Ehacking Tutorial

Should Apple Credit Card Feature be Trusted



After the photo scandal in which prominent Hollywood stars such as Jennifer Lawrence private pictures were stolen by hackers and uploaded on the internet, Apple is hell bent on doing the marketing that is primarily focus on damage control. Tim Cook Apple’s CEO wrote:

"Security and privacy are fundamental to the design of all our hardware, software, and services, including iCloud and new services like Apple Pay. And we continue to make improvements. Two-step verification, which we encourage all our customers to use, in addition to protecting your Apple ID account information, now also protects all of the data you store and keep up to date with iCloud


I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will."

Tutorial of Stealing WhatsApp Chat - POC

WhatsApp is the renowned instant messaging service for smartphones. Facebook has acquired whatsapp in February, 2014; the acquisition and its impact on whatsapp is not the topic of our interest, but as an information security professional we should focus on to report the vulnerabilities and exploitation of whatsapp to facebook so that they can secure it. There is a famous saying that you can't secure unless and until you know the bug, its exploitation and the possible damage that the company might bear; so that the parent company will be interested to review your submission.


I was talking with some friends on linkedin about whatsapp security and the way that bad guys (hackers) are hacking and stealing whatsapp chats; one of my friend has shared the prove of concept. It is a tutorial that I want to share with you, written by Mohit Sahu (@mohitnitrr). I don't know him personal but he did a wonderful job and we appreciate his effort.

Wardriving with Kismet and WAPMap

What is WAPMap?

I have written this Python script to parse .netxml files output by Kismet and then return a CSV file that can be uploaded to Google Mapping Engine.  This will simplify war driving campaigns by allowing vulnerable networks (WEP or Open) to be easily mapped on Google Maps.  The WAPMap Github repository can be found here

To use this tool, you will need to have Kismet working with a GPS device connected to your Kali Linux host.  I have provided an explanation on how to do that here

How it Works?


First, you will need to clone the Github WAPMap repository.  This can be done with the following command:

# git clone https://github/hack1thu7ch/WAPMap.git


When the script is run without any arguments, it returns the usage description.  To run this script, you will need to supply three (3) arguments. These include the Kismet.netxml file of the Kismet scan from which you want to generate your map, the mapping mode (includes -wep and -open) and the name of the output CSV file that will be used to generate the map.



In the example provided below, I have used a .netxml file from a scan I performed around my apartment complex.  I have used the -wep argument to map out WEP encrypted networks.  And I have used wep_upload.csv as the output file name (this name is arbitrary, and you can use anything as long as you append a .csv to the end).


Once run, the script will output a tab delimited table showing the detected vulnerable networks of the specified encryption level.  Additionally, it will also output the CSV file that is highlighted above.  This is the one you will upload to Google.  Once you have this file, open your web browser and go to:


Once the page loads, click the “Create a New Map” button.

Next, you will need to click the “Import” link in the menu in the top-left corner of the map.



Becoming a Hacker – Intangible Skills

How to become a hacker has created a buzz among IT security students and professionals, people have selected ehacking.net (via email, comment, Tweets etc.) as their mentor and we will surely help you out till time. In the previous episode of this series, we have discussed the objective of this guide, education and skills that required and the method to become the master; and in this episode we will take a look into philosophical & Psychological side of a Penetration tester.

You might be thinking that hacking process has nothing to do with philosophy & psychology but believe me it has; apart from the technical skills,the success of any hacking attack is also depends on the psyche of the attacker. 


Intangible Skills


“Focus” is the key to get success in every aspect of life, be focused on what you want to achieve. Let's consider an example, you want to find a vulnerability in Facebook; you tried your level best, you were trying to achieve the objective but you failed. The word failure shows your weakness, so please hide it or destroy it; you can't fail until you keep trying.

“You only fail when you accept your defeat” The foremost skill to become a penetration tester is never ever give-up and be focused in achieving your objective. If you will be able to develop this skill then take my word, “nobody can stop you to become a hacker/IT security expert”. Let's get back to the example; finding a vulnerability in Facebook takes time, patience, persistence, attention and believe me it is possible. Keep try until and unless you will get success, the same suggestion for this guide too; don't show impatience, read and implement. Are you developing the skills discussed in the first episode ? Have the mentor been selected yet ? Are you trying to become (focus) a hacker ? We have discussed many important points so far that could lead you to get the success, if you can understand these points.

Building Trojan Hardware at Home

Malware, Viruses and Trojan horse can destroy your computer and network; most of the time they are software based, but have you ever imagined that a hardware based trojan might also destroy or simply steal private information from your computer; consider a recent celebrity hack.

 
There are many tutorials, guide and codes are available online to program a Trojan horse but at the moment community is not focusing on hardware based Trojan, but you should focus. In this article, I will share a conspicuous presentation and video demonstration on "Building Trojan Hardware at Home" by JP Dunning, presented at BlactHat Asia 2014 event.






How to Become a Hacker ?

It was a lovely evening when I opened the contact form of ehacking.net and I found several emails asking the said question; this event is not once in a blue moon at all, it seems a regular habit of beginners or may be intermediate level too. They keep asking the same question, so I should say that “How to become a hacker” is a million dollar question.

There was a time in 90's when movies were creating and showing hacker culture, their personalities and lifestyle; some of these movies have shown hackers as a hero and some made them villain. At the end, movies have created a mindset of our generation to become a hacker in order to achieve their objectives, whether they are good or bad.

When someone ask this question, I used to float a counter question; “Why do you want to become a hacker ? Why not IT security professional or penetration tester ?” And believe me most of the time people say that it sounds good to be a hacker. My simple is point is that:

“Media has created this mentality to be a hacker instead of professional penetration tester

Neither I will define the word hacker here, nor I will differentiate between penetration tester and hacker but in this series of “to be a hacker” I will show a pathway to become an IT security professional. 


If you cannot handle the difficulties and challenges then leave this field at your earliest, IT security is a dynamic field which requires education, certification, human skills and impatient while learning something. So you should be waiting to handle loads of challenges coming your way to become a hacker Penetration tester.

Education & Skill Set


Any degree related to computer sciences is highly recommended because while studying computer science you get to know about the programming, scripting, networking (wired & wireless), web,database, cryptography and many other things that will help you throughout your IT security career. Apart from computer sciences, engineering degrees like Telecommunication and electronic degree are also a good option; these degrees enhance your networking and hardware skills, and you may learn the software side while working :)