April 14, 2015

Wireless Penetration Tests are one of my favourite subjects. It allows a Penetration Tester to dismantle s0-called security in 90% of all times whilst sitting in the car park outside the company being tested. Attack vectors against Wireless Networks are plentiful and unlike with Web App Pentesting or large scale Network Pentesting, no expensive tools are needed. When it comes to software, Kali Linux once again is the choice. However, whilst Kali has a lot of good Wifi Pentesting tools, it doesn’t come with a very cool script called PwnSTAR. This script is basically all a Wifi Pentester needed to launch Cracking, Evil Twin and other MITM attacks against the tested network. Due to its open source code, it’s very customizable and adaptable.

Some features:

  • Honeypot
  • WPA handshake capture and cracking
  • Sniffing
  • web server with dnsspoof
  • Karmetasploit
  • Browser_autopwn

As always, only use this script against your own Wifi Network or if you have the written permission of the customer undergoing a Pentest engagement with you.



November 30, 2014


SSL and Man in the Middle (MITM)

Author: Martin Voelk
November 27, 2014

Businesses and individuals seems to think HTTPS = SSL = SECURE. Truth couldn’t be further from that. If you see a green lock in your browser, all that says it’s a validated “good” certificate. It doesn’t mean that you are actually connecting to the server you expect to connect to. There could be a nice SSL interception proxy between your browser and the actual server. A classic company providing those appliances is BlueCoat. The BlueCoat will then do the SSL connection with the actual destination server whereas your browser is only doing the SSL to the BlueCoat unknowingly. If your company has set up the proxy correctly you won’t know anything is off because they’ll have arranged to have the proxy’s internal SSL certificate registered on your machine as a valid certificate.

So you can guess what happens in the middle? Clear text and all your data is visible. Who can install those boxes? Service Providers, Governments, your company. Pretty much anyone in the middle of that connection. Whilst the ordinary hackers can’t just set up ISPs and deploy BlueCoat SSL proxies, hackers increasingly target networks to hack into those BlueCoat boxes. Others have purchased the equipment and deployed it for them.

This is the real risk, especially when those networks are easy to enter, as we unfortunately find in many of our Penetration Tests.  Surveillance is questionable but has its need when it comes to combat terrorism and the likes. However it’s important that the surveillance appliances are secured from Hackers because then the data could really get into the wrong hands.