Author Archives: Dale

Offensive Security to be offering Metasploit training goodness.

The fantastic guys at Offensive Security, along with many of the InfoSec community members are making a new course available :  Metasploit Unleashed – Mastering the Framework

The Offensive Security Team along with several active community members, have been working diligently to bring you an in depth course on the Metasploit Framework – “Mastering the Framework” . This course will take you on a journey through the  Metasploit Framework in full detail, and will include the latest MSF features such as:

  • metasploit unleashed
  • Advanced Information gathering
  • Social Engineering attacks
  • Advanced port scanning
  • Writing your own MSF plugins
  • Auxiliary modules kung fu
  • Vulnerability Scanner Integration
  • Writing simple MSF fuzzers
  • Pivoting, Tunneling
  • Exploit Development
  • Egghunter mixins
  • Mastering MSF Payloads
  • Post Exploitation techniques
  • Practical Fast Track Usage
  • MSF Backdoors
  • Advanced AV avoidance
  • Much more!

The course will be presented in the usual “Offensive Security” online format (pdf + videos) and is designed to surprise even experienced MSF users.

The PDF guide along with offline labs for the course will be free of charge. We are working with Metasploit.com and Hackers for Charity to put all proceeds from this course towards feeding children in Kenya and Uganda. The course videos will be available for a small fee. All proceeds will be donated to Hackers for Charity.

This course opens up a new Metasploit Framework Certification track – the OSMP, Offensive Security Metasploit Professional. The certification exam will be based on hands-on exercises requiring the student to prove they have mastered the MSF in all aspects.  The Certification will only be available to those who purchase the videos – our way of encouraging donations to HFC.  Remember – all proceeds go towards a very good cause.

The course is almost ready and we expect a public release around late August, 2009.

This course would not have seen the light of day without the help and support of the following people: HD Moore, David Kennedy, Jim O’gorman, Matteo Memelli, William Coppola, Devon Kearns, Rob Fuller and Chris Hadnagy. The awesome logo design is by swc|666.

You read it right, the guides and offline labs will be made available for free. Excellent I cant wait to check this out in August.

Update – There has been a little delay, but here is a sneaky peak at whats to come:

Syngress Book Proposal Review.

I have just completed my first Syngress book proposal review, so thanks to Rachel Roumeliotis at Syngress for contacting me and giving me the opportunity. All being well this will be the first of many 🙂

In addition I am looking to start posting book reviews on my main page of books relating to Information Security in one form or another.
If your a publisher and want to share a review copy of Information Security related material please feel free to make contact.

Wardriving with Kismet Newcore and BackTrack 4

So BT4 Pre-Release has been available for a few weeks now, and this has Kismet Newcore.
Kismet is a brilliant tool for wireless detection, sniffing and more. The new Kismet has an improved interface, and also built in GPS goodness

As I blogged earlier I recently got a new GPS module, and my new 9dbi omni magnetic antenna has arrived, so no more excuses, time to set it up and have a go.

First off here is the setup I am using:

CIMG2271
Acer Aspire One – 8GB SSD, 1.5GB Ram
2GB Cruzer USB Drive – Running BT4 Pre-Release
Alpha AWUS036H
BU-353 GPS Receiver
9dBi Magmount Omni Atenna
Maplin External Battery Power

So here we go with the steps needed to make this happen. (I found a helpful post on remote exploit that had alot of the code needed)

First off we boot up BackTrack 4. I have the USB wireless and gps modules already plugged in, but I dont think this is essential.
Once we are all booted and logged in we need to open a terminal window.
From here we need to get the GPS module assigned and activated.

gpsd -N -n -D 3 /dev/ttyUSB0

GPSD is a service daemon that can monitor the GPS module. -N ensure you can see whats going on. -n ensures polling continues regardless of client connections. -D 3 sets the debug level to show you wants happening, and so you can spot errors. /dev/ttyUSB0 is the standard device reference for the USB GPS.

CIMG2273

Next we open up another terminal window and fire up Kismet. I have not modified any of the configuration files, so this is all standard out of the box.
We are prompted to autostart the server, select OK for this and no options, and start.
I then close the console window.
CIMG2274
If not already connected, I goto the Kismet menu, and select connect, and connect to the localhost Kismet server.
My Wireless adapter is not on wifi0, so I need to Add a Source, again from the Kismet menu. My interface is wlan0. I add this and we are not seeing activity.

Now the easy bit, go for a drive and map those network devices 🙂

CIMG2281

On your return we can now shutdown Kismet and GPSD.

Now if we go to our desktop, we will see a few Kismet Output files. The one we are looking for is the one with the .netxml file extension. (I have renamed mine to text.netxml to same me some time.
CIMG2286

Now we open a terminal windows and we need to get giskismet to work its magic.

giskismet -x wardrive.netxml
giskismet -q “select * from wireless” -o output.kml

GISKISMET is a tool that can take the data gathered from Kismet, and make visual results. -x tells the application to gather the data from the defined .netxml file and pops it into a Db. -q defines the sql query to extract the information in quotes from the Db. -0 defines the output file name and extension. .kml is the file extension we can use to view the results in Google Earth and Google Maps.
CIMG2287

If you dont want to do this manually you can use the script that vvpalin put together, and I have hosted here for easy access.

Once the files have been created you have two options. If you want to view them in Google Earth, simply fire up Google Earth and open the .kml file. If you want to view them with Google Maps, you need to upload the file somewhere and then search the hosted file location with Google Maps.
GoogleMapsQuery

Its impressive how this all works so easily out of the box really, excellent job once again by the Remote Exploit Team, and the application developers that make these amazing tools available for our use.
*Please excuse the reflection in the images above 🙂

Here are some Google Earth and Maps examples from my quick testing of the new kit.

WarDrive-GE
WarDrive-GM

GE-Zoom

GM-Zoom

P2P Networking, are you leaking your personal data??

Its been a long time since I fired up an adware infested Peer to Peer (P2P) client, and even then I wasnt about the sharing, I was all about the leeching 🙂

However last month I was listening to PaulDotCom and was interested in the research Larry Pesce and Mick Douglas has carried out with regards to individuals disclosing to much data over the P2P networks.

I dont know why it didnt occur to me before, as its obvious really. Many of the users are probably not elite techies, and are just on to get a free MP3 or two. Some of the network require you to share lots of data, and you are rewarded if you do so. So why not share the entire contents of your drive. Its also apparent people are not just doing this from the home computer, but from the office to. This was recently demonstrated by the leaking of the top secret Joint Strike Fighter Aircraft apparently over P2P, as well as the US Presidents Helicopter information.

So, I heard what Larry and Mick had to say, and viewed the findings in the presentation, and I thought I would have a look into this for myself, so thats what I did.

So I setup a VM, setup Sandboxie and installed LimeWire and DC++.
This is a very manual process, but I started searching for .doc, .docx, .xls, .pdf, .jpg, .png to name but a few. I also coupled this with with keywords such as passport, driving, certificate, passport, insurance and more.

I am obviously not going to share the specifics of what I found, as even though this information is freely available I dont want to share the specifics of individuals data, but I found the following items of information:

  • Pictures of peoples family and homes – Meta Data containing location information.
  • Details of holiday bookings
  • Passports
  • Driving Licence
  • Financial Information
  • Possible Credit Card Data (Information looked to be in the appropriate format, obviously not verified)
  • CV’s (More information on home contact information, employer information)
  • Invoices
  • Birth Certificates
  • Medical Records
  • Password files

I guess I would like to say I am surprised, but really I am not. I can understand that maybe people are not worried about photos being available online as the risk isnt understood about the meta data, but surely people should realise they shouldnt be sharing all this other stuff, which really leads me to conclude they obviously dont know. The worst thing is on these P2P networks, you find one bit of juicy information, you can almost guarantee when you look further at the individuals shares, there is alot more to be found. I didnt spend a huge amount of time on this really, few hours here and there over a few weeks, but I am sure determined individuals can and will invest some decent time in this sort of data gathering exercise.

So if you use P2P, check what your sharing on a very regular basis, ask yourself if you want anyone to see this information on the Internet, not just friends and family.

Be safe.

PayPal sorts out the issue with Hackers For Charity.

As posted earlier today, Johnny was having some serious issues with PayPal, and things were looking grim.
The InfoSec community was offering support in the form of money, contacting PayPal, blogging and tweating. Finally it all got sorted out. Way to go InfoSec Community, and respect to PayPal Execs for sorting it out rapidly in the end.

  • 4:20 – (all times GMT+3) I received an email from the PayPal Executive office, apologizing for the problems, and clearly outlining what needed to be done to get our account straight. They said I needed to detatch my personal account (via return direct email) and confirm my business account (also via direct email) with a scan of an HFC business account statement.
  • 6:07 – (Uganda telecom is < 5Kbsec earlier than this) I reply to the email with the authorization and the bank scan
  • 6:13 – The first of many subscriptions attached to the personal account (support for our subscription software, sprout for our widgets, etc) begin to cancel, indicating that the account was removed from PayPal.
  • 6:18 – The email arrives indicating that we’re back in action.

PayPal freezes the Hackers For Charity Account

Johnny Long has posted on this HFC Site that PayPal has frozen his account for investigation. This is the charity and his survival money, and without it they are pennyless.

I had a subscription system running under WP-MEMBER for about a year before that software flaked out on me. Multiple domains caused problems that were irreconcilable. I had donations for our work in Africa coming in (not through wp-member) and a few hundred subscribers to Informer through wp-member. All said, when I switched to Suma, I had 10,000$US in my personal paypal account. That was my family’s support money as well as money for our food program in Kenya.

So I shopped around and picked up Suma. In the process, we had to switch to a business account (although I don’t understand why…wp-member was happily doing recurring payments without a business account). That’s when all hell broke loose. Paypal required a proof of non-profit status (we’re not a non-profit yet, no 501c3 paperwork from IRS) which we don’t have (I selected the wrong box I guess) a printed bank statement (harder to get than you might realize, being overseas) which because a REAL problem because the account was in my name, not the business name and other information. Because I couldn’t provide some of the info (501c3 paper) and the other info (bank stuff) took a LONG time, PayPal restricted my account, meaning my subscription payments are bouncing, and I can’t transfer money out of my account.

PayPal has frozen my assets. We have no source of income beyond the car money we just spent in Kampala on Monday. I may very well have to return to Kampala and get the car payment money back to live off of. We are stranded financially and physically without a vehicle because of PayPal.

I’ve called (Contact PayPal Customer Support toll-free at 1-888-221-1161) to lift the restrictions, but they tell me to email service. Emailing service is ridiculous, and a week goes by between responses.

Come on PayPal, I am sure there is somone with some sense that can help Johnny out and get this sorted, and get his family and Hackers For Charity back on the road.