Next to do:
1) Think up some ideas for posts
2) Get some members to join up as authors
3) Get some input on the site design
4) Write the about page (Dig up those old memories, perhaps go back through the old Darknet HTML site)
5) Get some incoming links
6) Get some sites to promote the relaunch of Darknet [...]
Hi….
It is a nice idea. I hope we all can put up some stuff, something that we are interested in and something that will get our grey cells working.
Maybe someday …. just maybe…this will evolve into an idea….a killer app!
Darknet is currently undergoing a relaunch, it has been rebuilt from scratch in a new style using a powerful and extensible open source CMS called Wordpress.
If you wish to contribute please contact us for access to the site.
We are looking for people to write articles about anything to do with Hacking, Cracking or Information Security.
Topics [...]
You can find the famous Darknet Links list here:
Hacking and Information Security Links
You can find the tools/guides/hacking tutorials here:
Hacking Tools, Tutorials, Papers Guides and more
How to Secure Windows 2000/Win2k
How to Install Debian Guide/Tutorial
Darknet Hacking/Cracking Trojan & Virus TCP/UDP Port List
All this information will be replaced with new updated versions as we work on the site [...]
With the advent of Web 2.0 and more powerful, user friendly web applications, security and privacy concerns have increased.
Moreso with the new version of Google Desktop coming out, although this is not strictly a web application, they will be storing your data online.
Yes, version 3 adds the ability to “access your documents from anywhere”, or [...]
Nmap (”Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts [...]
Sheriff Brian Rahn said the man made coffee, cooked and ate meals, took showers, picked out a change of clothes, watched television and checked his e-mail during the burglaries.
He left behind valuables, including jewelry, firearms and electronic equipment, Rahn said.
He also allegedly stole a car in the town of Wayne in the last of the [...]
BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions namely Whax and Auditor.
Combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.
Based on SLAX (Slackware), BackTrack provides user modularity. This means the [...]
By using one of the many mobile phone location tracking services aimed at businesses or concerned parents, and some trickery it is possibly to get almost anyone’s mobile phone position without their agreement. All that is required is their mobile phone number, and carrier.
Over the past year a number sites have popped up offering web [...]
Check it out!
US President George W. Bush visited the NSA headquarters at Fort Meade in January 2006. A wall-sized status screen in the background displays the latest versions of Nmap and some of our other favorite open source tools. Pictures were printed in the February 6, 2006 edition of Newsweek (article) and the Jan 27 [...]
A Spanish hacker who launched a denial of service attack that hobbled the net connections of an estimated three million users has been jailed for two years and fined €1.4m. Santiago Garrido, 26, (AKA Ronnie and Mike25) launched the attack using a computer worm in retaliation for been banned from the popular “Hispano” IRC chat [...]
AnonymousInet has relaunched! A nice clean FREE web based proxy service.
http://www.anonymousinet.com/
Works great for me, it’s fast and free!
It also encodes the URL so stupid simple content filters wont stop it.
Google has offered multiple reasons why it shouldn’t have to comply with a Justice Department subpoena. One is privacy. An excerpt:
If Google is forced to compromise its privacy principles and produce to the Government on such a flimsy request, its search query and URL data, Google will, without a doubt, suffer a loss of trust [...]
As the German IT portal heise online conveys, a new security hole in the Safari webbrowser for Apple’s Mac OS X has been discovered. This security hole is rather severe, as it invokes the execution of shell scripts under certain circumstances.
Once again the Safari option “open ’safe’ files automatically after download†bears the blame. If [...]
Back in September, we posted about Thomas Slattery, an unhappy iTunes user who filed a class action lawsuit against Apple alledging that Apple has a monopoly over the digital music and digital music player market with iTMS and iPods. Back then, the judge dismissed a number of items in Apple’s favor, but didn’t dismiss the [...]
Internet search giant Google Inc.’s controversial expansion into China now faces possible trouble with regulators after a Beijing newspaper said its new Chinese-language platform does not have a license.
The Beijing News reported on Tuesday that Google.cn, the company’s recently launched service that accommodates the China’s censorship demands, “has not obtained the ICP (Internet content provider) [...]
January at a glance: Vicious and Varied
The numbers are indeed concerning: 19 new email-born significant virus attacks, of which a troubling 8 (42%) were graded “low intensity”, 7 (37%) “Medium Intensity” and 4 (21%) were massive attacks – a rare phenomenon for a single month.
One outbreak of specific interest, consisting of 7 variants, illustrates how [...]
Phishing is a difficult enough form of fraud to avoid for most computer users, but when some of the biggest names in the financial industry fail to do their part to detect and eliminate these online scams, consumers often are placed in an untenable situation.
Case in point: A source recently forwarded a link to one [...]
This is just an introductory article about myself, nothing interesting (for the most of you) will be revealed in this article, I re-edited it because it had to meet the EU standards (you know Romania will be part of it on 1st of January 2007).
A long time ago…
…I was a big game addict, computers had [...]
Companies could find themselves put up for public humiliation by the U.S. Federal Trade Commission if they continue to advertise through insidious ad-serving software.
Such a move might help in the battle against adware, FTC Commissioner Jon Leibowitz said Thursday at an event here hosted by the Anti-Spyware Coalition. Adware is software that displays pop-up ads [...]
OWC (Other World Computing) is a great site for buying parts for the mac. Their prices are quite cheap if you compare prices with stores in asia. Two days back (21/2/06) they got their hands on a Macbook Pro, which they received at 10:30pm and managed to take it all apart by [...]
Google Enterprise has reacted to privacy concerns and released Google Desktop 3 Enterprise.
It responds to security concerns allowing full administrator control, letting them use the standard group policy settings to completely disable features, including the controversial Search Across Computers feature which you can read about in our original article.
Google Enterprise’s [...]
SAN JOSE, California — Identity theft and online bank fraud were the unofficial themes of the 2006 RSA Conference, a massive security confab where Bill Gates came to announce the imminent death of the password and vendors filled the exhibition halls with iPod giveaways and promises that their product could stop everything from spam and [...]
Yes that’s right, big brother wants a backdoor in your operating system even MORE of a reason to use Open Source alternatives that we can audit ourselves eh?
There has been talk of such things in the past, US government backdoors in common cryptography algorithms and now talks of backdoors in the most popular OS in [...]
Well it’s not really a backdoor… but we can consider it one…
Some time ago it apeared on many websites (including mine) an article about a backdoor in mIRC… all this backdoor stuff was really nothing more than a mIRC script that by it’s mean made the client to respond at any command received via a [...]
Here’s a series of well written IBM Linux tutorials to help you learn Linux fundamentals and prepare for system administrator certification. The LPI prep tutorials help you prepare for the topics in LPI exam 201 and the topics in LPI exam 202.
You can find more about the certification at the Linux Professional Institute.
I’ve been meaning [...]
The UK government stated:
If Mozilla permit the sale of copied versions of its software, it makes it virtually impossible for us, from a practical point of view, to enforce UK anti-piracy legislation
It seems they really don’t understand the whole open source thing do they? You can’t pirate open source software, you can however sell it [...]
Looking to streamline the collection of malware samples, two of the biggest honeypot projects—mwcollect and nepenthes—have merged operations.
The two projects, which passively trap viruses, spyware and other forms of malicious software by emulating known vulnerabilities, will combine operations to develop a single malware collection tool, according to an announcement my mwcollect head developer Georg Wicherski.
The [...]
What is RainbowCrack & Rainbow Tables?
RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique.
In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically [...]
Now after the huge Sony BMG Rootkit fiasco, this has become quite a hot topic, how far can vendors go to enforce their ‘Digital Rights Management’ (or Digital Restrictions Management as we like to call it), can they install a rootkit on your machine and hook into your OS? Can they take over your PC [...]
Following the recent post by backbone, I decided to post a short introduction as well.
Background
I am from The Netherlands, Europe — a country most people probably have heard about. Either because of the legendary HackTic-foundation that later started the ISP XS4ALL and otherwise undoubtably because of our liberal stance towards soft-drugs and prostitution.
I have [...]
A little bit crazy eh?
Sex workers cry foul, say game “accrues points to players for the depiction of rape and murder of prostitutes.”
The Grand Theft Auto franchise is getting attacked from all angles. Joining the ranks of politicians, policemen, and attorneys in their crusade to see the game lifted from shelves are the nation’s sex [...]
This is actually a very interesting debate.
Just to introduce if you don’t know..
What is Penetration Testing
A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious cracker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. [...]
This is a tutorial web book. All 152 pages of the large paperback book with 96 diagrams are on 38 web pages here.
Even if you know nothing about electronics, you have come to the right place.
If you are wondering how microprocessors work, you have come to the right place. A microprocessor is a small processor.
If [...]
Interesting to see which RSS aggregators and readers Digg users are using.
As you can see after being ‘digged’ on Monday February 27th, the RSS subscriber base spiked from about 21 up to 182 at the highest point, after a day it receded back to around 150, and now it’s about 130.
The biggest Agent in the [...]
the following exploits (if we can call it this way) was published on securityfocus bugtraq mailinglist… it is entirely reproduced in the following lines:
Norton Internet monitoring tools issues
Versions Affected : *
Fix : No
What im writing about is how to stop the internet of some user that is
using the norton tools and IRC / any other [...]
It seems like script kiddies have been taking full advantage of the bug we talked about in the Symantec software. Do companies never learn?
Script kiddies have been taking advantage of intrusion prevention features of Symantec’s Norton Firewall and Norton Internet Security Suites to knock users offline in IRC channels, according to an amusing post at [...]
So you better make sure you do.
As we discussed in the article on Social Engineering in Penetration Testing, it’s not that the employees don’t care as such, it’s that they don’t know. They haven’t been educated, they are ignorant, their awareness of best practise is low.
An experiment carried out within London’s square mile has revealed [...]
The RIAA’s latest tactic, is to reveal to Santangelo and her new lawyer that they’ve been investigating her children, and have been able to collect a lot of non-public information. The RIAA will probably claim that the info is related to the case, but it certainly borders on using scare tactics, and trying to intimidate [...]
Last year, we noted how some security products could cause conflicts that would cause computers to lock up — but there’s another (less troublesome) trend that’s happening as well: security products declaring competing products as malware and removing them.
Just a little over a week ago, the latest version of Microsoft’s anti-spyware offering declared Symantec’s anti-virus [...]
Amazing, now ripping YOUR OWN CD’s to use on YOUR iPod is not fair use according to the new DMCA rulings currently being created.
As part of the on-going DMCA rule-making proceedings, the RIAA and other copyright industry associations submitted a filing that included this gem as part of their argument that space-shifting and format-shifting do [...]
Requirement: To connect to a VPN server in a different country.
Situation: A country which has proxies at every gateway.
Issues: VPN based on IPSec is fussy when it comes across networks which are NAT’ted/ proxied. The Security Parameters Indexes don’t match and clients do not get connected.
Objective: To connect VPN server in a corporate network using [...]
2. Why OpenVPN
Here, in this article, I will lay down the emphasis on one important Open-Source SSL VPN software written by James Yonan and contributed by several others, which proposes security without the inherent complexity of IPsec AND using a trusted design of client component and VPN server.
Usually VPNs require end points which are trusted. [...]
3. Brief How-to ….. OpenVPN and Site-to-Site Tunnels.
OpenVPN can be implemented either Site-to-site or client-server model. I will take example configurations of both models.
If you want to implement site-to-site configuration, the best way is to use static-keys instead of PKI. Using static keys, you can have your VPN tunnel up and running in a jiffy.
First, [...]
Windows Rootkits are a big rarity in this modern web hacking tehnology…
I won’t speak exactly about rootkits, because it’s impropriate to call them that way… why? Well rootkits are programs that aid you in getting access to root level users…
So in the case we are using Windows rootkits we should call them admkits (admin kits [...]
4. Brief How-to …. Creating Multiple clients to Single site tunnels.
Example of using PKI to create a client-to-site VPN:
For a road warrior or roaming/multiple user scenario, static keys based VPNs don’t scale well. You will need to implement a PKI if you have Hub and Spoke architecture of VPN.
From the OpenVPN.net website:
Static Key advantages
Simple [...]
1. Introduction
This article describes and partly implements a method to delete or re-locate, potentially sensitive and / or incriminating information from your UNIX flavoured machine, after the sad event of your death.
An older version of this article has been published before, yet it has since disappeared from the Internet and the Google cache; hence this [...]
Types of activities that will become illegal under the proposed laws include making or supplying “hacking tools”- computer programmes or code that can help crack passwords or bypass security systems - and will be punishable by up to two years in prison.
Isn’t this legitimate action for any security enthusiast, hobbiest or professional involved in penetration [...]
The new “features” this time are primarily performance improvements possible due to the use of better algorithms (bringing more inherent parallelism of trying multiple candidate passwords down to processor instruction level), better optimized code, and new hardware capabilities (such as AltiVec available on PowerPC G4 and G5 processors).
In particular, John the Ripper 1.7 is a [...]
Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system.
The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a [...]
This could be the end of reverse engineering in France sadly, I hope it doesn’t have repucussions in other parts of the world.
I think it’s the end of using reverse engineering tools to find flaws in France. Maybe the next step will be to forbid the possession of debuggers and disassemblers.
It’s a valid course of [...]
Well seen as though I tell the others to do some kind of introduction, probably I should do one for myself too.
Then
I started out with a Spectrum ZX-81 back in the olden days, typing whole games out of the Spectrum magazines I picked up from charity shops.
Yah it had no tape drive, no disk drive, [...]
1. BackTrack
The newest contender on the block of course is BackTrack, which we have spoken about previously. An innovative merge between WHax and Auditor (WHax formely WHoppix).
BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention [...]
Shaolin introduced him self, and said he had asked every one to do like wise. News to me mate or did that slip my mind? Can’t see how it could but one never knows…
So, any way, who the hell am I? I have known Shaolin for years, he might have some idea how many, [...]
This is old news to those who already knows about it (Found out about it last year and tested it till now). But i just had to try it before actually posting it up.
Do you get tired of being in an elevator and someone else gets on every other floor in between the floors [...]
The fact is Windows is getting ripped apart with viruses, spamware, spyware, zombie clients, trojans worms and whatever else you can think of.
Mac and Linux aren’t (at the moment), there are already Bluetooth viruses, so why not Linux and Mac..
Some may say it’s because they are inherently more secure, the architecture and user privelege seperationg [...]
Each day I check out the technology section of the bbc site, ok, its not the most in-depth, or techy site in the world, but it covers interesting stuff.
One interesting article http://news.bbc.co.uk/1/hi/technology/4816520.stm talks about getting a mac to run windows. That in it self is quite cool, but to my mind its the wrong way.
Who [...]
I’ve seen quite a lot of discussion lately on how to ‘defend against nmap’ or how to change the properties of your TCP/IP Stack so your Windows OS appears to be something else (As in you can guess the OS from the TTL value passed back in a TCP/IP packet).
One way you can do this [...]
No it’s not AJAX Amsterdam… it’s something more interesting (or boring to some of you)… so let’s get it started….
I. Introduction
AJAX stands for Asynchronous JavaScript And XML… It is a new technology which comes to help any web developer who really is interesed in dynamic webpages…
Click here for a overview of the AJAX Technology…
II. The [...]
Im a tinkerer. I can’t say I’m expert in anything more than ASP and MSSQL, but I make a point of playing and learning anything new and wanky. I’ve tweaked dBase, fiddled with Python, installed Apache, destroyed MS2003 server, plugged in SUN boxes, screamed at VisualStudio, urinated on Fedora, set fire too Game [...]
Is it ethical or even legal to charge for other peoples work?
As far as I know France seems have some pretty strong (and weird) copyright laws.
And yes, they are blaming French Laws prohibiting full disclosure.
In conformity with applicable French laws prohibiting Full-disclosure, the FrSIRT will no longer distribute exploits and PoCs on its public [...]
Version 1.2 (Beta) of the pwdump6 software has been released.
There are three major changes from the previous version:
Uses “random” named pipes (GUIDs) to allow concurrent copies of the client to run. This is predominately for the next version of fgdump, which will be multithreaded.
Will turn off password histories if the requisite APIs are not available [...]
The main thing is the massive kernel overhaul, it’s actually adding some decent functionality and refining the architecture to become more like Linux!
While the kernel in Vista is still primarily the same one as in Windows 2000 and XP, there have been some significant changes to tighten up security. Fewer parts of the OS [...]
Introduction
kArp is a linux patch that allows one to implement ARP hijacking in the kernel, but control it easily via userland. You may configure, enable and disable kArp via ProcFS or the sysctl mechanism.
kArp is implemented almost on the device driver level. Any ethernet driver (including 802.11 drivers) is supported. The kArp code is [...]
Is Open Source more secure? That’s a question that can be answered with both yes and no. Not only that, but the reasons for the “yes†and the “no†are fairly much the same. Because you can see the source the task of hacking or exploiting it is made easier, but at the same time [...]
Good I say, nothing worse than a spammer.
A bulk e-mailer who looted more than a billion records with personal information from a data warehouse has been sentenced to eight years in prison, federal prosecutors said Wednesday.
Scott Levine, 46, was sentenced by a federal judge in Little Rock, Ark., after being found guilty of breaking into [...]
Ever wanted to download those cool videos from youtube.com? (Its an online video storage site similar to imageshack.us for storing images) and can’t because those peeps made it difficult for you to just download them offline? Well now you can !!
Go to fileleecher.com and follow the instructions on how to copy the youtube.com [...]
One way to defend against OS fingerprinting from tools such as nmap, queso, p0f, xprobe etc is to change the metrics that they base their analysis on.
One way to do this with OpenBSD is to use Sealing Wafter.
Goals of Sealing Wafter:
1. To reduce OS detection based on well known fingerprints network stack behavior.
2. To have [...]
Internet Storm Center’s always informative Diary has some good information.
At the urging of Handler Extraordinaire Kyle Haugsness, I tested the sploit on a box with software-based DEP and DropMyRights… here are the results:
Software-based DEP protecting core Windows programs: sploit worked
Software-based DEP protecting all programs: sploit worked
DropMyRights, config’ed to allow IE to run (weakest form of [...]
Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds.
We mentioned it in our RainbowCrack and Rainbow Tables article.
Changes:
(feature) support of the new table set (alphanum + 33 special chars - [...]
At the place I pretend to work, the time has come that most developers equally fear and love, upgrade time. We’ve been using MSSQL2000 for 90% of our work for about 4 years now, and it’s served us well, but when a change as big as 2005 server comes along, you have to make the [...]
Basically the Americans are saying a lot of their sensitive govermental organisations are using Snort and they don’t want the software to be controlled by an Israeli company, they see it as a threat.
The same Bush administration review panel that approved a ports deal involving the United Arab Emirates has notified a leading Israeli software [...]
Honestly, I always thought it’s ok..
Why not, if someone puts a seat in the middle of a public walkway I can sit on it right? I don’t need to ask permissions, nor fear I am doing something wrong.
Likewise if someone broadcasts an open wireless network into my house or office or a public space, I [...]
Haha, well serves them right, get out and get laid guys.
Online payment company iBill on Thursday said a massive cache of stolen consumer data uncovered by security experts did not come from its database.
“I’m the first person that would have taken this to the FBI and the first person to have gone on 60 Minutes [...]
As I’ve been Digged about 5 times now…and somehow got Slashdotted (whilst I was sleeping) until my server crashed and my host started crying..and my bandwidth went out.
I can give a reasonable comparison between Slashdot and Digg traffic.
From what I’ve seen Digg traffic is between 4,000 and 20,000 hits depending what time it hits the [...]
I remember some time back Netcraft developed an anti-phishing toolbar for Internet Explorer Exploder and Firefox.
You can check it out here:
Netcraft Toolbar
Protect your savings from Phishing attacks.
See the hosting location and Risk Rating of every site you visit.
Help defend the Internet community from fraudsters.
Then recently Google has come out with the Safe Browsing Extension for [...]
So a friend of mine received a spam, which is not unusual, but this one was a little different.
This guy is in Malaysia, and the spam he usually receives is from all over the place, mostly US-centric, but this one was targetting Malaysians, Malaysian spammer producing Malaysian spam, is it the first?
I asked for him [...]
I recently found on securityfocus mailinglist a bug in IE which can be exploited with a simple javascript code to spoof the address bar location…
This allow attacker inject a malicious shockwave-flash application into Internet Explorer while it is display another URL (even trusted sites).
The vulnerability has been confirmed on a fully patched system with Internet [...]</