MFA Slipstream - Phishing MFA PoC Walkthrough

by DG under phishing, pentesting, se
MFA Slipstream PoC MFA Slipstream is a Proof of Concept (PoC) I put together a few months ago while on a phishing engagement. It uses JavaScript and a Python back-end to collect a target's username and password, as well as multi-factor authentication token. I say PoC and not tool, because there are some obvious features missing from the PoC's current state, like: the ability to clone a site and stitch in the necessary JavaScript (this is done by hand), or the ability to scale better by some type of user session/state. At its core the MFA Slipstream tool is
Read More

Modifying and Building Burp Extensions

by DG under appsec, burp
Context Last week James Kettle (@albinowax) released a blog post/whitepaper on the PortSwigger blog titled Cracking the Lens: Targeting HTTP's Hidden Attack-Surface. In short, it's about probing hidden systems that make up modern day application infrastructures by submitting intentionally malformed requests. If you haven't read it yet, I would recommend you check it out. A link to the post can be found here. Like Kettle's release last year, Backslash Powered Scanning, this one came with another great open source Burp extension, collaborator-everywhere. The source for which can be found here. This post uses the extension above as an example,
Read More

Phishing Your Way Past MFA

by DG under infoso, phishing, cyber
Hello there! My demo and explanation of phishing multi-factor authentication credentials can be found here: OpenSky Corp Blog - Phishing Your Way Past Multi-Factor Authentication Check back here (decidedlygray.com) or on twitter for updates regarding the PoC tool used for the attack demonstration in the blog post below. I'm planning on doing a detailed code walk-through. The tool will be available on GitHub here. The code walkthrough for the PoC for phishing multi-factor authentication has been posted here: http://decidedlygray.com/2017/08/24/mfa-slipstream-phishing-mfa-poc-walkthrough/
Read More

Evil Access Point with Auto-Backdooring Part 2!

by DG
This post are some next steps and notes I took after my original post about using Kali NetHunter to set up an evil access point that automatically backdoors executables downloaded over HTTP. For context please see the first post. How BDF Proxy Does What it Does In BDFProxy's config file /etc/bdfproxy/bdfproxy.cfg you can see the different sections containing the PATCH_TYPE and PATCH_METHOD settings for the supported executable architectures: [[[WindowsIntelx86/x64]]] PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND # PATCH_METHOD overwrites PATCH_TYPE with jump PATCH_METHOD = automatic I had some troubles with getting certain backdoored PEs
Read More

Evil Access Point with Auto-Backdooring FTW!

by DG
This post is about setting up an evil access point that will automatically backdoor executables that connected users download. Pretty neat, right? This tutorial is inspired by muts' NetHunter video of BDFProxy on NetHunter. I am using Kali NetHunter 2.0 running from a Nexus 9. I am using a TP-LINK TLWN722N (the 150Mbps version) as my secondary network interface. I recently purchased a Nexus 9 tablet and decided to load it up with Kali NetHunter. NetHunter is a release of Kali made specifically for hackers on-the-go. It’s packed with lots of cool stuff like one-click scripts, HID Keyboard
Read More