Tuesday, April 15, 2014

ALL PANETRATION TESTING TOOLS REQUIRED FOR ALL SECURITY PROFESSIONALS By Gorvam saddar

37 Powerful Penetration Testing Tools For Every Penetration Tester

Posted In | Security testing, Software Testing Tools

Wouldn’t it be fun if a company hired you to hack its website/ network/ Server? Well, Yeah!!!

Penetration testing, commonly called as pen-testing is a on a roll in the testing circle these days. The reason is not hard to guess – with the change in the way computer systems are used and built, security takes the center stage. Even though companies realize they can’t make every system 100% secure, they are extremely interested to know exactly what kind of security issues they are dealing with. That’s where Pen-testing comes handy with its use of ethical hacking techniques....

HeartBleed Bug Explained - 10 Most Frequently Asked Questions

Heartbleed – I think now it’s not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server’s memory, potentially revealing users data, that the server did not intend to reveal.

After the story broke online, websites around the world flooded with the heartbleed articles, explaining how it works, how to protect, and exactly what it is. Yet many didn’t get it right. So based on the queries of Internet users, we answered some frequently asked questions about the bug.

1.) IS HEARTBLEED A VIRUS?

Man-in-the-Middle Attacks, Wireless MITM, Gorvam saddar

Man-in-the-Middle Attacks

Man-in-the-middle (MITM) attack refers to the situation where an attacker on host X inserts X between all communications between hosts B and C, and neither B nor C is aware of the presence of X. All messages sent by B do reach C but via X, and vice versa. The attacker can merely observe the communication or modify it before sending it out. An MITM attack can break connections that are otherwise secure. At the TCP level, SSH and VPN, e.g., are prone to this attack.

8.1 Wireless MITM

Assume that station B was authenticated with C, a legitimate AP. Attacker X is a laptop with two wireless cards. Through one card, he will present X as an AP. Attacker X sends Deauthentication frames to B using the C’s MAC address as the source, and the BSSID he has collected. B gets deauthenticated and begins a scan for an AP and may find X on a channel different from C.

Denial of Service by gorvam saddar

. Denial of Service

A denial of service (DoS) occurs when a system is not providing services to authorized clients because of resource exhaustion by unauthorized clients. In wireless networks, DoS attacks are difficult to prevent, difficult to stop an on-going attack and the victim and its clients may not even detect the attacks. The duration of such DoS may range from milliseconds to hours. A DoS attack against an individual station enables session hijacking.

7.1 Jamming the Air Waves

A number of consumer appliances such as microwave ovens, baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An attacker can unleash large amounts of noise using these devices and jam the airwaves so that the signal to noise drops so low, that the wireless LAN ceases to function. The only solution to this is RF proofing the surrounding environment.

7.2 Flooding with Associations

Detection of Probing, AP Weaknesses, Defeating MAC Filtering, Rogue APTrojan AP Equipment Flaws by gorvam saddar

Detection of Probing

Detection of probing is possible. The frames that an attacker injects can also be heard by the intrusion detection systems (IDS) of hardened wireless LAN. There is GPS-enabled equipment that can identify the physical coordinates of a wireless device through which the probe frames are being transmitted.

6. AP Weaknesses

APs have weaknesses that are both due to design mistakes and user interfaces that promote weak passwords, etc. It has been demonstrated by many publicly conducted war-driving efforts (www.worldwidewardrive.org) in major cities around the world that a large majority of the deployed APs are poorly configured, most with WEP disabled, and configuration defaults, as set up the manufacturer, untouched.

6.1 Configuration

The default WEP keys used are often too trivial. Different APs use different techniques to convert the user’s key board input into a bit vector

Collecting the Frames for Cracking WEP, etection of the Sniffers, Wireless Spoofing, MAC Address Spoofing by gorvam saddar

Collecting the Frames for Cracking WEP

The goal of an attacker is to discover the WEP shared-secret key. Often, the shared key can be discovered by guesswork based on a certain amount of social engineering regarding the administrator who configures the wireless LAN and all its users. Some client software stores the WEP keys in the operating system registry or initialization scripts. In the following, we assume that the attacker was unsuccessful in obtaining the key in this manner. The attacker then employs systematic procedures in cracking the WEP. For this purpose, a large number (millions) of frames need to be collected because of the way WEP works.

Collecting the MAC Addresses by gorvam saddar

Collecting the MAC Addresses

The attacker gathers legitimate MAC addresses for use later in constructing spoofed frames. The source and destination MAC addresses are always in the clear in all the frames. There are two reasons why an attacker would collect MAC addresses of stations and APs participating in a wireless network.
(1) The attacker wishes to use these values in spoofed frames so that his station or AP is not identified.
(2) The targeted AP may be controlling access by filtering out frames with MAC addresses that were not registered.