Ubertooth – Bluetooth Sniffing Updated for 2014!

Earlier I noticed this tweet on my twitter feed: Ubertooth release: https://t.co/cCYHNf34Yc I know it’s been a long time coming, I promise not to leave it so long next time. — Dominic Spill (@dominicgs) February 20, 2014 So I thought I would walk you through the update, which has improved Operating System support, improved Bluetooth Low Energy (BTLE) support, and GitHub integration to make community development easier….

What is SIGTRAN? SS7? SCTP?

Introduction SIGTRAN is the name, derived from signaling transport, of the former Internet Engineering Task Force (IETF) working group that produced specifications for a family of protocols that provide reliable Datagram service and user layer adaptations for Signaling System 7 (SS7) and ISDN communications. The SIGTRAN protocols are an extension of the SS7 protocol family. It supports the same application and call management paradigms as SS7 but uses an Internet Protocol (IP) transport called Stream Control Transmission Protocol (SCTP). Indeed,…

Sim Cloning

Introduction SIM cloning is the process in which a legitimate SIM card is duplicated. When the cloning is completed, the cloned SIM card’s identifying information is transferred onto a separate, secondary SIM card. The secondary card can then be used in a different phone while having all calls and associated charges attributed to the original SIM card. The phrase SIM clone is often used to refer to the SIM card that has been successfully…

Telephony Hacking and Fraud | Securing Telephony Systems

Telephony Fraud Telephony Hacking and Fraud is once again on the rise.  Phone Phreaking was common between the 60’s and 90’s; it allowed Phreakers to place free calls and access Remote Dial-In computers; from there they would add voicemail boxes, snoop on phone lines, add call forwarding etc. Phreaking once again is emerging with modern technology (VOIP, SIP, IAX etc).  Just like open web-services, that allow public internet users to…

Naked WiFi Pineapple Mark V!

Introduction We will take a look at the new Mark V insides, the board, the kernel and its interfaces: Specification CPU: 400 MHz MIPS Atheros AR9331 version 1 SoC http://www.eeboard.com/wp-content/uploads/downloads/2013/08/AR9331.pdf Memory: 16 MB ROM (w25q128 (16384 Kbytes)), 64 MB DDR2 RAM (Hynix H5PS5162GFR-Y5C) Disk: Micro SD support up to 32 GB, FAT or EXT, 2 GB Included Mode Select: 5 DIP Switches – 2 System, 3 User configurable Wireless: Atheros AR9331 IEEE 802.11 b/g/n +…

New WiFi Pineapple; From Britain with Love!

Introduction Since approximately around the time of our posting Blue for the Pineapple (6 months ago). Hak5 Pineapple Team have disappeared underground to produce the new Mark 5 Pineapple. A customised board that is cheaper to produce and more easily affordable. The Mark 5 has 2x WiFi cards (Atheros 9331 & RTL8187 (famously known as an Alfa)), with SMA connectors. Twice the RAM & ROM (16MB & 64MB), with the…

Proxmark3 – Adding Ultralight Support

Introduction The Proxmark3 appeared to be missing Mifare Ultralight support.  The ability to identify Ultralight cards was present within the ‘hf 14a reader‘ command. However the facility to read and write cards was sadly missing. But no worries as the protocol and instruction set is essentially the same as Mifare Classic; the only difference is standard Ultralight cards do not need authentication, and encryption and the Block size is 4…

Proxmark3 Client Native on Android | InteliSecure

Proxmark3 Client Native on Android A member of the Proxmark3 community known as Asper has managed to cross-compile the proxmark3 client for the Android platform.  Depending on the model of your phone (it needs to be rooted), and so long as you have (or can install) the cdc-acm kernel module.  This eliminates the need for custom ROMs or even a chrooted environment (such as a chrooted Kali install). You can…

SNMP – The Missing MIB

Introduction Many users of SNMP Network Management Tools / Penetration Test Tools, may find that recent versions of software including the popular SNMPwalk appear to be missing MIBs, or that previously available information is now mysterious missing.  This is more prominent on Debian or Ubuntu based systems (any system that compiles from source like Gentoo , appear unaffected).  This is additionally important for Penetration Tester Professionals that have an exam…

Linux Exploit Suggester

Background Many moons ago I stumbled across a broken script on an incident response job.  The Hackers uploaded numerous exploits and scripts in an attempt to compromise a Linux RedHat server.  Among these files was a broken script (that did not work) that would suggest possible exploits given the release version ‘uname -r’ of the Linux Operating System. This gave me an idea; create my own that actually works…. As…