Ehtools Framework: Herramientas Pentesting para Wi-Fi

Imagen
Ehtools Framework (Entynet Hacker Tools) es un conjunto de herramientas de penetración para redes WiFi desarrollado por entynetproject. Se puede usar para todo, desde instalar nuevos complementos hasta hacer contacto WPA en segundos. Ademas, es fácil de instalar, configurar y usar. Como todas las tecnologías, el WiFi también tiene algunos problemas de seguridad, especialmente para las redes publicas WiFi. Cualquier intruso puede atacar nuestros dispositivos accediendo a nuestras redes WiFi (puedes hacer una prueba con Wifiphisher). Entonces, debemos analizar nuestra red inalambrica de vez en cuando para evitar ataques de hackers. Existen muchas herramientas para hacer pruebas de penetración de WiFi, pero la herramienta que discutiremos aquí es un poco diferente a las demás. Sobre Ehtools ¿Que es lo que hace que el marco de trabajo de Ehtools sea diferente de otros? Cuando hacemos pruebas de penetración WiFi, tendemos a usar diferentes herramientas para diferentes tare...
1 comentario

CÓMO PROTEGER CUALQUIER SERVIDOR LINUX: PROTECCIÓN AUTOMATIZADA DE SERVIDOR - Parte 3

    Luego se instalará modsecurity
    [+] Installing ModSecurity
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 libxml2 is already the newest version (2.9.4+dfsg1-6.1ubuntu1.2).
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   libxml2-dev libxml2-utils
 0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
 Need to get 793 kB of archives.
 After this operation, 3,731 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y

Preparing to unpack …/modsecurity-crs_3.0.2-1_all.deb …
 Unpacking modsecurity-crs (3.0.2-1) …
 Setting up modsecurity-crs (3.0.2-1) …
 Processing triggers for libc-bin (2.27-3ubuntu1) …
 Setting up liblua5.1-0:amd64 (5.1.5-8.1build2) …
 Setting up libapache2-mod-security2 (2.9.2-1) …
 apache2_invoke: Enable module security2
 Processing triggers for libc-bin (2.27-3ubuntu1) …
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Luego, ejecute el siguiente comando para reiniciar apache2
    [+] Setting UP OWASP Rules for ModSecurity
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]OK
 Enabling module headers.
 To activate the new configuration, you need to run:
   systemctl restart apache2
 Done.
  To EXIT Press x Key, Press ENTER to Continue


 [+] Optimizing Apache
 -- Enabling ModRewrite
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]Enabling module rewrite.
 To activate the new configuration, you need to run:
   systemctl restart apache2
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Ingrese su correo electrónico para recibir alertas
    [+] Installing ModEvasive
 Type Email to Receive Alerts testemail.com
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   bsd-mailx
 The following NEW packages will be installed:
   bsd-mailx libapache2-mod-evasive
 0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
 Need to get 80.5 kB of archives.
 After this operation, 256 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y
 Get:1 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 bsd-mailx amd64 8.1.2-0.20160123cvs-4 [66.0 kB]
 Get:2 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 libapache2-mod-evasive amd64 1.10.1-3 [1

Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Setting up libapache2-mod-evasive (1.10.1-3) …
 apache2_invoke: Enable module evasive
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Instale Mod_Qos
    [+] Installing Mod_Qos/Spamhaus
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   libapache2-mod-qos
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 202 kB of archives.
 After this operation, 744 kB of additional disk space will be used.
 Get:1 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 libapache2-mod-qos amd64 11.44-1build1 [202 kB]
 Fetched 202 kB in 3s (80.2 kB/s)
 Selecting previously unselected package libapache2-mod-qos

Building dependency tree
 Reading state information… Done
 E: Unable to locate package libapache2-mod-spamhaus
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Luego configurará Fail2ban
    [+] Configuring Fail2Ban
 Configuring Fail2Ban……
 [ ok ++++++++++++++++++++++++++++++++++++++++++++++++++   ][….] Restarting fail2ban (via systemctl): fail2ban.service.
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Instalar paquetes adicionales
    [+] Installing Additional Packages
 Install tree………….
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following NEW packages will be installed:
   tree
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 40.7 kB of archives.
 After this operation, 105 kB of additional disk space will be used.
 Get:1 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 tree amd64 1.7.0-5 [40.7 kB]
 Fetched 40.7 kB in 2s (24.3 kB/s)
 Selecting previously unselected package tree.
 (Reading database … 228842 files and directories currently installed.)
 Preparing to unpack …/tree_1.7.0-5_amd64.deb …
 Unpacking tree (1.7.0-5) …
 Setting up tree (1.7.0-5) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …

Setting up apt-show-versions (0.22.7ubuntu1) …
 ** initializing cache. This may take a while **
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Install PHPUnit……….
 config-set succeeded
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Luego, instalará las dependencias de ipv6, instalará un refuerzo adicional del servidor y presionará sí para activar o desactivar la compatibilidad con USB
    [+] Running additional Hardening Steps
 Running Additional Hardening Steps….
 Reading package lists… Done++++++++++++++++++++++++++   ]
 Building dependency tree
 Reading state information… Done
 Package 'at' is not installed, so not removed
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7

Preparing to unpack …/libpam-cracklib_1.1.8-3.6ubuntu2.18.04.1_amd64.deb …
 Unpacking libpam-cracklib:amd64 (1.1.8-3.6ubuntu2.18.04.1) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Setting up libpam-cracklib:amd64 (1.1.8-3.6ubuntu2.18.04.1) …
 Securing Cron
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]
Do you want to Disable USB Support for this Server? (y/n): n
OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Instale Unhide para mostrar los procesos ocultos que se ejecutan en segundo plano
    [+] Installing UnHide
 Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 Suggested packages:
   rkhunter
 The following NEW packages will be installed:
   unhide
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 46.6 kB of archives.
 After this operation, 136 kB of additional disk space will be used.
 Get:1 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 unhide amd64 20130526-1 [46.6 kB]
 Fetched 46.6 kB in 2s (25.9 kB/s)
 Selecting previously unselected package unhide.
 (Reading database … 228917 files and directories currently installed.)
 Preparing to unpack …/unhide_20130526-1_amd64.deb …
 Unpacking unhide (20130526-1) …
 Setting up unhide (20130526-1) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …

Done.
  To EXIT Press x Key, Press ENTER to Continue
    Instalar la dependencia de Tiger
    [+] Installing Tiger
 Tiger is a security tool that can be use both as a security audit and intrusion detection system
 Reading package lists… Done
 Building dependency tree
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   chkrootkit john john-data tripwire
 The following NEW packages will be installed:
   chkrootkit john john-data tiger tripwire
 0 upgraded, 5 newly installed, 0 to remove and 1 not upgraded.
 Need to get 6,868 kB of archives.
 After this operation, 24.0 MB of additional disk space will be used.
 Get:1 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 tripwire amd64 2.4.3.1-2 [1,647 kB]

Setting up john-data (1.8.0-2build1) …
 Setting up john (1.8.0-2build1) …
 For More info about the Tool use the ManPages
  man tiger
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Instalar rootkit hunter
    [+] Installing RootKit Hunter
 Rootkit Hunter is a scanning tool to ensure you are you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
 - MD5 hash compare      
 - Look for default files used by rootkits      
 - Wrong file permissions for binaries      
 - Look for suspected strings in LKM and KLD modules      
 - Look for hidden files      
 - Optional scan within plaintext and binary files 

File updated: searched for 181 files, found 152
 ***To Run RootKit Hunter ***
      rkhunter -c --enable all --disable none
      Detailed report on /var/log/rkhunter.log
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Entonces se sintonizará bashrc
    [+] Tunning bashrc, nano and Vim
 Tunning .bashrc……
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]OK
 Tunning Vim……
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]OK
 Tunning Nano……
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    A continuación, JShielder actualizará
    [+] Adding Daily System Update Cron Job
 Creating Daily Cron Job
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ] 
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    La mayor parte de la configuración de JShielder será automatizada. Así que ahora instalará la artillería
    [+] Cloning Repo and Installing Artillery
 fatal: destination path 'artillery' already exists and is not an empty directory.
 Welcome to the Artillery installer. Artillery is a honeypot, file monitoring, and overall security tool used to protect your nix systems.
 Written by: Dave Kennedy (ReL1K)

 Do you want to install Artillery and have it automatically run when you restart [y/n]: y

[] Adding artillery into startup through init scripts.. [] Triggering update-rc.d on artillery to automatic start…
 [*] Checking out Artillery through github to /var/artillery
 Cloning into '/var/artillery'…
 remote: Enumerating objects: 35, done.
 remote: Counting objects: 100% (35/35), done.
 remote: Compressing objects: 100% (35/35), done.
 remote: Total 1632 (delta 17), reused 3 (delta 0), pack-reused 1597

Setting Iptable rules for artillery
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
 Artillery configuration file is /var/artillery/config
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Instale PSAD
    [+] Install PSAD
 PSAD is a piece of Software that actively monitors you Firewall Logs to Determine if a scan
        or attack event is in Progress. It can alert and Take action to deter the Threat
    NOTE:    IF YOU ARE ONLY RUNNING THIS FUNCTION, YOU MUST ENABLE 

 LOGGING FOR iptables   
 iptables -A INPUT -j LOG   \
 iptables -A FORWARD -j LOG

 Do you want to install PSAD (Recommended)? (y/n): y

To EXIT Press x Key, Press ENTER to Continue
    Luego deshabilite los compiladores
    [+] Disabling Compilers
 Disabling Compilers…..
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]
  If you wish to use them, just change the Permissions
  Example: chmod 755 /usr/bin/gcc 
  OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Ahora asegure la carpeta tmp. Ingrese y
    [+] Securing /tmp Folder
 ¿Did you Create a Separate /tmp partition during the Initial Installation? (y/n): y

Nice Going, Remember to set proper permissions in /etc/fstab
 Example:
 /dev/sda4   /tmp   tmpfs  loop,nosuid,noexec,rw  0 0 
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    JShielder restringirá el acceso a los archivos de configuración de Apache
    [+] Restricting Access to Apache Config Files
 Restricting Access to Apache Config Files……
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++    ] OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Entonces restringirá las actualizaciones de seguridad desatendidas. Presione y
    [+] Enable Unattended Security Updates
 ¿Do you Wish to Enable Unattended Security Updates? (y/n): y
    Se instalará dependencia contable
    0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 87.2 kB of archives.
 After this operation, 304 kB of additional disk space will be used.
 Get:1 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 acct amd64 6.6.4-1 [87.2 kB]
 Fetched 87.2 kB in 2s (48.7 kB/s)                      
 Selecting previously unselected package acct.
 (Reading database … 229408 files and directories currently installed.)
 Preparing to unpack …/acct_6.6.4-1_amd64.deb …
 Unpacking acct (6.6.4-1) …
 Processing triggers for ureadahead (0.100.0-21) …
 Processing triggers for install-info (6.5.0.dfsg.1-2) …
 Setting up acct (6.6.4-1) …
 update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
 update-rc.d: warning: stop runlevel arguments (1) do not match acct Default-Stop values (0 1 6)
 Processing triggers for libc-bin (2.27-3ubuntu1) …
 Processing triggers for systemd (237-3ubuntu10.24) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Processing triggers for ureadahead (0.100.0-21) …
 OK
    Instalar autitd ingresar y
    [+] Installing auditd
 Reading package lists… Done
 Building dependency tree       
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 The following additional packages will be installed:
   libauparse0
 Suggested packages:
   audispd-plugins

After this operation, 803 kB of additional disk space will be used.
 Do you want to continue? [Y/n] Y

Processing triggers for systemd (237-3ubuntu10.24) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …
 Processing triggers for ureadahead (0.100.0-21) …
 Enabling auditing for processes that start prior to auditd
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]Sourcing file `/etc/default/grub'
 Generating grub configuration file …
 Found linux image: /boot/vmlinuz-4.18.0-25-generic
 Found initrd image: /boot/initrd.img-4.18.0-25-generic
 Found linux image: /boot/vmlinuz-4.18.0-15-generic
 Found initrd image: /boot/initrd.img-4.18.0-15-generic
 Found memtest86+ image: /boot/memtest86+.elf
 Found memtest86+ image: /boot/memtest86+.bin
 done
 Configuring Auditd Rules
 [ ++++++++++++++++++++++++++++++++++++++++++++++++++++++  ]

Done.
  To EXIT Press x Key, Press ENTER to Continue
    JShielder instalará y habilitará la estadística de sistema
    [+] Installing and enabling sysstat
 Reading package lists… Done
 Building dependency tree       
 Reading state information… Done
 The following package was automatically installed and is no longer required:
   libllvm7
 Use 'sudo apt autoremove' to remove it.
 Suggested packages:
   isag
 The following NEW packages will be installed:
   sysstat
 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
 Need to get 295 kB of archives.
 After this operation, 1,192 kB of additional disk space will be used.
 Get:1 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 sysstat amd64 11.6.1-1 [295 kB]
 Fetched 295 kB in 2s (124 kB/s)    

Processing triggers for systemd (237-3ubuntu10.24) …
 Processing triggers for man-db (2.8.3-2ubuntu0.1) …

 OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Instale arpwatch para monitorear el tráfico ARP. Ingrese y
    [+] ArpWatch Install
 ArpWatch is a tool for monitoring ARP traffic on System. It generates log of observed pairing of IP and MAC.
 Do you want to Install ArpWatch on this Server? (y/n): y

Synchronizing state of arpwatch.service with SysV service script with /lib/systemd/systemd-sysv-install.
 Executing: /lib/systemd/systemd-sysv-install enable arpwatch

 OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Establecer la contraseña del cargador de arranque GNU. Más información sobre el funcionamiento del gestor de arranque es parte del curso avanzado de hacking ético del Instituto Internacional de Seguridad Cibernética (IICS, iiCyberSecurity)
    [+] GRUB Bootloader Password
 It is recommended to set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password)
 Do you want to set a GRUB Bootloader Password? (y/n): y

Do you want to set a GRUB Bootloader Password? (y/n): y
 Enter password: 
 Reenter password: 
 PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.15D5D8416652D02126C81FCF8C49A59B82F070F8010A13412C420345E97AA9CADC8798E7218A27105875C0C0950DC6A7EAC1D3DA92C32A6107FF572CB42A1D53.C05B506339CB3227411FF804E9587808E40CD72DD07CD749B004D324E9F90D2A4D092E6C9BE64E6E61DC71FB32A8DB00E65CA7BE6582975E30F64C9D46CD1C19
 Sourcing file `/etc/default/grub'
 Generating grub configuration file …

Found memtest86+ image: /boot/memtest86+.bin
 done
 On every boot enter root user and the password you just set
 OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Configuración de arranque seguro
    Securing Boot Settings
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] 
 Done.
  To EXIT Press x Key, Press ENTER to Continue


 [+] Setting File Permissions on Critical System Files
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]
 Setting Sticky bit on all world-writable directories
 [ +++++++++++++++++++++++++++++++++++++++++++++++++++++   ]
: Read-only file system
 chmod: changing permissions of '/snap/core/7270/tmp': Read-only file system
 chmod: changing permissions of '/snap/core/7270/var/tmp': Read-only file system
 chmod: changing permissions of '/snap/core/6350/run/lock': Read-only file system
 chmod: changing permissions of '/snap/core/6350/tmp': Read-only file system
 chmod: changing permissions of '/snap/core/6350/var/tmp': Read-only file system
 chmod: changing permissions of '/snap/core18/1049/run/lock': Read-only file system
 chmod: changing permissions of '/snap/core18/1049/tmp': Read-only file system
 chmod: changing permissions of '/snap/core18/1049/var/tmp': Read-only file system

  OK
 Done.
  To EXIT Press x Key, Press ENTER to Continue
    Arriba puede ver que el permiso ha cambiado. Todos los cambios han sido completados. Luego se mostrará el mensaje de que JShielder ha configurado completamente Ubuntu para crear e implementar aplicaciones web

Comentarios

Publicar un comentario

Entradas populares de este blog

Metasploit-Framework En Termux - Instalación en Móviles Android

¿Que es Metasploit-Framework? Metasploit es un proyecto open source de seguridad informática que proporciona información acerca de vulnerabilidades de seguridad y ayuda en tests de penetración "Pentesting" y el desarrollo de firmas para sistemas de detección de intrusos. Su subproyecto más conocido es el Metasploit Framework, una herramienta para desarrollar y ejecutar exploits contra una máquina remota. Otros subproyectos importantes son las bases de datos deopcodes (códigos de operación), un archivo de shellcodes, e investigación sobre seguridad. Inicialmente fue creado utilizando el lenguaje de programación de scripting Perl aunque actualmente el Metasploit Framework ha sido escrito de nuevo completamente en el lenguaje Ruby. Instalar Metasploit-Framework En Termux Hola amigo en estos momentos te explico como debes de instalar Metasploit en tu teléfono móvil Android mediante el Termux... Sigue los siguientes pasos detalladamente y lo podemos obtener como ...
Leer más

Que Hacer Ante un Secuestro – Informática como Herramienta

Imagen
Qué Hacer Ante un Secuestro Prevenciones y Acciones Hoy en dia la modalidad de secuestro varia mucho, desde los conocidos secuestros físico por medio de la privación de libertad hasta los secuestros virtuales por medio del engaño e ingeniería social. Si bien se establecen por protocolo diversas acciones por parte de las fuerzas policías , dependiendo del modus operandi de este, nosotros no entraremos en discusión de los mismos, sino que nos centraremos en cómo prevenirlos por diversas toma de decisiones y cómo accionar ante los mismos en el penoso caso de ser parte de uno, tanto siendo nosotros el rehén como un familiar del mismo. ********** Prevención: ********** Si bien la metodología de prevención es diversa, en este post nos centraremos en lo que respecta a los medios digitales. Los celulares son claramente una de las mejores herramientas al horario de utilizar dicho sistema para alertar a las autoridades y/o familiares en caso de que estemos en presencia de ...
Leer más

Una Botnet desde tu casa

Imagen
No hace mucho hice un pequeño aporte a la comunidad enseñando mi mini-proyecto para la creación de una botnet: " https://underc0de.org/foro/hacking/winp-una-botnet-desde-tu-casa!/ ", pocos usuarios pero con palabras que debo escuchar, requerían de documentación o algún tutorial acerca de esto, así que les traigo "Tutorial de Winp". Antes de seguir debemos saber ... ¿Que es una botnet? Una pequeña definición según wikipedia: "Botnet es un término que hace referencia a un conjunto o red de robots informáticos o bots, que se ejecutan de manera autónoma y automática.​ El artífice de la botnet puede controlar todos los ordenadores/servidores infectados de forma remota." ¿Que es Winp? Winp, es un proyecto de código abierto para la interacción múltiple de varias terminales remotas o... básicamente un script para la creación de una botnet. Características * - Cifrado híbrido (AES256 y RSA) * - Múltiples conexiones * - Uso de un...
Leer más