The Hack o blog

Reinventing the weel

Category Archives: Hacking tools

Bash scripts, for making the Wireless Hacking process easier.

I know of two Bash scripts for making the Wireless Hacking process easier. but there are probably allot more, both scripts have their pros and cons.

WiPhire by middlewifi

WiPhire makes cracking wireless networks so easy, even a caveman could do it.

And

wifite by WakingLife

Designed for Backtrack4 RC1 distribution of Ubuntu. Linux only; no windows or osx support.

VOIP Hacking / Phreaking program [ VoIP Hopper ]

Nortel IP Video Phone 1535

Image via Wikipedia

oIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments. VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security.

In Cisco IP Phone networks, it first dissects either IEEE 802.3 or Ethernet II for Cisco Discovery Protocol (CDP) packets. If CDP is enabled on the switch port and the Voice VLAN feature is enabled, it will determine the Voice VLAN ID (VVID). This will allow the tool to create a new Ethernet interface on the PC that tags the 802.1q VLAN header in the Ethernet packet. After VoIP Hopper has created the new Ethernet device, it will send a DHCP client request. It can also generate CDP messages just as an IP Phone based on CDP would do. It will send two CDP packets, requesting the Voice VLAN ID. After creating the new interface, it will then iterate between sleeping for 60 seconds, and sending a CDP packet.

In Avaya IP Phone environments, it sends an Option 55 parameter request list, requesting Option 176. When the DHCP server sends Option 176, it decodes the L2QVLAN reply field for the Voice VLAN ID. It then creates a new voice interface and sends a DHCP request.

In Nortel IP Phone networks, VoIP Hopper sends an Option 55 parameter request list, requesting Option 191. When the DHCP Server sends Option 191 data, it decodes the VLAN-A: string for the Voice VLAN ID. It then creates a new voice interface and sends a DHCP request.

http://voiphopper.sourceforge.net/

 

 

EasyHook – The reinvention of Windows API Hooking

http://easyhook.codeplex.com/

Project Description
EasyHook starts where Microsoft Detours ends.
This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software.

Read more of this post

Dump utility to dump process/binary SAFESEH handlers

Sample of the Metasploit Framework 3.0 Beta ru...

Image via Wikipedia

This utility will dump the SAFESEH exception handlers in a process or binary. It is intended for the vulnerability researcher trying to exploit a vulnerability that requires bypassing SAFESEH.

https://code.google.com/p/safeseh-dump/