stealthy, like a snake

Naja: a genus of venomous elapid snakes known as cobras. Pseudonaja textilis, more commonly known as the Eastern brown snake, is considered the world’s second most venomous land snake based on its LD50 value in mice.

Naja – in this instance – is a Windows trojan developed by me in Python, inspired by several other Python projects (mentioned throughout this post), which makes use of Metasploit shellcode to facilitate a reverse connection to targets. It is distributed in two parts and makes heavy use of various encoding mechanisms and encryption in conjunction with process injection to bypass antivirus and other mitigations like Microsoft’s EMET.

Note: This post was originally made on 16 Dec ’14, but has since been updated.
Continue reading “stealthy, like a snake”

herding sheep

It goes without saying that Pokemon GO is a craze of magnitude that we haven’t seen for a long time, and undoubtedly one that will be around for quite some time. If memory serves me correctly, not even Angry Birds grew in popularity this rapidly – and it didn’t have the same positive effects (e.g. getting gamers outside and socialising with others).

“prepare for trouble, and make it double”

Whilst most observers may see the primary negative effect as the game being yet another contributor to mobile phone addiction – diluting what are likely already diluted “real world” skills – those of us with a more nefarious view of the world will see this as a prime opportunity to pop some shells. Just as the Rio Olympics have spurred a wave of phishing and malware attacks, it comes as no surprise that Pokemon GO has too. So, this made me think… exactly how covert can you make Android malware?
Continue reading “herding sheep”

slow search

This morning when searching for a module in Metasploit I received the dreaded error:

Database not connected or cache not built, using slow search

Surprisingly, there was very little information on forums or other blogs regarding this in the context of Kali 2.0 – so I’ll document my fix here.

Further to the above error, entering the command ‘db_status‘ returns:

postgresql selected, no connection

The solution: to create a new database and connect metasploit to it. But first, the postgresql service must be started and set to auto-start:

service postgresql start
update-rc.d postgresql enable

The database can then be created:

su postgres
createuser msf_user –P
(enter password)

createdb –owner=msf_user msf_database

… and Metasploit configured to point to the newly created database:

msfconsole

db_connect msf_user:@127.0.0.1/msf_database

This will automatically initiate a rebuild of the module cache (the equivalent of running update_db_cache).