• My Book

    Mastering Metasploit Book By Nipun Jaswal

  • My Course

    WAPT Course By Nipun Jaswal

  • My Exploits

    MSF Modules

  • My Projects

    Wireless Forensics Framework

  • Saturday, 27 September 2014

    SickFuzz is a fuzzer for web applications and has always been a script which i miss the most on Kali linux. Let us see how we can fix it to run on Kali Systems-

    Download the script from this link and try to execute it.
    The First Error would be:
    And probably the second one would be:


    To Fix these errors, we need to make the following changes in the spike and the fpath variables. However, fpath variable is the path of the sickfuzz.py file.

    As soon as you fix and restart sickfuzz.py, it works like charm-
    Happy Fuzzing :)
     

    Fixing SickFuzz for Kali Linux

    Posted at  15:05  |  in  sickfuzz on kali linux  |  Read More»

    SickFuzz is a fuzzer for web applications and has always been a script which i miss the most on Kali linux. Let us see how we can fix it to run on Kali Systems-

    Download the script from this link and try to execute it.
    The First Error would be:
    And probably the second one would be:


    To Fix these errors, we need to make the following changes in the spike and the fpath variables. However, fpath variable is the path of the sickfuzz.py file.

    As soon as you fix and restart sickfuzz.py, it works like charm-
    Happy Fuzzing :)
     

    Friday, 26 September 2014

    Today we will discuss how we can easily capture network SSIDs from the various devices around you.

    This will help you find previously connected networks from various devices due to the fact that any wireless enabled device will keep looking for previously connected network after a certain period of time.

    To keep it simple we will simply use 'tshark' the command line sequel for wireshark.

    The first step is to put your wireless card in monitor mode-

    airmon-ng start wlan0 
    Next, issue the following command-
    tshark -i mon0 -R wlan.fc.type_subtype==0x04 -T fields -E separator=- -e wlan.sa -e wlan_mgt.ssid

    Lets understand this command, -i denotes the interface to capture packets from and since we have put our wireless card in monitor mode, we will use mon0.

    -R denotes the filter to use, wlan.fc.type_subtype==0x04 denotes the 'Probe Request' packet which is used for seeking a network actively, by the device. we used Hex notation of probe packet that is 0x04. Next, to list only the information which we require rather than the entire packet we use -T fields. -E separator denotes the character separator between two fields. -e denotes the actual fields which we want to display.

    Therefore, our command should display something like-

    XX:XX:XX:XX:XX:XX-[Network Name]
     running this command will output something similar to the following-

    This was a simple tutorial but i thought it will be helpful for few people who wants to get information about previously connected networks from certain devices.


    Simplest Command to Fetch SSIDs Around You

    Posted at  19:26  |  in  wireless sniffing  |  Read More»

    Today we will discuss how we can easily capture network SSIDs from the various devices around you.

    This will help you find previously connected networks from various devices due to the fact that any wireless enabled device will keep looking for previously connected network after a certain period of time.

    To keep it simple we will simply use 'tshark' the command line sequel for wireshark.

    The first step is to put your wireless card in monitor mode-

    airmon-ng start wlan0 
    Next, issue the following command-
    tshark -i mon0 -R wlan.fc.type_subtype==0x04 -T fields -E separator=- -e wlan.sa -e wlan_mgt.ssid

    Lets understand this command, -i denotes the interface to capture packets from and since we have put our wireless card in monitor mode, we will use mon0.

    -R denotes the filter to use, wlan.fc.type_subtype==0x04 denotes the 'Probe Request' packet which is used for seeking a network actively, by the device. we used Hex notation of probe packet that is 0x04. Next, to list only the information which we require rather than the entire packet we use -T fields. -E separator denotes the character separator between two fields. -e denotes the actual fields which we want to display.

    Therefore, our command should display something like-

    XX:XX:XX:XX:XX:XX-[Network Name]
     running this command will output something similar to the following-

    This was a simple tutorial but i thought it will be helpful for few people who wants to get information about previously connected networks from certain devices.


    Sunday, 29 June 2014

    In the Previous tutorial, we discussed about evading windows 7 firewall rules. Today, let us discuss about another great capability of Nmap that is decoys. To evade detection and network presence, Nmap decoys can be used effectively to lessen the chances of being caught. Decoys are those fake IP bots which pretends to be scanning the network and hence, confusing the security administrators to find the real culprit. So, today let us see how we can scan a target using Decoys in Nmap. For this tutorial we will use the target operating system as Windows 7 and we will run Snort to detect network packets. Snort is a common open source IDS implementation-
    we just performed a service scan with nmap on the target with two decoys that are 192.134.122.133 and 192.134.55.66 on port 21. We can see the port open but let us see on the target side that what amount of traffic we generated-
    As we can clearly see that we have the decoys who are scanning the target. But, we also have our original IP address listed there. However, this lessens the chances of getting caught but not a complete evade. Also, an important thing to mention here is that in a Service discovery scan, Nmap will try to fetch the banner of the target port from the original IP address which makes it more catchy. Therefore, let us see another approach of using Nmap decoys with IP Spoofing and analyze the results-
    Let us now check the target Snort logs and see if the original IP address is listed there or not-
    Bang! we can see that there is no listing of our original IP address there. Hence, evading the catch completely. Therefore, decoys lessens the chances of being caught and does it even better when used in conjunction with IP spoofing. This tutorial is recommended to use under a LAN environment or on an onsite testing project.





    Using Decoys but not only decoys in scanning networks using Nmap

    Posted at  18:41  |  in  snort evasion techniques  |  Read More»

    In the Previous tutorial, we discussed about evading windows 7 firewall rules. Today, let us discuss about another great capability of Nmap that is decoys. To evade detection and network presence, Nmap decoys can be used effectively to lessen the chances of being caught. Decoys are those fake IP bots which pretends to be scanning the network and hence, confusing the security administrators to find the real culprit. So, today let us see how we can scan a target using Decoys in Nmap. For this tutorial we will use the target operating system as Windows 7 and we will run Snort to detect network packets. Snort is a common open source IDS implementation-
    we just performed a service scan with nmap on the target with two decoys that are 192.134.122.133 and 192.134.55.66 on port 21. We can see the port open but let us see on the target side that what amount of traffic we generated-
    As we can clearly see that we have the decoys who are scanning the target. But, we also have our original IP address listed there. However, this lessens the chances of getting caught but not a complete evade. Also, an important thing to mention here is that in a Service discovery scan, Nmap will try to fetch the banner of the target port from the original IP address which makes it more catchy. Therefore, let us see another approach of using Nmap decoys with IP Spoofing and analyze the results-
    Let us now check the target Snort logs and see if the original IP address is listed there or not-
    Bang! we can see that there is no listing of our original IP address there. Hence, evading the catch completely. Therefore, decoys lessens the chances of being caught and does it even better when used in conjunction with IP spoofing. This tutorial is recommended to use under a LAN environment or on an onsite testing project.





    Friday, 27 June 2014


    Today, let us talk about Firewall rules and how we can evade them. However, i will be producing more advanced and complex tutorials for ninja scanning as well.OK, let us talk about a basic ninja scan which is required in the following scenario-
    Target is a colleague in the neighborhood who is running on Windows 7, Runs a Version of an FTP server on port 21 and 990(secured) and lastly has blocked our IP address as well. Our task is to evade the protection mechanisms that are the Windows 7 firewall based rules.

    To create a self test environment, you need-

    • Windows 7 up and running in VMware or on a different machine
    • A Firewall rule in "Inbound Connections" which Blocks our IP address
    • Any Linux configured with Nmap

    OK! So let us first run a simple Nmap scan without any rule in the firewall and check what is the output:-

    Providing the simple command nmap 192.168.193.128 shows the output in the above screenshot. Everything seems to be OK! we are able to make a connection with ease. let us now create a firewall rule to block the remote address 192.168.193.1(Attacker's OS IP/Our IP) -

    The first rule blocks our IP address which is 192.168.193.1 Let us now re-scan the target and see that if the firewall is blocking us now or not?

    "All 1000 ports are filtered" firewall is working pretty well huh? :P let us also check what Wireshark denotes running this scan-

    All SYN packets from the very first packet till the end of the scan.... so what this means? yeah you guessed it right no ACKs. Therefore, Nmap shows all ports filtered.

    Let us now overcome this situation by using -S switch in Nmap which helps in spoofing the originating address as follows-

    Let us analyze the above command, we used -sS to denote a Stealth Scan/Half open Scan. Next, we used -e to denote the interface name which in my case was vmnet8 because i used it in VMware Player(eth0 in case of machine being a different one). Next, -S to supply an address to spoof and 21,990 using -p switch to denote the port numbers. we can see that some error messages are generated but its alright, it works fine. let us cross check its functioning using Wireshark-

    Bingo! we were able to spoof the address with ease and we can also see the SYN-ACKs sent back from the target to the spoofed address which doesn't exist actually :P

    This concludes our most basic ninja scanning tutorial to evade a firewall rule of Windows 7. Stay tuned for more tutorials. Additionally, Refer to my book Mastering Metasploit to learn how to scan a hidden network using a compromised host.  

    Evading Windows 7 Firewall rules with Basic Ninja Scanning using Nmap

    Posted at  03:19  |  in  windows 7 firewall unblocking scans  |  Read More»


    Today, let us talk about Firewall rules and how we can evade them. However, i will be producing more advanced and complex tutorials for ninja scanning as well.OK, let us talk about a basic ninja scan which is required in the following scenario-
    Target is a colleague in the neighborhood who is running on Windows 7, Runs a Version of an FTP server on port 21 and 990(secured) and lastly has blocked our IP address as well. Our task is to evade the protection mechanisms that are the Windows 7 firewall based rules.

    To create a self test environment, you need-

    • Windows 7 up and running in VMware or on a different machine
    • A Firewall rule in "Inbound Connections" which Blocks our IP address
    • Any Linux configured with Nmap

    OK! So let us first run a simple Nmap scan without any rule in the firewall and check what is the output:-

    Providing the simple command nmap 192.168.193.128 shows the output in the above screenshot. Everything seems to be OK! we are able to make a connection with ease. let us now create a firewall rule to block the remote address 192.168.193.1(Attacker's OS IP/Our IP) -

    The first rule blocks our IP address which is 192.168.193.1 Let us now re-scan the target and see that if the firewall is blocking us now or not?

    "All 1000 ports are filtered" firewall is working pretty well huh? :P let us also check what Wireshark denotes running this scan-

    All SYN packets from the very first packet till the end of the scan.... so what this means? yeah you guessed it right no ACKs. Therefore, Nmap shows all ports filtered.

    Let us now overcome this situation by using -S switch in Nmap which helps in spoofing the originating address as follows-

    Let us analyze the above command, we used -sS to denote a Stealth Scan/Half open Scan. Next, we used -e to denote the interface name which in my case was vmnet8 because i used it in VMware Player(eth0 in case of machine being a different one). Next, -S to supply an address to spoof and 21,990 using -p switch to denote the port numbers. we can see that some error messages are generated but its alright, it works fine. let us cross check its functioning using Wireshark-

    Bingo! we were able to spoof the address with ease and we can also see the SYN-ACKs sent back from the target to the spoofed address which doesn't exist actually :P

    This concludes our most basic ninja scanning tutorial to evade a firewall rule of Windows 7. Stay tuned for more tutorials. Additionally, Refer to my book Mastering Metasploit to learn how to scan a hidden network using a compromised host.  

    Monday, 31 March 2014

    Western Union is a popular money transfer service. Last year our team "Cyber-ROG" found a password reset bug in the official site of western union.
    People on many popular forums claimed to have the password reset bug for western union, which was considered as a popular fake on various forums by some popular members.


    Team Cyber-ROG found the password reset bug and reported it to the western union officials. But the company, instead of acknowledging the work done, they patched the bug without even replying to the disclosure mail.

    Check out the POC video of the exploit-

    Researchers must be acknowledged for their findings. But some of the companies do not take this seriously. Hence, Full Disclosure to these kind of bugs are required.

    Cyber-ROG is composed of highly skilled researchers from around the globe. Want to show respect? like the facebook page here


    What was Western Union Private Exploit

    Posted at  19:24  |  in    |  Read More»

    Western Union is a popular money transfer service. Last year our team "Cyber-ROG" found a password reset bug in the official site of western union.
    People on many popular forums claimed to have the password reset bug for western union, which was considered as a popular fake on various forums by some popular members.


    Team Cyber-ROG found the password reset bug and reported it to the western union officials. But the company, instead of acknowledging the work done, they patched the bug without even replying to the disclosure mail.

    Check out the POC video of the exploit-

    Researchers must be acknowledged for their findings. But some of the companies do not take this seriously. Hence, Full Disclosure to these kind of bugs are required.

    Cyber-ROG is composed of highly skilled researchers from around the globe. Want to show respect? like the facebook page here


    Register for WAPT Course Today! Watch the Demo Below

    About-WAPT Course-Contact Me
    Copyright © 2013 Nipun Jaswal's Security Blog. Blogger Template by Bloggertheme9
    Proudly Powered by Blogger.
    back to top