5/28/2023

DOWNLOAD SENTRY MBA V1.4.1 – AUTOMATED ACCOUNT CRACKING TOOL

Sentry MBA is an automated account cracking tool that makes it one of the most popular cracking tools. It is used by cybercriminals to take over user accounts on major websites. With Sentry MBA, criminals can rapidly test millions of usernames and passwords to see which ones are valid on a targeted website. The tool has become incredibly popular — the Shape Security research team sees Sentry MBA attack attempts on nearly every website we protect.  Download Sentry MBA v1.4.1 latest version.

FEATURES

Sentry MBA has a point-and-click graphical user interface, online help forums, and vibrant underground marketplaces to enable large numbers of individuals to become cybercriminals. These individuals no longer need advanced technical skills, specialized equipment, or insider knowledge to successfully attack major websites.
Sentry MBA attack has three phases,
  • Targeting and attack refinement
  • Automated account check
  • Monetization

Related news


Posted by No comments:

How To Switch From 32-Bit Windows 10 To 64-Bit Windows 10

Microsoft offers Windows 10 as a free upgrade for computers running a genuine copy of Windows 7 or Windows 8.1. Also, similar to previous releases, the operating system is available on different editions and two versions: 32-bit and 64-bit.While upgrading from Windows 10 Home to Windows 10 Pro is not free, what many people are unfamiliar with is that Microsoft won't ask for more money to upgrade from a 32-bit to a 64-bit version.
However, the upgrade path only allows moving from a qualifying version to its equivalent edition on the same architecture. This limit means that if your PC is running a 32-bit version of Windows 8.1, after the upgrade you'll be stuck with the 32-bit version of Windows 10 — even if your computer's processor can handle the 64-bit version. The only solution is to make a clean installation of the operating system and reconfigure all your apps and settings.
iemhacker-how-to-switch-from-32-bit-windows-to 64bit
In this Windows 10 guide, we'll walk you through the steps to verify whether your computer in fact includes support for a 64-bit version and we'll guide you through the upgrade process to Windows 10 (x64).

Make sure Windows 10 64-bit is compatible with your PC

A 64-bit version of Windows can only be installed on computers with capable hardware. As such, the first thing you need to do is to determine whether your computer has a 64-bit processor.
You can easily get this information from the Settings app.
  1. Use the Windows key + I keyboard shortcut to open the Settings app.
  2. Click System.
  3. Click About.
  4. Under System type, you will see two pieces of information: if it says 32-bit operating system, x64-based processor, then it means that your PC is running a 32-bit version of Windows 10 on a 64-bit processor. If it says 32-bit operating system, x86-based processor, then your computer doesn't support Windows 10 (64-bit).

Make Sure Your Processor is 64-bit Capable

First thing's first. Before even thinking of upgrading to 64-bit Windows, you'll need to confirm that the CPU in your computer is 64-bit capable. To do so, head to Settings > System > About. On the right-hand side of the window, look for the "System type" entry.

You'll see one of three things here:

  • 64-bit operating system, x64-based processor. Your CPU does support 64-bit and you already have the 64-bit version of Windows installed.
  • 32-bit operating system, x86-based processor. Your CPU does not support 64-bit and you have the 32-bit version of Windows installed.
  • 32-bit operating system, x64-based processor. Your CPU supports 64-bit, but you have the 32-bit version of Windows installed.
If you see the first entry on your system, you don't really need this article. If you see the second entry, you won't be able to install the 64-bit version of Windows on your system at all. But if you see the last entry on your system—"32-bit operating system, x64-based processor"—then you're in luck. This means you're using a 32-bit version of Windows 10 but your CPU can run a 64-bit version, so if you see it, it's time to move on to the next section.
Make Sure Your PC's Hardware Has 64-bit Drivers Available
Even if your processor is 64-bit compatible, you might want to consider whether your computer's hardware will work properly with a 64-bit version of Windows. 64-bit versions of Windows require 64-bit hardware drivers, and the 32-bit versions you're using on your current Windows 10 system won't work.
Modern hardware should certainly offer 64-bit drivers, but very old hardware may no longer be supported and the manufacturer may have never offered 64-bit drivers. To check for this, you can visit the manufacturer's driver download web pages for your hardware and see if 64-bit drivers are available. You shouldn't necessarily need to download these from the manufacturer's website, though. They are likely included with Windows 10 or automatically will be downloaded from Windows Update. But old hardware—for example, a particularly ancient printer—simply may not offer 64-bit drivers.

Upgrade by Performing a Clean Install

You'll need to perform a clean install to get to the 64-bit version of Windows 10 from the 32-bit one. Unfortunately, there's no direct upgrade path.
Warning: Back up your important files before continuing and also make sure you have what you need to reinstall your programs. This process will wipe your whole hard disk, including Windows, installed programs, and personal files.
First, if you haven't upgraded to Windows 10 yet, you'll need to use the upgrade tool to upgrade. You'll get the 32-bit version of Windows 10 if you were previously using a 32-bit version of Windows 7 or 8.1. But the upgrade process will give your PC a Windows 10 license. After upgrading, be sure to check that your current 32-bit version of Windows 10 is activated under Settings > Update & security > Activation.
Once you're using an activated version of the 32-bit Windows 10, download the Windows 10 media creation tool from Microsoft. If you're using the 32-bit version of Windows 10 at the moment, you'll have to download and run the 32-bit tool.
When you run the tool, select "Create installation media for another PC" and use the tool to create a USB drive or burn a disc with Windows 10. As you click through the wizard, you'll be asked whether you want to create 32-bit or 64-bit installation media. Select the "64-bit (x64)" architecture.
Next, restart your computer (you did back everything up, right?) and boot from the installation media. Install the 64-bit Windows 10, selecting "Custom install" and overwriting your current version of Windows. When you're asked to insert a product key, skip the process and continue. You'll have to skip two of these prompts in total. After you reach the desktop, Windows 10 will automatically check in with Microsoft and activate itself. You'll now be running the 64-bit edition of Windows on your PC.
If you want to go back to the 32-bit version of Windows, you'll need to download the media creation tool—the 64-bit version, if you're running the 64-bit version of Windows 10—and use it to create 32-bit installation media. Boot from that installation media and do another clean install—this time installing the 32-bit version over the 64-bit version.

Final Words :

Finally, you are aware of the way through which you could be able to switch from the 32-bit windows to 64-bit windows really easily. There will be no difference in the functions or the working of the windows yet the only change that you will get is the more advanced architecture that is compatible with numerous high-end apps. If you are thinking to switch your windows to the 64-bit version then make sure you first check for your hardware compatibility. Hopefully, you would have liked the information of this post, please share this post with others if you really liked it. Provide us your valuable views regarding this post through using the comments section below. At last nevertheless thanks for reading this post!
More info
Posted by No comments:

Security Analysis In An OpenID Connect Lab Environment

In this post, Christian Fries shows an approach to unveil security flaws in OpenID Connect Certified implementations with well-known attack methods. One goal of the master's thesis Security Analysis of Real-Life OpenID Connect Implementations was to provide a platform for developers and security researchers to test implementations in a reproducible and maintainable OIDC lab environment.

We included six OpenID Provider (OP) and eight Relying Party (RP) services in the lab environment. For the comprehensive security analysis, we tested the implementations against eleven Relying Party attacks and seven OpenID Provider attacks in different variations with our tool PrOfESSOS. In addition, we carried out manual tests as well. We have disclosed twelve implementation flaws and reported them to the developers in a responsible disclosure process.

Two developer teams fixed (✔) the vulnerabilities before the deadline of the master's thesis. One Redirect URI Manipulation vulnerability was rejected (✖). This particular case can be permissible for only one registered URI for reasons of interoperability and fault tolerance. We informed three further development teams (✦).

Name Vulnerability Fixed CVE
MITREid Connect PKCE Downgrade Attack
mod auth openidc ID Spoofing, JWKS Spoofing
node oidc-provider Redirect URI Manipulation
OidcRP Replay Attack
phpOIDC Message Flow Confusion, ID Spoofing, Key Confusion
pyoidc Replay Attack, Signature Manipulation, Token Recipient Confusion CVE-2020-26244

We explain the method of how we have archived this result in the following sections.

 

Introduction

The OpenID Connect protocol framework defines three basic flows, Authorization Code Flow (or just Code Flow), Implicit Flow, and Hybrid Flow. OAuth 2.0, which is the foundation of OpenID Connect, introduces several extensions. One of the latest extensions is Code Flow with PKCE (Proof Key for Code Exchange, RFC7636).

Compliance with the specification requirements is essential for application security. Settings and parameter conditions are changed. For example, in Code Flow, a nonce parameter in the Authentication Request is optional but required for the Implicit Flow. The developers have to deal with such changes. They end up implementing several code branches and various state machines. The implementation's code complexity naturally increases if it supports more features and extensions. This complexity implies that minor changes with only one specific flow in mind can introduce a security issue in another flow.

Various well-known attacks are published in different papers and several mitigations are mentioned in best practice guides. One tool, which can perform the fully automated evaluation of services with generic attack vectors, is PrOfESSOS.

PrOfESSOS

PrOfESSOS is our evaluation as a Service (EaaS) security tool. We have implemented significant improvements into it over the past few years. The latest version can simulate a malicious RP that can carry out the attacks against an OP. In addition, PrOfESSOS can simulate an honest and a malicious OP to perform Single-Phase and Cross-Phase attacks. A penetration tester can access the RESTful API directly or the Web UI to start an evaluation.

Supported attacks on Relying Parties

Single Phase # Attack Patterns   Cross Phase # Attack Patterns
ID Spoofing 12   Issuer Confusion 1
Replay Attack 6   IdP Confusion 1
Key Confusion 13   Malicious Endpoint Attack 1
Signature Manipulation 4   Session Overwriting 2
Cross Site Request Forgery 3      
Token Recipient Confusion 3      
Token Substitution 2      

Supported attacks on OpenID Provider

Attack # Attack Patterns
Authorization Code Reuse and Substitution 5
Redirect URI Manipulation 15
Open Redirector 1
Client Authentication Bypass 15
Message Flow Confusion 2
PKCE Downgrade Attack 5
Sub Claim Spoofing 5

The Lab Environment

Overview

A developer or security researcher needs a running web application to start an evaluation. One way to create an analysis is to execute the web application and evaluation tools on a local development machine. This approach might be a practical compromise for small-scale projects. For multiple instances of applications with different configurations, this approach can be cumbersome. Docker containers can help here. Various RP and OP already offer a container setup, or there are examples of creating Dockerfiles, at least. It is possible to have reproducible build results through the container concept. In addition, this approach enables us to store static configuration files and SQL dumps for a specific instance.

We introduced three networks running on a server for our lab environment setup. The ProfNET for all evaluation tools can be controlled and debugged from a remote client. Furthermore, we added a RPNet for all Relying Parties and an OPNet for all OpenID Provider. The MitMProxy connects the networks and the users' browser. It allows us to observe and manipulate every http(s) communication in front- and back-channel.

Setup

Server Side

It is only required to checkout the oidc-docker-libs. The docker-compose setup can be built and run with:

git clone https://github.com/RUB-NDS/oidc-docker-libs docker-compose build docker-compose up -d

The following ports are used by the lab: 8787, 9990, 8888, 8042, 8080, 8081. You should ensure that you don't have service running on those ports.

The docker-compose provides the possibility to run only a small subset, for example:

docker-compose up -d professos mitmproxy mitreid-server

Docker Structure

The basic idea of our docker containers is to build from sources in a more or less generic way. We intended that each application runs as a completely independent unit. The application configuration can be performed with build arguments, environment variables, or complete SQL dumps.

You can see that we structured a Dockerfile in four blocks:

FROM ubuntu:18.04  ARG BRANCH=v3 ARG FLOW=implicit ARG CONTROLLER_URL ARG SERVER_HOST  # Setup the application ENV APPDIR /opt/app WORKDIR ${APPDIR} RUN git clone --depth=1 --branch=$BRANCH https://github.com/YOU/YOUR_APP RUN cd YOUR_APP \     && echo config=$FLOW >> configuration_file \     && ./build  # deploy automatically created certs ARG CA_DIR="/certs" ARG CA_CERT="oidc-ca.crt" VOLUME ["$CA_DIR"]  # Configure apache or nginx COPY config/apache-ssl.conf /etc/apache2/sites-available/ssl.conf RUN sed -i "s#SERVER_HOST#$SERVER_HOST#g" /etc/apache2/sites-available/ssl.conf RUN a2enmod headers ssl proxy proxy_http rewrite && a2ensite ssl RUN echo "https://$CONTROLLER_URL" > /var/www/html/.professos  # Start the application and apache/nginx server COPY docker-entrypoint.sh ${SUBDIR}/ WORKDIR ${SUBDIR} ENTRYPOINT ["./docker-entrypoint.sh"]

From this point, it is possible to add two or more configured instances to the docker-compose.yml file. Every instance can be tested independently and without influencing each other. This independence enables us to test various switches, e.g., different flows or authentication methods in different combinations.

app1-implicit:     build:       context: rp/app1       args:         FLOW: "implicit"         CONTROLLER_URL: ${CONTROLLER_HOST}         CLIENT_HOST: ${APP1-IMPLICIT}     depends_on:       - certs     volumes:       - certs:/certs:ro     env_file:       - .proxy_env     environment:       CA_DIR: ${CA_DIR}       CA_CERT: ${CA_CERT}       VIRTUAL_HOST: ${APP1-IMPLICIT}     networks:       - rpnet       - profnet 
app1-code:   build:     context: rp/app1     args:       FLOW: "code"           CONTROLLER_URL: ${CONTROLLER_HOST}       CLIENT_HOST: ${APP1-CODE}   depends_on:     - certs   volumes:     - certs:/certs:ro   env_file:     - .proxy_env   environment:     CA_DIR: ${CA_DIR}     CA_CERT: ${CA_CERT}     VIRTUAL_HOST: ${APP1-CODE}   networks:     - rpnet     - profnet

Client Side

The user solely has to establish a proxy connection to SERVERIP:8080. For example, in Firefox, the addon FoxyProxy can switch easily between different proxy settings.

It is advisable to install the generated Root-CA (oidc-ca.crt) in the browsers' certification store. Otherwise, self-signed certification warnings will be displayed. After the web browser is connected to the proxy, it should be possible to reach the landing page https://lab.

Automatic Tests with PrOfESSOS

We have two options for automatic tests with PrOfESSOS. We can either use the Web UI at https://professos, or call the RESTful API methods directly. Both options require a configuration file with target information. PrOfESSOS requires this information to find all needed URLs and parameter fields to login with selenium scripts.

You can use the following JSON file for the MITREid Connect Client:

{   "UrlClientTarget": "https://mitreid-client/simple-web-app/login",   "InputFieldName": "identifier",   "SeleniumScript": "",   "FinalValidUrl": "https://mitreid-client/simple-web-app/",   "HonestUserNeedle": "{sub=honest-op-test-subject, iss=https://honest-idp.professos/CHANGE_ME}",   "EvilUserNeedle": "{sub=evil-op-test-subject, iss=https://attack-idp.professos/CHANGE_ME}",   "ProfileUrl": "https://mitreid-client/simple-web-app/user" }

Only the CHANGE_ME parameter must be replaced manually with the displayed Test ID, as you can see in the following screenshot. The Test ID represents a unique OP address. This allows parallel testing as long as the implementation supports Dynamic Registration.

After clicking the "Learn" button, PrOfESSOS tries to log in with the honest and evil OP. Note that it takes a while until the process is finished.

If everything has worked as expected, PrOfESSOS displays a green checkmark. Otherwise, the UI provides minor logs and a few screenshots until the error has occurred. The MitMProxy Web UI can be a helpful additional tool to debug such issues.

On success, explicit tests or all tests can be executed. Each test step provides a small description and a test execution log.

The other option to start these tests is to use the RESTful API. Therefore, we provide a python cli tool in the oidc-docker-libs/oidc-lab-scripts folder. For all currently implemented RP and OP solutions, we have stored the json configurations. After starting the cli tool you solely need to select a target and run a complete test. An HTML report is also created which can be shared with collaborators.

#> ./cli.py [*] Professos CLI started Starting Control Center for Professos! cli> load rp mitreid-client  Start session default cli>> rp> mitreid-client> full_test Create new test plan: TestId = 6RZmcJHNd6o Learn: {     "HonestWebfingerResourceId": "https://honest-idp.professos/6RZmcJHNd6o",     "EvilWebfingerResourceId": "https://attack-idp.professos/6RZmcJHNd6o",     "UrlClientTarget": "https://mitreid-client/simple-web-app/login",     "InputFieldName": null,     "SeleniumScript": "",     "FinalValidUrl": "https://mitreid-client/simple-web-app",     "HonestUserNeedle": "{sub=honest-op-test-subject, iss=https://honest-idp.professos/6RZmcJHNd6o}",     "EvilUserNeedle": "{sub=evil-op-test-subject, iss=https://attack-idp.professos/6RZmcJHNd6o}",     "ProfileUrl": "https://mitreid-client/simple-web-app/user",     "Type": "de.rub.nds.oidc.test_model.TestRPConfigType" } ================================================================================ Run Test Step [0]: ID Spoofing 1 - ID Token (sub) - PASS ================================================================================ Run Test Step [1]: ID Spoofing 2 - ID Token (sub+iss) - PASS ================================================================================

Semi-Automated and Manual Tests

The MitMProxy can intercept and manipulate front and backend communication for minor manual tests. For example, the MITREid Connect client can perform user authentication with Keycloak as the OpenID provider. To simulate a redirect URI attack, you can intercept the Authentication Request or Token Request and manipulate the values.

Another reproducible way is to combine a specific PrOfESSOS attack, and a prepared script that is uploaded to the MitM scripting interface. Therefore, we added a server application to the MitM scripting interface, which can be controlled with the lab script cli tool.

We used such a workflow to check if a special redirect URI is vulnerable to an XSS attack. You can try it on your own. The command to prepare this attack is:

./cli.py [*] Professos CLI started Starting Control Center for Professos! cli> load op mitreid-server  Start session default cli>> op> mitreid-server> create Create new test plan: TestId = vWmdL4XHe2w cli>> op> mitreid-server> learn Learn: {     "HonestRpResourceId": "https://rp.professos/vWmdL4XHe2w",     "EvilRpResourceId": "https://evilrp.professos/vWmdL4XHe2w",     "UrlOPTarget": "https://mitreid-server/oidc-server",     "OPMetadata": "",     "AccessToken1": "",     "AccessToken2": "",     "User1Name": "user1",     "User2Name": "user2",     "User1Pass": "user1pass",     "User2Pass": "user2pass",     "LoginScript": "",     "ConsentScript": "",     "Client1Config": "",     "Client2Config": "",     "Type": "de.rub.nds.oidc.test_model.TestOPConfigType" } cli>> op> mitreid-server> run_pyscript pentest/mitreid-server-redirect.py Received: OK Received: OK cli>> op> mitreid-server> run 48 ================================================================================ Run Test Step [48]: Custom 1 - Redirect URI - PASS cli>> op> mitreid-server> export cli>> op> mitreid-server> report

As a result, in the screenshot you can see that our javascript was escaped correctly.

Another new feature for RP tests is to expose a specific attack pattern with PrOfESSOS and go through the login process manually with a browser. This is archived with the cli and the expose command. If you want to test, execute these commands:

./cli.py [*] Professos CLI started Starting Control Center for Professos! cli> load rp mitreid-client  Start session default cli>> rp> mitreid-client> create Create new test plan: TestId = hDOAisJy9OE cli>> rp> mitreid-client> learn Learn: {     "HonestWebfingerResourceId": "https://honest-idp.professos/hDOAisJy9OE",     "EvilWebfingerResourceId": "https://attack-idp.professos/hDOAisJy9OE",     "UrlClientTarget": "https://mitreid-client/simple-web-app/login",     "InputFieldName": null,     "SeleniumScript": "",     "FinalValidUrl": "https://mitreid-client/simple-web-app",     "HonestUserNeedle": "{sub=honest-op-test-subject, iss=https://honest-idp.professos/hDOAisJy9OE}",     "EvilUserNeedle": "{sub=evil-op-test-subject, iss=https://attack-idp.professos/hDOAisJy9OE}",     "ProfileUrl": "https://mitreid-client/simple-web-app/user",     "Type": "de.rub.nds.oidc.test_model.TestRPConfigType" } cli>> rp> mitreid-client> expose --test 3
  • Start login at https://mitreid-client/simple-web-app/login
  • For the OpenID Provider use the exposed attacker OP address https://attack-idp.professos/CHANGE_ME which can be copied from the learn step.
  • The browser should display a simple message: Authentication Failed: Id Token Issuer is null -> Our attack was unsuccessful
  • The honest OP address can be used to compare the result with a successful login attempt.

References

Acknowledgement

The master's thesis was supervised by Vladislav Mladenov, Christian Mainka, and Jörg Schwenk. Thank you for the support and opportunity to write this thesis.

Author of this Post

Christian Fries

Related news
Posted by No comments:
Subscribe to: Posts (Atom)