Mr Robot
Exploring the Hacker Tools of Mr Robot
Over the years the most famous hacking tool that has made it into the movies is Nmap. When producers of a movie actually try to put a dose of reality into the computer hacking scenes Nmap will often flash up on the screen. AFAIK Trinity was the first in the Matrix. Nmap has also appeared in Elysium, The Bourne Ultimatum, Die Hard 4 and many others
The debut season of Mr Robot has received a nod from the security focused twitters for its attempts at trying to keep things for the most part realistic. In the episodes so far we have seen hacker types communicating using IRC, there are Linux boxes as far as the eye can see and the main character wears a hoodie. Of course it is a television show that has to be entertaining so we have to give them some slack in getting a bit creative. So far they seem to be doing a pretty good job at maintaining a balance between the story and what is technically possible.
Here is a quick overview of some of the tools that have appeared in the show so far.
Kali Linux
In multiple scenes we can see references to the Kali Linux distribution, a complete operating system that has been packaged with configured and ready to use penetration testing (hacking) tools. If you are interested in learning about network security, get a copy of this and start playing! ** Only in your lab network of course! Breaking into computers you do not own is illegal in most parts of the world **.
Wget, Shellshock and John the Ripper
Wget is a terminal program to make HTTP requests, a popular use case is to simply download the source of a web page or grab a file from a web server in a terminal.
Here this handy tool is used to compromise a system using one of the big vulnerabilities of 2014 the shellshock bug. You can see the commands being sent in the User Agent of the request to the web server, the command in the screen shot is simply
cat /etc/passwd
.
While success was achieved here getting the
/etc/passwd
file, without the /etc/shadow
file that contains the password hashes the next line where John the Ripper is launched is never going to work.Canbus Hacking
Car hacking has really hit the big time recently after computer security researchers remotely hacked into and took control of a Jeep as it was driving down the freeway. Canbus hacking has been around for a number of years and both car enthusiasts and security researchers have been poking around to gain access to the computers that control the modern car.
In the screen shot from Mr Robot we can see candump, one of the Linux utilities used for viewing the canbus messages.
USB in the car park
We see in this scene one of the few Windows desktops shown - during this scene a security guard inserts a USB drive found in the car park into his system infecting his Windows XP machine with malware. Leaving infected USB flash drives in the car park of the target organization is a well known trick to get code onto a system where network access is limited. In this instance the malware is caught by AVAST anti-virus.
Bluetooth Scanner (btscanner)
btscanner is used here to probe the targets phones for bluetooth capabilities. The tool attempts to extract as much information as possible from a Bluetooth device without having to pair. The btscanner program is included in the Kali Linux distribution and we can see from the title bar of the window that it is the operating system being used here.
Bluesniff
In this screenshot bluesniff can be seen, this is another tool for attacking bluetooth enabled devices. In this screen shot the actual plan here is to perform a man in the middle attack against the targets bluetooth keyboard. With keyboard access the next move is to drop a Meterpreter shell onto the system for access to the target network.
Metasploit Framework (Meterpreter)
In this shot we can see a few lines from a Meterpretershell. Anyone who has used this tool knows a little bit of Meterpreter goes a long way so there was no need for an extensive shot of this powerful tool. Part of the Metasploit penetration testing framework by Rapid7, a Meterpreter shell gives an attacker full control of the target system as well as the ability to move around the network.
Social Engineer Toolkit (SET)
The Social Engineer Toolkit Social Engineer Toolkit or SET is a framework that makes setting up social engineering attacks easier. Email based spear phishing attacks, fake websites and wireless access points can all be launched through its menu system. In this case they are using the SMS spoofing module.
Netscape Navigator the hackers browser of choice
Windows 95 and Netscape Navigator are mentioned when the lead character is thinking about his first steps as a hacker. In the screen shot you can see the source being viewed... careful if you see someone viewing the source they are no doubt a dangerous hacker. The humble web browser is actually a very useful tool for an attacker whether they are launching web application attacks or researching LinkedIn for social engineering attacks.
There you go a bit of fun for the end of the week. If you are after more information on any of the tools explore the included links or try searching. The great thing about all these open source tools is there are lots of tutorials and documentation available.
It is refreshing to see a television show making an effort to not only highlight capabilities of current hacking techniques but trying to stay reasonably close to reality.
Google builds lessons for Web Application Security
Google has put some web application security testing training lessons around a vulnerable application that you are allowed to (within the boundries) attack and test for the purpose of learning about application security threats, testing and how to develop more secure applications.
This codelab is built around Gruyere /?ru??j??r/ - a small, cheesy web application that allows its users to publish snippets of text and store assorted files. "Unfortunately," Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Gruyere and in general.
The codelab is organized by types of vulnerabilities. In each section, you'll find a brief description of a vulnerability and a task to find an instance of that vulnerability in Gruyere. Your job is to play the role of a malicious hacker and find and exploit the security bugs. In this codelab, you'll use both black-box hacking and white-box hacking. In black box hacking, you try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behaviour.
This was released soon after the release of the powerful skipfish scanning tool.
This was released soon after the release of the powerful skipfish scanning tool.
Other similar projects:
Web Goat is another tool for testing from owasp.org
Damn Vulnerable Linux is a collection of Security Testing tools and Exploitable Applications
Web Goat is another tool for testing from owasp.org
Damn Vulnerable Linux is a collection of Security Testing tools and Exploitable Applications
Web Application Exploits and Defenses
A Codelab by Bruce Leban, Mugdha Bendre, and Parisa Tabriz
Want to beat the hackers at their own game?
- Learn how hackers find security vulnerabilities!
- Learn how hackers exploit web applications!
- Learn how to stop them!
This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:
- How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
- How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.
Gruyere
This codelab is built around Gruyere /ɡruːˈjɛər/ - a small, cheesy web application that allows its users to publish snippets of text and store assorted files. "Unfortunately," Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Gruyere and in general.The codelab is organized by types of vulnerabilities. In each section, you'll find a brief description of a vulnerability and a task to find an instance of that vulnerability in Gruyere. Your job is to play the role of a malicious hacker and find and exploit the security bugs. In this codelab, you'll use both black-box hacking and white-box hacking. In black box hacking, you try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior. You do not have access to the source code, although understanding how to view source and being able to view http headers (as you can in Chrome or LiveHTTPHeaders for Firefox) is valuable. Using a web proxy like Burp or ZAP may be helpful in creating or modifying requests. In white-box hacking, you have access to the source code and can use automated or manual analysis to identify bugs. You can treat Gruyere as if it's open source: you can read through the source code to try to find bugs. Gruyere is written in Python, so some familiarity with Python can be helpful. However, the security vulnerabilities covered are not Python-specific and you can do most of the lab without even looking at the code. You can run a local instance of Gruyere to assist in your hacking: for example, you can create an administrator account on your local instance to learn how administrative features work and then apply that knowledge to the instance you want to hack. Security researchers use both hacking techniques, often in combination, in real life.
We'll tag each challenge to indicate which techniques are required to solve them:
Challenges that can be solved just by using black box techniques.
Challenges that require that you look at the Gruyere source code.
Challenges that require some specific knowledge of Gruyere that will be given in the first hint.
WARNING: Accessing or attacking a computer system without authorization is illegal in many jurisdictions. While doing this codelab, you are specifically granted authorization to attack the Gruyere application as directed. You may not attack Gruyere in ways other than described in this codelab, nor may you attack App Engine directly or any other Google service. You should use what you learn from the codelab to make your own applications more secure. You should not use it to attack any applications other than your own, and only do that with permission from the appropriate authorities (e.g., your company's security team).
Continue >>
Comentários
Postar um comentário