According to ethical hacking researcher of international institute of cyber security sputnik is most convenient to search for the target. As it gives all the searches in simple list.

Sputnik an open source intelligence tool which is used to gather information like IP, domain, hash, URL. Sputnik offers some specific search on any query rather than google typical search. Sputnik offers to search in various search engines and many other domains to search for. For checking the source code of sputnik. Go to : https://github.com/mitchmoser/sputnik. Sputnik code is available on the github. You can customize the code according to your needs for information gathering.

For downloading extension go to :-

• Google Chrome : https://chrome.google.com/webstore/detail/sputnik/manapjdamopgbpimgojkccikaabhmocd?utm_source=chrome-ntp-icon

And For

• Mozilla Firefox : https://addons.mozilla.org/en-US/firefox/addon/sputnik-osint/

Basics of how web browser extension works:

Normally, web browser extensions contains two components. One is the manifest from where extension starts. And the another is the is js(javascript) file where the code of the extension is written. For creating web extension go to https://developer.chrome.com/extensions/getstarted

• Below you can see the extension manifest which is used in start of web browser extension.

• And the main js file of the sputnik.

• Above is the source code of the sputnik.

Searching URL :-

• Now for searching any of the query. You have to choose specifically URL as shown below.
• Below is the example of the hackthissite.org. The most popular for testing your hacking skills.

• In the above screen shot, you can click on any URL to search in sputnik. For instance we have clicked on AnyRun.

• Above screen shot shows some of basic information of the hackthissite.org. The above information can be used in other hacking activities.

Searching IP Details :-

• For searching IP details. Click on IP in web browser as shown below.
• For showing we have choosen, open proxy list. From their you can get list of IPs, in which you can use this for search.

• We have use any of the IP to search in sputnik. for ex- we have search for 198.177l.126.93

• The below screen shot shows the details of the IP address on the shodan.

• The above screen shot is the another site which shows the information regarding IP address. This information can be use in other hacking activities.

Searching DOMAINS :-

• For searching domains, Click on any domain in web browser. Or you can search for IP address also.
• For showing you we have used hack.me another popular website for testing hacking skills.

• In the above screen shot, hack.me is used to check. You can check on any search engines provided by sputnik as shown below.

• The above screen shot show the details of domain which can be used in other hacking activities,.

• Here is the another site which shows the information about the target. The above information can be used in other hacking activities.

The post Start hacking with browser extension appeared first on Information Security Newspaper | Hacking News.

• For launching this tool simply go to linux terminal and type fierce -h as shown below

Now start using the queries.

BASIC SCAN:-

• Type fierce -dns knifecenter.com -threads 10

-threads, is used to scan faster. By default, fierce runs in single threaded mode.

====== OUTPUT SNIP =======

• After finishing scan, subdomains along with subnets will be listed. By default fierce uses its own built in wordlist. But you can specify your own wordlist using -wordlist argument in command, as ethical hacking experts explain below:

fierce -dns knifecenter.com -threads 10 -wordlist /home/iicybersecurity/wordlist.txt

SAVING RESULT:-

Type:

fierce -dns zonetransfer.me -threads 10 -file /home/iicybersecurity/Desktop/knifecenter.txt

This command with save the results to /home/iicybersecurity/Desktop/knifecenter.txt file.

The post Uncover virtual hosts of domain with Fierce appeared first on Information Security Newspaper | Hacking News.

The security firm, Fox-IT, said in a blog post published last week that the so-called “man-in-the-middle attack” lasted for 10 hours and 24 minutes, although the attack was largely contained for much of that time. The attackers carried it out by gaining unauthorized access to Fox-IT’s account with a third-party domain registrar. Next, they changed a domain name system record that designated the IP address that corresponded to the the security company’s client portal. With that, the attackers effectively hijacked control of fox-it.com and all traffic sent to it.

The attackers were able bypass protections provided by HTTPS-based encryption by first using their control of the Fox-IT domain to obtain a new transport layer security certificate. The process happened in the first 10 minutes of the attack, during which time all Fox-IT email was rerouted to the attackers. With that in place, the attackers were able to able to decrypt all incoming traffic and to cryptographically impersonate the hijacked domain. After intercepting and reading incoming traffic, the attackers forwarded it to Fox-IT in an attempt to prevent company engineers from detecting the attack.

The detailed account underscores just how easily hacks can succeed, even against security-savvy parties with relatively robust practices in place. It wouldn’t be surprising to see the same techniques succeed against scores or even hundreds of other companies that use the same industry-standard countermeasures.

“While we deeply regret the incident and the shortcomings on our part which contributed to it, we also acknowledge that a number of the measures we had in place enabled us to detect the attack, respond quickly and confidently and thereby limited the scale and length of the incident,” Fox-IT officials wrote.

Fox-IT ultimately detected the DNS hijack a little more than five hours after it started. Company engineers restored the DNS settings to the correct server and changed the password for the account. The man-in-the-middle attack, however, continued because it takes time for old DNS settings to be replaced across the Internet. The engineers eventually disabled the second-factor of authentication on the compromised client portal. The change had the effect of locking out all clients so that the attackers couldn’t intercept sensitive information. At the same time, Fox-IT disabled 2FA but left its login process in place so attackers wouldn’t know Fox-IT had detected the hack. That allowed Fox-IT analysts to monitor how the in-progress attack was working while, at the same time, preventing the hackers from intercepting any more sensitive traffic.

In all, attackers intercepted the login credentials of nine individual users, 10 unique files, one mobile phone number, and several names and email addresses of client portal users. The stolen passwords didn’t allow the attackers to log in to customers’ accounts because they were protected with two-factor authentication. Fox-IT notified users of the September 19 breach within 24 hours, but only disclosed it publicly in last week’s blog post.

The biggest lapse on Fox-IT’s part was the failure to secure its domain register account with two-factor authentication. The security company said it opened the account 18 years ago, when 2FA wasn’t a viable protection in such settings. The unnamed provider failed to make 2FA available in recent years, even as it became common elsewhere, and no one at Fox-IT noticed the lapse.

Fox-IT analysts still don’t know how the attackers obtained the account password, which the blog post said was strong enough to resist brute-force guessing attacks. However the attackers obtained the credential, Fox-IT said the presence of 2FA likely would have prevented the breach. Fox-IT could also have detected the attack much more quickly if it had actively monitored publicly available transparency records for recently issued TLS certificates for its fox-it.com domain.

Source:https://arstechnica.com/information-technology/2017/12/hackers-steal-security-firms-secret-data-in-brazen-domain-hijack/

The post Hackers take control of security firm’s domain, steal secret data appeared first on Information Security Newspaper | Hacking News.