MFA Slipstream - Phishing MFA PoC Walkthrough

by DG under phishing, pentesting, se
MFA Slipstream PoC MFA Slipstream is a Proof of Concept (PoC) I put together a few months ago while on a phishing engagement. It uses JavaScript and a Python back-end to collect a target's username and password, as well as multi-factor authentication token. I say PoC and not tool, because there are some obvious features missing from the PoC's current state, like: the ability to clone a site and stitch in the necessary JavaScript (this is done by hand), or the ability to scale better by some type of user session/state. At its core the MFA Slipstream tool is
Read More

Modifying and Building Burp Extensions

by DG under appsec, burp
Context Last week James Kettle (@albinowax) released a blog post/whitepaper on the PortSwigger blog titled Cracking the Lens: Targeting HTTP's Hidden Attack-Surface. In short, it's about probing hidden systems that make up modern day application infrastructures by submitting intentionally malformed requests. If you haven't read it yet, I would recommend you check it out. A link to the post can be found here. Like Kettle's release last year, Backslash Powered Scanning, this one came with another great open source Burp extension, collaborator-everywhere. The source for which can be found here. This post uses the extension above as an example,
Read More

Phishing Your Way Past MFA

by DG under infosec, phishing, cyber
Hello there! My demo and explanation of phishing multi-factor authentication credentials can be found here: OpenSky Corp Blog - Phishing Your Way Past Multi-Factor Authentication Check back here (decidedlygray.com) or on twitter for updates regarding the PoC tool used for the attack demonstration in the blog post below. I'm planning on doing a detailed code walk-through. The tool will be available on GitHub here. The code walkthrough for the PoC for phishing multi-factor authentication has been posted here: http://decidedlygray.com/2017/08/24/mfa-slipstream-phishing-mfa-poc-walkthrough/
Read More

Evil Access Point with Auto-Backdooring Part 2!

by DG
This post are some next steps and notes I took after my original post about using Kali NetHunter to set up an evil access point that automatically backdoors executables downloaded over HTTP. For context please see the first post. How BDF Proxy Does What it Does In BDFProxy's config file /etc/bdfproxy/bdfproxy.cfg you can see the different sections containing the PATCH_TYPE and PATCH_METHOD settings for the supported executable architectures: [[[WindowsIntelx86/x64]]] PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND # PATCH_METHOD overwrites PATCH_TYPE with jump PATCH_METHOD = automatic I had some troubles with getting certain backdoored PEs
Read More

Evil Access Point with Auto-Backdooring FTW!

by DG
This post is about setting up an evil access point that will automatically backdoor executables that connected users download. Pretty neat, right? This tutorial is inspired by muts' NetHunter video of BDFProxy on NetHunter. I am using Kali NetHunter 2.0 running from a Nexus 9. I am using a TP-LINK TLWN722N (the 150Mbps version) as my secondary network interface. I recently purchased a Nexus 9 tablet and decided to load it up with Kali NetHunter. NetHunter is a release of Kali made specifically for hackers on-the-go. It’s packed with lots of cool stuff like one-click scripts, HID Keyboard
Read More

0-day? More like 4260-day!

by DG under sulley, fuzzing
TL;DR As the title suggests there are no zero days disclosed here. This blog post is a narrative of my first encounters setting up and running the Sulley Fuzzing Framework. I rediscovered a very old bug in a very old and unsupported piece of software, but learned a lot along the way! INTRO I wanted to learn the Sulley Fuzzing Framework. I read Fuzzing: Brute Force Vulnerability a few years ago, and I ended up doing some simple file type and ActiveX fuzzing, but I never took the time to learn the fuzzing framework discussed in the book. I
Read More