Post by Tom on Sept 3, 2013 8:56:11 GMT
Introducing dSploit
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc . This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behaviour until then, in any case, feel free to submit an issue on GitHub.
Resources
An Android smartphone
dSploit
Step by Step
Step 01
Downloading
The first step is to get a copy of dSploit onto your Android device. You should be able to download a copy directly from whatever browser you use on your device. If you have a USB port on your device, you can download it on your desktop and transfer it with a USB drive.
Step 02
Permissions
You will need to do things in terms of permissions on your device. The first requirement is that it needs to be rooted. This gives dSploit root access to your wireless interface so that you can put it in promiscuous mode. The second is that you need to allow sideloading of apps, since dSploit is not on the Play Store.
Step 03
Copying and installation
Once you have the APK copied, or downloaded, you will need to install it. The easiest way is to use a file manager of some kind, navigate to where the file exists, and select it. The file manager should start up the installer.
Step 04
Starting
When you start up dSploit, it will immediately start listening on the wireless network you’re connected to. Depending on the hardware available, this may affect the responsiveness of your device. You can tap on the menu and then on “Stop Network Monitor”.
Step 05
Wi-Fi cracking
You can tap on the Wi-Fi signal icon to see which networks are visible. You can click on a network to connect. If it is a ‘secured’ network that is vulnerable to one of the cracking techniques available, it will be flagged as green, identifying it as such. Clicking on that network offers you the options of either connecting or cracking.
Step 06
Trace
One thing you may want to check on is how packets are being routed within your own network. Clicking on a target machine will bring up a menu of applicable tools. You can click on the Trace tool to follow how packets move around within the network.
Step 07
Port scanning
The first step when a ‘bad guy’ tries to compromise your system is to knock on your virtual door with a port scan. In dSploit, you can do this by tapping on the Port Scanner tool after selecting a host to test.
Step 08
More port scanning
Once you get the list of open ports, you can click on them to try to connect. If it is a port used for web traffic, it will try to open it in a browser. Otherwise, it will try to open a connection using Telnet.
Step 09
Inspector module
The Inspector module does some further probing to get an idea what operating system is running on the host, along with what kind of services are running on the open ports. This may take several minutes to complete, so be patient. In this example, we can see that the author’s TV box is running Linux.
Step 10
Vulnerability Finder
Now that you know what the OS is, and which ports are open to connections, you need to check to see what problems may be affecting this particular system. Again, these checks can take several minutes, so be patient. The total list is ordered according to severity.
Step 11
More vulnerabilities
The original list provides a short description of the vulnerability, but often this is not enough. Clicking on the vulnerability of interest will open the associated webpage from the National Vulnerability Database, hosted by the NIST (nvd.nist.gov). Here you can get more information on just how serious it may really be.
Step 12
Login Cracker
DSploit includes a Login Cracker. You can select which service to try, along with what username to try. You can then select the minimum and maximum sizes for passwords to try. You can even give dSploit your own username and password files.
Step 13
What to do with a login
Once you have a service, a username and a password, you can go ahead and make a connection. The easiest way is to use Telnet, since it lets you interact with a service by directly transferring ASCII characters back and forth.
Step 14
Pwning your router
For many routers, there are tools that allow you to essentially hijack it, or ‘pwn’ it. DSploit has a link to an online tool that will help you pwn most of the commercial routers that are outthere.
Step 15
Man in the middle
There is an entire family of attacks called man-in-the-middle attacks. This class of attacks involves sitting in between two machines who are communicating with each other. When one machine sends a packet to the second machine, you sit in the middle and capture it. You can then read it and, if you wish, alter it, before sending it on to the second machine. DSploit provides a whole screen of tools to do just this kind of work. Most of these involve doing some monitoring first in order to generate a list of conversations occurring.
Step 16
Simple sniffing
The first bit of monitoring you will want to do is just some simple sniffing. This will pull up the actual conversations that are happening on your network right now. This way, you can see whether someone else is doing something nefarious.
Step 17
Sniffing for Passwords
In simple sniffing, you are looking at all of the packets travelling across the network. One key bit of information you are interested in is if passwords are being transferred around the network in a sniffable format. DSploit provides a tool to specifically look for this.
Step 18
Session Hijacker
Once you see what conversations are happening, you may want to place yourself as the man in the middle. To do so, you can click on the Session Hijacker tool and select which conversation you want to hijack.
Step 19
Packet Forger
In some cases, you may have very specific information you want to send to one machine, posing as another. In this case, you can use the Packet Forger tool to make handcrafted packets, not those store-bought packets.
Step 20
Script injection
One common type of forged packet is a script injection. In this case, you insert a packet that contains some JavaScript code into the conversation. The receiving machine then thinks that this JavaScript is part of the incoming webpage and will go ahead and execute it.
Step 21
Killing connections
If you just want to cause some trouble, you can use a Denial of Service (DoS) attack. DSploit allows you to do this with the Kill Connections tool. This tool essentially causes all packets to the target machine to be dropped.
Step 22
Redirecting connections
A related tool is Redirect, which enables you to redirect connections. You can select a target machine and redirect all of the traffic associated with the target to another machine. You can then pose as the real request and serve up forged information to the target machine.
Step 23
Replacing images/videos
Instead of redirecting all of the traffic, you can simply redirect requests for images and videos. In these cases, you can replace the responses to these requests with your own image and video files. These are separated into two tools for each file type.
Step 24
Where to now?
Remember, this tool is meant to test your own networks and see where the problems lie. Never do penetration testing on any network where you don’t have permission. And remember, always retest after you have hardened your machines and networks, just to be sure you haven’t accidentally opened new holes.
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc . This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behaviour until then, in any case, feel free to submit an issue on GitHub.
Resources
An Android smartphone
dSploit
Step by Step
Step 01
Downloading
The first step is to get a copy of dSploit onto your Android device. You should be able to download a copy directly from whatever browser you use on your device. If you have a USB port on your device, you can download it on your desktop and transfer it with a USB drive.
Step 02
Permissions
You will need to do things in terms of permissions on your device. The first requirement is that it needs to be rooted. This gives dSploit root access to your wireless interface so that you can put it in promiscuous mode. The second is that you need to allow sideloading of apps, since dSploit is not on the Play Store.
Step 03
Copying and installation
Once you have the APK copied, or downloaded, you will need to install it. The easiest way is to use a file manager of some kind, navigate to where the file exists, and select it. The file manager should start up the installer.
Step 04
Starting
When you start up dSploit, it will immediately start listening on the wireless network you’re connected to. Depending on the hardware available, this may affect the responsiveness of your device. You can tap on the menu and then on “Stop Network Monitor”.
Step 05
Wi-Fi cracking
You can tap on the Wi-Fi signal icon to see which networks are visible. You can click on a network to connect. If it is a ‘secured’ network that is vulnerable to one of the cracking techniques available, it will be flagged as green, identifying it as such. Clicking on that network offers you the options of either connecting or cracking.
Step 06
Trace
One thing you may want to check on is how packets are being routed within your own network. Clicking on a target machine will bring up a menu of applicable tools. You can click on the Trace tool to follow how packets move around within the network.
Step 07
Port scanning
The first step when a ‘bad guy’ tries to compromise your system is to knock on your virtual door with a port scan. In dSploit, you can do this by tapping on the Port Scanner tool after selecting a host to test.
Step 08
More port scanning
Once you get the list of open ports, you can click on them to try to connect. If it is a port used for web traffic, it will try to open it in a browser. Otherwise, it will try to open a connection using Telnet.
Step 09
Inspector module
The Inspector module does some further probing to get an idea what operating system is running on the host, along with what kind of services are running on the open ports. This may take several minutes to complete, so be patient. In this example, we can see that the author’s TV box is running Linux.
Step 10
Vulnerability Finder
Now that you know what the OS is, and which ports are open to connections, you need to check to see what problems may be affecting this particular system. Again, these checks can take several minutes, so be patient. The total list is ordered according to severity.
Step 11
More vulnerabilities
The original list provides a short description of the vulnerability, but often this is not enough. Clicking on the vulnerability of interest will open the associated webpage from the National Vulnerability Database, hosted by the NIST (nvd.nist.gov). Here you can get more information on just how serious it may really be.
Step 12
Login Cracker
DSploit includes a Login Cracker. You can select which service to try, along with what username to try. You can then select the minimum and maximum sizes for passwords to try. You can even give dSploit your own username and password files.
Step 13
What to do with a login
Once you have a service, a username and a password, you can go ahead and make a connection. The easiest way is to use Telnet, since it lets you interact with a service by directly transferring ASCII characters back and forth.
Step 14
Pwning your router
For many routers, there are tools that allow you to essentially hijack it, or ‘pwn’ it. DSploit has a link to an online tool that will help you pwn most of the commercial routers that are outthere.
Step 15
Man in the middle
There is an entire family of attacks called man-in-the-middle attacks. This class of attacks involves sitting in between two machines who are communicating with each other. When one machine sends a packet to the second machine, you sit in the middle and capture it. You can then read it and, if you wish, alter it, before sending it on to the second machine. DSploit provides a whole screen of tools to do just this kind of work. Most of these involve doing some monitoring first in order to generate a list of conversations occurring.
Step 16
Simple sniffing
The first bit of monitoring you will want to do is just some simple sniffing. This will pull up the actual conversations that are happening on your network right now. This way, you can see whether someone else is doing something nefarious.
Step 17
Sniffing for Passwords
In simple sniffing, you are looking at all of the packets travelling across the network. One key bit of information you are interested in is if passwords are being transferred around the network in a sniffable format. DSploit provides a tool to specifically look for this.
Step 18
Session Hijacker
Once you see what conversations are happening, you may want to place yourself as the man in the middle. To do so, you can click on the Session Hijacker tool and select which conversation you want to hijack.
Step 19
Packet Forger
In some cases, you may have very specific information you want to send to one machine, posing as another. In this case, you can use the Packet Forger tool to make handcrafted packets, not those store-bought packets.
Step 20
Script injection
One common type of forged packet is a script injection. In this case, you insert a packet that contains some JavaScript code into the conversation. The receiving machine then thinks that this JavaScript is part of the incoming webpage and will go ahead and execute it.
Step 21
Killing connections
If you just want to cause some trouble, you can use a Denial of Service (DoS) attack. DSploit allows you to do this with the Kill Connections tool. This tool essentially causes all packets to the target machine to be dropped.
Step 22
Redirecting connections
A related tool is Redirect, which enables you to redirect connections. You can select a target machine and redirect all of the traffic associated with the target to another machine. You can then pose as the real request and serve up forged information to the target machine.
Step 23
Replacing images/videos
Instead of redirecting all of the traffic, you can simply redirect requests for images and videos. In these cases, you can replace the responses to these requests with your own image and video files. These are separated into two tools for each file type.
Step 24
Where to now?
Remember, this tool is meant to test your own networks and see where the problems lie. Never do penetration testing on any network where you don’t have permission. And remember, always retest after you have hardened your machines and networks, just to be sure you haven’t accidentally opened new holes.