Best of Ethical Hacking Tools in Practice

Dear readers,

To end the summertime on a good note, we have decided to prepare a slightly different edition. Instead of focusing on one specific topic, we want to touch on various aspects of hacking and its tools. Therefore, the August edition has many tutorials presenting the most popular tools in action. 

As ethical hackers or penetration testers, you know how important it is to use the proper tools to perform your tasks. There are always some new or interesting tricks that you’ve never heard of or never had a chance to use. Let’s see what’s inside!

We covered a few of the most popular areas from hacking, starting with web applications. An everlasting question “how to hack a website?” has its answer in the article entitled “Using tools for a more accurate and efficient PenTest and C&C with GMAIL”. The author also took a closer look at Command & Control (C2). If you are interested in this topic, our second article in the issue is strictly focused on C2, by explaining its usage, with real-life examples. In the next write-up about security scanners, the authors show that the scanners are exposed to the same risks as their targets. It’s an interesting approach based on comprehensive research. 

Next, we move to the wifi hacking area. We will learn how to protect your wifi from intrusion by using MariaDB. The next article is a research-based tutorial on hacking robot vacuum cleaners. You will see to what extent those machines are vulnerable and how they can be exploited by using various hacking techniques. 

The edition wouldn’t be complete without IoT hacking. The article we prepared is highly detailed and moves from beginners to advanced. What’s more, the authors made sure to add additional resource materials for further research. If you prefer a different approach, the other article will show you a tutorial about cracking text-based passwords in IoT devices. 

That’s not all! There is a third, and last part of the Using Python for Ransomware Creation. If you were waiting for it, it’s finally here!

Hacking mobile devices with hardware? We have it covered! The hardware used by the author is Pineapple Nano, and the tutorial is easy to follow. The last article is focused on VoIP and exploitation techniques. 

We would like to send a big thank you to all contributors that joined this edition! Without you, this amazing issue wouldn’t be possible. Special thanks to all the reviewers and proofreaders involved in the process of creating this issue.

We hope that you enjoy reading this edition. As things are slowly settling down, and we adjust to the current situation, there is still a sense of unpredictability.  As we all try to work things out, and find balance, please remember that we are in this together. And only together we will stay strong! We hope that no matter where you are, you are safe, taking care of yourself and your loved ones. 

Enjoy the reading,

Hakin9 Editorial Team

---

TABLE OF CONTENTS

---

Using tools for a more accurate and efficient PenTest and C&C with GMAIL

by Joas Antonio

PenTest tools are indispensable, as they allow us to audit an environment and find vulnerabilities that can result in the compromise of a system or an entire network. In addition, we can compare PenTest tools to a kit of household tools, such as a hammer, drill and screwdrivers that help us repair something. Therefore, it is a fact that without them our work would be more difficult and certainly more hardcore in different segments. But if we limit ourselves to tools we will certainly be just Script Kiddies, however, it does not mean that we should discard them, in fact, tools are indispensable for anyone, only the way you use them is the important thing, because if we know how it works, it is a fact that we will know when to use it.

---

KOMMANDO: Using C&C to control your zombies

by João Paulo

Imagine this situation, you bypass some security controls or you use a vulnerability to gain access to another machine (maybe using MS 17-010 or log poisoning through LFI/RFI) and you need a way to gain access again later or an easy way to upload your binaries and do your good (maybe not) stuff. This is where a command control takes its part, you will upload an Agent (in this case, we call them Grunts in Covenant) to the target machine and it will be controlled by you.

---

Weaponizing Vulnerabilities in Security Scanners

by Gabriele Costa, Alessandro Armando

The first step of every attack is reconnaissance, i.e., to acquire information about the target. A common belief is that there is almost no risk in scanning a target from a remote location. In this article, we falsify this belief by showing that scanners are exposed to the same risks as their targets. Our methodology is based on a novel attacker model where the scan author becomes the victim of a counter-strike. We developed a working prototype, called RevOK, and we applied it to 78 scanning systems. Out of them, 36 were found vulnerable to XSS. Remarkably, RevOK also found a severe vulnerability in Metasploit Pro, a mainstream penetration testing tool.

---

WiFi protection tool: automated disconnection of intruders

by Daniele Caratelli

Often the people who attack do not have a specific purpose, they can do it only for fun (for example, to observe the reactions of those who are working on the train and have continuous disconnections of the device from their mini router), they can be people who exercise and who do not observe the rules of ethical hacking and simply attack the nearest network, they may be expert hackers who try to obtain information from the WiFi hard disk to which you are connected in the metro only because they have seen that you are trading with cryptocurrencies. In my work and daily experience, I have often wondered how much people, ranging from the IT consultant that moving by train/subway to those who work in smart working to the university student, IT professionals or small offices, know how to recognize or how to immediately react to an attack on their WiFi networks, both at home and “on the go”.

---

Wifi Hacking: Hack your Robot Vacuum Cleaner

by Eric Brondum, Christoffer Torgilsman

This study revolves around the safety of IoT devices, more specifically how safe the robot vacuum cleaner Ironpie m6 is. The method is based on threat modeling the device, using the DREAD and STRIDE models. The threats with the highest estimated severity were then penetration tested to see which security measures are implemented to protect against them. Using client-side manipulation, one vulnerability was found in Trifo’s mobile application "Trifo home" that could be used to harm customers’ property.

---

Hacking Mobile Devices Using WiFi Pineapple Nano

by Alexis Serrano

Often, the main concern with the use of access points is the lack of security they have. Most of the time, users connect to wireless access points not knowing if they are genuine or malicious, or knowing of the vulnerabilities and risks that these represent to their devices and to their networks. Even more, they are not aware of the types of attacks that can come from “rogue” access points set up by Hackers, and the type of information they can capture. These Hackers use the lack of user awareness to their advantage to gain access to sensitive or confidential information. The objective of this assessment is to examine the effectiveness of the WiFi Pineapple Nano and how it is used as a rogue access point to deceive users to connect to it. Part of the scenarios used in this research provided the opportunity to educate and promote user awareness.

---

Using Python for Ransomware Creation Part 3

by Nima Dabbaghi

The final article is supposed to be in three parts: Significant increase in encryption and decryption speed, system boot lock and improving the method of diagnosing the cases mentioned in the second part of the article

---

IoT Hacking

by Dorottya Papp, Kristof Tamas, Levente Buttyan

The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discover and fix vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis.

---

Password Cracker For IoT Password

by Seungho Jeon, Hongkyo Kim

Text-based passwords are a fundamental and popular means of authentication. Password authentication can be simply implemented because it does not require any equipment, unlike biometric authentication, and it relies only on the user’s memory. This reliance on memory is a weakness of passwords, and people therefore usually use easy-to-remember passwords, such as “iloveyou1234”. However, these sample passwords are not difficult to crack. The default passwords of IoT also are text-based passwords and are easy to crack. This weakness enables free password cracking tools such as Hashcat and JtR to execute millions of cracking attempts per second. Finally, this weakness creates a security hole in networks by giving hackers access to an IoT device easily.

---

Exploiting VoIP

by Pietro Biondi, Giampaolo Bella 

VoIP phones are early representatives as well as present enhancers of the IoT. The weaknesses of VoIP in front of malicious attackers are known at least since the “Information Security Reading Room” of the SANS Institute published an eminent report in 2002. The report provided a proof-of-concept of how VoIP calls could be overheard by using commercial tools. Our research aims at verifying whether and how that work has been universally received today — after nearly two decades — namely whether VoIP in use has been hardened at all. Our methodology is empirical and leverages freeware to conduct a Vulnerability Assessment and Penetration Testing session on the VoIP devices currently in use in our department. The outcome is that those devices are variously exploitable from inside the departmental network, although it is clear that the network has protection measures from the outside. We are aware that the very same devices are adopted in a number of other institutions under similar configurations, so the same outcome could be expected elsewhere, too.