border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Pages

Friday, January 13, 2012

How To Backtrack 5 ARM running on Android using Debdroid (Works on ALL rooted devices)



Debdroid
The flashable zip contains the shell scripts, conf and apk. If you are unable to flash, mount /system as rw and place the the files manually. 

BEFORE TRYING ANY OF THESE SCRIPTS MAKE SURE YOU HAVE A ROOT BASH SHELL 
su 
bash 

Scripts: 
debshell - wrapper for passing commands to the chroot.
Example- 
debshell "apt-get update" 
debkill - kills the chroot in case anything goes wrong 
debdroid - starts the debdroid chroot without the apk wrapper. 

Conf: 
/etc/debdroid.conf contains options such as img location, dns servers, loop number and shared directory. 
Note: The shared directory is mounted to /mnt/share in the chroot environment. 


Apk: 
com.afrosec.debdroid.apk - apk wrapper that essentially launches "bash debshell" 

Known Bugs: Exit deployment does not work, you must kill the application by holding the back button or hitting exit deployment until it allows you to FC 

Uses: 
Debdroid comes preinstalled with nmap, ettercap, ssh, g++ and gcc. 
With a chroot environment you are able to install software with the native package manager and completely avoid cross-compiling. 
You are able to drop to a bash shell in the chroot by executing "debshell bash" 

Most linux packages will work out of the box. 
In order to get ssh up execute "debshell sshup" 

In the previous release of Debdroid I showed its capabilities of WLAN sniffing using your device, this is still an applicable use - expect an updated tutorial to follow. 

Script Manager Compatibility: 
Because debshell can pass commands directly to the chroot sub-system you can use a script manager app to launch commands as well. 

Debdroid provides the user with a full Linux environment you can ssh into. This may cater to the needs of the of the individuals who need to perform device-related linux tasks without an actual linux workstation. 


XFCE4 over VNC 
 
Debdroid APK 
 
Starting up Debdroid chroot 
 
Performing NMAP scan 
 
Passing apt-get update to the chroot sub-system 
 
Running vnstat -l 
 

Backtrack 5 Penetration testing from your pocket.

Backtrack 5 released with an ARM image compatible with the Motorola Xoom. 
FAT32 has a file size limit of 4gb, bt5's img size was over 5gb, therefore unable to work with any other Android device booting the chroot of off an external SD-Card. The attached img files are downsized to 3.25GB. 

Uses: 
NMAP internal networks from WIFI AP without a laptop. 
All the functionality of Backtrack 5 in your pocket.. scan any network your device can connect to. 

How to: 
Flash the debdroid installer zip 
Download either the custom .img or the original .img 
Create a folder called debian on your sdcard. 
Mount / as r-w via an app with this function or "mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system" (where mtdblock3 is the system block) 
Open up /etc/debdroid.conf with your favorite text editor 
Find the line "img="/mnt/sdcard/debian/debian.img" and change to "img="/mnt/sdcard/debian/btandr35.img", save. 
Start up the APK, Deploy, pentest from your pocket. 

My custom .img changes: 
Replaced gnome with xfce4 and fixed startvnc

Screenshots:

Downloads:

Flashable zip - DOWNLOAD

Note: You may have to turn off signature verification to get this to flash. 


Distro Images: (If you have created a distro image that works with Debdroid, send a link) 
These custom images are resized to 3.25gb to fit on all FAT32 sdcards. 4GB is the file size limit.

Backtrack 5 ARM 3.5gb img Original - DOWNLOAD 
Backtrack 5 ARM 3.5gb img Custom - DOWNLOAD

Note: Rename all .img to debian.img unless you specify otherwise in your conf. 

Debian Squeeze 1gb img - DOWNLOAD 
Debian Squeeze 2gb img - DOWNLOAD 
Debian Squeeze 3gb img - DOWNLOAD 
Debian Squeeze 4gb img - DOWNLOAD 
Debian Squeeze 5gb img - DOWNLOAD
Debian Lenny 750mb img - DOWNLOAD

Expect to see updates for this project. 
Download and submit other tools with Gitbrew's Content Database
Backtrack 5 ARM running on HTC Incredible video 

 
Debdroid supports Backtrack 5 ARM edition - Custom .img now available.

How To Root Your Android Phone


Just like other OneClick roots for Eclair, and Froyo, here comes the Universal One click Easy root for Gingerbread phones.

SuperOneClick lets you root just about any Android Phone. the compatiblitiy list is provided below, however, if your phone isn’t listed, there are chances that the phone is still supported, its worth giving it a try.
Compatibility List:

Acer Liquid Metal
Dell Streak
HTC Magic (Sapphire) 32B
HTC Bee
LG Ally
Motorola Atrix4G
Motorola Charm
Motorola Cliq
Motorola Droid
Motorola Flipside
Motorola Flipout
Motorola Milestone
Nexus One
Samsung Captivate
Samsung Galaxy 551 (GT-I5510)
Samsung Galaxy Portal/Spica I5700
Samsung Galaxy S 4G
Samsung Galaxy S I9000
Samsung Galaxy S SCH-I500
Samsung Galaxy Tab
Samsung Transform M920
Samsung Vibrant
Sony Ericsson Xperia E51i X8
Sony Ericsson Xperia X10
Sprint Hero
Telus Fascinate
Toshiba Folio 100


How to Root with SuperOnClick
Pre-requisites: Make sure you have Microsoft .NET v2+ framework or Mono v1.2.6+. Works on Vista+, Ubuntu 8+ and Mac OS 10.x via Mono
Enable Usb debugging, make sure drivers are installed.
Some devices have a NAND lock. SuperOneClick will only give a Shell root until you remove this lock.
The following phones can use go to LINK to remove this lock:

Sprint EVO 4G (HTC Supersonic)
Droid Incredible (HTC Incredible)
HTC Desire GSM
HTC Desire CDMA (HTC BravoC)
HTC Aria
Droid Eris (HTC DesireC)
HTC Wildfire (HTC Buzz)


Download SuperOneClick 1.9.1


Video Tutorial


Increase SD card Speed on Android



Sometimes on a good smartphone, the bottom line for application performance is the SD card. You can always chose from various classes of SD cards to attain required throughput, but even Class 10, sometimes, may not turn out too well.



On Android, many of us are dissapointed with SD card speeds. Even if it is Class 10 card, it performs poorly as compared to the PC.

Why SD cards are slow on Phones?



The main reason for the poor speed is the Cache size for reading from SD Card. It’s set to 128 KB, on some ROM’s even to 4 KB. You can verify the cache size on your android phone from this file: /sys/devices/virtual/bdi/179:0/read_ahead_kb




How to Increase SD card Speed

You can always edit it manually but changes are lost on every boot. In order to make changes persistent, it has to be done by loading the script on the startup through the init.d.
The easier, alternate way is to flash ClockWorkMod zip files from recovery:

Cache size: 4069. Speeds: W/s 5.6, R/s 13.7

Download zip here For Ra.1.7 

Cache Size: 204. Speeds: w/s 7.9 r/s 21.7

Download Zip here For RA1.7

Other configs are also available in this post, Download

How to Choose the Right SD card Cache setting
There’s no rule of thumb here, you must find which Cache size fits best for your SD Card. For testing, use the Root Explorer to change the value, then run SD Tools Benchmark – finally flash the CWM zip file that fits your SD Card.

If you are too confused and can’t figure out whats best or too lazy, go with my suggestion of 2048 KB Cache size, which performs at best for most of the SD Cards!

That’s all for now, enjoy the improved speeds on SD card.

Thursday, January 12, 2012

Introduction How To Hack A Bank




[1] Of eight respected computer security experts consulted for this article, all agreed that hacking into a bank was doable, and most insisted it wouldn't be all that hard. "If I were going into e-crime, I'd hit a bank," says Jon David, a security guru who has worked in the field for 30 years. Why haven't banks been hacked, then? Oh, but they have--big time. In 1994, a 24-year-old programmer in St. Petersburg, Russia, named Vladimir Levin hacked Citibank for $10 million. He was later caught, extradited to the United States and is serving a three-year sentence. (All but $400,000 of the money was recovered.) This sort of thing happens often but is hushed up, according to Michael Higgins, a former analyst with the Defense Intelligence Agency and now a financial computer security consultant who heads Para-Protect in Alexandria, Virginia. The federal government requires banks to report losses, but Higgins says banks avoid potentially bad publicity by reporting losses as accounting efficiency errors. "The losses are in the reports, but the FBI doesn't get them. They only get reports of alleged crimes," he says. "The reports aren't specific enough to identify losses that could have come from hacking." In the case of larger losses, bank managers simply disregard the law for fear that customers would flee if the truth were known, according to Bob Friel, a former Secret Service agent who now heads a computer forensics group at the Veterans Affairs Inspector General's office. During a stint as a security consultant to banks and other organizations, Friel was shocked to discover the magnitude of the hacker losses that banks were swallowing. He claims his sources in the financial industry report individual hits as large as $100 million. A half dozen banks contacted for this article declined to comment. 


[2] Computer security insiders are usually careful to use the term cracker for someone who tries to gain unauthorized entry into a computer system, reserving hacker as a complimentary term for someone adept at programming. But we'll stick with the popular usage of hacker as an intruder. 


[3] As with many high tech ventures in today's robust economy, finding good people will be our biggest challenge. Programmers with malicious or criminal bents tend not to be the exceptionally talented; most of those make pretty good money in legitimate jobs. If the bloom fades on the tech stock market, however, there could be a lot of high-living programmers who suddenly don't have jobs. In the meantime, we could use "false flag recruitment" techniques, convincing candidates that they would be serving a bank. 


[4] Though our heist will be electronic, it would probably be close to impossible to pull it off without someone providing information from the inside. Levin had an inside partner on the Citibank job. 


[5] Preferably we target a midsize bank that has moved aggressively into information technology and Internet banking, because competitive pressure from technology-savvy big banks has probably caused them to get in over their heads, opening up security gaps. Says Higgins: "Those banks are rushing into technology, and they don't comprehend it completely." 


[6] According to Jim Settle, founder of the FBI's original computer crime squad and now CEO of security consultancy SST, a successful electronic bank heist should take about six months. 


[7] To get our seed money, we can form a private syndicate of the sort that has cropped up to support computer credit card fraud operations in Russia. You'd think we'd be able to work with organized crime, but for now these people "are way behind the curve, for reasons nobody understands," says Settle. In any case, a syndicate or crime boss is going to want a near-guaranteed ROI. If we can't be convincing in that regard, and we lack even the tiniest shred of ethics or patriotism, we can always approach a hostile foreign government--Iraq, North Korea, Russia, and so forth--or even a terrorist organization. Saudi terrorist Usama bin Laden would probably be an eager backer, according to Kawika Daguio, a security expert who heads the bank-supported Financial Information Protection Association, because bin Laden has publicly declared his interest in disrupting U.S. financial institutions. Besides providing ready cash, these sorts of backers won't be on our case about ROI, says Daguio, because "the theft of money could trigger a crisis of confidence, and it doesn't have to be a huge amount." 


[8] We should be able at least to match Levin's initial haul from Citibank, but we could expect to steal as much as $1 billion because of lax standards over the past few years, Friel says. 


[9] Most midsize banks don't bother to do more than the most cursory of background checks of blue-collar employees and contractors. 


[10] This is the opposite of what David Remnitz, CEO of New York information security consultancy IFsec, calls the "Catherine Zeta-Jones" approach--a big-bang, instant hack of the sort popularized by Hollywood and the New York Times that bears little resemblance to the sort of hacking that organizations really need to fear. 


[11] Virtually all banks, and most midsize and large companies, have by now installed a combination of hardware and software firewalls that sit between the outside world and the main gateway to the internal network. Some firewalls are harder to defeat than others, but we won't really care because we won't want to go through the network's main gateway anyway. Hackers usually look for the digital equivalent of rickety back doors and unlocked or easily breakable windows. By the way, larger banks and other businesses sometimes spend as much as millions of dollars apiece on automated "intrusion detection" software. But Settle points out that his company is often hired by companies to try to break into their networks, and in 40 break-ins his team's incursion has been detected only once.

Follow Us

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More