Posts

Dark Web: Accessing the hidden content Part- 2

Image
I2P Intro: According to Wikipedia, The Invisible Internet Project (I2P) is an anonymous network layer that allows for  peer to peer communication via encrypting the user’s traffic and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. The software that implements this layer is called an “I2P router” and a computer running I2P is called an “I2P node“. I2P is free and open source. I2P can be run both on Pc as well as android, here is a screeshot of I2P running on android device. Image source: https://en.wikipedia.org/wiki/File:I2PAndroid-console-0.9.20.png While tor lets you being anonymous and open sites hosted either publicly or dark sites ( with .onion) I2P’s focus on the other hand is creating its own internal internet is that the network isn’t accessible from a regular computer. By installing the requisite I2P software, your computer can join I2P and begin routing traffic, just like a Tor middle relay as it creates d

Dark Web: Accessing the hidden content Part- 1

Image
Curiosity towards hidden and unknown things is natural to people. For the general folks, Internet is existence of websites indexed via popular search engines like Google, however the Deep Dark web is beyond the traditional search engines which are hidden and inaccessible through standard web browsers. It is an interesting fact to know that hardly only 4% of the internet is visible to the common people. That makes 96% of the internet is made up of “The Deep Web”! The Deep Web hosts the “Dark Web,” a series of networks called “darknets” that overlay the public Internet but require specific software or authorization to access. As users can operate Darknets anonymously, it’s not hard to guess that these are the abode of various criminal activities. In fact, Darknet hosts a worldwide marketplace of illicit goods and services. Top darkweb searches include child pornography followed by drug dealing, software hacking, currency counterfeit, stolen information from sensitive sources, w

Thick Client Penetration Testing Tutorials - Part 5

Image
For carrying out penetration testing assessments, our main aim has been to resolve the actual domain to the loopback IP address, by adding an entry to the hosts file. Let us know consider a situation where the thick Client application does not send the request to a domain or a host name, then what happens? We are stuck since it becomes impossible to make a host file entry. Consider a thick client url like http://172.32.23.23:891/login. It cannot be mapped in hosts file without a valid pointing domain. So lets do a workaround via configuring burp with the concept of Microsoft Loopback Adapter. Prerequisites: Two machines residing in the same network ,both having Burp Suite tool running One machine (the testing machine) should have Microsoft Loopback Adapter configured. The second machine acts as a gateway that forwards the requests to the internet. The loopback adapter helps deceiving the local machine. In absence of a real domain, all the application req

WPA2 KRACK unleashed

WPA2 Krack in a nutshell While its raging all over , lets see in what the finding is all about? KRACK (Key Reinstallation Attack) is a replay attack discovered in 2016 by Belgian researchers Mathy Vanhoef and Frank Piessens. The details were published in October 2017. 1. Where exactly is KRACK exploiting wireless networks? WPA2 protocol offers a "four-way handshake." In simple words, the 4-way handshake determines whether a user attempting to join a network and the access point offering the network have matching credentials. By repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic. 2. How does it become vulnerable? The four-way handshake generates a new encryption key ( the third communication in the four way handshake) 3. Enter the "Key Reinstallation Attack" At this juncture, a hacker can tamper/

Thick Client Penetration Testing Tutorials - Part 4 ( Memory Forensics/ Reversing)

Image
Static Analysis/ Reverse Engineering for Thick Clients Penetration Testing 4 Hi Readers, let’s take a look into static analysis. The advantage which thick clients offer over web applications are the ability to inspect the code and perform code level fuzzing which is more interesting for me! How to inspect code at a static level? There are many test cases which aid us to perform static analysis. Some of these include:    1  1)       Memory Level Protection Checks ( DEP / ASLR) 2  2)       String based analysis to find information 3  3)       Configuration File checks 4  4)       Memory inspection to find hardcoded passwords 5  5)       Reverse Code Level Logic to bypass checks/ licences 1.        To check memory level protections , we can use the free system internals suite by Microsoft ( https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite ) Once you download the above suite, there are multiple tools available out in to play with. Let’s launch a sample applic

Thick Client Penetration Testing Tutorials - Part 3 ( Java Deserialization Exploit to RCE)

Image
Thick Client Penetration Testing – 3 (Java Deserialization Exploit: Remote Code Execution) Welcome Readers, in the previous two blogs, we have learnt about the various test cases as well as setting up traffic for thick clients using interception proxy. Among the plethora of test cases out here, one particularly interesting is about “ Remote Code Execution on thick clients”. For this particular RCE, among one of the thick clients I was testing, it was based on Java Application. While researching possible exploits, I noticed that there are custom deserialization methods in Apache commons-collections which has a particular “reflection logic” . This can be particularly exploited which can lead to remote command injection as well as lethal arbitrary code execution. All applications which are java based and perform serialization/ deserialization with untrusted data to deserialize having “commons-collections” in its classpath can be exploited to run arbitrary code! For starters, let’s cover