Skip to main content

Make secure your data. (Make 2 firewall )

HiddenWall

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that block external access, because have a hook to netfilter on kernel land(think like a second layer for firewall).
My beginning purpose at this project is protect my personal server, now is protect the machines of my friends. When i talk "friends", i say peoples that don't know how to write low level code. Using the HiddenWall you can generate your custom kernel module for your firewall configuration.
The low level programmer can write new templates for modules etc...

First step, understand before run

Verify if the kernel version is 3.x, 4.x or 5.x:
uname -r
Clone the repository
git clone https://github.com/CoolerVoid/HiddenWall
Enter the folder
cd HiddenWall/module_generator
Edit your firewall rules in directory rules/server.yaml, the python scripts use that file to generate a new firewall module.
$ cat rules/server.yaml
module_name: SandWall
public_ports: 80,443,53
unhide_key: AbraKadabra
hide_key: Shazam
fake_device_name: usb14
liberate_in_2_out: True
whitelist: 
- machine: 
   ip: 192.168.100.181
   open_ports: 22,21
- machine:
   ip: 192.168.100.22
   open_ports: 22
If you want study the static code to generate, look the content at directory "templates".

Second step, generate your module

If you want generate a kernel module following your YAML file of rules, follow that command:
$ python3 WallGen.py --template template/hiddenwall.c -r rules/server.yaml
This generate a generic module with rules of server.yaml, if you want to use another template you can use "wall.c", so template module "hiddenwall" have option to run on hidden mode(is not visible to "# lsmod" for example).

Third step, install your module

To test module:
# cd output; make clean; make
# insmod SandWall.ko
The rule of YAML to generate module is simple, drop all out to in packets, accept ports 80,443 and 53. The machine 192*.181 can connect at ports 22 and 21...
if you use nmap at localhost/127.0.0.1 you can view the ports open... because rule liberate_in_2_out is true.
Password to turn Firewall visible is "AbraKadabra".
Password to turn Firewall invisible is "Shazam".
You need to send password for your fake device "usb14".
To exit module, you need turn visible at "lsmod" command ...
# echo "AbraKadabra" > /dev/usb14
# lsmod | grep SandWall
# rmmod SandWall

Random notes

Tested on ubuntu 16 and fedora 29 at kernels "3.x","4.x" and "5.x".

TODO

Suport to IPV6. Macro to select the interface(to use multiple modes for each interface). Option to remove last logs when turn hide mode. Option to search and remove others toolkits... Code generator to BFP...

References

Linux Device Drivers http://lwn.net/Kernel/LDD3/

Comments

Post a Comment

Popular posts from this blog

RouterSploit ..(Exploitation Framework for Embedded Devices)

RouterSploit - Exploitation Framework for Embedded Devices   The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. click here to video It consists of various modules   that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against network services scanners - modules that check if a target is vulnerable to any exploit payloads - modules that are responsible for generating payloads for various architectures and injection points generic - modules that perform generic attacks Installation Requirements Required: future requests paramiko pysnmp pycrypto Optional: bluepy - bluetooth low energy Installation on Kali Linux apt-get install python3-pip git clone https://www.github.com/threat9/routersploit cd routersploit python3 -m pip install -r requirements.txt python3 rsf.py Bluetooth Low Energy suppo...
Post a Comment
Read more

Embed Payload (Exe) into a PDF Documents – EvilPDF

 Hey folks, today we are going to talk about the tool that can easily add malicious payloads within the .PDF extension files and after which you can easily access any system. As we know it is prohibited to execute malicious payloads inside the window defender system, hence we will send our payload through the PDF files.   Environment Kali Linux = Attacker Window 10 = Victim ( Tested On ) Lets take a look 🙂 !! EvilPDF The EvilPDF tool is specifically designed to embed payloads inside PDF files. It is an open source tool hosted on the github page that we will download using the wget command. git clone https://github.com/thelinuxchoice/evilpdf cd evilpdf 1 2 git clone https://github.com/thelinuxchoice/evilpdf cd evilpdf It require some additional features that we can download using the following command. python -m pip install pypdf2 1 python -m pip install pypdf2 Now we can use this tool using the given command. python evilpdf.py 1 python evilpdf.py In the image below you have t...
Post a Comment
Read more

TheFatRat ( make a bypass antivirus create payload )

TheFatRat             A Massive Exploiting Tool TheFatRat  is an exploiting tool which compiles a malware with famous payload, and then the compiled maware can be executed on Linux , Windows , Mac and Android.  TheFatRat  Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus. Features ! Fully Automating MSFvenom & Metasploit. Local or remote listener Generation. Easily Make Backdoor by category Operating System. Generate payloads in Various formats. Bypass anti-virus backdoors. File pumper that you can use for increasing the size of your files. The ability to detect external IP & Interface address . Automatically creates AutoRun files for USB / CDROM exploitation Installation Instructions on how to install  TheFatRat git clone https://github.com/Screetsec/TheFatRat.git cd TheFatRat chmod +x setup.sh && ./setup.sh Update cd TheFatRat ./update && c...
Post a Comment
Read more