Archive | October, 2006

arp-sk – ARP Swiss Army Knife Tool

Cybertroopers storming your ship?


arp-sk is basically an ARP Traffic Generation Tool. It’s quite old but still very useful!

There are 2 basics mode:
– who-has: build a request ARP message.
– reply: build a reply ARP message (default)

Other advanced modes should come very soon
– arping: send a who-has to every host on the LAN to see who is here
– promisc: detection of boxes that are sniffing on the network using promiscuous mode of their network interface
– arpmim: perform Man in the Middle attack

Link level options

-s: set the source address of the packet.
Default : MAC address of the interface used to send the packets.

-d: set the destination address of the packet
Default: broadcast

These 2 options have a strong influence on the ARP message itself.
Here are the default according to these options:

– request


– reply

The only difference comes from the destiantion mac address from ARP message, since it has to be 00:00:00:00:00:00. For the reply mode, consistency is preserved and the destination MAC address used for the link layer is copied in the ARP message.

You can download arp-sk here:

arp-sk-0.0.16.tgz


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control
- SPF (SpeedPhish Framework) – E-mail Phishing Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,972,754 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,398,811 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,640 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Security Boom Post 9/11

Don't let your data go over to the Dark Side!


It makes sense really, the paranoia that quickly infected every corner of the ‘Western’ world had to be cashed in on by somebody, tada! The security industry of course.

During the Cold War, Canada’s National Optics Institute developed a system to detect which type of enemy tank or fighter jet was approaching. After the Soviet Union’s demise, such threats were deemed less likely, and the technology sat on the shelf.

Until 2003, when entrepreneur Eric Bergeron toured the institute with Sept. 11 on his mind.

“The flash I had was that we no longer look for Russian planes in the sky, but we do look for bad things in luggage,” Bergeron said.

The X-ray analysis company that emerged, Quebec-based Optosecurity, is only on the verge of putting its devices in real-life checkpoints. But its hopes are emblematic of the massive homeland security technology industry spawned by Sept. 11.

At least some interesting new technological solutions and ideas have popped up, not just the stupid crap that the George Bush administration usually comes up with..

Spending on domestic security across all U.S. federal agencies is expected to reach $58 billion in fiscal 2007 — up from $16.8 billion in 2001, according to the Office of Management and Budget. States and cities are annually contributing $20 billion to $30 billion more, Gartner Vice President T. Jeff Vining estimates.

Much of it lands with large defense contractors and systems integrators with long government ties and the heft to tackle huge projects. For example, Unisys got a $1 billion contract to set up computers, cell phones, websites and other network technology for airport security staff. BearingPoint won a $104 million deal in August to provide secure identification cards to federal employees and contractors.

Still, a lot of no-names are angling for a piece. Even a tiny slice could be revolutionary for them.

Ah hyper-vigilance, that’s a good term.

Brian Ruttenbur, homeland security analyst for Morgan Keegan & Co., is also watching companies that help analyze intercepted communications and those that manage video surveillance.

Of course, even as technologies improve, none is likely to end the post-Sept. 11 era of hyper vigilance. “We can’t catch everything,” Ruttenbur said. “I don’t know of any single technology that can be right 100 percent of the time.”

Let’s hope things can relax again with some of the good new technological controls in place rather than all of us who travel frequently being controlled by the fear or terrorism.

Source: Wired


Posted in: Countermeasures, General Hacking

Tags: , , , , , , , , , , , ,

Posted in: Countermeasures, General Hacking | Add a Comment
Recent in Countermeasures:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,023 views
- Password Hasher Firefox Extension - 117,718 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,707 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


BeEF – Browser Exploitation Framework

Don't let your data go over to the Dark Side!


There’s been a lot of nice Web relevant testing and hacking tools coming out lately, I’ve gotten quite a collection to post about, so do try them out and let me know what you think.

BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF.

The current version is 0.2.1 and is still a work in progress.

Modules Loaded

The ‘Load Modules’ area shows what modules are available. Clicking on them will load the module into the module console area. The modules are the parts of the application that provide code to be sent to the controlled browser. One of the main strengths of BeEF is the ease in with modules can be written. The require minimal effort to incorporate into the framework.

The module console area shows the modules input and configuration details. The following screenshot show the input options for the Port Scanning Module.

Zombies

The ‘Zombies’ section of the sidebar displays basic details of the browser(s) under control of BeEF. All modules will execute within the zombies listed here.

Download

You can download BeEF here:

beef-v0.3.1.tgz (md5sum: 8e160e72c7b9f1c292b5894d6b8d672c)


Posted in: Hacking Tools, Security Software, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Security Software, Web Hacking | Add a Comment
Recent in Hacking Tools:
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control
- SPF (SpeedPhish Framework) – E-mail Phishing Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,972,754 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,398,811 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,640 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95