Friday, 20 April 2012

Moving towards Inguma 0.5

It's been quite a long time since our last update so let me show you what has been going on these last weeks.

Inguma 0.5

After the last Bokken release we have focused on Inguma 0.5 development and now I'm going to show you some of the new features we have been working on.

We've done some GUI improvements in order to make it simpler, cleaner and to integrate the last Bokken release:

Look at the new main button that integrates all the common tasks and the simplified toolbar. Also the right panel has been improved by adding expand/collapse buttons as well as filter buttons by Target OS.

The Vulnerabilities panel has gained in eye candyness and functionality with the expand/collapse buttons or the "Open with Bokken" menu option.

Most of the work for this release has been focused on the Terminals tab, which has been redesigned and greatly improved.

As you can see, it now features many buttons to manage terminals and its contents as well as a filesystem panel that integrates perfectly with terminals and the rest of the GUI. From here you can import and load host lists, nmap scans, Inguma modules... and more.

Finally, the new feature that joins all the new changes is what we have called Listeners. By creating listeners you can now connect with your compromised targets and go ahead with post-explotation. :) Let's see how it works.

In order to listen for reverse connections, or directly connect to a exploited target, simply create a local or remote listener on the toolbar popup.

You will see the newly created listener in the right panel, under Listeners tab, as well as its status: connected or listening. From here you can disconnect or destroy them using the menu.

Once you have connection with a compromised target you will be able to interact with it on the Terminals tab, but this is still WIP :)

Of course Bokken has been updated to the latest release on the Reversing tab.

RootedCon 2012

On March 1st, 2nd and 3rd the RootedCon security event was held in Madrid and one of our developers, Hugo Teso, was there to talk about Inguma, Bokken and how to use it in security research.

The talk, entitled Inguma 0.5 RedWagon, exposed the ability of Inguma and Bokken to study the security of an uncommon system, in this case Unmanned Aerial Vehicles (UAS), both amateur and comercial ones. For this purpose a special edition of Inguma was coded, featuring UAV Command and Control software, with more protocols added to the network fuzzers among others.

The UAV C&C is an integrated WASP Ground Control Station, modified to be able to handle different UAV Autopilots (AP), from configuration and compilation to run and control:

Within the C&C tab many APs can be configured and run, either in SITL or HITL, such as ArduPilot Mega, Paparazzi or WASP. After using the Fuzzers to find vulnerabilities, either the Networking or the C&C tabs can be used to exploit a vulnerable UAV, depending if the vulnerability affects the GCS or the UAV directly.

In order to reverse-engineer the vulnerable AutoPilot or Ground Control Station, Bokken with Radare2 core was used, so the whole process of vulnerability finding, development and exploiting has been done with Inguma and Bokken :)

Here you can see some fotos of the talk and some slides.

As you can see, the lack of news doesn't mean lack of activity as we have been really busy :) Stay tuned for more updates and upcoming releases!