Sunday, September 25, 2011

The Simple Mass WEP and WPA Cracker

If there is Piata Scanner for scanning and cracking mass SSH (Secure Shell), there is also Wifite.py for mass WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) cracking. Wait, wait… say what??

You read me right! There is Wifite.py for mass WEP and WPA cracking. Wifite.py is a cool tool coded in python which makes cracking WIFI passwords and security easier. It can be executed by using the command line python wifite.py or ./wifite.py. To see a list of command lines with detailed information for the script, you can just type in the terminal ./wifite.py –help or python wifite.py –help.

The tool is customizable to be automated with only a few arguments. Cool ey? Yeah, but it should always be noted that it requires Aicrack-ng suite which is used for auditing wireless networks and also needs macchanger which is of course  available via apt-get install.

What makes this tool easier is that it also has a GUI mode which runs by default after executing the script if it has a python-tk module. So far, the tool works good on my Backtrack 5 R1 and my Ubuntu 10.04 and a must have for Wi-Fi ninja geeks out there. It also works great with Blackbuntu. Not to mention that it also has a built in updater and can be updated by the command line ./wifite.py –upgrade or python wifite.py –upgrade.

Wifite.py was also mentioned in New York Times' article "New Hacking Tools Pose Bigger Threats to Wi-Fi Users" last February 16, 2011.

If you want to download the python script, click here.


About the Contributor:

Shipcode is a prolific blogger of ROOTCON and at the same time an InfoSec enthusiast from Cebu. He was inspired to join ROOTCON as part of the core team to share his knowledge in information security.  He encourages other like minded individuals to come forward and share their knowledge through blogging right here at ROOTCON Blog section. Email your contributions to info[at]rootcon[dot]org.


ROOTCON is managed by like minded InfoSec professionals across the Philippines.  All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.

Read More

Tuesday, September 20, 2011

Demystifying a Backdoor Shell


Last July 29, 2011, I was able to give a talk about Backdoor Shells and IRC (Internet Relay Chat) Bots in Techbar Cebu for the Cebu Linux Users Group (CEGNULUG) Talk.  In the said talk I explained and showed what a backdoor shell is and how it can be a chronic threat to all websites. I also showed how to run an IRC Bot using the backdoor shell I have. The purpose of my topic was to promote security awareness and to give idea about the backdoor shell’s hidden danger.

So what is a backdoor shell? A backdoor shell is a piece of code in PHP, ASP, JSP, etc. which can be uploaded to a site to gain access to files stored on the website. Once it is uploaded, the cracker could use it to edit, delete, and download any files on the website, or could even upload their own.

Now, there are many ways of how a site gets backdoored, it could be due to website vulnerability attacks or exploits like SQLI (Structured Query Language Injection), RFI (Remote File Inclusion), LFI (Local File Inclusion), FTP (File Transfer Protocol) Bruteforce Attacks, Sniffing, XSS (Cross Site Scripting), etc. There are many to mention but these are the most common attacks.

PHP Backdoor shells are the most used backdoor shells because most of the websites are coded in PHP. These kind of backdoor shells are like terminal emulators wherein you can execute UNIX and bash commands which allow crackers and defacers to manipulate the server or the operating system your website is currently hosted.


So how risky could it be? Well first of all, your site could get defaced on the index page which is really shameful or the cracker could use the website as a scam page or a phishing site. Shells could also be used to gain the root access of the site if it’s a Linux server. Crackers could also use your site for spamming and for hosting their botnets. Crackers could spread the backdoor shell across your files for backup purposes. And worst of all, the site could then be used to host their denial-of-service (DoS) or distributed denial-of-service attack (DDoS) shells (ex. host booter).


According to Zone-H, they archived 1,419,203 defaced web­sites. Linux became the most used OS for web servers and of course the pre­ferred target for the defacers. Why? Because of certain benefits and many things a defacer or a cracker could play around like putting a backdoor shell on it. 

What Zone-H archived only accounts to those defaced websites that were submitted to them by defacers, thus there are still unaccounted websites out there which are not leaked just for the cracker or defacer’s compensation. We just could not deny the fact that there are still websites out there wherein the administrator is not aware of such cyber espionage.

Now the question is, “Is your website one of those unaccounted websites with backdoors?”


About the Contributor:
Shipcode is a prolific blogger of ROOTCON and at the same time an InfoSec enthusiast from Cebu. He was inspired to join ROOTCON as part of the core team to share his knowledge in information security.  He encourages other like minded individuals to come forward and share their knowledge through blogging right here at ROOTCON Blog section.


ROOTCON is managed by like minded InfoSec professionals across the Philippines.  All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
Read More

Sunday, September 04, 2011

ROOTCON 5 Full Page Ad Published in "The Freeman"

(Click Image to Enlarge)

The image above paints a thousand words. This one (1) full page ad is published in "The Freeman" (Cebu newspaper) today, dated September 4, 2011 (Sunday).

Thanks to James Arthur Oliva for the photos and his models. Thanks also to Paul Villacorta for the graphic works.

Kudos to you guys for supporting ROOTCON!


About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking, social media campaigns and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.

ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.



Read More

Saturday, September 03, 2011

[UPDATE] RC 5 Panelist

We have identified our list of panelist for the upcoming ROOTCON 5 Panel Discussion.

Day 1:  InfoSec State In The Philippines

Oliver Cam - Development and General Manager InfoWeapons Inc.

Roland Dela Paz - Security and Threat Researcher at TrendMicro

Atty. Al Vitangcol - Lawyer specializing in e-Commerce law.

Jaime Licauco - Security Professional that holds CISSP and GSEC certification

Day 2: Cyber Terrorism What Is Our Stand

Paul Sabanal - Security Research at IBM Security Systems, speaker at BlackHat Briefings

Sven Herpig - Professor and a PhD student specilizing CyberWarfare

Chris Boyd - Senior Threat Researcher at GFI, holds a title of Microsoft MVP for Computer Security

Berman Enconado - Senior Software Engineer at GFI

More updates on the ROOTCON 5 Panel Discussion will be published soon.

Read More

Thursday, September 01, 2011

ROOTCON Panel Discussion

Sad to say that one of our speakers backed-out at a very last minute. Due to very limited time, we don't have enough time to look for another replacement, and our speakers on the waiting list cannot do the talk because of very limited time to prepare for their presentation

And as a replacement, we will be having a ROOTCON Panel Discussion both on Day 1 and Day 2. Panel Discussion is a very good alternative in finding speakers, as this will create an interaction and a healthy discussion between our selected panelist and con-goers.

Our Panel Topics for this years conference are the following:

InfoSec State in the Country (Philippines) - Day 1
Cyber Terrorism What Is Our Stand - Day 2

Selected Panelist will be debating / discussing this two high-end topics during the panel discussion and at the same time get inputs from the audience.

Our Panelist will be announced on Friday.

Stay Tuned for Updates.


Read More