In this article we will be looking at the different kinds of malware and what they do. When performing static or dynamic malware analysis it is crucial to have a good understanding of the different malware types available so you are able to recognize them and focus your investigation. During static malware analysis the imported DLL’s and functions often tell us a lot about the malware’s intentions and behaviour. For example when malware imports networking functions together with functions to edit the Windows registry and compression functions, we could be dealing with spyware, a downloader malware or a Trojan which executes itself or other malware at start up. In the simplest case of statically imported DLL’s you can use an application like Dependency Walker to find out which functions are used in malware. Further inspection of the DLL’s, functions, PE headers and resources should narrow the possible kinds of malware a…
Author: Hacking Tutorials
In this tutorial we will be covering dynamic malware analysis tools which are being used to determine the behaviour of malware after it has been executed. This tutorial is part 2 of 6 in our Malware Analysis tutorials on www.hackingtutorials.org. If you haven’t read part 1 of this series please read it first before continuing on this malware analysis tutorial. In this tutorial we will be covering Dynamic Malware Analysis Tools which are used to analyse activity after the execution of malware in virtual machines. We will be looking at tools like Procmon, Process Explorer, Regshot, ApateDNS, Netcat, Wireshark and INetSim to analyse the malware. Dynamic Malware Analysis is typically performed after static malware analysis has reached a dead end. You will reach a dead end quickly when malware is packed or obfuscated for example. Dynamic Malware Analysis is also a great way to identify the type of malware quickly, if you are facing Ransomware you will notice…
In the upcoming 6 hacking tutorials we will be talking about basic malware analysis and we will start with discussing the many different Basic Malware Analysis Tools which are available. A Malware Analyst is someone highly skilled in reverse engineering malware to get a deep understanding about what a certain piece of malware does and how it does it. To become a malware analyst it is important to have a good understanding of operating systems, software, networking, programming in general, malware in general and assembly language. Assembly language is the low level programming code between the high level programming code and the machine instructions. In other words: it translates the high level language into machine instructions which will be processed by your computers hardware. In this tutorial we will be looking at simple but popular tools for basic static malware analysis like: PEiD to detect packers, Dependency Walker to view dynamically linked functions, Resource Hacker to view the malware’s resources and PEview and FileAlyzer to examine the PE file headers and…
In this tutorial we will be exploring the Websploit Wifi Jammer module which we’ve edited to work with the latest version of Kali Linux. The Websploit Wifi Jammer module is a great tool to automatically disconnect every client connected to the targeted wireless network and access point. The WiFi Jammer module also prevents new and disconnected clients from connecting to the WiFi network. The module has been edited to work with Kali 2.0 and the new monitoring interface names (wlan0mon, wlan1mon etc.). For your convenience we’ve also set wlan0mon as the default interface. The edited Websploit Wifi Jammer module script can be downloaded using the following link: In order to work with the new script in Websploit you have to replace the script in the following directory in Kali Linux with the downloaded script: /usr/share/websploit/modules/wifi_jammer.py Websploit WiFi Jammer Tutorial Open a new terminal and start websploit with the following command: websploit Use…
Questions about if a certain Wifi adapter is compatible with the Aircrack-ng suite or what Wifi card is capable of packet injection and operating monitoring mode are commonly asked at discussion boards and social media. A Wifi adapter that is capable of packet injection and monitoring mode is trivial and important functionality to be successful in Wifi hacking. Wireless packet injection is spoofing packets on a network to appear as if they are part of the regular network communication stream. Packet injection allows to intercept, disrupt and manipulate network communication. An example of this is sending a deauthentication message from an unknown party outside the network to a connected client as if it was send by the wireless router. This will result in the client disconnecting from the router. Monitoring mode is one of the six modes a Wifi card can operate in which allows you to capture network packets without having to associate with the access point. If…
Windows 10 has a new feature called Wi-Fi Sense that will share your Wifi password automatically with your contacts (Outlook, Skype and Facebook). This way your friends and family do not have to manually enter a password to use your wireless network. If you chose the Express installation of Windows 10, the Wi-Fi Sense feature is turned on by default. Assuming you do not want to share your wireless network with every Outlook, Skype and Facebook contacts, it is suggested to turn off Wi-Fi Sense and avoid potential (future) security and privacy issues. Disable Wi-Fi Sense on Windows 10 To turn off Wi-Fi Sense, you should open up the Settings menu and go to Network & Internet -> Wi-Fi -> Manage Wi-Fi settings and uncheck the options to share your networks with Outlook, Skype, and Facebook contacts. In the Wifi settings menu on Windows 10 you can also turn off the…
Uniscan is a simple but great tool for Remote File Include, Local File Include and Remote Command Execution vulnerability scanner. In this tutorial we will be exploring the webserver fingerprinting functionality in Uniscan on Kali Linux. The webserver fingerprinting functionality in Uniscan peforms a ping, traceroute, NS lookup, OS detection and service scan with Nmap on the specified target. Uniscan Webserver fingerprinting Tutorial Let’s start with opening a terminal and run Uniscan with the following command to get an overview of options: uniscan We will be running Uniscan again with the -j Server fingerprint flag on a specified target using the following command (this will take a little while to finish): uniscan -u [target] -j As mentioned earlier, Uniscan will perform a ping, traceroute, NS lookup and Nmap OS & Service scan. From which in particular the Nmap scans take a little while to finish. In the meantime we will be looking at…
In this tutorial we will be importing the CVE-2015-5122 (Adobe Flash opaqueBackground Use After Free) zero day Flash Exploit module in Metasploit and have a vulnerable setup download the malicious Flash file. Recent versions of Adobe Flash Player contain critical vulnerabilities within the ActionScript 3 ByteArray, opaqueBackground and BitmapData classes. Exploiting one of these vulnerabilities could allow a remote attacker to execute arbitrary code on the vulnerable system. CVE-2015-5122 is the 3rd zero-day exploit from the Hacking Team data breach and targets the Adobe Flash Player (18.0.0.203) on Windows 7, Windows 8.1 and Google Chrome on Linux based computers. By the time of writing Adobe has already released security updates for Windows, Mac and Linux. This tutorial is for informational purposes only. Metasploit CVE-2015-5122 Tutorial First download the exploit code and make it available to Metasploit by creating an empty document and name it: Adobe_Flash_HackingTeam_exploit.rb Than download the payload here: https://github.com/rapid7/metasploit-framework/tree/master/data/exploits/CVE-2015-5122 And…
In this Top 10 Wifi Hacking Tools we will be talking about a very popular subject: hacking wireless networks and how to prevent it from being hacked. Wifi is often a vulnerable side of the network when it comes to hacking because WiFi signals can be picked up everywhere and by anyone. Also a lot of routers contain vulnerabilities which can be easily exploited with the right equipment and software such as the tools included with Kali Linux. A lot of router manufacturers and ISPs still turn on WPS by default on their routers which makes wireless security and penetration testing even more important. With the following Top 10 Wifi Hacking Tools you are able to test our own wireless networks for potential security issues. For most tools we’ve supplied a link to a tutorial which will help you get started with the tools. Let’s start off the Top 10 Wifi Hacking Tools with the first tool: 1…
In this tutorial we will be testing and using the Cloudflare resolver module in Websploit on Kali Linux. Cloudflare is a company that provides a content delivery network and distributed DNS (Domain Name Server) services, sitting between the visitor and the hosting provider of the Cloudflare user. This way Cloudflare is acting as a reverse proxy for websites and claims to protect, speed up, optimize and improve availability for a website. Cloudflare also provides advanced DDOS protection for a website, including those targeting UDP and ICMP protocols. Cloudflare claims to protect more than 2 million website at the time of writing. The Websploit Cloudflare Resolver module claims to resolve the original IP address of the server protected by Cloudflare. Websploit Cloudflare Resolver Tutorial Open a terminal and start websploit with the following command: websploit Use the following command to show an overview of available modules from which we will select the Websplout Cloudflare Resolver module: show modules Use the…