Sunday, April 30, 2017

I just recieved one of the most sophisticated phishing attacks ever

I am not a fan of hijackers and phishing criminals. But social engineering has become the most common to crack, target and steal any online account. Those hijackers either lack the sufficient skills to penetrate a system or the system is too tedious to penetrate or hack; thus they resort to sending phishing attacks. When you send a phishing attack, you can creative as much as you want and the limit would be just the sky. In this case, they started by creating extremely identical pages which is an easy step:

    Real Apple Login Page:


    Fake Apple Login Page:


But moving on, surprisingly, the phishing link was appleid.apple.com. Yes, I was extremely surprised but it turns out that their phishing attack had used unicode characters.

    Real Apple Phishing Link:


    Fake Apple Phishing Link:


Ironically, the phishing website was linking non-https images but it was detectable by chrome and not only that, they could not fake the EV Certificate which says "Apple Inc.". Looking at both source codes and comparing them confirmed the phishing attack.

After adding dummy data, a two-step authentication page was opened where the attackers have assumed I have set it up. They did not have my mobile number or my devices so they asked me to add a mobile number (which doesn't happen on a real apple login page). If I had inserted correct login information, their system would have sent me the verification code and I would have given it to them and bingo they would have accessed my Apple ID.

This is one of the best phishing attacks I have ever received, I was really impressed by it. Even the spoof email (support@apple.com) had bypassed Outlook's spam filters and went into my inbox. But the formatting of the email really looked suspicious. They succeeded in gaining my attention by saying that a purchase has been made from my account.

Share:

Tuesday, April 11, 2017

How I built an .exe program that secretly copies source code in the clipboard

My friend recently asked me to create for him a .exe program that downloads the source code from the internet and copies it to the clipboard. Source code can be anything such as Java, PHP or Python. Without doubt, the program would only work on Windows machine. My friend also wanted:

1. The program to retrieve the code from an URL which links to a text file.
2. The program should work silently, doesn't print anything on success.
3. The program should handle and catch exceptions.
4. The program should select one out of three.txt files based on users keystroke.
5. The program should be compatible with Windows 10.
6. The program should look like a calculator.

I have found the request very fun and decided to do it. C# would be a great and excellent tool for this, so I have download Microsoft Visual Studio C# 2008 for this task. I was taught C# and C++ on Visual Studio 2005 and 2008, so I really do not know the recent versions of Visual studio.


First, I have downloaded from the internet three sources codes for my friend in Java: BucketSort, RadixSort, and MergeSort. And I have uploaded them into my Google Cloud bucket.

So, I have three public URLs.

https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/BucketSort.java
https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/MergeSort.java
https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/RadixSort.java

Then, I have started by downloading and installing a Visual Studio C# 2008 from this link and created a new project. On my machine, it was installed in French for some reason, but I was too lazy to fix it.

A default form is created by Visual Studio, so I had to rename it to form to Calculator and changed its icons. I also made sure the form doesn't resize by twisting the settings. So, it looked like the image you see on the left.


Now the fun part, our program. In the source of your form, I imported the necessary libraries.

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Net;
using System.Windows;

Then, inside the constructor of the Calculator, I have created a key event listener. What this means is that if you press any key while the .exe is running, the event listener will be called. So the constructor looked like this:

public Calculator()
{
    InitializeComponent();
    this.KeyDown += new KeyEventHandler(tb_KeyDown);
}

What's left now,  doing creating the function tb_KeyDown and making it accept some arguments. Function looked like: tb_KeyDown(object sender, KeyEventArgs e).

Now, that code is inside the function, I have captured the keystroke, then decide to which links it belongs. So, if user presses on B, the BubbleSort.java would be copied; similarly for M (MergeSort) and R (RadixSort).

string dumb_key = e.KeyCode + "";
string link = "";
if (dumb_key == "B")
     link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/BucketSort.java";

if (dumb_key == "M")
    link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/MergeSort.java";

if (dumb_key == "R")
    link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/RadixSort.java";

Now, I had to download to URL and put it in the clipboard. For that, you need to create an object of the WebClient class:

WebClient client = new WebClient();

Then download the link:
Byte[] pageData = client.DownloadData(link);

And put in a string (With the formatting and breaks):
string pageHtml = Encoding.ASCII.GetString(pageData);

Then, put it in the clipboard:
Clipboard.SetText(pageHtml);

Then, the annoying part for me was handling exceptions, so I encapsulated the code in a try/catch clause. Inside the catch clause I handled errors:
//Couldn't connect to the internet.
if (webEx.Status == WebExceptionStatus.ConnectFailure) {
    Clipboard.SetText("Couldn't connect to a network.");
}

//Catching errors such as: 404, 403 and 400.
if (webEx.Status == WebExceptionStatus.ProtocolError) {
    var response = webEx.Response as HttpWebResponse;
   
    if (response != null) 
{
         Clipboard.SetText(response.StatusCode + "");
    }
    else {
         Clipboard.SetText(webEx + "");
    }
}

else 
{
    //An unknown error has occurred, just print to the clipboard.
    Clipboard.SetText(webEx + "");
}

Then, I compiled and ran the program, and everything was working correctly. On keystrokes, the code was copied to the clipboard. I have included the .exe in case you wish to test it. Download it at your own risk.

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Net;
using System.Windows;
namespace WindowsFormsApplication1 {
 public partial class Calculator: Form {
  public Calculator() {
   InitializeComponent();
   this.KeyDown += new KeyEventHandler(tb_KeyDown);
  }
private void Calculator_Load(object sender, EventArgs e) {
  }
  static void tb_KeyDown(object sender, KeyEventArgs e) {
   string dumb_key = e.KeyCode + "";
   string link = "";
   if (dumb_key == "B")
    link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/BucketSort.java";
   if (dumb_key == "M")
    link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/MergeSort.java";
   if (dumb_key == "R")
    link = "https://cdn.georgechalhoub.com/api/blogger/ewoe120asdo12eqweasdf/RadixSort.java";
   WebClient client = new WebClient();
   try {
    Byte[] pageData = client.DownloadData(link);
    string pageHtml = Encoding.ASCII.GetString(pageData);
    Clipboard.SetText(pageHtml);
   } catch (WebException webEx) {
    //Couldn't connect to the internet.
    if (webEx.Status == WebExceptionStatus.ConnectFailure) {
     Clipboard.SetText("Couldn't connect to a network.");
    }
    //Catching erros such as: 404, 403 and 400.
    if (webEx.Status == WebExceptionStatus.ProtocolError) {
     var response = webEx.Response as HttpWebResponse;
     if (response != null) {
      Clipboard.SetText(response.StatusCode + "");
     } else {
      Clipboard.SetText(webEx + "");
     }
    } else {
     //Unknown error just print to clipboard.
     Clipboard.SetText(webEx + "");
    }
   }
  }
  private void Form1_Load(object sender, EventArgs e) {
  }
 }
}


Share: