redteamlabsWindows

Sim Box Fraud

Sim Boxing

A sim box, also known as a SIM bank or GSM gateway, is a device that can be used to bypass traditional phone networks and make cheap international calls using VoIP technology. However, sim boxing is illegal in many countries, and can result in significant financial penalties and legal consequences for those caught using them. In this blog post, we will explore sim box technology and the risks associated with it.

How does a sim box work?

Sim box works by taking advantage of the difference in cost between international calls made through traditional phone networks and VoIP technology.

A sim box has multiple SIM cards from different mobile network operators inserted into it. When a user makes an international call, the sim box selects the SIM card with the lowest international call rate and uses it to route the call through the internet to the intended destination.

To the recipient, the call appears to be coming from a local number, even though it is being routed through the sim box and the internet. This allows the sim box operator to avoid paying the high international call rates charged by traditional phone networks and instead pay the cheaper local rates for the country where the sim card is located.

In essence, a sim box acts as a bridge between traditional phone networks and VoIP technology, allowing users to make cheaper international calls. However, sim boxing is illegal in many countries because it can be used for fraudulent and criminal activities such as money laundering, terrorist financing, and drug trafficking.

Why is sim boxing illegal?

Sim boxing is illegal in many countries because it can be used for fraudulent and criminal activities such as money laundering, terrorist financing, and drug trafficking. Additionally, sim boxes can cause significant revenue losses for telecommunication companies by bypassing traditional phone networks and avoiding international call rates.

What are the risks of using a sim box?

The risks of using a sim box include legal consequences, financial penalties, and reputational damage. Some of the potential risks are:

Legal Consequences: Sim boxing is illegal in many countries, and those caught using a sim box can face severe legal consequences such as imprisonment, fines, and other legal sanctions. In some cases, the use of a sim box can be considered a criminal offense, and violators can be subject to criminal prosecution.

Financial Penalties: Sim boxing can result in significant financial penalties for individuals and companies caught using them. In addition to the fines imposed by regulators, violators may be required to pay compensation for the losses caused to telecom operators and other affected parties.

Reputational Damage: Companies found to be using sim boxes can suffer reputational damage and loss of business. The use of sim boxes can undermine the trust of customers, investors, and other stakeholders, leading to a loss of confidence in the company’s business practices.

Network Disruption: Sim boxes can cause network disruptions and reduce the quality of service offered by telecom operators. They can congest the network, leading to call drops, poor call quality, and other network-related issues.

Security Risks: Sim boxing can be used for criminal and fraudulent activities such as money laundering and terrorist financing. These activities can pose a security risk to individuals, companies, and national security.

How can sim boxing be detected?

Telecommunication companies use advanced technologies such as traffic analysis, call tracing, and radio frequency detection to identify sim boxing activity. They also collaborate with law enforcement agencies to monitor and investigate suspicious activity related to sim boxing.

How can companies protect themselves from sim boxing?

Companies can protect themselves from sim boxing by implementing strict internal policies and procedures, such as prohibiting the use of sim boxes and conducting regular audits to detect any unauthorized activity. They can also work with telecommunication companies to identify and report any suspicious activity.

Conclusion

In conclusion, sim boxing is a risky and illegal practice that can have significant consequences for individuals and companies. It is important to understand the risks associated with sim boxes and take necessary steps to protect yourself and your business from potential legal and financial consequences.

RedTeam LabsWindows

Active Directory Penetration Testing

I had several clients come to me before a pentest and say they think they’re in a good shape because their vulnerability scan shows no critical vulnerabilities and that they’re ready for a pentest, which then leads me to getting domain administrator in few hours by just exploiting misconfigurations in AD.

The goal of a penetration test is to identify any possible attack vector an adversary would use in order to compromise a network. It is not to get domain administrator.

Now that we have a goal, there’s several steps we follow in order to accomplish it, below

What is AD?

Active Directory is a service from Microsoft which are being used to manage the services run by the Windows Server, in order to provide permissions and access to network resources. Active Directory is used over 90% of the Fortune Companies in order to manage the resources efficiently.

Active Directory is just like a phone book where we treat information as objects. In Active Directory we have objects like Computers, Users, Printers, etc. Following are some of the components of Active Directory.

Domain Controller

Domain Controller is generally the Admin of the Active Directory that is used to set up the whole directory. The role of Domain Controller is to provide Authentication and Authorization to different services and users. Domain Controller also allows administrative access to manage user account and network resources. In Active Directory the Domain Controller has the topmost priority and has most Authority/privileges.

Active Directory Data Store

An Active Directory Data Store contains Database files and process that store and manages directory information for users, services, and applications. The active Directory Data Store contains “NTDS.DIT” file which the most critical file of the whole AD.

 It is stored in the “%SystemRoot%\NTDS” folder on all domain controllers. This NTDS.DIT file is only accessible only through DC Process and Protocols.

Logical Active Directory Components

The following are the components that an Active Directory Data Store contains that defines rules to create an object in an AD environment.

Domain

A Domain is used to group objects together and manage them. The domain provides an Authentication and Authorization boundary that provides a way to limit the scope of access to the resources of that domain. Consider redteamlabs.com as a domain.

Trees

Trees are generally groups of the Domains in the Active Directory environment. Trees are used to share the contiguous namespace with the parent domain. Trees can additionally have child domains. By default, Trees create Transitive trust with other domains.

 

Here in the image above redteamlabs is the main domain and us. redteamlabs.com, ca.abc.com and au. redteamlabs.com represent the trees from different locations. Ca is for Canada, us is for united states.

Forest

Forest is said to be the collection of the Trees. Forest shares the common schema between its branches. The configuration remains the same in the partition of the branches of Forest. Trust between all domains is maintained in the forest. They are likely to share the Enterprise Admin and Schema Admin Concepts.

Organizational Units

Organizational Units are often referred to as OU. Organizational Units are Active Directory containers that generally contain user groups, Computers, and other OU. OU represents your computer organization in a hierarchically and logically way. OU is used to manage a collection of the object in a consistent way. Organizational Units are being bound to delegate the permissions to the Administrator Group of Object.

Trusts

Trust can be defined as access between the resources in order to gain permission/access to resources in another domain. Trust in Active Directory are generally of two types:

  • 1. Directional Trust
  • 2. Transitive Trust

Lab set up

Setup an Active Directory (small) lab for penetration testing. I will go through step-by-step procedure to build an Active Directory lab for testing purposes.

  • 1. Download windows server 2016 and windows 7 or 8 clients
  • 2. Download and install VirtualBox environments.
  • 3. Install Windows Server 2016 on VirtualBox. Click Next button by accepting conditions
  • 4. Click next button
  • 5. Installation process
  • 6. Creating Password for Administrator User account.
  • 7. Step up additional files
  • 8. Click on CD drive to install VirtualBox guest additions.
  • 9. Click Next Next Next..
  • 10. Click on Install button for installing Orcal software with trust
  • 11. Completeed Installation
  • 12. Step up network adaptors.
  • 13. Set up IP address to static
  • 14. Corresponding to my host Ip address, make a static ip address
  • 14. Check Ip address on Windows Server.
  • 15. For exchanging files from and to host
  • 16. Run Command Prompot and following commands
  • 17. To get our machine details.
  • 18. Installing Active directory services through command-line itself.
  • 19. Installing forest and domain name and all by below commands...

$ Install-ADDSForest -CreateDnsDelegation:$false ` -DatabasePath “C:\Windows\NTDS” ` -DomainMode “Win2012R2” ` -DomainName “server1.hacklab.local” ` -DomainNetbiosName “server1” `  -ForestMode “Win2012R2” `  -InstallDns:$true `  -LogPath “C:\Windows\NTDS” `  -NoRebootOnCompletion:$false `  -SysvolPath “C:\Windows\SYSVOL” `  -Force:$true

  • 20. Set up DSRM Password for login as a safe mode.
  • 21. After Completing setting up domain name and forest do reboot
  • 22. Installing Remote Server Administrations Tools Pack (RSAT)
  • 23. After installing RSAT you should then be able to view active directory users and computers under windows administrative tools.
  • 24. Install windows features for AD services
  • 25. Again Adds RSAT package
  • 26. Adding Users to Active directory
  • 27. Adding User1 to domain admins group
  • 28. Checking corresponding users on domain
  • 29. Adding User user2 to domain
  • 30. Adding User user3 to domain
  • 31. Listing all users under this domain
  • 32. Checking user1 is added to domain admins group
  • 33. After installing windows7.ova file to VirtualBox. Add client machine to our domain
  • 34. Adding to domain
  • 35. Change DNS server address to our windows server static ip address
  • 36. Enter our Users Username and Password to add our client to server successfully.
  • 37. After entering username and password.
  • 38. Restart
  • 39. Login onto Server1 with corresponding credentials
  • 40. On our domain we are setting service principle name for user1 as our wish..
  • 41. Login as user2. Then from that user2 enumerating all users in our current domain with powerview script (Consider user2 is an attacker machine).
  • 42. Using powerview_dev we enumerating which user on domain have SPN
  • 43. After finding out SPN of users. We request a tgs using that corresponding SPN by following command
  • 44. using mimikatz we export all tickets from here.
  • 45. Find our ticket from the list
  • 46. Here we Crack the password of user1 using python script or using hash cat. This will depend on your wordlist and strength passwords.

In this section, we have some levels, the first level is reconnaissance your network. every user can enter a domain by having an account in the domain controller (DC).

All this information is just gathered by the user that is an AD user. In the username, there are two parts that first is the domain name and the second part is your username.