Sunday, October 22, 2017

Editor for Protocol Buffer Binary files

Open File ScreenStandard Tree Edit screenMessage Edit ScreenTable EditSearch for Proto file that matches a binary messageProtocol Buffer Definition in the Editor

Description

This project provides an editor for Protocol Buffers Binary format (using a Proto schema).

This project is built on top of the RecordEditor

HIDDEN MESSAGES - MessageQueue.Formatter Property

The Formatter property contains an instance of a formatter object, which transforms messages when your application reads or writes to the queue.
When the application sends message to the queue, the formatter serializes the object into a stream and inserts it into the message body. When reading from a queue, the formatter deserializes the message data into the Body property of a Message.
The XmlMessageFormatter is loosely coupled, so it is not necessary to have the same object type on the sender and receiver when using this format. The ActiveXMessageFormatter and BinaryMessageFormatter serialize the data into binary representation. The ActiveXMessageFormatter is used when sending or receiving COM components.
BinaryMessageFormatter and ActiveXMessageFormatter provide faster throughput than the XmlMessageFormatter. The ActiveXMessageFormatterallows interoperability with Visual Basic 6.0 Message Queuing applications.
When your application sends messages to the queue, the MessageQueue.Formatter applies only to those messages that use the default message properties, DefaultPropertiesToSend. If you send a Message to the queue, Message Queuing uses the formatter defined in the Message.Formatterproperty to serialize the body instead.
The MessageQueue class will always use a Message to receive or peek a message from the queue. The message is deserialized using the MessageQueue.Formatter property.

An ICMP packet carrying a hidden message

Therefore, we may establish a covert channel if the initial value of the Pointer field is greater than the value of the Length field, or just greater than the length of the hidden message. Specifically, if we set the initial value of the Pointer field greater than the value of the Length field, then no router can write its IP address. In this case, we can use all the remaining 36 bytes of the IP header option to insert a hidden message. This is shown in Figure 6.a. However, if we set the initial value of the Pointer field to a value greater than the length of the hidden message, then a number of routers can still write their IP addresses in the remaining bytes of the IP header option. This is shown in Figure 6.b. Frameip packet generator [26] is used to generate an ICMP Ping packet [27] including the record route option. The value of the Pointer field in the packet is set to be greater than the value of the Length field. The IP addresses of the source and destination hosts are 172.16.16.3 and 172.16.16.20, respectively. The hidden message written in the Options field is: “ This is a covert channel ” and its length is 24 bytes. Consequently, the value of the Length field is 39 bytes. The value of the Pointer field is set to 28, in order to force any router to write its IP address in the 4-byte-field that just follows the hidden message. The contents of the Options field in the sent and received packets are decoded using the Ethereal Sniffer program. Figure 7 shows that the first router (which is the destination host in our case) has inserted its IP address just after the hidden message. Using this technique, a covert channel is established and a secure communication using hidden messages can be done. This technique has the following advantages:

https://www.researchgate.net/figure/268401309_fig3_Figure-7-An-ICMP-packet-carrying-a-hidden-message

Secret message in a ping

Saturday, October 21, 2017

CATPHISH - For Phishing And Corporate Espionage

Project for phishing and corporate espionage.

Current Algorithms
  • SingularOrPluralise
  • prependOrAppend
  • doubleExtensions
  • mirrorization
  • homoglyphs
  • dashOmission
  • Punycode
CATPHISH v.0.0.5
Added more languages. Improved generator code.

CATPHISH v.0.0.4
Added Punycode algorithm for vietnamese and cyrillic characters map.
ruby catphish.rb -d microsoft.com -m Punycode -a



CATPHISH v.0.0.3
Analyzie target domain to generate smiliar-looking domains for phishing attacks.



HOW TO USE




Conducting Network Penetration and Espionage

OS Identification 
Synopsis 

It is possible to guess the remote operating system. 
List of Hosts 
95.141.28.91 

Remote operating system: FreeBSD 9.0 
FreeBSD 9.1 
Confidence Level: 85 
Method: SSH 

The remote host is running one of these operating systems: 
FreeBSD 9.0 
FreeBSD 9.1 

I 

PORT MYSQL (3306/TCP) 
Service Detection 

Synopsis 

The remote service could be identified. 
List of Hosts 
95.141.28.91 

A MySQL server is running on this port. 

PORT (OfTCP) 

Common Platform Enumeration (CPE) 
Synopsis 

It is possible to enumerate CPE names that matched on the remote\system. 
List of Hosts 
95.141.28.91 

The remote operating system matched the following CPE's: 

cpe:/o: freebsd: freebsd: 9.0 -> FreeBSD 9.0 

cpe:/o: freebsd: freebsd: 9.1 
Following application CPE's matched on the remote system: 

cpe:/a: openbsd: openssh: 5.8 -> OpenBSD OpenSSH 5.8 

cpe: /a :php:php: 5.3.18 

cpe: /a:igor_sysoev:nginx:l .2.4 

PORT SSH (22/TCP) 

SSH Protocol Versions Supported 

Synopsis 

A SSH server Is running on the remote host. 
List of Hosts 
95.141.28.91 

The remote SSH daemon supports the following versions of the 
SSH protocol: 

- 1.99 

- 2.0 

SSHv2 host Icey fingerprint: 5a:ce:da:el:b3 :c2: 6b:65:S7:f6:8e:e8:8 3 :d8 : 03:65 

So, you're a spy, hidden operative for NATO! You want to transmit a message (besides the software for secret ICMP type) ....then you remote call and previouse check the permission you have to transmit! ManageEngine Free Ping Tool Free Ping Tool monitors the availability of servers, routers, switches, mail servers and web servers using the power of ICMP ping. It displays the results in a dashboard

Fight Stingray & IMSI catchers with Android IMSI-Catcher Detector


AIMSICD is an app to detect IMSI-Catchers. IMSI-Catchers are false mobile towers (base stations) acting between the target mobile phone(s) and the real towers of service providers. As such they are considered a Man-In-The-Middle (MITM) attack. In the USA the IMSI-Catcher technology is commonly known under the name “StingRay“. Find out more on their WIKI.
For this app to function to its full potential you will want to have a rooted android phone. AIMSICD will alert you when your phone is attempting to connect to a suspicious cell tower

The experimental malware instead repurposes the speakers in earbuds or headphones to use them as microphones, converting the vibrations in air into electromagnetic signals to clearly capture audio from across a room.


PCM3060 (ACTIVE)

24-bit Asynchronous Stereo Audio Codec with 96/192kHz sampling rate


The PCM3060 is a low-cost, high-performance, single-chip, 24-bit stereo audio codec with single-ended analog inputs and differential analog outputs.
The stereo 24-bit ADC employs a 64-times delta-sigma modulator. It supports 16-96 kHz sampling rates and a 16/24-bit digital audio output word on the audio interface.

"you've been frame" Encoding is handled by the Network Interface Card, or NIC, inside the computer. It handles and decodes digital signals, and is in charge of all the messaging ins and outs on the computer

Signal Spy started as a companion app for Project Fi called Fi Spy. It provides information about your connectivity via cellular and wi-fi connections. It also gives you the ability to control that connection via dialer codes and monitor your connections with a history log. We also provide quick links to Fi communities. That is where we started, and we've made our features compatible with more carriers in the US and worldwide!