SecManiac.com - The home of David Kennedy (ReL1K)

July 4, 2010

Vegas – And so it begins…

Posted by relik @ 12:31 am

Getting ready for some craziness coming up soon in Vegas. Luckily, before the birth of my twins, the majority of our presentations and code was already finished. Be sure to catch me speaking at BSIDESLV, BlackHat, and Defcon this year! I’ll be co-presenting with one of my buddies Josh Kelley (winfang98 on twitter) on a slew of topics. Just want to say you’ll want to swing by, we are releasing new versions of tools, Metasploit modules, new tool releases, and extra code. Wanted to give you a breakdown of each presentation and what to expect.

First things first, the Social-Engineer Toolkit v0.6 will be getting released and this is a whopper. Probably the largest release I think I have ever put through on SET, and it will be an amazing one. I would highly recommend BSIDESLV, it has become my favorite conference out there period. If your missing this one your basically missing the entire point of going to these conferences! Here is the changelog so far on what to expect:

* Number of bug-fixes through SET and better error handling
* Added the tabnabbing attack vector
* Added favicon pulling per site on tabnabbing
* Fixed dynamic import bug with reloading modules after use
* Added Man Left in the Middle (MLITM) from Kos
* Added the latest IE and Adobe exploits
* Rewrote the HTTP web server handler for WebDav based exploits, it will force SET to use port 8080 as the web server as MSF requires WebDav on 80.
* Rearranged the initial web attack vector menu, it needed to be reversed
* Added the ability to specify your own custom executable for MSF encoding (-x) within the config/set_config file, the new option is called ‘CUSTOM_EXE’
* Added checks for BeautifulSoup, it is now a requirement for SET for the MLITM attack
* Fixed the no encoding issue with Java Applet Attack Vector, when specifying no encoding it will not prompt you to encode the payload
* Fixed bleed over colors when bombing out of any of the SET menus
* Added the ability to be able to customize MLITM web server port address in set_config, default is 80.
* Fixed an issue with Java Applet attack where if WEB_PORT was changed from 80, the Windows and NIX payloads would not deploy properly based off of port change
* Fixed an issue where importing your own execubale with the Java Applet attack would fail and not work properly.
* Fixed where OSX and LINUX payloads would still be asked for in payloadgen if not using the Java Applet attack.
* Added the new Teensy Arduino attack vector menu that can be used with the Teensy USB HID devices for physical/social-engineering attacks
* Fixed issue where ettercap was not properly performing DNS_POISON attacks, should now dns poison properly.
* Removed the IP address challenge question when importing your own exe
* Fixed issue where other python applications would close when exiting SET
* Rewrote html handler to fix stderr and stdout issues with subprocess and ettercap handlers, should close properly when exiting SET now
* Fixed the main bug with Linux/OSX via Java Applet and no shell being piped, should now be 100 percent operable (thanks Thomas Werth).

I will be demoing all the new features and releasing SET v0.6 at BSIDESLV exclusively, be sure to be there 7/28/2010 at 3:00PM!

Moving on to BlackHat, me and Josh will be doing the PowerShell – It’s time to own presentation on 7/29/2010 at 10:00AM. Josh and myself have put a ton of time and will be releasing two new metasploit modules/meterpreter scripts and demoing new tools we will be releasing the code for and some new bypass technique methods of PowerShell, you absolutely don’t want to miss this one.

Last but not least, our Defcon presentation will be on Sunday at 12:00PM for the PowerShell omfg talk Me and Josh will be showing everything we did in BlackHat and a lot more including some additional tool releases and a much more in depth talk.

Phew, going to be a busy week for us, and I can tell you I think me and Josh’s fingers are bleeding from the amount of code pumped out during these three talks. As always, be sure to check back here for more news and updates, can also follow me and Josh on twitter: dave_rel1k and winfang98

See you in Vegas!

June 11, 2010

Anti-Virus Evasion through JavaScript Obfuscation

Posted by relik @ 10:08 pm

Easy way of utilizing Metasploit and an online packer to evade Anti-Virus when performing exploitation on Browser-Side exploits. Metasploit obfuscates very well on a lot of things however there are certain patterns that still get picked up by anti-virus (specifically the %u encoding). This demonstration is a simple way of getting around all of that and evading Anti-Virus.

You can use the packer here:

http://dean.edwards.name/packer/

June 3, 2010

SET v0.6 Coming Soon…

Posted by relik @ 2:30 pm

SET v0.6 is coming soon, just wrapping up some last minute bug fixes. Below is a sneak peek at one of the new additions called TabNabbing. You can find a good explanation of tabnabbing here:

http://krebsonsecurity.com/2010/05/devious-new-phishing-tactic-targets-tabs/

But essentially, victim clicks a link or goes to a website, switches to a different tab, the malicious page detects that the user is in a new tab, and replaces the page with something else. In the video below I used Google, but with the new release of SET v0.6 you can clone any website you want and as soon as they switch tabs, it will go to the site you cloned, so not just Google

Keeping the feature list kind of secret at the moment but will be much more than TabNabbing as well.

May 14, 2010

Fixing xorg.conf with CUDA machine on upgrade to Ubuntu 10.04

Posted by relik @ 12:51 pm

In prior posts you saw the configuration with 4 GTX 295′s and the “nvidia-xconfig –enable-all-gpus” flag. Well, when updating to 10.04, the xorg configuration got massively hosed to the point of not being able to boot into any runtime, including recovery mode.

There’s two quick ways to fix this, one, before upgrading to 10.04, copy your xorg.conf in /etc/X11/ to a xorg.conf.bak.blah file. When the update is complete and before you reboot, move the xorg.conf.bak.blah back to the xorg.conf, this will solve the issue when you reboot but theres still some work to go (skip the next paragraph).

If you were in the same boat I was in, and didn’t know it would completely hose your xorg, you can boot into grub (escape) and in your boot menu, hit the “e” button to edit, then where you see the “ro quiet splash” remove that, and add “rw init=/bin/bash”, this will drop you into a minimal root shell.

You’ll need to get the latest nvidia drivers from the Nvidia website, I’m currently running 195.36.24. Once you have that head over and download a patch, note that below .run file is for 64 bit, the patch can be run on either x86 or x64:

http://us.download.nvidia.com/XFree86/Linux-x86_64/195.36.24/NVIDIA-Linux-x86_64-195.36.24-pkg2.run

www.secmaniac.com/files/patch.diff.txt

Now that you have that run this on a shell:

./NVIDIA-Linux-x86_64-195.36.24-pkg2.run –apply-patch /path/to/patch.diff.txt

This will produce a -custom.run, now when you run this it should install properly now.

Then just do nvidia-xconfig –enable-all-gpus and you should be all set.

Older Posts »

Visit us on irc.freenode.net #backtrack-linux or #social-engineer