Saturday, 21 June 2014

Android Network Toolkit (ANTI) Review - Pentest at the push of a button

Android Network Toolkit (ANTI) Review - Pentest at the push of a button
Android Network Toolkit %2528ANTI%2529 Review   Pentest at the push of a button

This Post reviews the newly released ANTI3 version. We've received a platinum account of ANTI3, before its official release, and this is our review:

Recently White-Hat Hacker, Itzhak "Zuk" Avraham, the founder of zImperium unveiled its new app in Blackhat / Defcon19, introducing a new concept where both home users and local IT can have the same tools to, at the push of a button, check for their security faults. The new zImperium product, namedAndroid Network Toolkit (or in short - ANTI), allows professional penetration testers, ethical hackers, IT and home users to scan for security issues in their network.

In a few simple clicks ANTI covers the most advanced attack vectors in order to check for vulnerabilities, even those that up until now could only be performed by top-notch penetration testers. This means that while you might think that you’re safe because you have a firewall on, with ANTI you can check and prove it (or add it to your penetration testing report if you’re doing this as a job). Know if your desktop is easily hackable only a few clicks away by using the ANTI “Penetrate CSE” button, which will perform both MiTM and inject Client Side Exploit to check if you have the latest version of a vulnerable software (e.g: outdated java). You only need to imagine re-producing this using other currently available methods to appreciate why ANTI has gotten so much respect from our community.

Penetrate CSE” is part of the newly released ANTI3, which covers more vulnerabilities than before. The authors at zImperium will keep improving this product and add even more vulnerabilities in the future.
Upon successful client-side / remote exploitation, the report is updated with the current findings that a specific computer wasn’t patched for a certain vulnerability. Performing MiTM and injecting exploits has never been so easy for the professional penetration tester and is now also available for the home-user and the IT - you don’t have to be a security guru to run security checks!

ANTI runs on Android version 2.1 and up, while CSE vector only one of several capabilities that makes this tool very powerful, especially when it runs on your smart phone!
ANTI won the “Hack Tool of the Year 2011 Award” by THN, PCMagazine’s editor’s choice and many other prizes for a reason. Here’s a short video describing ANTI’s features:
The app is also capable of mapping your network, scanning for vulnerable devices or configuration issues. It is for use by the amateur security enthusiast home user to the professional penetration tester, ANTI provides many other useful features such as: easy connection to open ports, visual sniffing (URLs & Cookies) and - establishing MiTM attacks (using predefined and user-defined filters), Server Side / Client Side Exploits, Password cracker to determine password’s safety level, Replace Image as visual in demos and Denial of Service attacks. All this is packed into a very user-friendly and intuitive Android app (and soon to be released iOS app).

As zImperium chose to enable ANTI via their website, rather than through the market, thus the APK is installed manually by a few simple steps:
Go to http://www.zImperium.com/anti.html and follow the instructions there. You will receive a download link to your email. Open this link from your smartphone and then install the app as instructed. (Make sure that 3rd Party Applications is enabled in Settings->Applications->Unknown Sources.)
iOS users can join the list of upcoming (public) BETA testers in the same page, by clicking on the Apple icon.
initial login
On each run, ANTI will prompt to map the connected network, and when done, it will suggest scanning it for known vulnerabilities and misconfiguration on the targets found. Once a vulnerable target (to remote attacks) is found, it will be marked with red stamp and will appear on the report as a vulnerable device. Displayed in the report is the issue (e.g : MS08-067), how to solve the issue (Windows Update) and how to defend from similar threats in the future (Block port 445 on firewall).
windows box vulnerable gd2 black
We start by mapping the network - ANTI will scan and detect devices connected to the network. Each device will be displayed with a suitable icon identifying its hardware type and/or the operating system. We can then further scan for vulnerabilities on each of the devices found.
MAC Circle
Now that we have our available targets displayed, we can choose any of them to try and penetrate, connect, or sniff network traffic.

The sniffer captures network traffic and displays images, URL’s, user/password combinations, and cookies - all this is collected from the target in real-time, and displayed on ANTI for viewing and examining. We can click on any of the URL’s/cookies to visit the same site our target is visiting.

ANTI also allows us to connect to open ports on the targets, also displaying the opened ports that were found on previous scans. 
ports
After playing a bit with the app, I feel comfortable enough to try and penetrate one of my computers, running Windows7 or Mac OS X that are updated only to 1 month prior to this report. I choose the target and click ‘Penetrate CSE’. This plug-in is injecting javascript code using MiTM into target's traffic and redirect traffic to a URL serving Client Side Exploit. Once the target got exploited, ANTI reveals several functions that can be executed over the exploited target: Send screenshot of the current desktop, execute command. The controller functionality is implemented in a very easy-to-use and fun (!) way, allowing both advanced users and home-users to understand the risks of the found vulnerability - while zImperium censored any real possibility to cause real damage to the target, they allow basic information gathering and real life demos such as ejecting the CD-ROM, or grabbing a screenshot (for the assessment’s final report).
attack menu

I decided to try the password-cracker on my router. I then realized (the good old hard way) that I better change my password ASAP since it took ANTI less than 30 seconds to crack! Next I executed the cracker on my target running a SQL server and, lo and behold, ANTI didn’t discover the passwords - due to use of high complexity passwords. These results were enough to get me to (finally!) change my router’s password.

There are additional functionalities built into ANTI, such as a unique and fully functional HTTP server that allows publishing files on your device, as well as uploading files to the device, visual traceroute using google-maps, and more. 
cracked pass
Once we are done testing, the most important ANTI function is the Report - Everything we have found in the network, vulnerable devices, opened ports, and extra information that will later assist when preparing the assessment report - all is summed up in text and emailed. ANTI3 supports multiple networks so now you can fully use it for your daily penetration tests. And everything is extremely user-friendly! Couldn’t ask for more I guess: 5 Stars out of 5!

How to Use Pendrive as RAM in Windows

In this Technology World, almost Every Student and Computer user own a Pendrive. Some may own Couple of them. Pendrive is Used to Store Important Data or to transfer files from one computer to another. but do you know that you can Use Pendrive as RAM and Boost your PC performance?

You might be now Anxious to know How to use Pendrive as RAM Right? You must be Because RAM plays an important part for your PC performance. With the Introduction of Readyboost Feature in Windows, it has become easier to Boost your PC and speed it up.

How to Use Pendrive as RAM with Readyboost

To use your Pendrive as RAM, You have to make Sure that you have a Pendrive which have a Free Storage Capacity of 4GB. A 8GB pendrive is Highly Recommended to perform this Task

Step 1: Insert your 4GB or 8GB Pendrive.

Step 2: Take a Backup of any data already present in your pendrive, Because its adivisible to format your pendrive before moving forward.

Also Read: 6 Things to do with Old Computer
Step 3: Now goto My Computers and Right Click on your Pendrive to Select Properties.

Step 4: Click on Readyboost Tab, Now wait couple of seconds so that it analyzes your Pendrive, Next you will see something like below Picture

Use Pendrive as RAM in Windows

Step 5: Click on Use this Device, Select the number of MBs you want to use out of total space, Then Click onApply

Step 6: Next you will see Readyboost is Configuring your Cache, When its Done, Just reboot your PC to Feel the Difference

TIP: Once you Start using ReadyBoost Feature, you will have to Practice to Remove your Pendrive Safely Before Ejecting it to Avoid any trouble.

This was a Very simple and Effective Step by Step Guide on How to Use Pendrive as RAM in Windows PC. I hope this article will help you and so will you Share it on Social Media to Help us Grow. Don't Forget to Read more Interesting and Helpful articles on our Blog.

Wednesday, 18 June 2014

How to Change IMEI Number of Your Android Easily (Rooting Required)

Your device may have been repaired and now you are getting problems related to network. It may be because of not having a valid IMEI number. Changing IMEI number is illegal but it may help you to get your phone back. If you own a rooted Android device then we will provide you an easy trick to change your IMEI number. This will not require you to download and install anything or to connect your device with the computer with USB debugging mode enabled, it is a very simple trick that you can perform in seconds but the only requirement of this trick is that you require a rooted Android device.

Steps to Change IMEI Number of Your Android –

  • Write the following in your dialler – *#7465625# or *#*#3646633#*#*
  • Click to Call pad or connectivity options.
  • Find out CDS information and tap on it.
  • Check out for Radio information.
  • If you have dual SIM, there will be two options for you, select the one which you want to go with.
  • Now to change IMEI number follow –
AT +EGMR=1,7,”IMEI_1” and “AT +EGMR=1,10,”IMEI_2” (replace IMEI_1 and IMEI_2 with your IMEI no)
For example : AT =EGMR=1,7”9100XXXXXXXXXXXX
  • And click to send.

Screenshots:

So this is the easiest way to change IMEI number of your Android, there are many other methods too but they will require you to download the software and install it and then you have to use that software to perform your work. The only thing that this ethod requires is a rooted device. The choice is yours. Also let me tell you again that changing IMEI is illegal so don’t misuse the information provided here. Also it doesn’t changes your device ID so don’t try to play smart.

Secret Codes of Android Phones


*Secret Codes of Android Phones*

DISCLAIMER: This information is intended for experienced users. It is not intended for basic users, hackers, or mobile thieves. Please do not try any of following methods if you are not familiar with mobile phones. We'll not be responsible for the use or misuse of this information, including loss of data or hardware damage. So use it at your own risk.



So in this topic, you'll get several hidden secret codes which can be used in any Google Android mobile phone to access things which are not accessible by default.

FYI These codes have been obtained by decoding various .apk files present in the phone firmware.

*#*#4636#*#*

This code can be used to get some interesting information about your phone and battery. It shows following 4 menus on screen:

* Phone information
* Battery information
* Battery history
* Usage statistics

*#*#7780#*#*

This code can be used for a factory data reset. It'll remove following things:

* Google account settings stored in your phone
* System and application data and settings
* Downloaded applications

It'll NOT remove:

* Current system software and bundled applications
* SD card files e.g. photos, music files, etc.

PS: Once you give this code, you get a prompt screen asking you to click on "Reset phone" button. So you get a chance to cancel your operation.

*2767*3855#

Think before you give this code. This code is used for factory format. It'll remove all files and settings including the internal memory storage. It'll also reinstall the phone firmware.

PS: Once you give this code, there is no way to cancel the operation unless you remove the battery from the phone. So think twice before giving this code.

*#*#34971539#*#*

This code is used to get information about phone camera. It shows following 4 menus:

* Update camera firmware in image (Don't try this option)
* Update camera firmware in SD card
* Get camera firmware version
* Get firmware update count

WARNING: Never use the first option otherwise your phone camera will stop working and you'll need to take your phone to service center to reinstall camera firmware.

*#*#7594#*#*

This one is my favorite one. This code can be used to change the "End Call / Power" button action in your phone. Be default, if you long press the button, it shows a screen asking you to select any option from Silent mode, Airplane mode and Power off.

You can change this action using this code. You can enable direct power off on this button so you don't need to waste your time in selecting the option.

*#*#273283*255*663282*#*#*

This code opens a File copy screen where you can backup your media files e.g. Images, Sound, Video and Voice memo.

*#*#197328640#*#*

This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

WLAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#* - WLAN test (Use "Menu" button to start various tests)

*#*#232338#*#* - Shows WiFi MAC address

*#*#1472365#*#* - GPS test

*#*#1575#*#* - Another GPS test

*#*#232331#*#* - Bluetooth test

*#*#232337#*# - Shows Bluetooth device address

*#*#8255#*#*

This code can be used to launch GTalk Service Monitor.

Codes to get Firmware version information:

*#*#4986*2650468#*#* - PDA, Phone, H/W, RFCallDate

*#*#1234#*#* - PDA and Phone

*#*#1111#*#* - FTA SW Version

*#*#2222#*#* - FTA HW Version

*#*#44336#*#* - PDA, Phone, CSC, Build Time, Changelist number

Codes to launch various Factory Tests:

*#*#0283#*#* - Packet Loopback

*#*#0*#*#* - LCD test

*#*#0673#*#* OR *#*#0289#*#* - Melody test

*#*#0842#*#* - Device test (Vibration test and BackLight test)

*#*#2663#*#* - Touch screen version

*#*#2664#*#* - Touch screen test

*#*#0588#*#* - Proximity sensor test

*#*#3264#*#* - RAM version