Posts

Posted on

The NSA Hacks System Administrators

This article reveals that the people holding the keys are often the juiciest targets, regardless of their innocence, as they are a means to and end. However, perhaps the most interesting part of the article, Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators, is this:

Once the agency believes it has identified a sys admin’s personal accounts, according to the posts, it can target them with its so-called QUANTUM hacking techniques. The Snowden files reveal that the QUANTUM methods have been used to secretly inject surveillance malware into a Facebook page by sending malicious NSA data packets that appear to originate from a genuine Facebook server. This method tricks a target’s computer into accepting the malicious packets, allowing the NSA to infect the targeted computer with a malware “implant” and gain unfettered access to the data stored on its hard drive.

Looks like I chose a good week to cancel my Facebook account 😉

Posted on

Cracking Password-Protected MS Office Files

Disclaimer: Don’t do this unless it’s for legitimate reasons, such as the one outlined below.

At work, I recently came across the need to crack a handful of MS Office files that someone had password protected. Of course, that person was no longer around, so the person who took over needed to figure out how to access these documents, and they asked the Security team for help.

My first instinct turned out to be the correct one: use John the Ripper on Kali 2.

The main issue I faced was extracting the password hash from the Office docs in question so that John The Ripper could have something to run against. Turns out there is a handy python script you can use that does exactly this: office2john.py (https://github.com/kholia/RC4-40-brute-office)

Instructions

Download office2john.py, then make it executable.

# chmod a+x offce2john.py

Now you can use this tool to extract the hash from the Office document, and save it to a text file:

# ./office2john.py secret-company-secrets.docx > hash.txt

Now check out the contents of the hash file if you want:

# cat hash.txt

All you need at this point is a good password list to run through John the Ripper, and a few options to run it with. The sqlmap.txt file that comes with Kali2 is a good candidate:

/usr/share/wordlists/sqlmap.txt

Here’s the full command:

# john --session=docx --rules --wordlist=/usr/share/wordlists/sqlmap.txt hash.txt

Options:
–session=docx – This is the name of this session. Could be anything, really.
–rules – Enables word mangling on the defined wordlist
–wordlist – Path to the word list you are running this against

Now, sit back and wait for John to do its thing.

PDFs

Just use pdfcrack in Kali.

Posted on

Have you been pwned?

This website has come in handy a couple of times recently. I was made aware that my username and password were found in lists of those stolen from hacked websites, including Dropbox and LinkedIn. Of course, I had long since changed my passwords, but it’s still interesting to see this happen, and it could one day really save me. I suggest you sign up!

https://haveibeenpwned.com/

Have_I_been_pwned__Check_if_your_email_has_been_compromised_in_a_data_breach

Posted on

Speaking at WordCamp Asheville – June 3 – 5, 2016

Tickets are on sale for WordCamp Asheville, and I hope many of you will come. This is my first opportunity to attend WordCamp, and I’ll actually be getting to speak at it. Come check it out if you are attending.

My presentation will be about WordPress security, how to make yourself less of a target, and how to harden your WordPress website against hackers using freely available tools.

Come say Hi if you attend!

Posted on

Random Links

No links are better than random links, so I have culled my Bookmarks to find some things that have piqued my interest lately, and I am presenting them here for your perusal. I supposed that the act of coagulating these links into a blog post no longer makes them “random” in some sense of the word, but nevertheless, here they are. Enjoy.

 

Always Something Interesting

Shorpy.com is an historic picture archive “featuring thousands of high-definition images from the 1850s to 1950s. The site is named after Shorpy Higginbotham, a teenage coal miner who lived 100 years ago.”

That sounds pretty neat, and it is. The site is choc-full of very high resolution, pre-Scalia imagery (too soon?) for you to look at. Who doesn’t like a hi-res picture of ‘newsies’ smoking cigarettes?

 

Gone Phishing

GoPhish is an open source phishing framework that allows you to create fake emails, add them to phishing campaigns, then track their success. Perfect for the Inter security professional in your house to do some social engineering in order to find out which family member is most likely to give up the login information for your Netflix account.

Being open source, it’s free to use as you wish.

 

Facebook Safety

FaceCrooks.com keeps an eye on all things Facebook related, with security tips, account setting recommendations, scam alerts, and more. Keep this one in your back pocket if you are a Facebook user.

 

Credit Card Fees

Don’t you hate being charged more to use your credit card when you get that cup of coffee? It’s an understandable position that many small shops try to recoup some of the processing fee for small transactions, but there are restrictions shop owners may be unaware of. This site keep you, the consumer and/or business owner, up to date about what you can and can’t expect related to charing fees for card use.

Posted on

Let’s Encrypt The World

lets-encrypt-logoI have been a big fan of free SSL certificate authority LetsEncrypt.org since it was in Private Beta. Now in Public Beta, and now being a Certificate Authority recognized by every major web browser, it’s time for you to start using it on your website!

The great thing about Let’s Encrypt is that it is free. Why? Because the sponsors behind it believe encryption is for the public good. And they are correct. No more do you need to pay $80/year or more for an SSL certificate through some company like GoDaddy. This all may sound too good to be true, but it isn’t.

Wait, what?

In case you are unfamiliar with what I’m talking about here, LetsEncrypt.org offers you free SSL (Secure Socket Layer) certificates for your website. This make your website secure and encrypted for your visitors, just like your bank does, by changing your site’s address from using http://  to https://.

Being a user of the WHM/CPanel web hosting tools for the handful of websites I run, I found a great set of instructions and scripts you can use to get this set up and running in that environment. Just follow the instructions in the WHM forum here. Be sure to set up the cron job so that your cert(s) get renewed automatically. If you forget, it’s very easy to do it by hand from the command line, but the cron job makes it so that you don’t need to remember.

Encrypt WordPress

If you are a WordPress website owner, you can configure it to use the SSL certificate by editing your site’s URL in Settings > General. I especially recommend this for WordPress admin area logins, but there’s not reason you shouldn’t be using SSL on your whole site anymore. This is especially true considering Google favoring SSL-enabled sites over non-SSL sites.

Redirect Traffic to HTTPS

Using an .htaccess file, you can set it up so that any traffic going to your http:// website is automatically redirected to your https:// version. This is the snippet I use in my .htaccess file for that:

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Go forth and encrypt all the things!

clicky