Wednesday, May 30, 2012

How to turn off DNSMASQ in Ubuntu

If you sudo netstat -tupln, you will notice DNSMASQ running.

Edit the file: /etc/NetworkManager/NetworkManager.conf

sudo gedit /etc/NetworkManager/NetworkManager.conf

Simply comment out:

Now restart to make sure it is off.
sudo restart network-manager

Tuesday, May 8, 2012

How to Reverse Engineer Android Malware

Reverse Engineer Android Malware

Tools you may need for decompiling Android malware:

apktool – a tool used for manipulating .apk files
jad – a Java decompiler (Windows only)
JD-Core + JD-GUI – another Java decompiler, supporting newer Java versions and features
dex2jar – a tool for converting .dex files to .class files
   Download: (dex2jar)
apkinspector - all in one tool

However, this tutorial is fairly easy and simple and I will only be using dex2jar and jd-gui. This tutorial is a standard for all apps. You can use the same tools and methods to help decompile your applications and other applications, especially malware, in order to see and understand what the code is actually doing.

So, say we have our malicious malware such as "file.apk".

A lot of these tools can be used in Windows as well as Linux, however I happen to be using Windows for this tutorial.
For Linux: sh file.apk
For Windows: dex2jar.bat file.apk

This will create the file called file_dex2jar.jar. Now we can easily view our app's code with jd-gui.
Simply just click on the jd-gui and open the file_dex2jar.jar.

 Now we can easily read and see the code.

Further Research/Advanced Topics:

  • Code Obfuscation 
  • Decompiling Manifest Files
  • Obtaining the Resources - images, etc.

For Related Articles:

Saturday, May 5, 2012

How to setup Environment Variables in Linux/Windows

Open your .bashrc, located in your /home/"user"/ and add this:

export PATH=${PATH}:~/path/to/your/executeable

Start > Control Panel > System and Security > System > Click on "Advanced system settings" > Click on "Environment Variables"

Under user variables, click on "new" and then give your new variable a name such as "PATH" and for the Path, input the absolute directory of the file you wish to run.

For example: ";C:\Windows;C:\Windows\System32;C:\Program Files (x86)\Nmap;C:\Program Files (x86)\Python;C:\"

I have Nmap and Python executable from my Windows Command Prompt.

For Related Articles:

Friday, April 27, 2012

Android - Text Bomber/Spammer

A Simple Text Spamming App

This is only for proof of concept, please only use for educational purposes only.

Make sure the app contains:

Java Code -

XML code - main.xml

Thursday, April 5, 2012

HelloWorld in Assembly

Assembly - HelloWorld
[bits 64]
global _start

section .data
message db "Hello, World!"

section .text
mov rax, 1
mov rdx, 13
mov rsi, message
mov rdi, 1

mov rax, 60
mov rdi, 0
Then run it:
nasm -f elf64 hello.asm
ld hello.o -o hello

Sunday, February 19, 2012

What is Wifi Security?

Everyone's on Wifi
In today's society almost every one has a cell phone and/or laptop or tablet. Either way everyone has used a wifi connection at least once before. Wifi is available almost anywhere you go, in cafes, restaurants and of course, our homes.

Summary of Topics:
- No matter where you are always use HTTPS which is a secure protocol for protecting the data you send and receive on your computer. This is the first line of defence for Data Encryption.
- Attackers can steal/view packets, if they not encrypted, they can read passwords and credit card information in plain text.
- It's always good not to broadcast your SSID, make it slightly harder for the curious.
- Hidden SSIDs are hidden but their BSSIDs aren't.
- Always filter MAC addresses because some people are very curious and like to poke around.
- Attackers can easily spoof accepted MAC addresses.
- Always use WPA2-PSK with AES encryption, this way even if people steal your packets, it will be very hard to read encrypted packets, especially if you are also using HTTPS as well.
- No encryption makes it easy for attackers and WEP is easy to crack.
- Keep good passwords on local computers as well as the router/access points.

Some terms to know(there's more that could be added):
ESSID = Extended Service Set Identification
SSID = Service Set Identification
- This is the name of the network that is being broadcasted
- Ex. "Tom's House"
BSSID = Basic Service Set Identification
- This is the MAC(Media Access Control)
- Ex. "01:23:45:67:89:ab"
WEP = Wired Equivalent Privacy
- Encryption that has 40 and 128 bit keys
WPA = Wi-Fi Protected Access
- Passworded wifi uses TKIP
WPA2-PSK = Wi-Fi Protected Access with Pre-Shared Keys
- Passworded wifi that uses AES and can use TKIP
- Uses "handshakes" for authentication
HTTP = Hypertext Transfer Protocol
- Common used on port 80 for standard web surfing
HTTPS = Hypertext Transfer Protocol Secure
- Secure web surfing that is tunnelled(SSL/TLS) on port 443

When settings up a router we configure the following:

At Home or in the Office (there are more than one way for the methods shown)

It doesn't add much security, however I suggest that everyone should hide their router/wifi networks. Simply hiding the broadcast of the SSID from the world will help deter hackers and annoying gamers from wanting break into your router/network to see if they can and poke around or simple just to obtain free Internet. Let alone, this doesn't do much because people can still find and attempt to connect to routers/networks that are hiding their SSID by simply scanning or by turning their wireless cards in monitor mode, you can view network BSSIDs as well as client's MAC addresses:
sudo iwlist wlan0 scan
sudo airmon-ng wlan0 start
sudo airodump-ng mon0

2. MAC Address Filtering
Everyone's first line of defence by far should be MAC address filtering. There are two types of MAC address filtering: MAC address control for wifi and wired connections and MAC address filtering for just wireless connections. The most important one to use is MAC address filtering for wifi connections. Someone would have to break into your house or office to use the wired connection anyway and if someone breaks into your facility there are way bigger problems than connecting to a network. MAC address filtering will stop most people who usually poke around at other people's wifi networks. Routers have a list of MAC address that are either "Allowed" or "Denied" to connect to the router. This allows you to simply control who can connect and those who cannot. However, once again, this hardly does much to stop an attacker or someone who simply wants free Internet. If someone is near by, they can simply scan for networks nearby. After scanning nearby networks, attackers can change or "spoof" their MAC address temporarily:
sudo ifconfig wlan0 down
sudo ifconfig wlan0 hw ether 01:23:45:67:89:ab
sudo ifconfig wlan0 up
or another way
sudo ip addr
sudo ip link set dev wlan0 address 01:23:45:67:89:ab
The easiest way it use GNU MAC Changer.
3. Wifi Encryption
Today there are generally three types of encryption for wireless networks: None, WEP(40-bit and 128-bit keys), WPA(WPA-TKIP and WPA2-CCMP). I can't stress this enough to use encryption because attackers do not even need to be on your network to steal your data. If you are not using encryption attackers can simply use tools to capture your wireless packets and steal your data. (more on Packet Analysis) It is also very important that you always use HTTPS when available. Secure sessions are important to prevent session hijacking or phishing websites because it encrypts the data coming in and leaving port 443 instead of using the default port of 80 for HTTP that is not encrypted. So even if the attacker scans for hidden SSIDs and finds some client's MAC addresses that are connected to some routers and spoofs his MAC address in order to connect to the network of his choice, wifi encryption is the next line of defence. While connecting to the network the attacker will be prompted with a password/passphrase in order to actually access and gain Internet access. Obviously these can be guessed or brute-forced, that's why it is very important to have a very hard and obfuscated password.(generate one here Random Password Generator) Create passwords that are very long and use random characters. Since passwords can be brute-forced, it is important to implement "passphrases". A pass phrase a group of a words for a password, which makes it harder to guess because it is longer and uses many words which helps defeat the purpose of brute-forcing(dictionary attack). When choosing an encryption, it is best to go with the latest and greatest WPA2-PSK which is more secure than WPA. WEP, can be easily cracked with tools such as Aircrack and CoWPAtty. Attackers that are not even connected to your network can capture your packets and then crack the WEP key. WPA2 uses a better encryption, AES encryption and isn't crackable because of the handshakes it uses for authentication. Even if the attacker catches your packets and you were using WEP or WPA/WPA2 it would make it very hard for the attacker to read them. To crack WPA2, an attacker would have to capture your packets and then run a dictionary attack which would take a very long time, making WPA2-CCMP(AES encryption) the best standard to use.

4. Inside the Network/Router
So say if the attacker simply logged in your router because you have no encryption or cracked your WEP key, he can now see all the computer on the network by scanning the network by using tools such as Nmap:
ifconfig - view internal ip
Ex. "" - usually means he is the 64th client, being that the router/access point is on
nmap - the "/24" indicates " -
sudo nbtscan -r - scans the local network, shows hostnames
Since the attacker can see everything on the network they can try to attack individual computers, the router itself or just capture packets. Since the attack is on the network, regardless of encryption or not, they are physically on the network and can see what you are doing. If they try to access the router, it is very important that you have strong passwords on the router as well. Since the router is usually on the "", attackers can type that in the address bar of their browsers and see if there is a router admin page. It is very important to change the default passwords because an attacker can simply just guess or Google the default password. If they still can't get in the easy way, they can try brute forcing the password using tools such as THC Hydra.

Topics to Read:

Saturday, February 11, 2012

How to Spoof Processes

Creating a Fake Process

This can be easily done in plenty of languages, however I believe this is easily implemented in Perl:

$0="Test Process";

while(true) {
The "$0" is equivalent to "argv[0]" in C and other languages. You can simply change the application name that is running. The loop keeps the process running. You can run your own spoofed process via command line by:
perl &
The "&" tells Linux to run the process in the background.
You can check the process is running via the command line by:
ps aux | grep "Test";
Example Output:
noname    7769  0.0  0.0  25084  1696 pts/0    S    15:19   0:00 Test Process
noname    7771  0.0  0.0  14560   892 pts/0    S+   15:19   0:00 grep Test
To kill the process via the command line:
kill 7769

Monday, February 6, 2012

How to hack the Facebook for Android App

Source Code
I always liked to poke around at things to see how they worked. A while ago I wanted to look inside some of my favorite apps such as the Facebook for Android app:

This is old, however we felt like making a video. So please comment and add helpful suggestions. And there are more ways than one for doing this.

Decompiling *.apks using Dex2Jar and viewing the compiled *.class files in JD-GUI
Dex2Jar -
ApkTool -

sh com.facebook.katana.apk
 - dumps the compiled java *.class files - creates com.facebook.katana_dex2jar.jar
 - finally, run jd-gui and click on com.facebook.katana_dex2jar.jar
For the resources, use apktool
./apktool d com.facebook.katana.apk
 - this will dump the source files, the xml and images

Dex2Jar is a very powerful tool that dumps the Java compiled *.class files into a folder and then JD-GUI can easily read the compiled *.class files. From here you can read the source code and do whatever you would like.