Category Security

Everyday Cryptography by Keith Martin

Note: This post is part of the “20p Everyday” project.

I was fortunate enough to attend one of the best information security schools in the world. Yes that’s Royal Holloway University of London after a long academic journey, ups and downs of course..
I was even more fortunate to have the author of this book, Keith Martin, as one of my professor back in RHUL.
He taught me “Crypto 1”. I enjoyed his lecture very much. It was one of the most interesting lecture at times.

Personally I had some ideas about cryptology (the correct term btw.) since my computer security course I took with Fadi Aloul at the American University of Sharjah (AUS). I had an idea about
what is a public key what is a private key, and what’s PGP (pretty good privacy), thanks to Taha Landolsi and his course “Networks II” at...

Read More

add HSTS to Apache

We mentioned before how did we switch to SSL since 2017.

I want to add here how to set HSTS to prevent a wellknown SSL attack called SSL-Strip.

  • What is SSL Strip?

You can watch the full talk to understand in details how this works here.
Basically the attacker is somehow (we don’t care how) a MITM setting in between the victim and the authentic server.
The attacker in this case can do a downgrade attack on SSL and transfer all HTTPs connection to the normal plain text HTTP connections.
Now the attack can simply sniff all data being communicated between the victim and the server.
The attacker is also free now to change the data and execute other attacks such as injecting malware into the traffic.

  • What is HSTS

HSTS or HTTP Strict Transport Security allows web servers to declare that web b...

Read More

Thank you LetsEncrypt; we have gone HTTPS :)

In case you haven’t noticed. I’ve gone HTTPS with a green lock now 🙂

I also rate a “A” with Qualys’s SSL lab test. Check it here.

There is no more excuse not to be encrypting your traffic using TLS. A service like letsencrypt.org makes it so easy to switch to https you can finish the whole process in few mints (if not seconds!) using their certbot tool.
A quick guide to certbot can be found on youtube. If it doesn’t work by default, you will need to go the manual way. I might write a guide here when I have the time for it.

Keep encrypting!

Read More

Open .SDF file without SQL Server Management

As part of any post exploitation in a security auditing or testing engagement you will want to gather as much info as you want about the victim to be able to target your next victim in the chain.

Having said that sometimes you stumble upon strange files, encrypted data, and network traffic that you don’t know what to do with it. One of these was an .sdf file related to hmailserver. The last is an open source mail server, you can read more about it here.

When gaining access to this server you will want to read this file:

A sample output would look something like this:

Read More

Generate Alpha-Numeric Strings in Python (for BruteForce Attacks)

While I was coding the ‘Twitter Short Handles Finder‘ I needed an efficient Alpha-Numeric Strings generator in Python. I coded this from scratch:

Read More

Both of Qatar Telecoms: Ooredoo and Vodafone do NOT use HTTPS by Default

I was astonished by the fact that both Ooredoo and Vodafone the only telecom operators in Qatar still do not use HTTPS by default leaving user credentials to be easy targets for hackers.

To make a change I just pushed a Github commit to the famous HTTPS Everywhere Browsers Extension for both operators websites:

You can also contribute to this project by adding rules and tweak the code on Github.

Read More

Hacking short distance devices

Intro:
Hacking is not only for computer, software, or websites. Any device can be hacked. I lately started having interests in Software Defined Radio where I was able to ‘sniff’ data of signals around me. One particularly interesting signal was the short distances devices. These include:

  • Car remotes system. Also called: Remote Keyless System
  • Garage Remotes
  • Other home equipment remotes switches.

Some of these systems are known to have security flaws in them. Some have no security mechanisms. It is worth reading how these stuff work before going deeper into hacking them.

Requirements:

  • Programming skills in: C++ or Java or Python.
  • A micro-conotroller (Teensy, Aurdino) Raspberry Pi is ok too.
  • 315Mhz / 430Mhz Transceiver. I bough this one > XD-RD-5V.

Connections:

to-be-updated

Coding:
to-...

Read More

Attacking Attackers to Protect a WordPress Website

I have previously demonstrated how to protect wp-admin and wp-login files in word-press website.
I wanted to do more. Something like: Attacking those attackers.

What Crashes Browsers?
What crashes applications is what hackers call: Buffer Overflow Exploit. Hackers use them to take control of applications/browsers to gain full system access later on. More about buffer-overflows here.
We are not interested to take control of the attacker’s system; Although that will be very ‘cool’ – maybe the next stage? 😉
We are more interested to stop them i.e: Crash their browsers, fuzzing and brute-force tools.

Results.
Amazingly I was able to reduce attacks from 4000~ to around 70 only!

What is happening behind the scenes?

Read More

HashClipper – The Fastest Online NTLM Hash Cracker

Inspiration
I simply wanted to create my own -fast- NTLM hash cracker because the other ones online are ether dead, not maintained, obsolete, or the worst one: a rip off.
Of course the greatest inspiration was this:

Intro
NTLM is the hash mechanism used in Windows. It’s usually what a hacker want to retrieve as soon as he/she gets into the system.
Cracking NTLM hashes can also help normal users or administrators to retrieve a password without having to reset it.
Please refer to

Read More

How Is Ubuntu Spying on You and What to do about it

Intro
I was lately surprised by my new ‘Ubuntu Server’ computer connecting back to a strange IP address: 91.189.92.11 on port 443! I immediately started investigating the case and did a whois lookup on the IP address to discover that the IP points to this domain productsearch.ubuntu.com – a page that will display a 403 Forbidden Error.

What is productsearch.ubuntu.com?
So apparently according to this website: If you’re an Ubuntu user and you’re using the default settings, each time you start typing in Dash (to open an application or search for a file on your computer), your search terms get sent to a variety of third parties, some of which advertise to you. Ubuntu should protect user privacy by default. Since it doesn’t, you can use the code to the left to disable the parts of Ubuntu which are invasive to your privacy.

You can also read more about Ubuntu 3rd parties: http://www.ubuntu.com/privacy-policy/third-parties

Read More