Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label Network. Show all posts
Showing posts with label Network. Show all posts

Sunday, January 28, 2018

Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan - GhostInTheNet




Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan.

Properties:
  • Network Invisibility
  • Network Anonymity
  • Protects from MITM/DOS
  • Transparent
  • Cross-platform
  • Minimalistic

Dependencies:
  • Linux 2.4.26+ - will work on any Linux-based OS, including Whonix and RaspberryPI
    • BASH - the whole script
    • root privileges - for kernel controlling

Limitations:
  • You can still be found with VLAN logs if using ethernet or by triangulation/broadcast if using WiFi
  • MAC spoofing won't work if appropriate mitigations has been taken, like DAI or sticky MAC
  • Might be buggy with some CISCO switches
  • Not suitable for production servers

How it works
The basic and primary network protocol is ARP for IPv4 and NDP (ICMPv6) for IPv6, located in the link and network layer, provides main connectivity in a LAN.
Despite its utility and simplicity, it has numerous vulnerabilities that can lead to a MITM attack and leak of confidentiality.
Patching of such a widely used standard is a practically impossible task.
A very simple, but at the same time effective solution is to disable ARP and NDP responses on an interface and be very cautious with broadcasting.
Considering the varieties of implementations, this means that anyone in the network wouldn't be able to communication with such host, only if the host is willing it-self.
The ARP/NDP cache will be erased quickly afterwards.
Here is an example schema:
A >>> I need MAC address of B >>> B

A <<< Here it is <<< B

A <<< I need MAC address of A <<< B

A >>> I'm not giving it >>> B
To increase privacy, it's advised to spoof the MAC address, which will provide a better concealment.
All this is possible using simple commands in Linux kernel and a script that automates it all.

Analysis
No ARP/NDP means no connectivity, so an absolute stealth and obscurity on the network/link layer.
This protects from all possible DOSes and MITMs (ARP, DNS, DHCP, ICMP, Port Stealing) and far less resource consuming like ArpON.
Such mitigation implies impossibility of being scanned (nmap, arping).
Besides, it doesn't impact a normal internet or LAN connection on the host perspective.
If you're connecting to a host, it will be authorised to do so, but shortly after stopping the communication, the host will forget about you because, ARP/NDP tables won't stay long without a fresh request.
Regarding the large compatibility and cross-platforming, it's very useful for offsec/pentest/redteaming as well.
You see everyone, but nobody sees you, you're a ghost.
Mitigation and having real supervision on the network will require deep reconfiguration of OSes, IDPSes and all other equipement, so hardly feasible.

HowTo
You can execute the script after the connection to the network or just before:
sudo GhostInTheNet.sh on eth0
This will activate the solution until reboot.
If you want to stop it:
sudo GhostInTheNet.sh off eth0
Of course, you will have to make the script executable in the first place:
chmod u+x GhostInTheNet.sh

Notes
ARP/NDP protocol can be exploited for defensive purpose.
Now your Poisontap is literally undetectable and your Tails is even more anonymous.
You should learn some stuff about IPv6.




Share:

Friday, April 21, 2017

Kick Devices Off Your Network - KickThemOut



A tool to kick devices out of your network and enjoy all the bandwidth for yourself. It allows you to select specific or all devices and ARP spoofs them off your local area network.
Compatible with Python 2.6 & 2.7.
Authors: Nikolaos Kamarinakis & David Schütz

Installation

You can download KickThemOut by cloning the Git Repo and simply installing its requirements:
$ git clone https://github.com/k4m4/kickthemout.git

$ cd kickthemout

$ pip install -r requirements.txt

Demo
Here's a short demo:
https://nikolaskama.me/content/images/2017/01/kickthemout_asciinema.png
(For more demos click here )


Disclaimer
KickThemOut is provided as is under the MIT Licence (as stated below). It is built for educational purposes only. If you choose to use it otherwise, the developers will not be held responsible. In brief, do not use it with evil intent.


Share:

Saturday, March 25, 2017

Caffeinated Packet Analyzer - Dripcap



Caffeinated packet analyzer. Dripcap is a modern packet analyzer based on Electron.

Getting Started

Advanced Usage

Create & Publish Your Package

  • Create Theme Package
  • Create Dissector Package
  • Create UI Package
  • Publish Package

Dissector Overview

  • Dissection Process
  • Namespace
  • Create a Custom Dissector Class

API Reference



Share:

Wednesday, August 3, 2016

Network Protocol Analyzer - Wireshark 2.0.5



If you've ever wondered just how your network is being used, Wireshark may be the tool you have been looking for. Network analysers are nothing new, but they have a tendency to be impenetrable programs reliant on command line operations and provide information in a text based form which can be difficult to interpret. Wireshark boasts a graphical front end which makes it easy to analyse all traffic which travels over a network using a variety of protocols.

Data packets can be captured from both wired and wireless network and this information can be viewed live as it is captured or analysed at a later date. The wealth of information that the program can reveal about network usage is staggering, and support for plugins means that the tool can be extended to add new protocols and features further down the line. Wireshark is available for Windows, Linux and Mac, making it ideal for mixed platform networks .

As well as working with data that has been captured directly through Wireshark itself, it is also possible to analyse data that has been captured with the likes of Aircrack, tcpdump and CA NetMaster. Easy to configure colouring and filtering makes it simple to make sense of complex data, and while this is not a tool for the average home user, it remain powerful yet approachable.

OffSec


Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition