Archive | February, 2006

NSA Tracking Nmap and Other Open Source Tools

Your website & network are Hackable


Check it out!

NSA Nmap

US President George W. Bush visited the NSA headquarters at Fort Meade in January 2006. A wall-sized status screen in the background displays the latest versions of Nmap and some of our other favorite open source tools. Pictures were printed in the February 6, 2006 edition of Newsweek (article) and the Jan 27 Washington Post (article). The page on the screen is the Talisker Radar. We don’t like the NSA tracking our phone calls and email, but they may track Nmap releases all they want.

Loading an external web site on their giant screen was risky.

Source: Insecure.org

The picture was printed in the Washington Post.

I imagine their normal NOC/SOC screen isn’t so interesting and they were like “Bush is coming, anything pretty to put on the projector?”


Posted in: General News, Hacking Tools

Tags: , , , ,

Posted in: General News, Hacking Tools | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,427 views
- eEye Launches 0-Day Exploit Tracker - 85,637 views
- Seattle Computer Security Expert Turns Tables On The Police - 44,166 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Locate anyone in the UK via SMS

Your website & network are Hackable


By using one of the many mobile phone location tracking services aimed at businesses or concerned parents, and some trickery it is possibly to get almost anyone’s mobile phone position without their agreement. All that is required is their mobile phone number, and carrier.

Over the past year a number sites have popped up offering web based mobile phone tracking services. To use their services you purchase a monthly subscription or set number of credits, and enter in the targets phone number. The target then receives an SMS message asking them to confirm they consent to the tracking. After the target replies, the tracker can then request their position online and receive a street address, post code, and map of their location with an accuracy of around 250 meters.

Source: Rootsecure

  • Although it is possible to get the location of a phone the target will receive the various SMS confirmation messages, alerting them to the fact they are being tracked.
  • Malicious use can be traced back to the tracker via credit card records / the trackers registered phone.

More:

For the past week I’ve been tracking my girlfriend through her mobile phone. I can see exactly where she is, at any time of day or night, within 150 yards, as long as her phone is on. It has been very interesting to find out about her day. Now I’m going to tell you how I did it.

The Guardian

A service has launched in the UK which allows you to track any mobile phone around the globe and follow its movements from your own computer. The Guardian ran a feature on it yesterday called ‘How I stalked my girlfriend’. It painted a scary picture.

The service is run by World-Tracker, a company based on the Isle of Man. When a mobile number is entered onto the World-Tracker website, a text message is sent to that phone, to ask if the person carrying the phone wishes to be tracked.

The Register


Posted in: Telecomms Hacking

Tags: , , , , , , , , , , ,

Posted in: Telecomms Hacking | Add a Comment
Recent in Telecomms Hacking:
- DNS DDoS Attack Takes Down China Internet
- Legal to Unlock Cell Phones Since November 2006
- THC Releases Nokia Phone ROM Images

Related Posts:

Most Read in Telecomms Hacking:
- Locate anyone in the UK via SMS - 35,696 views
- Legal to Unlock Cell Phones Since November 2006 - 14,628 views
- Caller ID Spoofing is Still Easy- FCC Investigates - 12,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


BackTrack – A merger between WHAX and Auditor

Find your website's Achilles' Heel


BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions namely Whax and Auditor.

Combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.

BackTrack

Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

A full list of the tools in BackTrack are available now.

You can download BackTrack now.

I’m pretty excited about this as WHAX and Auditor were my favourite two bootable security Distros, I’ve been using WHAX since wayback when it was WHoppix, and it was a bit cheesy.

I’ve also found F.I.R.E, Helix and plain Knoppix useful.


Posted in: General Hacking, Hacking Tools, Security Software

Tags: , , , , , , , ,

Posted in: General Hacking, Hacking Tools, Security Software | Add a Comment
Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,170,823 views
- Hack Tools/Exploits - 628,647 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 435,408 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Dumbest Thief Ever Busted by E-mail Habit

Your website & network are Hackable


Sheriff Brian Rahn said the man made coffee, cooked and ate meals, took showers, picked out a change of clothes, watched television and checked his e-mail during the burglaries.

He left behind valuables, including jewelry, firearms and electronic equipment, Rahn said.

He also allegedly stole a car in the town of Wayne in the last of the incidents, Schmidt said.

Lori Menzel of the town of Kewaskum said the burglar left his Yahoo! account open after checking his personal e-mail on the computer at her home.

“He never logged out,” she said, adding: “He made himself at home here. He spent some time in our bedroom trying on my husband’s clothes. I could tell he went through some of my clothes.”

Baraboo police officers saw the suspect Thursday inside a vehicle near the Sauk County Courthouse shortly before 1 p.m., Sinden said.

Source: Associated Press

Can anyone say dumbass?

Man criminals are getting stupid, they used to pretty smart, they used to be pretty devious, they used to innovate…now any idiot can be a criminal.


Posted in: General News

Tags: , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,427 views
- eEye Launches 0-Day Exploit Tracker - 85,637 views
- Seattle Computer Security Expert Turns Tables On The Police - 44,166 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Nmap 4.01 Released – New Features

Your website & network are Hackable


Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Things that we consider userful in the extensive announcement are:

  • Added the ability for Nmap to send and properly route raw ethernet frames containing IP datagrams rather than always sending the packets via raw sockets. This is particularly useful for Windows, since Microsoft has disabled raw socket support in XP. Nmap tries to choose the best method at runtime based on platform, though you can override it with the new –send-eth and –send-ip options.
  • Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to determine whether hosts on a LAN are up, rather than relying on higher-level IP packets (which can only be sent after a successful ARP request and reply anyway). This is much faster and more reliable (not subject to IP-level firewalling) than IP-based probes. It is now used automatically for any hosts that are detected to be on a local ethernet network, unless –send-ip was specified.
  • Overhauled UDP scan. Ports that don’t respond are now classified as “open|filtered” (open or filtered) rather than “open”. The (somewhat rare) ports that actually respond with a UDP packet to the empty probe are considered open. If version detection is requested, it will be performed on open|filtered ports. Any that respond to any of the UDP probes will have their status changed to open. This avoids the false-positive problem where filtered UDP ports appear to be open, leading to terrified newbies thinking their machine is infected by back orifice.
  • Integrated tons of new OS detection fingerprints. The database grew more than 50% from 1,121 to 1,684 fingerprints. Notable additions include Mac OS X 10.4 (Tiger), OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along with a new “robotic pet” device type category), the latest Linux 2.6 kernels, Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64 UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO 3.8.X, and Solaris 10. Of course there are also tons of new broadband routers, printers, WAPs and pretty much any other device you can coax an ethernet cable (or wireless card) into!

There is also a completely new man page, you can view it online too.

Fyodor has also given an interview on the release on Nmap 4.


Posted in: Hacking Tools, Network Hacking, Security Software

Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Security Software | Add a Comment
Recent in Hacking Tools:
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- UFONet – Open Redirect DDoS Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,986,851 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,455,605 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 683,972 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Google Desktop Privacy? OR Lack Of..

Find your website's Achilles' Heel


With the advent of Web 2.0 and more powerful, user friendly web applications, security and privacy concerns have increased.

Moreso with the new version of Google Desktop coming out, although this is not strictly a web application, they will be storing your data online.

Yes, version 3 adds the ability to “access your documents from anywhere”, or search across machines..meaning they’re sent to Google’s Servers.

EFF’s article about it

And yes, they will RETAIN your data for 30 days.

This means your data is stored WITH Google for 30 days, if you like it or not, so the security of your data is totally under the control of Google, not you.

Not so great eh?

Even with version 3 Google ‘connected’ its Desktop Search software.

Google has unveiled a updated version of its Google Desktop tool that will automatically transfer information between computers.

Google Desktop version 3 allows users to search and access information from any computer that runs the software, a feature that Google refers to as Search Across Computers.

A user could, for instance, access a personal file from his work PC or share information between computers in different rooms in a house.

The new version was very innocently introduced at the Google Blog.

Now there’s v.3, in which you can also search across multiple computers to find your information. You don’t have to worry about where it lives; it’s available anywhere you are. If you’ve ever created a document but forgot whether it’s on your laptop or desktop, then you can appreciate why we built this feature.

Imagine the implication of this aswell, if you can hack Google Desktop, or somehow redirect it to Search other peoples machines?

Imagine the fun we are going to have with this.

Plus the added prize now of breaking into Googles datacenter, with thousands or perhaps millions of PC’s cached their with all that lovely private data.

Something to think about eh?

We’ll be writing more about AJAX/Web 2.0 security soon, watch this space.


Posted in: General News, Windows Hacking

Tags: , , , , ,

Posted in: General News, Windows Hacking | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,427 views
- eEye Launches 0-Day Exploit Tracker - 85,637 views
- Seattle Computer Security Expert Turns Tables On The Police - 44,166 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Call for Authors and New Members for Relaunch of Darknet

Find your website's Achilles' Heel


Darknet is currently undergoing a relaunch, it has been rebuilt from scratch in a new style using a powerful and extensible open source CMS called WordPress.

If you wish to contribute please contact us for access to the site.

We are looking for people to write articles about anything to do with Hacking, Cracking or Information Security.

Topics such as tutorials, discussions, news, exploits, tool releases, coding tutorials, hacking games, cryptography and anything else that’s relevant.

The site is to share knowledge and enable us to learn from each other and to share something with the public, hopefully creating some positive discussion.

Maybe we can rewrite and renew/update some of the old darknet articles.

Any ideas are welcome, mail with your preferred username and what you think you’ll be able to write about.

Darknet has been around since 1999 in one form or another and at certain times has been quite well known.

We are also looking for incoming links (we will exchange links if your site is relevant and of a good quality) and people to promote the Darknet relaunch, and do some PR legwork.

Also looking for any graphic designers to do links/buttons, and of course anyone else interested can just link to us.

Cheers!

– Darknet Founder


Posted in: Site News

Tags: , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,603 views
- Get the ball rollin’ - 19,005 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,264 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Get the ball rollin’

Your website & network are Hackable


Hi….

It is a nice idea. I hope we all can put up some stuff, something that we are interested in and something that will get our grey cells working.

Maybe someday …. just maybe…this will evolve into an idea….a killer app!


Posted in: Site News

Tags:

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,603 views
- Get the ball rollin’ - 19,005 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,264 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Welcome to Darknet – The REBIRTH

Your website & network are Hackable


Next to do:

1) Think up some ideas for posts
2) Get some members to join up as authors
3) Get some input on the site design
4) Write the about page (Dig up those old memories, perhaps go back through the old Darknet HTML site)
5) Get some incoming links
6) Get some sites to promote the relaunch of Darknet (Yeah we used to be popular)
7) Get some original/interesting/COOL content up ASAP
8) Get some buzz going


Posted in: Site News

Tags: , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,603 views
- Get the ball rollin’ - 19,005 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,264 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95