POST CATEGORY : Penetration Testing

Dradis: Reporting and Collaboration Tool

Hello friends, today in this article we are going to familiarize you with one of the most vital tools of kali that everybody needs in today’s era.

Eliminating bugs or finding any issue, is used to cover by everyone in their journey of pentesting. But apart from this one should also want to indulge ownself into a task that needs to perform in wide range i.e. “report writing”.

Writing a good report is an essential ability, almost an art, for penetration testers, and as for all the skills, can be enhanced through practice. There are many tools that help in report writing but in this tutorial, we are going to use “Dradis”.

Table of content

  • Introduction to Report Writing
  • What is Dradis?
  • Working with Dradis
  • Conclusion

Introduction to Report Writing

Penetration testing report is the core deliverable in any security valuation action. In this, the final deliverable is the report which shows the service provided, the methodology used, findings/results and the recommendation. This can be achieved by the use of many tools that kali supports.

Similarly, we are going to cover one such tool in this tutorial i.e. “Dradis”.

What is Dradis?

The Dradis Framework is an open-source collaboration and reporting platform for IT security experts. It is a platform-independent tool developed in Ruby. In other words, we can also say that It is a tool that helps in putting information together in one place. It also tends us the ability to organize all the information in one place. It allows us not only to import but also export output from the various tools that it supports.

Dradis is comprised of a list of a tool like: “Burp scanner, Nessus, NeXpose, Nikto, Nmap, and many more that are pretty common in doing penetration testing or ethical hacking.

Working with Dradis

In the next few steps, we will learn how to use Dradis. For beginning this journey first we need to find Dradis. This can be done by two methods.

First Method:

In this method, we will just write dradis on kali terminal and this will take you to its active status. Once this will be completed then it will take you to its browser for login.

Dradis is a self-contained web application. Hence, it will automatically open in the browser. The URL is  https://127.0.0.1:3000.

Second Method:

For attaining this method you need to Launch the Kali-Linux tool after that Click on “Applications”, go to “Reporting Tools” and click on “Dradis”.

Next step is to create a server password to access the application. Then enter the credentials which we configured for the server.

We are logged into the Dradis framework successfully. Now as in below screenshot you can see it’s showing three main operations that can help in any report writing i.e. “all issues, methodologies, trash, nodes” so, we will use all these operations as per the requirement of a task in.

All issues: In this, we have many options like we can add any issue manually, upload output, import result from the library. These options also can help to import the result of any tool in dradis.

Methodologies:  When it comes to penetration testing methodologies you can basically narrow the field down to three. These are:

  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Penetration Testing Execution Standard (PTES)
  • National Institute of Standards and Technology

While all three are good methodologies but PTES and NIST 800-115 provide a bit more flexibility during penetration tests. Also, the methodologies more closely align with what’s taught in security course curriculum such as SANS. So whenever we need to add any methodology then we can use this option as reference.

Now, we will start working with dradis. For begin this first we will create a new node by clicking on “nodes” tab after that click on the newly created node and then click the “add subnode” option to add sub-branch under a newly created node. Follow the same process to create multiple node and sub-node as per your requirement.

We can create a tree as per our convenience. In the below screenshot, I have created two main nodes i.e. “Exploit” and “Host IP” which is sub-divided into Metasploit, scanning and nmap. As shown below.

Upload File

After successful completion of creating no. of nodes and sub-nodes now our next step is to upload the output of file with the help of the tool.

For this first, we need to select the name of the tool which we have used. In this, we have used nmap so I will choose this option by using a drop-down button of “choose tool”.

After this, we will search for the file that needs to upload and then click to open button at the top of the screen.

Once the process of uploading the will completed then you can see its output result in its output console as shown in below image.

To view the file, double-click the uploaded image and a new tab will be open in the browser to display the uploaded screenshot.

Similarly, we can upload scan results of other tools like Nessus, Burp, Nikto, Owasp ZAP, etc.

To view entire details of your result you can plugin. output option as shown below. In the below image it’s showing the result of nmap scan which I have saved in my file “scan.xml”

Creating notes

If you want to add a description about what you have done in each node and sub-nodes then it can simply be done by following below steps:

  • Select node

  • Click on notes
  • Click on add notes
  • Write the description in space that is provided
  • Click on create a note to confirm it.

In the below image, I have mentioned “IP” of my host machine as my note description. Similarly, you can create a note for any of node or sub-node to briefly describe your report.  After creating your notes you can further edit, delete, and rename it as per desire. You can also add any of attachment, screenshot or image by simply drag and drop to attachment field.

Conclusion 

This article focused on the main objective of using “Dradis” for creating any report rest all the options like “adding Issues, Methodologies” can be further use by the user as per requirements.

Author: Komal Singh is a Cyber Security Researcher and Technical Content Writer, she is completely enthusiastic pentester and Security Analyst at Ignite Technologies. Contact Here

Comprehensive Guide to Steghide Tool

In this article, we’ll learn about Steghide. There are various steganography tools available but the part that differentiates it is that it uses a variety of algorithms to encrypt the data. Moreover, Steghide supports to hide data behind any image(jpg/jpeg/png/gif/bmp), audio (mp3/wav), excel, etc.

Table of Content

  • Introduction to Steganography
  • Introduction to Steghide
  • Features
  • Installation of Steghide
  • Getting Start with Steghide
  • Functionality of Steghide
    • Embedding of Data Via Steghide
    • Extraction of Data Via Steghide
    • Password Protect Files
    • Retrieve Information of Embedded File
    • Verbose Mode
    • Compression Mode
    • Anti-compression Mode
    • Embedding File Without Name
    • Encrypting Algorithms
    • Overwriting the Existing File

Introduction to Steganography

In digital steganography, electronic communications may incorporate steganographic coding inside of a transport layer, such as a document file, picture file, program or convention. Media records are perfect for steganographic transmission since of their expansive estimate. For instance, a sender might begin with a harmless picture and make few alterations to it in order to hide data, so that, this alteration goes unnoticed for someone who is not particularly seeking out for it.

 The upside of steganography over cryptography alone is that the planned mystery message does not stand out to itself as an object of examination. Clearly obvious scrambled messages—regardless of how unbreakable—stimulate intrigue, and may in themselves be implicating in nations where encryption is illicit. In this manner, while cryptography is the act of securing the substance of a message alone, steganography is worried about hiding the way that a mystery message is being sent, just as disguising the substance of the message.

Introduction to Steghide

Steghide may be a steganography device which permits you to cover up confidential records inside a picture or sound record with a passphrase. Bolsters BMP and JPEG picture groups, AU and WAV sound groups. By default, its employments Rijndael calculation to scramble the record and the key measure is 128 bits. This tool has its advantages and disadvantages. One upside is that it is significantly better at covering up and can without much of a stretch shroud any document type. It does as such by utilizing a propelled calculation to shroud it inside the picture (or sound) record without changing the look (or sound) of the document. This additionally implies without utilizing steghide (or if nothing else a similar scientific methodology as steghide) it is hard to extricate the concealed documents from the picture.

Features

  • Compression of embedded data
  • BMP, GIF and JPG supported
  • Encryption of embedded data
  • Decryption via password
  • Uses various algorithms for encryption

Installation

Let’s start with the installation of steghide. In windows, we can download steghide from http://steghide.sourceforge.net/download.php. After downloading we have to simply unzip the files and use it through the cmd. In Linux, open your terminal and type the following command to download Steghide :

Getting Started with Steghide

To start Steghide, the most basic option we use the help command. This command will display us all the options that Steghide provides us.

Embedding Data in The Image

We hide data in the image using Steghide so that only the person who acknowledges it can read that. So, we made a text file named as user.txt in which we wrote our confidential data and image.jpeg is that file in which we are embedding our data. To achieve this, we’ll be executing the following command:

Here, ef and cf are termed as embedded file and cover file respectively.

Extraction of Data Via Steghide

Using Steghide adds an extra layer of security by allowing us to use a password for it. Now, to extract the hidden data use the following command :

Then enter the password in order to extract the file.

Here,

sf is a secret file

Password Protect Files

Now, we can also extract the files using the following command. This command is different is that it specifies a password in the command itself, therefore, we do not need to specify it separately.

Retrieve Information of Embedded File

If we have an image that is suspected to have data hidden and if so, then which algorithm is used to encrypt the data in the file. Then we will use the following command :

Verbose Mode

To get each and every information of a file during its extraction, we can use the verbose mode. The verbose mode gives you the detailed information. We can use the verbose mode by executing the following command :

Compression Mode

Now if we want to compress text file before hiding it then we would use the following command. The compression level can vary from 1 to 9. The first level gives you speed to compress whereas, at 9th level, it will provide you with the best compression techniques.

Anti Compression Mode   

Now if we don’t want to compress a file before hiding it then we will use the following command :

Embedding File Without Name

We can also hide a file without naming it. We will use this command :

Encrypting Algorithms

We can encrypt the data that we are hiding by using encryption techniques. And this can be easily achieved by just using the following command :

Overwriting the Existing File

When extracting the file let’s assume we have already have a file in the same directory with the same name. then we can use the following command to overwrite the existing file if that is desired. And for this use the following command :

Conclusion

So, this was the short guide about Steghide. And as you can see, it is an easy tool for steganography. It’s also user-friendly. It has, therefore, become one of the finest steganography tools for extracting and embedding information in a multitude of media files Steghide has many uses and its other notable characteristics such as file encryption make it one of the finest steganography.

Author: Dheeraj Gupta is a Certified Ethical Hacker, Penetration Tester and a Tech Enthusiast in the field of Network & Cyber Security. Contact Here

ExifTool : A Meta-Data Extractor

In this article, we’ll discover various methods to read, write and manipulate the meta-data information recorded in a variety of file types. In order to achieve this, we’ll be using a tool known as “ExifTool”.  EXIF is an acronym for Exchangeable Image File Format and it is a standard for the inclusion of metadata in certain file types.

Table of Content

  • Introduction to ExifTool
  • Installation
  • Usage of ExifTool
    • Extract the Common Meta-Data Information
    • Extract the Specific Meta-Data Information
    • Extract GPS Co-ordinates
    • Extract Thumbnail Image
    • Extract metadata using specific keywords
  • ExifTool’s Verbose Mode
  • Writing the Meta-Data Information
  • Removing Meta-Data Information
  • Saving outputs
    • In HTML file
    • In-Text File
  • Extracting EXIF data from a Video file

Introduction

ExifTool is developed by Phil Harvey. It is a platform-independent Perl library coupled with a full-featured command-line implementation for reading, writing and manipulating the metadata across a broad range of files, particularly the JPEG images. This metadata may comprise a bunch of information such as the camera make, file type, permissions, file size etc., though it further offers more details about the photograph, like the exposure, the shutter speed and whether the flash fired or not. ExifTool probably gives us the simplest way to extract metadata from files, as it is free and an open-source program.

Installation

Exiftool is quite easy to deploy. It’s just about hitting our Linux terminal and cloning the tool from GitHub.

In addition, we need to install the necessary package for it.

So, we’ve mounted the tool in our system. Let’s take a closer look at it.                                                

Usage of Exiftool

To extract the entire metadata of a file, we just need to execute the given below command:

From the below image, you can now notice that we’ve got all the information drawn from our image file from the very basic to advance.

However, if we need to capture the ids along with exif tags in the Hexa-Decimal format, though we need to run the following command:

From the below image, we can see that there is a lot of information stored within these Exif tags.

Extract the Common Meta-Data Information

Now execute the given below command which will provide us with the output of the most common Exif tags of the image file.

Extract the Specific Meta-Data Information

We can list a particular meta-information of our image file by simply executing the command given:

From the below image, we get our desired output displayed along with their respected tag names in a list type format.

Extract GPS Co-ordinates

The photographs we capture using our smartphones or camera have GPS coordinates embedded as metadata in the image files. To obtain this, we just need to fire the command given below:

Here we got the GPS Position, now just copy and paste this complete coordinate information over Google Maps and we will get the exact location of the camera when the picture was taken.

Extract Thumbnail Image

Thumbnails are the original preview images basically compressed. These are just created to open the original images more quickly and act as place holders to them. In order to extract these thumbnail images, we just need to execute the following command:

Here we can see that the thumbnail.jpg file is extracted from the test.jpg image.

Extract metadata using specific keywords

The following command will assist us to extract the metadata information associated with some specific keywords.

From the below picture, we can see that our fired command displays all tags with names containing the word “Image” from the file.

ExifTool’s Verbose Mode

Verbose mode generates extended information i.e. when we add [-v] to the exiftool command it will display us the comprehensive data about the process that it is performing.

Writing the Meta-Data

ExifTool provides us with a great power to write most of the information on the EXIF tags, that anyone might want to alter, but some tags are protected because they describe the image’s physical characteristics that we can’t change with ExifTool, such as compression.  Also, other tags like the GPS, the MakerNotes, this information can be edited.

To manipulate the exif data we need to execute the following command:

Here we can see that the information stored in the “Make” tag is replaced from “OPPO” to “HackingArticles”. While writing the information, ExifTool’s script automatically preserves the original file by adding “_original” to the end of the file name.

Removing Meta-Data Information

We have only extracted or manipulated the EXIF data so far, but what if we want to remove or delete all the metadata from an image file. Just execute the following below command, let’s see how this works:

It shows 1 image files uploaded. The “test.jpg” EXIF data has been removed effectively. Although let’s attempt to extract the metadata from “test.jpg” again, hence we’re just getting the basic information of the image and the rest is deleted.

Saving outputs in Multiple Format

  1. In HTML file

We will save the ExifTool’s output in an HTML file in order to maintain the records and for better readability. To do this we will use the parameter “-h” along with the exiftool’s command and save the results in a file with .html extension.

Here, we can see test.html file is generated. Although we just need to open it to check our EXIF data output in any of our browsers.

  1. In-Text File

We can even export our exifdata to a text file similar to the output of the HTML. To achieve this, we simply need to execute the following commands:

Further, we can also monitor our output either by opening it in any of the text editors or by simply running the command: 

Extracting ExifData from a Video file

ExifTool not only extract metadata from the jpg file format but can also read and write in a variety of files. To know more click here.

We will now extract the entire meta-data information from an mp4 video file. To extract this, we will run the basic exiftool’s command i.e.

Conclusion

This was Exiftool’s complete usability guide as a meta-data extractor. It is user-friendly and convenient because of its simple command-line implementation. It has thus become one of the best tools to extract meta-data data from a variety of file formats.

Author: Chiragh Arora is a passionate Researcher and Technical Writer at Hacking Articles. He is a hacking enthusiast. Contact here

EvilOSX-RAT for MacOS/OSX

In this article, we will learn to use EvilOSX tool which is a Remote Administrator tool (RAT ) for initializing foothold on MacOS/OSX like platform. It can dramatically increase access in a matter of seconds.

Table of Content

  • Introduction
  • Installation
  • Usage in Exploitation
  • Usage in Post-Exploitation
    • System Info
    • Webcam
    • Retrieve iCloud auth tokens
    • Microphone
    • Clipboard
  • Conclusion

Introduction

EvilOSX is an evil RAT (Remote Administrator Tool) designed to work upon macOS / OSX Platforms. It was developed by Marten4n6. Its backbone is famous Empire Framework Project. This project can be modified to be used on Rubber Ducky. This toolkit is fully packed with features. It was designed on the module system that made the debugging, improvements and addition of other modules easy. Also being developed in python it provides easy to be run across different attacking platforms.

Installation

The installation of the EvilOSX RAT on the Attacker machine, which in our case in Kali Linux is pretty simple. To begin with, we will visit the EvilOSX GitHub Page. After getting the git link, we are going to clone the EvilOSX to our attacker machine using the git clone command.

After cloning the EvilOSX, we traversed in the newly created directory created with the name of EvilOSX. Now, the tool has some predefined requirements that are required in order to make the tool function properly. Being a python developed tool, we will use the “pip” to install those requirements. These requirements are given by the author in the form of a text file which we used to install them.

Usage in Exploitation

Since we have successfully installed all the predefined requirements, it time to run this tool and gain control over some macOS devices. Now to exploit, we need a payload. To create this payload, we will use the start.py file with the builder parameter.

After running the script, it asked us to enter the following information:

  • the Server host, here we entered our Attacker Machine IP Address (Kali Linux).
  • Next, it asked us for a port, this can be any random port.
  • After this, we are asked for the location of the payload.
  • Next, we have to choose if we want EvilOSX to work upon the rubber ducky or not. Enter 0 for otherwise.
  • Furthermore, we are asked to choose the loader, leave it default.
  • After that, we are asked to name the payload so as phish the user.

After all these choices, a launcher is created as shown in the image given below.

Now we can use any method to share this launcher or payload to the victim. In our case, we used a python HTTP server to get this file to the victim system. This file is downloaded on the victim system and then after providing the proper permissions the payload is executed as shown in the image given below.

While we are executing the Launcher on the victim, we have to perform some actions on the attacker machine simultaneously. We are going execute the start.py again but this time in the CLI mode. Here we have to specify the port that we used while creating the launcher as the parameter as shown in the image.

Post-Exploitation

After running the start.py script in the previous steps simultaneously with the launcher on the victim machine, we have successfully infiltrated the Victim MacOS system. The terminal converts in a framework as shown in the image. We can configure a page to shown upon the running. Type in help to show a list of working commands. We can see the list of active bots by using the command bots. To establish a connection to a bot, use connect command followed by the number which in this case is 0. To see the list of available modules we use modules command.

To use a module, just type in “use” followed by the module name. As there are a bunch of available modules, we are demonstrating a bunch of them here for reference. You can try them all at your convenience.

System Info

To get a brief summary of the system, we can use the get info module. This gives us the System Version, Model of the MacOS device. We also get the Battery status in case it is a Laptop. We have the name of the Wi-Fi network it is connected to. It also tells us the privileges the current account has as well as the status of the FileVault.

Webcam

Now, we will try to grab a snap from the webcam of the MacOS device. To do this we will need to use the webcam module. It gives us a warning that there a green LED will show near the camera.

We have successfully captured a snap from the victim’s webcam as shown in the given image.

Retrieve iCloud auth tokens

We can extract the iCloud Authentication that contains information related to the AppleID linked to the device. However, this will first show a prompt on the victim system.

After agreeing to continue, a prompt will pop us as shown in the image given below. This is masquerading as a genuine prompt that will spoof the victim and make him enter the password.

After the victim enters a password, we will successfully capture the mail ID liked to the device as well as the access tokens as shown in the image given below.

Microphone

We can also capture the audio from the victim device using the microphone module. After running the command use microphone, we are asked to enter the time in seconds to record the audio from the microphone of the victim device and also the name of the service that would show up in the verification prompt.  

Here we entered 5 seconds, and we left the name of service to be blanked which made the RAT to take it as random string as shown in the given image. A permission prompt pops up on the victim system asking for permission to access the microphone.

After allowing we have the recorded audio in the mp3 format saved on out attacker machine in the tmp directory.

Clipboard

We can also sniff the clipboard data from the victim machine. To do this we will have to use the clipboard. This will start the sniffer on the victim machine for the specified time in seconds. After starting the sniffer, any text that the victim will copy can be viewed as shown in the image given below.

Conclusion

 EvilOSX has a lot of uses, and the attention to detail in automating certain exploits makes it a great dedicated tool for OSX. The ease with which it works and attacks is remarkable, we can launch a phishing attack to escalate privileges or trick a user into letting us deeper into the system. It’s a great tool and amazing to use as it traverses itself to connect apple devices.

Author: Pavandeep Singh is a Technical Writer, Researcher and Penetration Tester Contact here