TLS-Attacker V2.2 And The ROBOT Attack

We found out that many TLS implementations are still vulnerable to different variations of a 19-year old Bleichenbacher's attack. Since Hanno argued to have an attack name, we called it ROBOT: https://robotattack.org

Given the new attack variants, we released a new version of TLS-Attacker 2.2, which covers our vulnerabilities.

Bleichenbacher's attack from 1998

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allow an adversary to execute an adaptive-chosen ciphertext attack. This attack also belongs to the category of padding oracle attacks. By performing the attack, the adversary exploits different responses returned by the server that decrypts the requests and validates the PKCS#1 1.5 padding. Given such a server, the attacker can use it as an oracle and decrypt ciphertexts.

We refer to one of our previous blog posts for more details.

OK, so what is new in our research?

In our research we performed scans of several well-known hosts and found out many of them are vulnerable to different forms of the attack. In the original paper, an oracle was constructed from a server that responded with different TLS alert messages. In 2014, further side-channels like timings were exploited. However, all the previous studies have considered mostly open source implementations. Only a few vulnerabilities have been found.

In our scans we could identify more than seven vulnerable products and open source software implementations, including F5, Radware, Cisco, Erlang, Bouncy Castle, or WolfSSL. We identified new side-channels triggered by incomplete protocol flows or TCP socket states.

For example, some F5 products would respond to a malformed ciphertext located in the ClientKeyExchange message with a TLS alert 40 (handshake failure) but allow connections to timeout if the decryption was successful. We could observe this behaviour only when sending incomplete TLS handshakes missing ChangeCipherSpec and Finished messages.

See our paper for more interesting results.

Release of TLS-Attacker 2.2

These new findings motivated us to implement the complete detection of Bleichenbacher attacks in our TLS-Attacker. Before our research, TLS-Attacker had implemented a basic Bleichenbacher attack evaluation with full TLS protocol flows. We extended this evaluation with shortened protocol flows with missing ChangeCipherSpec and Finished messages, and implemented an oracle detection based on TCP timeouts and duplicated TLS alerts. In addition, Robert (@ic0ns) added many fixes and merged features like replay attacks on 0-RTT in TLS 1.3.

You can find the newest version release here: https://github.com/RUB-NDS/TLS-Attacker/releases/tag/v2.2

TLS-Attacker allows you to automatically send differently formatted PKCS#1 encrypted messages and observe the server behavior:

$ java -jar Attacks.jar bleichenbacher -connect [host]:[port]

In case the server responds with different error messages, it is most likely vulnerable. The following example provides an example of a vulnerable server detection output:

14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered vulnerable to this attack if it responds differently to the test vectors.
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered secure if it always responds the same way.
14:12:49 [main] CONSOLE attacks.impl.Attacker - Found a difference in responses in the Complete TLS protocol flow with CCS and Finished messages.
14:12:49 [main] CONSOLE attacks.impl.Attacker - The server seems to respond with different record contents.
14:12:49 [main] INFO  attacks.Main - Vulnerable:true

In this case TLS-Attacker identified that sending different PKCS#1 messages results in different server responses (the record contents are different).

Read more

1. How To Make Hacking Tools
2. Pentest Reporting Tools
3. Hacker
4. Hacking Tools 2020
5. Hack Tools For Windows
6. Game Hacking
7. Hack Tools Mac
8. Pentest Tools Alternative
9. How To Hack
10. Ethical Hacker Tools
11. Hack Tools Mac
12. Hackrf Tools
13. Hacking Tools Download
14. Tools For Hacker
15. Hacking Tools Windows
16. Pentest Tools Tcp Port Scanner
17. Hacker Tools Windows
18. Hacking Tools For Windows 7
19. Game Hacking
20. Underground Hacker Sites
21. Pentest Tools Port Scanner
22. Pentest Tools Online
23. Hacker Tools Software
24. Black Hat Hacker Tools
25. Hacker Tools Apk Download
26. Pentest Tools Review
27. Hacking Tools Windows
28. Hacking Tools Hardware
29. Android Hack Tools Github
30. What Is Hacking Tools
31. Pentest Tools Alternative
32. Hack Website Online Tool
33. Hacker Tools Free Download
34. Pentest Tools Subdomain
35. Hacker Tools Windows
36. Hacking Tools 2019
37. Pentest Box Tools Download
38. Hack Tools Online
39. Pentest Tools Android
40. Bluetooth Hacking Tools Kali
41. Pentest Tools Review
42. Pentest Tools For Android
43. Pentest Tools Android
44. Wifi Hacker Tools For Windows
45. Pentest Tools Framework
46. Bluetooth Hacking Tools Kali
47. Top Pentest Tools
48. Hacking Tools Windows 10
49. Hack And Tools
50. Usb Pentest Tools
51. Bluetooth Hacking Tools Kali

Read more...

Administración Remota De Servidores Desde Android

Sería muy util poder administrar todos nuestros servidores desde la palma de la mano.

Sin embargo una shell linux, no es viable en el teclado de un teléfono incluso de un tablet, sobretodo porque hay que escribir muchos símbolos, por ejemplo el guión, y estos teclados están pensados más bien para texto.

Pues bien, de esta necesidad surgió la aplicación SSHControl:


SSHControl

Esta problematica la he solucionado a base de utilizar nevegadores y estructurar los outputs para no acumular excesiva información en la pantalla.

- Navegador de ficheros
- Navegador de procesos
- Navegador de conexiones
- Navegador de logs
- Navegador de drivers de kernel

Esto permite administrar múltiples servidores con un solo dedo :)

Controlar la seguridad de sus servidores ahora es bastante sencillo y ágil, por ejemplo con solo hacer un "tap" encima de un usuario, podemos ver sos procesos asociados, con hacer otro tap en un proceso podemos kilearlo, ver mas info etc ..
Con hacer un tap encima de una apliacción, vemos sus conexiónes, con un tap en una conexión podemos agregar una regla de filtrado en el firewall, etc ..


En la siguiente versión habilitaré la opción de "Custom Commnands", la cual es muy util,
cada administrador o usuario linux, tiene una serie de comandos que repite con mucha frecuencia,
bien pues esta opción permite pre-programar estos comandos habituales, de manera que puedes lanzarlos con un simple tap.

En el roadmap tengo pensadas nuevas funcionalidades muy útiles :)

Aqui os dejo algunas capturas de pantalla:

Related links

1. Pentest Tools Apk
2. Pentest Tools
3. Hacking Tools For Games
4. Pentest Tools List
5. Hacking Tools Online
6. Pentest Tools Github
7. Hacking Tools 2019
8. Bluetooth Hacking Tools Kali
9. Hack Tools Github
10. Pentest Tools For Mac
11. Pentest Tools Android
12. Hacker Tools For Pc
13. Pentest Tools Website Vulnerability
14. Pentest Tools Bluekeep
15. Hacking Tools For Beginners
16. Hack And Tools
17. Hack Tools Download
18. Game Hacking
19. Hacking Tools Usb
20. Hacking Tools For Kali Linux
21. How To Hack
22. Hacking Tools Software
23. Pentest Tools Online
24. Hacking Tools Download
25. Pentest Tools Port Scanner
26. Pentest Tools Download
27. Beginner Hacker Tools
28. Best Hacking Tools 2019
29. What Are Hacking Tools
30. Hacking Tools 2019
31. Pentest Tools Port Scanner
32. Hacking Tools Online
33. Beginner Hacker Tools
34. Pentest Tools Find Subdomains
35. Hacker Tools Free
36. Pentest Tools List
37. Hacker Tools Software
38. Pentest Tools For Android
39. Hack Tool Apk
40. Hacking Tools Name
41. Nsa Hacker Tools
42. Hacking Tools For Windows Free Download
43. Hacker Tools Apk
44. Free Pentest Tools For Windows
45. Hacking Tools Online
46. Pentest Tools Download
47. New Hacker Tools
48. Hacker Tools For Windows
49. Hacking Tools Kit
50. Android Hack Tools Github
51. Nsa Hack Tools
52. Blackhat Hacker Tools
53. Nsa Hack Tools
54. Pentest Tools Find Subdomains
55. Easy Hack Tools
56. Pentest Tools For Ubuntu
57. Computer Hacker
58. Kik Hack Tools
59. Hacking Tools And Software
60. World No 1 Hacker Software
61. Hacking Tools Windows
62. Hacking Tools Hardware
63. What Are Hacking Tools
64. Android Hack Tools Github
65. Hacking Tools Github
66. World No 1 Hacker Software
67. Growth Hacker Tools
68. Hacker Tools Free
69. Black Hat Hacker Tools
70. Hacking Apps
71. Pentest Tools Url Fuzzer
72. Hack Tools For Games
73. Pentest Tools Kali Linux
74. Hacker Tools Github
75. Termux Hacking Tools 2019
76. Underground Hacker Sites
77. Physical Pentest Tools
78. Hacking Tools Usb
79. Android Hack Tools Github
80. Hacks And Tools
81. Hack Tool Apk
82. Hacker Tools Hardware
83. Hacking Tools And Software
84. Hack Tools For Pc
85. New Hacker Tools
86. Termux Hacking Tools 2019
87. Hacking Tools Download
88. Hacking Tools Mac
89. Hack Tools Online
90. Hacker Tools Software
91. Hacker Tools For Mac
92. How To Make Hacking Tools
93. New Hack Tools
94. Hacking Tools Pc
95. Hacker Tools Apk
96. Hack Tools
97. Nsa Hack Tools
98. What Is Hacking Tools
99. Hacking Tools Online
100. Pentest Tools For Windows
101. Pentest Tools Android
102. Pentest Tools Tcp Port Scanner
103. Pentest Tools For Ubuntu
104. Hack Tools 2019
105. Hacker Tools Online
106. Hacker Tools 2020
107. World No 1 Hacker Software
108. Pentest Tools Android
109. Pentest Tools For Ubuntu
110. Hack Apps
111. Nsa Hacker Tools
112. Hak5 Tools
113. Hacker Tools Online
114. Hacker Search Tools
115. Pentest Tools For Android
116. Hacker Tools Hardware
117. Hacker Tools Free
118. Hacker Tools Mac
119. Hack Rom Tools
120. Hack App

Read more...

Ufonet - Dos And Ddos Attack Tool | How To Install Bot

Related posts

1. Hack App
2. Pentest Tools Alternative
3. Hacking Tools Download
4. Hacking Tools Free Download
5. Hack Tools Mac
6. Pentest Tools Nmap
7. Pentest Recon Tools
8. Best Pentesting Tools 2018
9. Pentest Tools For Android
10. Hacker Tools Online
11. Free Pentest Tools For Windows
12. Hack Tools For Pc
13. How To Make Hacking Tools
14. Hack Tools Pc
15. Hacking Tools Name
16. Pentest Tools Android
17. New Hack Tools
18. Kik Hack Tools
19. Pentest Tools Framework
20. Hack Tools Pc
21. Pentest Tools Windows
22. Hack Website Online Tool
23. Pentest Tools Framework
24. New Hacker Tools
25. Hack Apps
26. Pentest Tools Android
27. Hacker Tools Online
28. Hacker Search Tools
29. Hacking Tools Online
30. Hacker Tools Hardware
31. Hacking Tools Name
32. Usb Pentest Tools
33. Nsa Hack Tools
34. Hack Tools Download
35. Easy Hack Tools
36. Hacker Tool Kit
37. Hack Apps
38. Pentest Tools Review
39. Hacks And Tools
40. Pentest Tools For Mac
41. Hack Tools Download
42. Hacker Tools Free Download
43. How To Hack
44. Hacking Tools Mac
45. Pentest Tools Online
46. Install Pentest Tools Ubuntu
47. Hacking Tools Github
48. Hacking Tools For Mac
49. What Are Hacking Tools
50. Hack Tools For Mac
51. Pentest Tools Windows
52. Hacking Tools For Windows Free Download
53. Hacking Tools Software
54. Nsa Hack Tools Download
55. Hack Tools Download
56. Hacker Hardware Tools
57. Pentest Tools Android
58. Hacker Tools Github
59. Pentest Tools Github
60. Blackhat Hacker Tools
61. Hack Website Online Tool
62. How To Hack
63. Hack Tool Apk
64. Hack Tools For Windows
65. Pentest Tools Tcp Port Scanner
66. Best Hacking Tools 2019
67. Pentest Tools Free
68. Hacking Tools And Software
69. Pentest Tools For Windows
70. Hacker Tools Github
71. Pentest Tools List
72. Pentest Tools For Windows
73. Install Pentest Tools Ubuntu
74. Pentest Tools Framework
75. Hackers Toolbox
76. Growth Hacker Tools
77. Hacker Tools 2020
78. Pentest Tools For Mac
79. Termux Hacking Tools 2019
80. Hacking Tools Github
81. Hack App
82. Hacking Tools 2019
83. Hacking Tools
84. Hacker Techniques Tools And Incident Handling
85. Hacking Tools For Windows 7
86. Growth Hacker Tools
87. Hack Tools
88. Hak5 Tools
89. Bluetooth Hacking Tools Kali
90. New Hacker Tools
91. Pentest Tools Free
92. Pentest Tools Review
93. Hack Tools
94. Hacking Tools Github
95. Hacker Hardware Tools
96. Hacking Apps
97. Hacking App
98. Pentest Tools Github
99. Hacking Tools Windows
100. How To Make Hacking Tools
101. Top Pentest Tools
102. Pentest Tools Review
103. Growth Hacker Tools
104. Hackers Toolbox
105. Hacking Tools And Software
106. Hacker Tools Software
107. Pentest Tools Apk
108. Pentest Tools Port Scanner
109. How To Make Hacking Tools
110. Pentest Tools Alternative
111. Pentest Tools Port Scanner
112. How To Hack
113. Hackrf Tools
114. Blackhat Hacker Tools
115. Pentest Tools Kali Linux
116. Hacker Tools Apk Download
117. Pentest Recon Tools
118. Hacker Tools For Windows
119. Usb Pentest Tools
120. Hacking Tools
121. Hacking Tools Pc
122. Best Pentesting Tools 2018
123. Github Hacking Tools
124. Hacker Tool Kit
125. Hacker Tools For Windows
126. Pentest Tools Subdomain

Read more...

TYPES OF HACKING

Types of hacking?
We can segregate hacking into different categories, based on what being hacked. Here is a set of examples-

1-Website Hacking- Hacking a website means taking unauthorized control over a web server and its associated software such as databases and other interfaces.

2-Network Hacking-Hacking a network means gathering information about a network by using tool like Telnet, Nslookup, Ping, Tracert, Netstat etc with the intent to harm the network system and hamper its operation.

3-Email Hacking-It includes getting unauthorized access on an Email account and using it without taking the permission of the owner.

4-Ethical Hacking-It involves finding weakness in a computer or network system for testing purpose and finally getting them fixed.

5-Password Hacking-This is the process of recovering secret password from data that has been stored in or transmitted by a computer system.

6-Computer Hacking-This is the process of stealing computer ID & Passwords by applying hacking methods and getting unauthorized access to a computer system.

Read more

• Hack Website Online Tool
• Tools Used For Hacking
• Hacker Tools
• Hacker Tools List
• Pentest Tools
• Hacking Tools Windows
• Install Pentest Tools Ubuntu
• Hack Tools
• Hack Tools For Mac
• Hacker Security Tools
• Github Hacking Tools
• Hacking Tools
• Pentest Tools
• Black Hat Hacker Tools
• What Is Hacking Tools
• How To Hack
• New Hacker Tools
• Hacking Tools Mac
• What Is Hacking Tools
• Pentest Tools Kali Linux
• Hack Tools Github
• Pentest Tools For Android
• Pentest Tools Download
• Hacking Tools Usb
• Hacking Tools Pc
• Black Hat Hacker Tools
• Hacking Tools 2020
• Hack Rom Tools
• Hack Tools Github
• Hack And Tools
• Pentest Box Tools Download
• Hacking Tools 2020
• Hack Tools Pc
• Pentest Tools Subdomain
• Hacker
• Hack Tool Apk No Root
• Hack Tools
• Hacker Tools Software
• Tools For Hacker
• Nsa Hack Tools
• Pentest Tools Android
• Pentest Tools Windows
• Hack Tools Github
• Pentest Tools Download
• Hackrf Tools
• Nsa Hacker Tools
• Pentest Tools List
• Hacking Tools
• Hacker Tools 2019
• Hacking Tools Windows
• Hack Tools
• Hack Tools Online
• Pentest Tools Subdomain
• Hacker Security Tools
• Hacking Tools For Windows Free Download
• Termux Hacking Tools 2019
• Pentest Tools For Mac
• Pentest Tools Review
• Hacking Tools Hardware
• Hack Tools For Pc
• Hacker Tools Software
• Hacking Tools For Games
• Computer Hacker
• Best Pentesting Tools 2018
• Pentest Tools

Read more...

Reversing Pascal String Object

There are many goodware and malware developed in pascal, and we will see that the binary generated by the pascal compilers is fascinating, not only because the small and clean generated binaries, or the  clarity of the pascal code, but also the good performance. In Linux we have Lazarus which is a good free IDE like Delphi and Kylix the free pascal IDE for windows.

The program:

program strtest;

var
  cstr:  array[0..10] of char;
  s, s2:  ShortString;

begin
  cstr := 'hello world';
  s  := cstr;
  s2 := 'test';
  
  WriteLn(cstr + ' ' + s + ' ' + s2);
end.


We are going to compile it with freepascal and lazarus, and just the binary size differs a lot:

lazarus          242,176 btytes  845 functions
freepascal       32,256 bytes   233 functions
turbopascal      2,928 bytes     80 functions  (wow)

And surprisingly turbopascal binaries are extremely light.
Lets start with lazarus:

Logically it imports from user32.dll some display functions, it also import the kernel32.dll functions and suspiciously the string operations of oleaut32.dll 

And our starting point is a function called entry that calls the console initialization and retrieve some console configurations, and then start a labyrinth of function calls.

On functions 10000e8e0 there is the function that calls the main function.

I named execute_param2 because the second param is a function pointer that is gonna be executed without parameters, it sounds like main calling typical strategy.
And here we are, it's clearly the user code pascal main function.

What it seems is that function 100001800 returns an string object, then is called its constructor to initialize the string, then the string is passed to other functions that prints it to the screen.

This function executes the method 0x1c0 of the object until the byte 0x89 is a null byte.
What the hell is doing here?
First of all let's create the function main:

Simply right button create function:

After a bit of work on Ghidra here we have the main:

Note that the struct member so high like 0x1b0 are not created by default, we should import a .h file with an struct or class definition, and locate the constructor just on that position.

The mysterious function was printing byte a byte until null byte, the algorithm the compiler implemented in asm is not as optimized as turbopascal's.

In Windbg we can see the string object in eax after being created but before being initialized:












Just before executing the print function, the RCX parameter is the string object and it still identical:

Let's see the constructor code.
The constructor address can be guessed on static walking the reverse-cross-references to main, but I located it in debugging it in dynamic analysis.

The constructor reads only a pointer stored on the string object on the position 0x98.

And we have that the pointer at 0x98 is compared with the address of the literal, so now we know that this pointer points to the string.
The sentence *string_x98 = literal confirms it, and there is not memory copy, it only points reusing the literal.

Freepascal

The starting labyrinth is bigger than Lazarus so I had to begin the maze from the end, searching the string "hello world" and then finding the string references:

There are two ways to follow the references in Ghidra, one is [ctrl] + [shift] + F  but there is other trick which is simply clicking the green references texts on the disassembly.

At the beginning I doubted and put the name possible_main, but it's clearly the pascal user code main function.

The char array initialization Is converted by freepascal compiler to an runtime initialization using mov instructions.

Reducing the coverage on dynamic we arrive to the writeln function:

EAX helds  a pointer to a struct, and the member 0x24 performs the printing. In this cases the function can be tracked easily in dynamic executing the sample.

And lands at 0x004059b0 where we see the WriteFile, the stdout descriptor, the text and the size supplied by parameter.

there is an interesting logic of what happens if WriteFile() couldn't write all the bytes, but this is other scope.
Lets see how this functions is called  and how text and size are supplied to figure out the string object.

EBX helds the string object and there are two pointers, a pointer to the string on 0x18 and the length in 0x18, lets verify it on windbg.

And here we have the string object, 0x0000001e is the length, and 0x001de8a68 is the pointer.

Thanks @capi_x for the pascal samples.

Related links

• Hacker Tools List
• Hackrf Tools
• Hacker Tools
• Hacker Tools Github
• Pentest Tools Alternative
• Hacking Tools Kit
• Hacker Techniques Tools And Incident Handling
• Hacker Tools For Pc
• New Hack Tools
• How To Install Pentest Tools In Ubuntu
• Hacker Tools Free Download
• Pentest Tools Open Source
• Computer Hacker
• Tools For Hacker
• Hacker Tools Linux
• Hacking Tools For Windows
• What Are Hacking Tools
• Hack Tools For Ubuntu
• Hacker Tools For Mac
• Hacking Tools For Windows Free Download
• Hacker Tools Github
• Pentest Tools Online
• Hacking Tools Usb
• Pentest Automation Tools
• Tools 4 Hack
• Pentest Tools For Android
• Hack Tools
• Pentest Tools For Ubuntu
• Hack Tools Online
• Pentest Tools Apk
• Android Hack Tools Github
• Pentest Tools Android
• Pentest Tools For Windows
• Pentest Tools Url Fuzzer
• Hacker Tools Windows
• Easy Hack Tools
• Underground Hacker Sites
• Best Pentesting Tools 2018
• Hacking Tools For Windows 7
• Nsa Hack Tools
• Pentest Tools Alternative
• Pentest Tools Windows
• Hacking Tools Free Download
• Wifi Hacker Tools For Windows
• Hacker Tools For Pc
• Nsa Hack Tools
• Termux Hacking Tools 2019
• Bluetooth Hacking Tools Kali
• Hacking Tools Software
• Pentest Tools
• Hacking Tools Mac
• Hacker Hardware Tools
• Pentest Tools Online
• Pentest Tools Find Subdomains
• Black Hat Hacker Tools
• Kik Hack Tools
• Kik Hack Tools
• What Are Hacking Tools
• Hacker Tools 2019
• What Are Hacking Tools
• Nsa Hack Tools
• Hack Apps
• Hacking Tools For Mac
• Hacker
• Hacking Tools Name
• Pentest Tools Url Fuzzer
• Hacking Tools For Mac
• Pentest Tools Nmap
• Growth Hacker Tools
• Tools For Hacker
• Hacker Tools For Ios
• Hacking Tools 2020
• Pentest Tools Online
• Hacker Tools For Windows
• Ethical Hacker Tools
• Hacker Tools Free
• Hacking Tools For Beginners
• Hack Tools For Ubuntu
• Free Pentest Tools For Windows
• Pentest Tools Nmap
• Hack Tools Download
• Hacking Tools Name
• Best Hacking Tools 2019
• Hacker Tools 2020
• Pentest Tools Github
• Pentest Tools Download
• How To Install Pentest Tools In Ubuntu
• Hacker Tools List
• Underground Hacker Sites
• Hacker Tools Windows
• Github Hacking Tools
• Pentest Automation Tools
• Hacker Tools Free Download
• Pentest Tools Website Vulnerability
• Hacker Tools Free Download
• Hacker Tools List
• Pentest Tools List
• Hacker Tools For Pc
• Hacker Tools
• Hack Tool Apk
• Hacking Tools For Beginners
• Pentest Tools Review
• Hackers Toolbox
• Termux Hacking Tools 2019
• Hack App
• Pentest Tools Kali Linux
• How To Install Pentest Tools In Ubuntu
• Best Pentesting Tools 2018
• Hacker Tools Apk
• Hacking Tools For Games
• Hak5 Tools
• Hack Tools 2019
• Pentest Recon Tools
• Pentest Tools Android
• Pentest Tools Windows
• Hacking Tools 2020
• Pentest Tools Url Fuzzer
• Growth Hacker Tools

Read more...