The cyber attackers have exploited the critical vulnerabilities in the SaltStack which is an open-source framework.

This is mainly used for the implementation of data center systems and it’s automatic services.

From Cisco, it was also mentioned that the Cisco Modeling Labs Corporate Edition (CML) is also vulnerable to attacks that is because it has the same version of Saltstack and that helps to run the vulnerable Salt Master installation.

The information we gather is “CML basically used by the user to simulate Cisco Devices and third-party devices. The VIRAL-PE that helps users to create infra and test the virtual networks in a development and test the environment easily.”

Cisco Product Vulnerable 

There is mainly two product which is affected by the vulnerabilities :

• Cisco Virtual Internet Routing Lab Personal Edition(VIRl-PE)
• Cisco Modeling Labs Corporate Edition (CML)

The main Server Compromised

From the report of the company the Attacker can manage to compromise six infrastructure to take control :

• us-1.virl.info
• us-2.virl.info
• us-3.virl.info
• us-4.virl.info
• vsm-us-1.virl.info
• vsm-us-2.virl.info

We Got an image from the news that shows a device where the salt-master service is enabled :

Where Cisco lacks in security :

The vulnerabilities that can bypass the authentication as CVE-2020-11651 and a directory traversal that is identified as CVE-2020-11652.

The above two is the flaws can allow the attackers to gain the authority to access the entire file system of the servers that are configured in SaltStack,

CVE-2020-11651: Bypass authentication Vulnerable
CVE-2020-11652: Traversal Directory Vulnerable 

On May 7, 2020, Cisco updated the compromised server and check all the vulnerabilities which can be fixed by the patch like the authentication bypass vulnerabilities(CVE-2020-11651) and the directory traversal vulnerabilities (CVE-2020-11652) that mainly affect the Saltstack severs.

After that Cisco released two essential updates for the VIRL-PE services and that was related to the product Cisco Modeling Labs Corporate Edition. The Security experts claimed that the security flaws on any version of services before the updates.

The SaltStack we mainly meant to observe and help to update the servers with their automatic process with the help of a remote execution engine it also allows us to run commands on multiple systems by utilizing the master node that applies changes to target the servers.

Cisco is not only companies that are attacked by cybercriminals by using these vulnerable, but earlier the attackers have also attacked other popular companies as well using the security flaws.

The post Cisco server hacked by exploiting SaltStack Vulnerabilities. appeared first on Vednam.

When we talk about the wireless network the one thing strikes in my mind is the vulnerable side of the network. The wireless network is targeted everywhere easily because it is available everywhere. The main part of the router contains vulnerabilities that can be exploited easily with the best technique and software that are included in Kali Linux.

Most of the wireless network users don’t know the security concern, the myth of the user is you set up the password and your wireless device gets secured. The whole scenario ends up on when your router WPS button default ON. This is the backdoor for the cyber attacker to enter your network without any acknowledgment of the user.

After all, you are here to know the best tools you can use while wireless security and penetration testing. Lot’s of the tutorial you got on the wireless hacking tools or Wifi hacking tools.

Let’s know the best WiFi hacking tool in kali Linux:

1. Aircrack -ng

This is the most popular tool for cracking the wireless device which uses security like WEP/WPA/WPA2. Aircrack -ng tool used to capture and handshake, get authentication with any issues, and connect with clients and generate traffic.This tool use brute force and dictionaries. Below a list of tools you can find in Aircrack -ng :

• Aircrack-ng crack the wireless password 
• Airplay-ng to generate traffic and access the client with their acknowledgment.
• Airbase -ng to create a fake access point.
• airodump-ng used for packet capturing.

While using the Aircrack -ng suite is available for Linux and it better with Kali Linux. If you planned for the action for using this tool make sure your Wi-fi card is capable of packet Injection.

Website: https://www.aircrack-ng.org/

 2.Wireshark

The best network protocol analyzing tools available When you use the Wireshark then you come to analyze the deep details about what’s happening on the network. Wireshark can capture the live packet and helps in the deep inspection of hundreds of protocol, browse and filter packets.

Software is available for Windows, Mac, and Kali Linux. For some certain feature, you need a Wi-Fi adapter which can support monitoring and promiscuous mode. 

Website:  https://www.wireshark.org

3.  Macchanger

Macchanger has little utility which is used to spoof your MAC address to some random MAC address or you can personally set the MAC address. Spoofing the MAC address for the wifi hacking might be necessary because it avoids MAC filters or to make the masked identity on a wireless network.

Website:https://github.com/alobbs/macchanger

4.Reaver 

Reaver targets those routers which have WPS vulnerabilities and it’s popular in between cyber attackers. Reavers do brute force attack against the Wifi protected setup(WPS) register PIn and generate the passphrase of WPA/WPA2.Lots of companies that let the WPS button On by default even the ISP provider don’t point this issue for network attack.

If you want to run the Reaver and do the job perfectly you just need a good signal strength with the right configuration. There are some factors for instant recovery for access but it takes a minimum of 4-5 hours. The factors we discuss are the dependencies of instant access on the access point, signal strength, and the PIN itself. You can access the WPS pin in half of the time.

Website: https://code.google.com/p/reaver-wps/

5.PixieWps

This is the new tool with Kali Linux and it also has a character to target WPS Vulnerability.

This program is written in C language and specially used to brute force the WPS PIN offline and exploiting the low or nonexisting entropy of vulnerable access points. This what called and pixie dust attack. This software does not work alone it needs a reaver and wifite to work with. This tool gained popularity in such a small time.

Website:https://github.com/wiire/pixiewps/

Modified Reaver: https://github.com/t6x/reaver-wps-fork-t6x

The post Best Wifi hacking tool in Kali Linux | Finding the Path appeared first on Vednam.

Finding deep news it comes that AIS is the Thailand largest GSM mobile Network which has almost “40.23 million customers” as of 2018. The database is maintained and controlled by the subsidiary Advanced Wireless Network(AWN). It has the combination of DNS query logs and NetFlow logs that appears to be an AWN customer. If someone got all this data then it is easy to create a user track of internet surfing. After this information comes then the Thailand national CERT Team (ThaiCERT) be in action and contact AIS and secure the database.

What is AWN?

According to the source, AWN is a provider of wired as well as wireless network service and telecommunication network provider. This company started in 2005 according to website information. AWN is the subsidiary company of Advanced info Service (AIS).

AWN’s network connects directly with AIS which has only upstream peers. When the ThaiCERT contacted AIS about the exposed database then the database went offline.

When did that data leak start?

Based on the source story, the data was first hit on May 1 and then after May 7, 2020. There was not a single server left exposed on the internet without any authentication.AIS has been notified about the exposed database.

How Much Data Leaked?

Overall it would be 8.3 billion documents which are around 4.7 Terabyte data. On May, 21st,2020 8,336,189,132 Documents were stored in the database, and data contained NetFlow data and DNS Query logs. When they found it was roughly logged for only 8 days but why? 

Why they stopped logging after 8 Days questions are still open. Team perception is that they got more data than they entered to capture. Forensic says they logged roughly 2,538 DNS seconds per second for that period of time.

What do they get from data?

A lot of information can come out if they really follow the documents and data. They basically know your whole query generated on the internet and after that they are also able to know your personal information.

Based on the DNS queries it might be possible that they identify the person whole data because of DNS capture whole information of machine and queries. For example :

• They use android TV is connected with internet
• They use apple devices are connected with internet 
• They use windows devices and the software you use with cloud connectivity.
• They use Antivirus.
• They even use your social media account also.
• They read you google chrome or other browser saved information and history.

The post 8 billion Thai internet records leaked ! appeared first on Vednam.

What are the Functions of this tool?

These tools have multiple methodologies for hacking WiFi, Let’s see:

• WEP all-in-one attack (Combining different methods: Caffe Latte, Chop-Chop, ARP Reply, Hirte, Fake association, Fragmentation, etc)
• Multiple WPS cracking modes-Pixie Dust, Bully and Reaver
• Evil Twin attacks(Rogue AP) with Hostapd+DoS+DHCP+Ettercap+Sslstrip and also BEEF support.
• Offline password decrypting for WPA/WPA2 captured handshakes (Dictionary, brute force, and rule-based) based on aircraft, crunch, and hashcat tools.

Other features :

The other best feature 

• Support for 2.45GHZ band to 5GHZ
• Handshake file capturing feature.
• Easy drag and drop options for windows operating system for entering file paths.
• Cleaning task and temp files. restore the iptables after attack.option to keep monitor mode if the desired exit.

Platforms need to run :

The tools are much more compatible with any Linux OS that may need tools installed needed to run. If you use Kali Linux that would be the best candidate for running it. If you want some challenges just use Arch Operating System.

How Does it Look Like : 

As your expectation with any bash script related tool, if the tool provides the best menu and options that could allow even the best part and it will be easy to perform a wide range of Wifi attacks.

Conclusions :

This tool provides a wide range of options for perfosWiFi hacking. The best part is it is so simple and easy to manage. You can get by here.

The post Airgeddon-Swiss Army WiFi Hacking Tool appeared first on Vednam.

Talk about “ GhostDNS” which uses cross-site request forgery(CSRF) requests to alter the DNS settings and direct access through phishing pages to steal their login credentials.

The Source code has been leaked recently by mistake that happens with attackers.

How it Caught 

• The Source Code of GhostDNS exploit kit and other phishing pages were compressed in a RAR archive uploaded to a file-sharing platform by a hacker.
• When they are trying to download it, one of the members forms attacker groups forgets to disable the Avast web Shield feature of Avast Antivirus installed on their machine.
• This can allow the Avast web protection technology to detect and analyze the router exploit kit as the archive file was not password protected.

Now What next?

• The Avast Threat Intelligence Team downloaded the archive file named “KL DNS.rar” and delineated the functionality of GhostDNS.
• The Name indicates that this tool is used for DNS hijacking and Keylogging to gather critical information from the victim’s computer.
• The two methods used by hackers are Router EK and BRUT which was found in the archive file. Both methods involve the use of CSRF requests to alter DNS settings on a targeted device.

More Information!

• When the Router exploit kit(EK) preys on Devices in the local network to trick users into clicking on a malicious link, BRUT is used as a mass scanner that attacks routers exposed on the public internet.
• Some Extended version of the kit, a banner was displayed to inform the attackers that the CSRF request has been executed.
• When the login information is extracted, the GhostDNS stop and Phishing pages executed means it works step by step to perform the task.
• The most targeted countries are Brazil at the top priority, South America, US America, and Germany.

Important to mention 

All the above stuff which you read mention only these things that manipulate DNS settings and directs users to phishing sites. Cybercriminals leverage this technique to steal user login credentials and credit card numbers from banks.

The post GhostDNS Got leaked by Mistake ! appeared first on Vednam.