Week 06: More Metasploit

This article sheds light on a proposal that is starting to garner attention in California, which ultimately aims to revolutionize California’s electricity system to be cleaner, more reliable, and more resilient. The proposal aims to change the old electricity system, which was a “centralized, top-down, long-distance, one-way” system to a “decentralized, bottom-up, local, networked” electrical system. However, this proposal is still in its infancy and has only recently begun to be studied, but there are scientific ideas and studies that show that certain concepts behind this system are already proving to be effective in other parts of the United States. Among these concepts that are proving to be effective are microgrids made up of many local “solar+storage+smart inverter systems” networked together that help balance out consumption and generation more efficiently during blackouts, while costing just as much as current California grid power in various regions.

Source: https://hardware.slashdot.org/story/19/11/03/0210245/does-california-need-a-more-decentralized-energy-system

I was listening to this guy’s podcast on YouTube who I follow (I recommend following him) talk about SIM Port attack and the what’s and how’s of the entire thing. The podcast is based upon this guy who lost over $100k from this crypto account over night because his SIM card got attacked and was taken over by the attacker. I have included the 30 min podcast link as well as the original piece which lists how it happened step by step with images (check it out check it out)

YouTube Podcast Link: https://www.youtube.com/watch?v=qCWmpHHHXis

Article Link: https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124

 

Interesting read here. A recent study shows that nation retaliatory hacking may not escalate as we thought. The Obama administration had a stance to not retaliate against counties that launched cyberattacks against the US, and they would implement sanctions for fear it could lead to a military conflict. The study shows just the opposite, it is rare that a cyber conflict will go tit for tat, or escalate to a military conflict.

The article speculates that these findings may benefit the Trump administration as the US has recently launched cyberattacks against Russia, China, and Iran to retaliate or intimidate.

An additional finding of the study shows that retaliatory hacking does little to stop adversaries from launching additional attacks. I have this vision of rival nations launching cyberattacks against each other and being wary to not cross that threshold for Military escalation. I assume all nations involved know each other’s thresholds? A very dangerous game being played here.

https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/10/02/the-cybersecurity-202-hacking-back-may-be-less-risky-than-we-thought/5d939824602ff14beb3daacc/

I wanted to experiment with running Kali using Windows Subsystem for Linux on Windows 10.  This will let you run native Linux command-line tools directly on Windows.  I created this guide to get you a Kali WSL install with Metasploit running on Windows 10.  If you want to install Metasploit directly in Windows without the Windows Subsystem for Linux, read after step #13.

1. Open and run Windows PowerShell as administrator
2. Enter the following command:
   Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
3. Reboot Windows
4. Open the Microsoft Store on Windows 10 and install Kali Linux
5. Launch Kali Linux when it is done installing and type a username and password when prompted.
6. Type: sudo apt-get update (enter password if prompted)
7. Type: sudo apt-get dist-upgrade
8. Type: sudo apt-get clean
9. Now we have to add the Kali Linux folder as an exception to the built-in Virus and threat protection so it doesn’t keep blocking/removing Metasploit:

Go to Start > Settings > Update & Security > Windows Security > Virus & threat protection

Under Virus & threat protection settings, select Manage settings, and then under Exclusions, select Add or remove exclusions.

10. Add your Kali folder as an exclusion:
    Located under: %LocalAppData%\Packages\KaliLinux.<Package_ID>\LocalState
    Example: C:\Users\yourname\AppData\Local\Packages\KaliLinux.random##sandletters\LocalState
11. Now go back to your Kali Linux terminal and run this command to install Metasploit:
    sudo apt-get install metasploit-framework
12. Finally, run Metasploit by typing: msfconsole
13. Have fun experimenting and adding whatever else you want to Kali Linux

Also, if you just want to install Metasploit in Windows and are using the built-in virus and threat protection, you can download Metasploit Framework for Windows and add c:\metasploit-framework as an exclusion folder (like in step #9).  The msfconsole command and all related tools will be added to the system %PATH% environment variable so you can use Metasploit within Command Prompt.

These alternate methods may be helpful for someone who has limited resources on their computer (ex. RAM/CPU) and can benefit from running with the least amount of VMs as possible.  It’s also good to experiment with relatively new technology like Windows Subsystem for Linux.

I still highly recommend a full native Linux install or a Linux VM for familiarization and skill building.

A former Yahoo software engineer, Reyes Daniel Ruiz, turned hacker was charged with hacking 6,000 plus Yahoo accounts, which included his friends and colleagues. Ruiz abused his role as a reliability engineer to access internal Yahoo systems to steal passwords and hack accounts.

Ruiz admitted to making copies of images and videos of users that he compromised and stored them at his home on personal systems. He didn’t stop there, after gaining yahoo access, he compromised other accounts, like Facebook, Gmail, iCloud and DropBox for additional media. I assume that users Gmail and Facebook password reset emails were sent to their Yahoo accounts to conceal the hack. Here is a case where two factor authentication would have tipped users off to their accounts being compromised.

I question what controls Yahoo had in place to audit Ruiz’s system access and operations.

https://thehackernews.com/2019/10/yahoo-email-hacking.html

A bunch of ethical hackers from a program called Government Bug Bounty found more than 30 vulnerabilities in Singapore government’s network system. The article mentions “The bug bounty program was organized by the Government Technology Agency (GovTech) and Cyber Security Agency (CSA) in partnership with HackerOne, a popular bug bounty platform. HackerOne helps organizations find and fix the potential vulnerabilities before they can be exploited by cybercriminals. The new bug bounty program is part of the Singapore government’s ongoing commitment to protect its citizens and secure government network systems. The hacking challenge will offer a monetary reward to the hackers for discovering and reporting potential vulnerabilities.”

What I found really interesting was the following:

“The Government has paid out S$25,950 in bounties for discovering 31 vulnerabilities, in which four were considered as High Severity and the remaining 27 were considered as medium/low severity.”

Singapore government has this really cool program which collaborates with the cyber security community in order to build a secure nation. I think this is something every country should take into consideration

Source Link: https://www.cisomag.com/singapore-government-patches-31-vulnerabilities-found-by-ethical-hackers/

 

Intro-to-Ethical-Hacking-Week-6

https://capture.fox.temple.edu/Mediasite/Play/dec7de8a6e2f482e81d37b1d02702f9f1d

According to the news, there is a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers.

Basically, the attacks can be summarized in four following steps:

Step 1 — Attackers send a malicious OTA SMS to the victim’s phone number containing an S@T or WIB command such as SETUP CALL, SEND SMS, or PROVIDE LOCATION INFO.
Step 2 — Once received, the victim’s mobile operating system forwards this command to the S@T or WIB browser installed on the SIM card, without raising an alert or indicating the user about the incoming message.
Step 3 — The targeted browser then instructs the victim’s mobile operating system to follow the command.
Step 4 — The victim’s mobile OS then performs the corresponding actions.

https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html