniffer in Python —

So strangely enough I have never really used Scapy or at least for anything meaningful in the past (partly due to the fact that I didn’t know how to use it as well as until now didn’t really think I needed it). I think after tonight my opinion of the tool has changed and certainly could find use for it more sooner than later with the amount of VoIP testing I’ve been doing.

So I was browsing some of SecurityTubes videos and came across a video on creating your own wireless SSID sniffer. The video introduces you to Scapy which is a packet manipulation tool that you can find ready to go in Kali Linux. In short this power tool can be used as a sniffer, crafter and modifier of most common protocols.

To speed things up I will show you the packets I collected using the Scapy interactive interface.

In line #2 I am instructing Scapy to use the the wireless virtual interface mon0 (which has been set to monitor mode). In line #3 I call the sniff() function grabbing 5 packets and storing the contents in an array called “pkts” In line #4 we summarize what we have collected and we can see typical 802.11 Frames (Control, Management and Data). Having a sample management frame (Line #9) gives us all that we will need to create a sniffer. Additionally, If you would like to get a visual breakdown of the packet we could dump the packet to a PDF file using the pdfdump() function as such:

 

We use pkts[4] to dump the 5th packet in the pkts array we have created. (Line 9 Above which is a management packet)

The output of a management packet should look similar to the following:

Managementframe

 

Under the 802.11 Header we can see the Type and Subtype of the Management Frame.

Using the following code which I have commented heavily… we have our sniffer.

The output shows as…

 

Thanks for reading and P.S. I AM aware of the wireless information contained within this post.


MK-802 Android Mini PC —

IMG_3747I just scooped up an Android Mini PC for $35.79 on Amazon for the sole purpose of weaponizing it with some hacking tools including a VoIP sniffing tool that I am currently developing by the name of Prometheus. The native OS on the device is Android 4.0 (Ice Cream Sandwich) which I am not overly impressed with from a performance standpoint. I figure if you are going to sell a device with an OS on it, it should probably run as if the OS were built for the hardware. Now I wouldn’t want to deter anyone from purchasing the device ( too late ) because I do think that $35 is well worth the capabilities that this device withholds.

Any how, I figured I would share the goods incase anyone is looking for a cheap media center or perhaps even something that could suffice as a decent web browsing device. As I mentioned earlier my reason for purchasing it is to eventually utilize it for security testing purposes. At this moment I working on getting a flavor of linux to run on the device with some level of stability. More on my progress soon…

 

Specifications:
OS: Android 4.0
CPU: Allwinner A10/ 1 GHz Cortex-A8
RAM: 1GB
ROM: 4GB
Internet: Wireless 802.11b/g, WAPI (Ralink8188)
Expansion: Micro TF card, max32GB
IO/Ports: Micro 5pin USB/ USB2.0 data transfer/ OTG and host expand


Prometheus —

Currently working on what I would call my first real tool named Prometheus which is a VoIP sniffing utility. I really don’t want to share too much information on the tool at this time but I will just say that it is coming along well and I hope to share a PoC of the tool within the next few weeks. Below is a screenshot of the command usage:

IMG_8959


Python Course —

Screen Shot 2013-04-21 at 6.06.02 PMSo I ended up purchasing Security Tube’s Python Scripting Expert course and I am so glad that I did. Right now I am just getting started on Module 2 which focuses on I/O, working with files and much more. Module 1 was a great refresher for me as well as it helped clear up my fuzzy understanding object-oriented programming. The entire module which is broken into 10 parts (videos) covers the essentials of Python programming and is vital to understanding python. Topics such as Lists, Tuples, Functions, Conditions, Classes and much more are explained through practical exercises and examples.

The author, Vivek Ramachandran, delivers the subject at a digestible pace and order which to me is key to putting the puzzle pieces together. As I take this course, it reminds me of the Offensive-Security classes that I have taken in that the teacher finds a way to make complicated material seem much less complicated. At this point in my career I am no longer interested in the multiple choice brain dump exams such as the CEH and CISSP. I don’t want to discredit either of the certs as I think they were both instrumental in me furthering my career, but I think of these certs as more of a badge that you flash to get in the door. For example, it is no secret that right now the industry still recognizes the CEH over the OSCP, but for anyone who can testify to the degree of knowledge gained after taking the OSCP course, they will likely state that CEH holds no water in “Knowledge retention”. To me it is simple, I learn by practical application. Now when I take a course I think about how will the course help me in my career and will I remember what I learned.   The OSCP was a course that I could never forget and Security Tube’s Python Scripting Expert course is one that I know I won’t forget either.

As I continue to work through the course I will provide you with a more extensive review.


Security Tube Python Certification —

20130418-211504.jpgI’ve been really thinking hard about taking this course to help improve my knowledge of python. Python has become a life saver for me at work and it seems like every day I’m finding better and more efficient ways to write my scripts. I’m thinking a course like this would be a great opportunity for me to improve on coding on the fly. If you’d like to check out the course details you can do so here


Spam campaign leverages Boston Marathon events —

As if the tragic events that took place in the city of Boston wasn’t enough, reports are now stating that malware authors are exploiting the curiosity of Internet users through an email campaign claiming to provide the user with video footage of the explosions that took place at the marathon in Boston.

 

The email shown below contains a link to a malicious site that hosts two videos of Monday’s events while simultaneously attempting to exploit a vulnerability in the Java platform CVE-2012-1723.

Malicious-Boston-Marathon-Emails-Lead-to-Sites-That-Push-Malware-via-Java-Flaws-2

 

More details on the latest threat can be viewed at naked security.

 

p.s. The Bruins lost in overtime :(

 


Linksys Router Remote Password Change (CSRF) —

unnamedI kept hearing about this new remote password change vulnerability on select linksys routers and finally got a chance to take a look at some coverage on it. So it turns out this is a Cross-Site Request Forgery vulnerability which essentially allows you to embed a malicious request against a vulnerable system (Usually an unprotected form or one that does not confirm a submission). I have to say I thought that this was going to be a remote unauthenticated command injection vulnerability of some sort but it looks like at the very least there is some user action required to carry out the attack.

 

If you are unfamiliar with Cross-Site Request Forgery or you just want to check out the vulnerability itself, there is a decent write up found at Naked Security.