Posts

Android Exposed Service Exploit

Android Application Service Code(Application 1): ------------------------------------------------------------------------------------------------------------ Details ------------------------------------------------------------------------------------------------------------ Package Name: com.example_service Class Name: Server_Service AIDL Interface Name: service_interface ------------------------------------------------------------------------------------------------------------ Code: Server_Service.java ------------------------------------------------------------------------------------------------------------ package com.example_service; import android.app.Service; import android.content.Intent; import android.os.IBinder; import android.os.RemoteException; public class Server_Service extends Service {     public Server_Service() {     }     //Create new stub and write implementation for all the function declared in the AIDL file     protected service_inter
Image
Rubber Ducky - Arduino UNO Configuration for Arduino UNO Board: Download and install the Latest version of Arduino ( Recommended : Linux/Mac) Download Boot-loader Sketch(INO) from reference URL Open the INO file in the Arduino IDE Connect a Plain(no other wire connection) Arduino UNO to Laptop via USB cable In Arduino IDE, Select Tools->Board->Arduino/Genuino UNO In Arduino IDE, Select Tools->Port->ttyACM0 [Yours could be different. Use dmesg command to identify] Verify and Upload the Code Wait for the message “Upload Done” and Disconnect the USB cable  Make the cable connection as per the below screenshot attached Connect the USB cable again back to laptop and the boot loader will install by itself Wait for 1 to 2 min till the boot-loader get installed Disconnect USB cable from the laptop and disconnect all the jump wire and make the board plain Configuration for Arduino IDE: Connect the Board to laptop via USB cable Navigate File->Pref

EternalBlue - SMB Exploit

Image
Tested Environment: Windows 7 x64 Professional Linux Parrot OS PoC:

DNS Spoofing

Image
Setup Gateway => 172.16.84.2 KALI        => 172.16.84.140 [Victim] PARROT  => 172.16.84.143 [Attacker] Attacks ARP Spoofing  [Using Scapy] DNS Spoofing  [Using Ettercap DNS_Spoof Plugin] Attack Flow Attacker perform ARP spoofing [to redirect all the traffic from victim system to attacker machine] Attacker perform DNS Spoofing [to steal the data by phishing/sniffing] Scapy ARP Spoof Packets spkali   => Poison the kali cache table spgate => Posion the gateway Refer ARP Spoofing by Scapy https://just2secure.blogspot.ae/2017/02/arp-poison.html Ettercap DNS Spoof Configuration root:~$ nano /etc/ettercap/etter.conf Change 1 (Change the value to Zero) ec_uid = 0                # nobody is the default ec_gid = 0                # nobody is the default Change 2 (uncomment the 2 lines) redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" redir

ARP Poison

Image
In a network, each machine communicates to the other using PHY (MAC) address.  Every system maintain a cache(IP<->MAC) of neighbor system. Manipulating the cache by mapping VICTIM IP to ATTACKER MAC address will result in redirection of data to the ATTACKER instead of VICTIM Commands (To View ARP Table) root:~# arp -a Software Scapy (Packet creation Tool) Setting MAC       => 172.16.84.1      => [ 00:50:56:c0:00:08] =>  VICTIM-1 KALI       => 172.16.84.140 => [ 00:0c:29:c0:22:41 ]   => VICTIM-2 PARROT => 172.16.84.142 => [ 00:0c:29:fe:93:76 ]   => ATTACKER Target ATTACKER(PARROT) needs to sniff the traffic between VICTIM-1(MAC) and VICTIM-2(KALI) Poison the MAC ARP Cache Table(from Parrot) Attacker create spoofed ARP packet (maps attacker PHY address to the VICTIM-2 IP) Attacker send the spoofed ARP packets to the network MAC machine ARP cache table is poisoned by the spoofed ARP packet  1 way communicati

Reverse Shell - Anonymous File Upload

Image

SSH Tunneling and Port Forwarding

Image
Mac Machine (Attacker)[Local Network] IP Address = 172.16.84.1 Parrot Machine (Compromised Machine)[Server Network] IP Address = 172.16.84.142 (Interface 1) IP Address = 192.168.132.129 (Interface 2) Kali Machine (Target Machine)[Private Network] IP Address = 192.168.132.128

Flight Tracking with RTL SDR

Image
My Setup Parrot Linux  RTL SDR (NooElec R820T SDR) Dependency sudo apt-get install librtlsdr0 librtlsdr-dev Install Dump1090 Download from the URL unzip master.zip cd dump1090-master make ./dump1090 ./dump1090 --net --interactive Browse to http://localhost:8080 Download Dump1090 https://github.com/antirez/dump1090/archive/master.zip Screenshot

JTAG PIN Identification

Image
My Setup Parrot Linux Arduino UNO Broadlink RM Mini  Software Arduino IDE JTAGEnum ( https://github.com/cyphunk/JTAGenum ) JTAG PINS to be Identified TCK   - Test Clock TMS  - Test Mode  TDI   - Test Data IN TDO  - Test Data Out GND  - Ground Hardware Connection Set up Connect Laptop and Arduino (USB cable) Arduino Digital PIN (any 5 pins) to RM Mini (5 pins) [Except 1 - VCC and 1 - GND] Note: If you are using JTAGENUM, the JTAGenum sketch uses the DIGITAL PIN from 2 to 11. Refer the line number 72(ino file) Software Connection Set up Download the INO sketch from the github Open the Arduino IDE and Load the downloaded JTAGEnum sketch Choose the correct Serial Port and Board Compile and Upload the sketch Open the Serial Monitor Set the correct baud rate Enter the command to scan ("s") Arduino PIN Layout Digital PIN 2(Black) Digital PIN 3(White) Digital PIN 4(Grey)

QEMU - ARM VM Setup

Linux: apt-get install qemu Download Files(From URL): debian_wheezy_armel_desktop.qcow2 initrd.img-3.2.0-4-versatile vmlinuz-3.2.0-4-versatile Command to Run: qemu-system-arm -M versatilepb -kernel vmlinuz-3.2.0-4-versatile -initrd initrd.img-3.2.0-4-versatile -hda debian_wheezy_armel_desktop.qcow2 -append "root=/dev/sda1" -nographic -net user,hostfwd=tcp::2222-:22 -net nic Note: Leave the command line as it is(it will ask for username and password). Open a new command line and type the below SSH: ssh root@localhost -p 2222 password: root Download Files(URL): https://people.debian.org/~aurel32/qemu/armel/