Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

31 October 2014 | 805 views

ZMap – Fast Open-Source Network Scanner

Check For Vulnerabilities with Acunetix

ZMap is a fast open-source network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes.

ZMap - Open-Source Network Scanner

While previous network tools have been designed to scan small network segments, ZMap is specifically architected to scan the entire address space. It is built in a modular manner in order to allow incorporation with other network survey tools. ZMap operates on GNU/Linux and supports TCP SYN and ICMP echo requestscanning out of the box.

ZMap is a typical “async/syn-cookie” scanner like scanrand, Unicornscan, and masscan. For more port scanners check here.

While ZMap is a powerful tool for researchers, please keep in mind that by running ZMap, you are potentially scanning the ENTIRE IPv4 address space and some users may not appreciate your scanning. We encourage ZMap users to respect requests to stop scanning and to exclude these networks from ongoing scanning.

We suggest that users coordinate with local network administrators before performing any scans and we have developed a set of scanning best practices, which we encourage researchers to consider. It should go without saying that researchers should refrain from exploiting vulnerabilities or accessing protected resources, and should comply with any special legal requirements in their jurisdictions.

Scanning Best Practices

  1. Coordinate closely with local network administrators to reduce risks and handle inquiries
  2. Verify that scans will not overwhelm the local network or upstream provider
  3. Signal the benign nature of the scans in web pages and DNS entries of the source addresses
  4. Clearly explain the purpose and scope of the scans in all communications
  5. Provide a simple means of opting out and honor requests promptly
  6. Conduct scans no larger or more frequent than is necessary for research objectives
  7. Spread scan traffic over time or source addresses when feasible

Usage

You can download ZMap here (it’s also available via repo install for most common *nix operating systems):

v1.2.1.tar.gz

Or read more here.



30 October 2014 | 1,068 views

Serious Linux/UNIX FTP Flaw Allows Command Execution

A lot of old bugs have been biting us on the butt lately, and here’s another to add to the list. This week it was discovered a fairly nasty FTP Flaw Allows Command Execution when using the old but still fairly widely used. tnftp client

It’s a fairly unlikely set of circumstances however, and it is a client flaw not a server flaw – so you’d need to connect to a malicious server using tnftp to fall foul of this flaw.

Linux/UNIX FTP Flaw Allows Command Execution

Basically if you request a file, but don’t use the -o flag to specify an output filename the client will follow HTTP redirects and if the output of the filename begins with a pipe it will pass the rest to popen.

A serious vulnerability has been discovered in a File Transfer Protocol (FTP) client used by many Unix-like (*NIX) operating systems, representatives of the NetBSD Project reported on Tuesday.

The tnftp FTP client is fairly old, but it’s still widely used. It can be found in Red Hat’s Fedora, Debian, NetBSD, FreeBSD, OpenBSD, and even Apple’s OS X operating systems.

Jared McNeill, a software developer at the NetBSD Project, has identified a vulnerability that can be exploited via a malicious Web server to cause tnftp to execute arbitrary commands. The CVE-2014-8517 identifier has been assigned to the flaw.

FTP Vulnerability”If you do ‘ftp http://server/path/file.txt'; and don’t specify an output filename with -o, the ftp program can be tricked into executing arbitrary commands,” Alistair Crooks, security officer at the NetBSD Project, explained in an advisory published on the Full Disclosure mailing list. “The FTP client will follow HTTP redirects, and uses the part of the path after the last / from the last resource it accesses as the output filename (as long as -o is not specified).”

The flaw was however fixed in OpenBSD FIVE YEARS ago, shame no one noticed and they didn’t make more noise about it. Although it was fixed from another perspective, not to remedy this exact flaw.

Patches are coming out for this pretty fast, and it even effects the latest Apple OS X version Yosemite (10.10) – although I don’t expect Apple to really do anything much about it.

After it resolves the output filename, it checks to see if the output filename begins with a “|”, and if so, passes the rest to popen(3),” Crooks added.

The list of operating system developers that appear to be aware of the flaw includes Debian, Red Hat, Gentoo, Novell (SuSE Linux), DragonFly, FreeBSD, and Apple. Debian, Red Hat, Gnetoo and Novell have each published advisories for the bug.

The tnftp vulnerability affects OS X Yosemite 10.10, the latest version of the Mac operating system. Apple has been notified, but Crooks says he received only a “boilerplate reply” from the company.

Interestingly, the issue was fixed in OpenBSD five years ago.

“I changed OpenBSD’s ftp(1) a while ago to just use the ‘filename’ part of the original request, rather than taking a name from the redirection target (this also matches what curl -O does) – it’s a bit less convenient in some cases, but it felt like a bad idea to allow the output filename to be under control of the remote host (though I was more thinking of the situation where someone might run it from their home directory and write to something like .profile),” Stuart Henderson of OpenBSD wrote in response to Crooks’ post.

Look out for patches for your OS, or install another ftp client (that may or may not be more secure) at your own risk. I can’t see a whole lot of damage being caused via this, as it’s a client side rather than server side issue – but some people might try and have some fun with it.

But honestly, how often are *nix users accessing web resources using a FTP client rather than CURL or wget?

Anyway, we shall see if anything comes of this.

Source: Security Week


27 October 2014 | 1,452 views

Arachni v1.0 Released – Web Application Security Scanner Framework

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

It is smart, it trains itself by monitoring and learning from the web application’s behaviour during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.

Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way, attack/input vectors that would otherwise be undetectable by non-humans can be handled seamlessly.

Moreover, due to its integrated browser environment, it can also audit and inspect client-side code, as well as support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX.

Finally, it is versatile enough to cover a great deal of use-cases, ranging from a simple command line scanner utility, to a distributed high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web user interface.

We haven’t mentioned it for a while back since 2012 – Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework.

This Arachni v1.0 release makes it the first open source security scanner to have support for a real browser environment, allowing it to handle modern web applications which make use of technologies such as HTML5/DOM/JavaScript/AJAX.

Arachni v1.0 - Web Application Security Scanner Framework

The new scanner engine has been benchmarked (WIVET v3 and WAVSEP v1.5) higher than even the most established commercial products in crawl coverage, vulnerability identification and accuracy.

It’s a major rewrite so it will break backwards compatibility, don’t try and upgrade because you need to start from scratch. CLI options are different, reports are different, the RPC API is mostly different, the RPC protocol is different and so on and so forth.

Feature Overview

  • Multiple deployment options.
    • Ruby library, for highly-customized, scripted scans.
    • CLI scanner utility, for quick scans.
    • WebUI, for multi-User, multi-Scan, multi-Dispatcher management.
    • Distributed system using remote agents.
  • Integrated browser environment
    • Providing support for deep client-side analysis of applications that make use of DOM/JavaScript/AJAX technologies.
  • Support for pause/resume functionality.
  • Support for scan hibernation (suspend-to-disk/restore).
  • Automated session management (logout detection and re-login).
  • Plethora of scope options, governing scan coverage.
  • Intelligent, on-the-fly adaptation to each web application.
    • Fingerprinting of each individual resource.
    • Adjusts injections to match deployed platforms.
    • Automated detection of custom-404 pages.
    • Constant monitoring of server health and auto-throttling.
    • Resulting in less bandwidth consumption, less stress to the web application and, as a result, faster and more reliable scans.
    • Trains itself during the entire scan, by learning from HTTP responses, in order to identify new vectors and handle complex workflows like multi-page/form wizards.
  • High-performance
    • Asynchronous HTTP requests for lightweight concurrency and fast communications.
    • Clustered browser environments for concurrent JavaScript/DOM operations.
    • Support for multi-Instance scans, utilizing multiple Instances/processes, for super-fast audits (Even when distributed across multiple nodes).
  • Abundance of security checks.
  • Includes multiple plugins, providing extra functionality like:
    • Passive proxy for scanner training via HTTP requests & recording of login sequence
    • Form-based authentication.
    • Login dictionary attackers.
    • Many, many more.
  • Highly detailed, well-structured reports available in multiple of open formats.
  • Supports addition of custom Checks, Reporters and Plugins due to its modular design.

Full feature list can be found at: http://www.arachni-scanner.com/features/framework

Highlighted Changes

  • Updated workflow:
    • No more crawl-first, scan workload is discovered and handled on-the-fly.
    • Support for suspending scans to disk.
  • Addition of an integrated browser environment, supporting:
    • HTML5/DOM/JavaScript/AJAX
    • Detection of DOM-based issues.
  • New input vectors:
    • DOM forms
    • DOM links (with parameters in URL fragments)
    • DOM cookies
  • Link templates (for extracting arbitrary inputs from generic paths).
  • DOM link templates (for extracting arbitrary inputs from generic URL fragments).
  • Support for URL-rewrite rules.
  • New checks:
    • NoSQL injection (error based and blind).
    • DOM XSS variants.
  • New reports providing enormous amounts of context for easy issue verification and resolution — especially for DOM-based ones.
  • Cleaned up RPC API.
  • License update:
    • Proprietary, commercial license for SaaS providers and commercial distributors.
    • Apache License v2.0 for all other use cases.

You can download Arachni v1.0 here:

http://www.arachni-scanner.com/download/

Or read more here & the author can be found on Twitter here @Zap0tek.


25 October 2014 | 923 views

Microsoft Zero Day OLE Vuln Being Exploited In Powerpoint

So the latest news is, don’t open any .ppt files if you aren’t entirely sure where they came from as there is a Microsoft Zero Day vulnerability in OLE (Object Linking and Embedding) handling in Microsoft Office that is currently being exploited in the wild by malicious Powerpoint slide decks.

Not that anyone reading this would be likely to do that, but yah – just so you know this vector is live and being used out there.

Microsoft Zero Day OLE Vuln Being Exploited In Powerpoint

It’s currently unpatched and it’s not clear right now if Microsoft is likely to release an out of band patch for this or not. It is pretty serious and it is being used in the wild, so if history holds any precendence – it’s likely they will take action before the next scheduled Patch Tuesday on November 11th.

Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn.

An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003 and has already been abused in “limited, targeted attacks”.

The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files to intended targets before tricking them into opening the booby-trapped files. “Currently, attacks using PowerPoint files are known to exist, but all Office file types can be used to carry out this attack,” Jonathan Leopando, a technical communications staffer at Trend Micro, warns in a blog post.

The specially crafted malicious files would contain a malicious Object Linking and Embedding (OLE) object, a technology used to share data between applications that allows a chart from an Excel Spreadsheet within a PowerPoint presentation, among other functions. Tricking a user into opening a malicious file results in an infected machine but won’t cough admin privileges to the hacker – at least not by itself. Attacks are likely to generate pop-up warnings and under default settings a User Access Control popup would get displayed.

This means that user interaction would be needed to run successful attacks based on CVE-2014-6352 alone, an important limiting factor. Nonetheless the unpatched flaw is bad news for corporate security and a promising potential route into systems for cyberspies and the like. Redmond is investigating.

Technically it seems that this vulnerability can be exploited using any format that Microsoft Office supports (Word documents, Excel spreadsheets etc) – also the vector itself is not a straight pop.

It would likely generate warnings and UAC dialogues meaning that user action is required for the attack to be successful.

The next scheduled Patch Tuesday falls on 11 November. In the meantime, Microsoft is pointing sysadmins towards various defences and workarounds including a OLE packager Shim Workaround fix-it and rolling out Redmond’s Enhanced Mitigation Experience Toolkit, which provides general protection against hack attacks based on Windows security vulnerabilities.

Mark Sparshott, EMEA director at Proofpoint, said similar vulnerabilities have been seen before but this one is particularly nasty because it lends itself to attacks against a wide range of Windows systems. “This is not the first time that a vulnerability in OLE has been exploited by cybercriminals, however most previous OLE vulnerabilities have been limited to specific older versions of the Windows operating system,” Sparshott explained. “What makes this vulnerability dangerous is that it affects the latest fully patched versions of Windows.”

Microsoft credits security researchers at Google and McAfee for help in dealing with the vulnerability.

Is this serious for the average man on the street? Not particularly, but it could be wounding to organisations under constant attack as it gives the malicious parties another vector to work with. Combined with some nifty social engineering, it could be quite effective.

Of course if you’re using Microsoft Enhanced Mitigation Evaluation Toolkit (EMET) – you’d be a lot safer than most.

Source: The Register


23 October 2014 | 1,656 views

Pipal – Password Analyzer Tool

Pipal is a password analyzer tool that can rapidly parse large lists of password and output stats on the contents. Pipal will provide you with stats on things like the most frequently used password, password lengths, dates (months/days/years) or numbers used, the most common base words and much more.

It also makes recommendations based on the password makeup/charsets and gives you Hashcat masks.

Pipal - Password Analyzer Tool

Usage

NOTE: The app will only work with Ruby 1.9.x, if you try to run it in any previous versions you will get a warning and the app will close.

There are not a whole lot of tools out there similar to this, in fact the only one we’ve covered is PACK – Password Analysis & Cracking Kit.

Info Provided by Pipal

  • Total Entries
  • Total Unique Entries
  • Top 10 Passwords
  • Top 10 Base Words
  • Password Length (Count ordered & Length ordered)
  • Password Type (Only lowercase, only uppercase, only alpha, only numeric etc)
  • Passwords That Contain Months or Days (including abbreviations)
  • Passwords That Contain Years
  • Passwords With Digits On The End
  • Character Sets Used

You can download Pipal here:

master.zip

Or read more here.


21 October 2014 | 1,969 views

Apple’s OS X Yosemite Spotlight Privacy Issues

So Apple pushed out it’s latest and great OS X version 10.10 called Yosemite, but it’s facing a bit of an uproar at the moment about some Spotlight privacy issues. For those who are not familiar, Spotlight is some kinda of super desktop search that searches everything on your computer (and now also the Internet) – which is not cool as every search means your physical location & search term is sent to Apple (and 3rd parties like Microsoft) every time you use Spotlight.

OS X Yosemite Spotlight Privacy Issues

The upside? Yosemite is pretty cool and also security wise it comes with patches for both POODLE and Shellshock.

Even so, Apple should know better than this and respect privacy by default as they surely understand how something like can blow up.

There’s growing disquiet over Apple’s desktop search app Spotlight, which sends queries for things back to the company’s servers to process.

Spotlight phones home in OS X Yosemite, version 10.10, and it is enabled by default: it can be switched off, but with Apple insisting that it now takes people’s privacy seriously, the software has raised some eyebrows. It appears Spotlight sends queries, along with your location, back to Apple over the internet so the company can suggest related things from the web using Microsoft’s Bing engine. Apple says it needs to see your queries so it can improve Spotlight’s algorithms for suggesting things.

So, for example, searching for “weather” on a Register Mac running OS X 10.10 reveals files, folders and installed applications (such as the Windows 8.1 weather app in Parallels) on the machine containing the keyword; that’s the local search part. This is what you’d expect to see.

But then Spotlight contacts Apple remotely to get recommended software from the Apple App Store, and a search by Bing for any relevant websites.

I can see why they turn it on by default though, the majority of users wont know what is happening and they will enjoy the richer search experience that Spotlight gives them now – ala Facebook style. Do something that pisses off a small subset of more technical users, and see how the public backlash is – if it’s not too bad you profit.

This has spread far and wide though, reaching some mainstream news sites – I’m not exactly sure if the average user will be enraged though as we seem to live in a post-privacy kind of society now where people accept companies collect their data.

Yosemite was released late last week after a string of betas were made available to developers, the first in June. The OS was finalized as Apple chief exec Tim cook started waving around his company’s alleged efforts to safeguard privacy; Cook hopes to use privacy as a differentiator in the iGiant’s ongoing battle against arch rival Google.

But the people behind Fix-macosx.com reckon Spotlight isn’t the only component of OS X Yosemite that unnecessarily phones home. “A myriad system and user processes are sending data to Apple in a default configuration, and we want to fix those, too,” they promise.

A collaborative project to identify additional data collected by Apple and other third parties has been set up by the Fix Mac OS X team. “This work is powered by Net-Monitor, our open-source toolkit for auditing phone home behaviour system-wide,” the developers add.

Apple’s collection of search queries in its cloud is not limited to OS X Yosemite: the Spotlight Suggestions and Bing Web Results are also included in iOS 8. “It has to do with sending data to Apple,” Sean Sullivan, a security advisor at F-Secure, told The Register. “It’s a being-spied-on-by-the-cloud issue.”

How to restore your privacy

Disable these options:

Disable Spotlight Options

  • Disable “Spotlight Suggestions” and “Bing Web Searches” in System Preferences > Spotlight > Search Results.
  • Safari also has a “Spotlight Suggestions” setting that is separate from Spotlight’s “Spotlight Suggestions”. This uses the same mechanism as Spotlight, and if left enabled, Safari will send a copy of all search queries to Apple.
  • You’d be forgiven for thinking that you’d already disabled “Spotlight Suggestions”, but you’ll also need to uncheck “Include Spotlight Suggestions” in Safari > Preferences > Search.

There’s also a Python script to do it here – fix-macosx.py

Source: The Register


18 October 2014 | 2,083 views

RIPS – Static Source Code Analysis For PHP Vulnerabilities

RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

RIPS - Static Source Code Analysis For PHP Vulnerabilities

Features

  • detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more
  • 5 verbosity levels for debugging your scan results
  • mark vulnerable lines in source code viewer
  • highlight variables in the code viewer
  • user-defined function code by mouse-over on detected call
  • active jumping between function declaration and calls
  • list of all user-defined functions (defines and calls), program entry points (user input) and scanned files (with includes) connected to the source code viewer
  • graph visualization for files and includes as well as functions and calls
  • create CURL exploits for detected vulnerabilties with few clicks
  • visualization, description, example, PoC, patch and securing function list for every vulnerability
  • 7 different syntax highlighting colour schemata
  • display scan result in form of a top-down flow or bottom-up trace
  • only minimal requirement is a local webserver with PHP and a browser (tested with Firefox)
  • regex search function

There are other PHP-centric tools we’ve covered such as:

RATS – Rough Auditing Tool for Security
Skavenger – Source Code Auditing Tool!
SpikeSource Spike PHP Security Audit Tool

If you are interested in more tools of this type you can find our complete list here (which covers various languages) – Code Auditing Tools.

NOTE: The authors have stated that RIPS 0.5 development is abandoned. A complete rewrite is in the works and used as an academic prototype but it is not publicly available yet. So we’ll be keeping an eye on what happens with that.

But for now you can download RIPS here:

rips-0.54.zip

Or read more here.


16 October 2014 | 3,129 views

Everything You Need To Know About POODLE SSLv3 Vulnerability

So yah, it’s been quite a year – not long after Heartbleed and then Shellshock we now have POODLE SSLv3 vulnerability.

Yes, that’s right – POODLE. It is actually an acronym this time though, yay (Padding Oracle On Downgraded Legacy).

POODLE SSLv3 Vulnerability

Is it a huge risk? Not really as it doesn’t allow any type of remote exploitation, it does however allow for SSLv3 Man-in-the-middle (MITM) attacks though – which is not good. It’s a fundamental design flaw in SSL/TLS which authenticates before encrypting.

Researchers have discovered a security vulnerability in SSL 3.0 that allows attackers to decrypt encrypted website connections.

Miscreants can exploit a weakness in the protocol’s design to grab victims’ secret session cookies. These can be used to log into online accounts, such as webmail, social networks, and so on. The attack is, we’re told, easy to perform, and can be done on-the-fly using JavaScript – provided you can intercept the victim’s packets, perhaps by setting up a malicious Wi-Fi point in a cafe or bar.

SSL is supposed to encrypt your communications, such as your connection to your bank’s website, so eavesdroppers can’t steal or tamper with your sensitive information while it’s in transit. Google revealed details of the design flaw on Tuesday, and dubbed it POODLE – short for Padding Oracle On Downgraded Legacy Encryption. It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol – from Google Chrome and Mozilla Firefox to Microsoft Internet Explorer.

To fix it in nginx use the following options:

For Apache:

Basically, disable SSLv3.

Stats on SSLv3 usage can be found here – POODLE Attack and SSLv3 Support Measurement

CloudFlare also noted only 0.65 percent of the HTTPS encrypted traffic on CloudFlare’s network uses SSL 3. (which is a good sign) and shows this should not have a massively wide spread effect.

Google security bod Bodo Möller explains that snoopers can trigger network faults to push web browsers into using SSL 3.0, an 18-year-old protocol that should have been binned long ago. Ideally, the browser should be using the superior encryption protocol TLS, which does not suffer from the POODLE shortcoming.

“Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue,” Möller said. One simple solution is to stop using SSL 3.0 and instead use TLS only. This applies to web browsers and websites.

Google’s response to the flaw is to scrub SSL 3.0 support from its flagship Chrome browser. Websites and other browsers are also expected to end support for SSL v3 as it’s now considered insecure by design, and instead enforce the use of TLS for HTTPS connections. Google also recommends browsers and web servers use TLS_FALLBACK_SCSV, the Transport Layer Security Signalling Cipher Suite Value that blocks protocol downgrades.

Doing so will be more effective than simply killing off SSL 3.0 support: that’s because using this magic value should prevent all future downgrade attacks. Chrome and Google’s web servers already support TLS_FALLBACK_SCSV, we’re told.

Websites that end support for SSL v3 will become incompatible with older browsers and OSes – particularly Internet Explorer 6 and Windows XP. The POODLE vulnerability could well be the final nail in the coffin for machines stuck on IE6 and XP once major websites stop supporting the legacy insecure protocol.

Firefox has already pushed out an update of their browser with SSLv3 disabled, but only for the nightly build. It will hit the public on November 25th when Firefox 34 is released, their notes are here – The POODLE Attack and the End of SSL 3.0.

There’s a good technical analysis of the flaw here: POODLE attacks on SSLv3

The full paper is here: This POODLE Bites: Exploiting The SSL 3.0 Fallback [PDF]

If you want to check your servers I suggest using this SSL diagnostic tool which will show you what protocols your setup supports:

DigiCert® SSL Installation Diagnostics Tool

It will also point out if you’re using SSLv3.0 and mark you as insecure if you are. A secure setup should return the following:

Protocol Support

TLS 1.2, TLS 1.1, TLS 1.0

Source: The Register


14 October 2014 | 882 views

ThreadFix – Vulnerability Aggregation & Management System

ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted. ThreadFix empowers managers with vulnerability trending reports that show progress over time, giving them justification for their efforts.

ThreadFix - Vulnerability Aggregation & Management System

ThreadFix also allows users to input the results of manual penetration testing, code review and threat modeling to provide a comprehensive view of software security for an organization. Once a unified list of security vulnerabilities has been created, ThreadFix allows application security managers to further prioritize discovered vulnerabilities via a centralized dashboard. The platform allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. As the development team resolves defects, status updates are synchronized within ThreadFix, enabling the security team to schedule follow-up testing to confirm that security holes have indeed been closed.

Features

  • Consolidated View of Application Test Results – Consolidate and de-duplicate imported results from open source, commercial dynamic and static scanning tools, as well as the results of manual testing and threat modeling to get a complete view of the state of your applications.
  • Reports – Get the latest security status of your applications while providing an eagle’s-eye view of your organization’s progress over time to pinpoint any process problems.
  • Defect Tracker Integration – Help security professionals translate application vulnerabilities into software defects and push tasks to developers in the tools and systems they are already using.
  • Virtual Patching – Create virtual Web Application Firewall (WAF) rules to help block malicious traffic while vulnerabilities are being resolved. While your organization takes on remediation of your applications, virtual patching helps guard against common vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injections.
  • Compatible with Open Source and Commercial Products – ThreadFix is compatible with a number of commercial and freely available dynamic and static scanning technologies, SaaS testing platforms, IDS/IPS and WAFs and defect trackers.

You can download Threadfix 2.1RC1 here:

2.1RC1-tag.zip

Or read more here.


10 October 2014 | 1,536 views

Retarded E-mails – Satilight Hacking, Website Cloning, Detailo & More!

It’s been a good 3 years since my last entry in this category and I’ve had a steady stream of retarded e-mails recently fit for posting. Plus I actually had 1-2 people e-mail me and tell me they missed the posts in the Retards category and that it always gave them a good laugh – so please could I post some more.

Retarded E-mails

So yah, here we are – let’s see what we’ve harvested from the crop this time around.

An evergreen classic, he really can’t download ‘the hacking tools’.

From: kj
Subject: hacking software

Message Body:
darknet,
im still having trouble downloading the hacking tools..can you help where i can get this..
credit card wizard v.1.1
and for bank account..and money transfer software..damn im really broke..help me..

Another very common theme amongst these e-mails, that I seem to be some free resource for helping people to hack random stuff.

From: binshad
Subject: brutus

Message Body:
sir,
i need your help i want to bruteforce and i want to crack the password from a website freesms8.com using brutus ae2. i cannot able to configuare the brutus for that attack can you help me. its .aspx website dotnet.

PERHAPS LEARN HOW TO USE CAPS LOCK FIRST.

From: Ras Wayne
Subject: I WANT TO LEARN HACKING

Message Body:
I WOULD LIKE TO LEARN HACKING,CC HACKING AND ALSO BANKS INFO HACKING, LET ME KNOW IF YOU GUYS CAN BE OF HELP.

THANKS.

Free cash, what does that even mean? Surely if cash is free it has no intrinsic value – wait, is that too deep?

From: jemma
Subject: cash fast

Message Body:
how to get free cash fas

Er what? I guess the answer is yes, but that’s because I don’t really understand the question.

From: marijan
Subject: question

Message Body:
is it possible to hack a usb modem to hack mobile internet. its a huawei k3520 model

If you need to hack a college/uni to get in, you should perhaps be thinking about vocational qualifications.

From: Akinsola
Subject: ADMINISTRATION HACKING TOOLS FOR INSTITUTION

Message Body:
Which tool can i use to hacking a website, to give me admission into their institution

This guy sounds reasonably articulate, which makes the fact he wants to completely rip off someone elses hard work even sadder. He included his whole home address, phone number, fax number and name.

From: Kip
Subject: Building a new website – copying from an existing website.

Message Body:
Building a new website – copying from an existing website.

I have a question: Is there a way to extract the username and password of a hosted website? Can someone copy a website on their computer, (without having the username and password). Then edit it and make it in a completely new website with their name and details, and changes. And then publish it with a new hosting.
The idea is to take the help and advantage of the built in coding.
I want to duplicate the formula of some successful money making websites. Please tell me if this is possible. Kindly help.

All .zip downloads with passwords have the passwords CLEARLY stated in the post. If you can’t read, you probably shouldn’t be trying to hack stuff.

From: Abdirizak
Subject: I need your help

Message Body:
Hello,

I am hereby want to help me your tools is restricted by password please tell me.

I want to learn in the detailo too.

From: Ronnie
Subject:

Message Body:
How can I learn Hacking in detailo???Please mail me…..

This one is just strange.

From: Semy Chan
Subject: ORDER

Message Body:
Dear sir

I’m very interest with your product. I’d like buy some of your product,

but before I order from you I want ask something:

– Do you accept credit card payment ?

– Could you dispatch to singapore ?

and i want buy :

-CTEK Multi XS 25000 Battery Chargers QTY: 15 Unit

Please calculate total cost my order including shipping cost via
fedex Express ,DHL or UPS EXPRESS ship to singapore, Looking forward
hearing from you soon.

Best regards

Man this satilight sure does sound like fun.

From: vijay
Subject: satilight hacking

Message Body:
i want satilight hacking software.and mobile hacking software.

Well Sue, thanks for letting me know.

From: Sue
Subject: Google Chrome

Message Body:
I had to uninstall it because my facebook got hacked through it and couldn’t make any security changes until I uninstalled it.

I would hazard a guess this has to do with our Elevator Hacking post, but I think he missed the point somewhat.

From: Fon Abumbi
Subject: Elevator Lift:

Message Body:
I am looking for a company that is capable of supplying large quantity of Passengers Elevator Lifts to the republic of Cameroon.

For sure, want me to come over and pre-digest your food for you as well?

From: youngkizzy
Subject: need full hacking tutorial sent to my mail.

Message Body:
pls i will like you to mail me full hacking tutorial in pdf format, pls i in haste to see your reply….Thanks

Well just because you asked and it will make you seriously LOL.

From: SlyTheGod
Subject: Retards?

Message Body:
Sorry to bother you, but I have been looking through your “retards” section and saw some questionable stuff. If you are so sure something is retarded, what is your example of a non-retarded question? If you don’t want us to ask you how to hack, then what do you want us to send you? Why do you even have a “contact us” section? Would it be “retarded” to ask how to sql inject into a site? If you put this as a retarded question I will seriously LOL.

I have the Contact Darknet page for people to send me news articles and tool information/updates not for nob-end skiddies to ask me how to sql inject into a site. Basically, don’t use the contact form to ask me any questions unless it’s something along the lines of “How much does it cost to advertise on your site?”.

I’m fine with questions along those lines. It actually states on the Contact Darknet page, exactly in explicit terms why it exists:

Drop us a line here if you have an interesting story or article to share, tool updates and announcements are most welcome – especially if you have something new you would like to share with our readers.

This selection was from January-October 2011, more here – Retards.