Archive | November, 2006

Hacking Tor – A Flaw Appears?

Cybertroopers storming your ship?


It seems finally someone has found a flaw in the way Tor works, a way to beat it and find out who is using the system.

Perhaps an end to the most anonymous system on the Internet?

I got this info fresh from SANS.

One of our readers sent in a very worrying analysis of what appeared to be “traffic modification” (in his words) on the part of the Tor network.

The Tor (“The Onion Router”) network is an anonymizing peer-to-peer network of routers on the Internet which uses various techniques to bounce traffic around the Internet in such a way that traffic analysis becomes difficult if not impossible to perform. Tor is a perfect example of a dual-use technology: it can be used to avoid government-imposed Internet censorship or to protect the identity of a corporate whistleblower but at the same time it is sadly ideal for various nefarious uses.

It seems to point to traffic modification on an exit node, packetstorm in particular.

The key tenet of Tor is that it should protect anonymity and the reader’s analysis pointed not only to traffic modification on the part of a so-called “exit router” (the last hop in a Tor circuit before your packets reach the real destination) but also an attempt at tracking the true origin of the traffic (in a Tor network a hop only knows that the traffic comes from a previous hop but no futher back).

Both William Salusky and myself looked into the data and it seemed to implicate packetstormsecurity.org, an exit router in Denmark and, more curiously, a DNS tunnel to transmit data out (via obviously fake hosts under the t.packetstormsecurity.org domain). This last item was interesting because it replicated data which was apparently being submitted to the host via an HTTP cookie so it seemed that the idea was to have the cookie travel to the unwitting Tor user and be sent back via DNS tunnel to an external host to confirm the real identity of the host. As both of us were busy we looked a little deeper but ultimately we recommended that the reader report this to the Tor authors.

A quote from the actual paper.

Clearly Tor’s designers have done a pretty good job: I couldn’t find any weakness in Tor itself that violate the tenets set out at http://tor.eff.org/ (basically that end-to-end traffic analysis is always possible, but the traffic analysis should [be] difficult to everything but a global Echelon). So instead, I attacked the data which Tor carries the most of: web traffic.

Worrying indeed, you can download the paper here:

“Practical Onion Hacking” by Andrew Christensen

Source: SANS


Posted in: Network Hacking, Privacy

Tags: , , , , , , , ,

Posted in: Network Hacking, Privacy | Add a Comment
Recent in Network Hacking:
- DNSRecon – DNS Enumeration Script
- Responder – LLMNR, MDNS and NBT-NS Poisoner
- BetterCap – Modular, Portable MiTM Framework

Related Posts:

Most Read in Network Hacking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,384,813 views
- Wep0ff – Wireless WEP Key Cracker Tool - 514,141 views
- THC-Hydra – The Fast and Flexible Network Login Hacking Tool - 326,712 views

Get 50% off your second year with our 2-year deal!


the Art of Virology 01h

Cybertroopers storming your ship?


In this part we will discuss the basic framework of a computer virus… The basics of a virus consists of two elementary procedures (others will tell you three). These are:

  • a search routine
  • a infection routine
  • [anti-detection routines]

The search routine

This routine will have to be a more delicate one [but not hard to analyze at all], because as besides the search routine itself we will include file validation two, we will check within this routine if the file is read-only file, not as in some cases in which I saw that the virus search the file, found it and only when trying to infect it he realised that is read-only, and if no check done for it the virus would crash.

The infection routine

The trivial routine in a virus, because we do not need a search routine if we say for example we make a list of wanted to infect files, this routine (in COM viruses) will only write the whole virus in the host program and write a jump to it at the start of the file… simple don’t you think?

Pseudo-Code Virus

I know it’s the second article and what do you get? only a pseudo-code virus, but be pacient because I’m not so trustful to think that you have already read the book I recommended you in the first part… so wait until the 02h will be out; till then let’s check out our first virus:

If you don’t like it in pseudo-code, maybe you’ll like it in Pascal, so dowload Dirty Nazi Virus Generator and create a virus to analyze… I didn’t try them out but in theory it should work fine… if you don’t have a pascal compiler you can try freepascal

What more do I need to know before actually starting to write viruses?

This is an excellent question because even if the actual search and infect routine are simple to build in assembly, the DTA (Disk Transfer Area) is a little hard to understand so i’ll give you a book which will jump in your help (I advice you to read only the DTA part because the rest of it and even more I’ll treat them myself)…

The Little Black Book Of Computer Viruses

Almost forgot to mention, the password to the archive is Ludwig with the big L.

Another bitter end…

So this second part of the Art of Virology which is a bit easier to diggest than the first one, has finally ended. See you next time and hope that by the next chapter you have learned asm and read about the DTA… till then take five…


Posted in: Virology

Tags: , , , ,

Posted in: Virology | Add a Comment
Recent in Virology:
- The greatest virus of all time
- the Art of Virology 03h
- the Art of Virology 02h

Related Posts:

Most Read in Virology:
- The greatest virus of all time - 67,651 views
- the Art of Virology 00h - 8,789 views
- the Art of Virology 01h - 7,543 views

Get 50% off your second year with our 2-year deal!


Metasploit 2.7 Released – Automated Hacking

Cybertroopers storming your ship?


The Metasploit Framework is an advanced open-source exploit development platform. The 2.7 release includes three user interfaces, 157 exploits and 76 payloads.The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down version of the Cygwin environment.

Windows users are encouraged to update as soon as possible. A number of improvements were made that should make the Windows experience a little less painful and a lot more reliable. All updates to 2.6 have been rolled into 2.7, along with some new exploits and minor features.

You can download the new metasploit here:

– Unix: http://metasploit.com/tools/framework-2.7.tar.gz
– Win32: http://metasploit.com/tools/framework-2.7.exe

A demonstration of the msfweb interface is running live from:

http://metasploit.com:55555/

This may be the LAST 2.x version of the Metasploit Framework. All development resources are now being applied to version 3.0. More information about version 3.0 can be found online at:

http://metasploit.com/projects/Framework/msf3/

Exploit modules designed for the 2.2 through 2.6 releases should maintain compatibility with 2.7. If you run into any problems using older modules with this release, please let us know.

For more information about the Framework and this release in general, please refer to the online documentation, particularly the User Guide:

http://metasploit.com/projects/Framework/documentation.html

Enjoy!


Posted in: Exploits/Vulnerabilities, Hacking Tools

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,044 views
- AJAX: Is your application secure enough? - 119,981 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!


Oracle MEGA Patch Fixes 101 Security Bugs

Cybertroopers storming your ship?


Oracle in its very own style recently published a mega patch, it could be called the mother of all patches.

Actually 101 bugs…the scary part is 45 can be exploited remotely.

Oracle published the mother of all security patches containing 101 fixes for flaws in its database, application server, E-Business Suite and PeopleSoft and JD Edwards applications.

Almost half – 45 – of the flaws can be can be exploited by a hacker over a network, while at least six errors in the Oracle database http server can be exploited without the hacker requiring any user name or password. A re-assuring 22 database flaws do at least require some form of authentication.

In total, Oracle’s latest quarterly critical patch update (CPU) features 63 fixes for the database, 14 for its application server, 13 for the E-Business Suite nine for PeopleSoft and JD Edwards and two for Oracle’s Java 2 Enterprise Edition containers on the client. Oracle introduced the quarterly CPU system in November 2004.

This is the latest chapter of a painful security story for Oracle that makes Microsoft, whose software is the internet’s number-one target, appear a community role model.

If it isn’t the size of Oracle’s patches – a January CPU saw a bumper 103 fixes – then it’s their timeliness, or lack of.

Massive eh?

They are known for their lack of speed when it comes to fixing issues.

Red Database Security last year slammed Oracle for taking more than 650 days to fix six problems. And in January this year wNext-Generation Security Software (NGSS), a security research firm, released details of a hole in the Oracle’s Apache web server, saying Oracle was moving too slowly as it had taken 800 days to fix some of the problems in the January CPU.

Recently, Oracle’s response has been to chastise the likes of NGSS, accusing it of endangering users by publishing details of problems. Microsoft, at least, has had the grace to work with security vendors that post details of holes in Windows to the internet, and worked with them to fix the problem.

650 days, that’s almost 2 years. Surely that shouldn’t be tolerated.

Source: The Register


Posted in: Database Hacking, Exploits/Vulnerabilities

Tags: , , , , , , ,

Posted in: Database Hacking, Exploits/Vulnerabilities | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 75,958 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,293 views
- SQLBrute – SQL Injection Brute Force Tool - 40,528 views

Get 50% off your second year with our 2-year deal!


Vulnerability Assessment and Operational Security Testing Methodology (VAOST) – version 0.2 released

Don't let your data go over to the Dark Side!


Here is a newly released VA methodology, the author believes it to be more focused, and thus cost effective VA process. It may map to internal work, but it is probably more suited to external sites.

It’s gone through a couple of revisions so it’s a bit more polished now.

You can find the notes on the first version here.

Version 0.2 has been released after some community endorsement, there is still some work to do though, they hope to add the following shortly:

  • Pre stages to get management buy in
  • A complete worked example that shows the kind of results that can be produced
  • A more complete list of or supporting implementing software
  • A more complete list of attack tools for the authorisation checklist.
  • Better graphics
  • A standalone collection of the checklists

You can download VAOST version 0.2 here:

VAOST 0.2 (doc version)

The author welcomes your feedback and comments. The VAOST forum area where you can get the files will accept guest (ie un-registered) posts so you can add your comments there if you desire (note we will delete defamatory and rude posts to prevent our being sued!).

It is work in progress and we still have a long way to go, but hopefully, we can get there with your help.

The general VAOST forum can be found here.


Posted in: General Hacking, Network Hacking

Tags: , , , , , , ,

Posted in: General Hacking, Network Hacking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,167,357 views
- Hack Tools/Exploits - 620,494 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 431,853 views

Get 50% off your second year with our 2-year deal!


Web 2.0 Hacking with Firefox and it’s plugins

Don't let your data go over to the Dark Side!


A dream come true, would I say… recently found this article on securityfocus, it’s awesome… all that you need (beside Firefox) is pointed out in the article, so go on, what are you waiting for…

http://www.securityfocus.com/infocus/1879


Posted in: General Hacking, Hacking Tools, Web Hacking

Tags: , , , ,

Posted in: General Hacking, Hacking Tools, Web Hacking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,167,357 views
- Hack Tools/Exploits - 620,494 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 431,853 views

Get 50% off your second year with our 2-year deal!


AttackAPI 0.8 JavaScript Hacking Suite Available

Don't let your data go over to the Dark Side!


AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques, simple but powerful JavaScript console and powerful attack channel and associated API for controlling zombies.

The standalone components of the library can be found at the following locations:

One infrastructure tool is available here:

I would recommend AttackAPI 0.8 to everyone who is interested in high-end hacking not because I wrote it but because it provides a good demonstration of what is possible today. That, I hope will take our awareness even further.

AttackAPI slowly moves to its 1.0 release where I am planning to standardize its core, fix discovered bugs and make it even more cross-platformed. Still, there is a long way to go but I am willing to take my chances. There are plans for 0.9 but I will keep them undisclosed for now.

So what 0.8 has to offer? There are a couple of things that worth attention. I will start in chronological order.

The Client interface can be used to enumerate the current client. It has functionalities to fingerprint the current operating system, installed plugins, the browser in use and the local NATed IP address and hostname. This tool is brilliant for doing the first steps of any targeted attack.

The Server, on the other hand, can be used to fingerprint the current server. It provides information about its domain, IP address, platform, server software and the application architecture. Its purpose is to identify what is currently available. That is important because the Web is very distributed and agile network and controlling dozens of infected clients is a mission on its own.

Full information on AttackAPI is available here:

AttackAPI 0.8


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Recon-ng – Web Reconnaissance Framework
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,968,675 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,384,813 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 673,792 views

Get 50% off your second year with our 2-year deal!


Hackers’ Project – Browser Exploit Code Hiding

Don't let your data go over to the Dark Side!


Hackers are developing new software that will help hide browser attack code from some types of security software.

The software, called VoMM (eVade o’ Matic Module), uses a variety of techniques to mix up known exploit code so as to make it unrecognizable to some types of antivirus software.

Using these techniques, VoMM “can create an endless number of variants of an exploit,” said Aviv Raff, one of the developers behind the project.

“It aims to provide several techniques out of the box to make browser exploits (mostly) undetectable,” according to a blog posting by one of the project’s founders, a hacker going by the name of “LMH.” That posting can be found here.

The software users server-side scripting technology to create new versions of the exploit code, which then get delivered to browser users when they visit the attacker’s Web site. By making a number of cosmetic changes to the code that do not affect its functionality, VoMM creates a new version of the malicious software that cannot be detected by “signature-based” techniques.

Signature-based antivirus products analyze known malware and then create a digital fingerprint that allows the antivirus software to identify malicious code. By adding extra components — tabs and spaces, and random comments and variable names — that are not included in known signatures, VOMM creates software that can evade detection.

The VoMM code is expected to be included in a new module for the upcoming 3.0 version of the widely used Metasploit hacking toolkit, Raff said. Metasploit developer HD Moore is also developing the VoMM software. Raff’s blog posting on the project can be found here.

Source: Infoworld


Posted in: Programming, Web Hacking

Tags: , , , , , , , ,

Posted in: Programming, Web Hacking | Add a Comment
Recent in Programming:
- YARA – Pattern Matching Tool For Malware Analysis
- american fuzzy lop – Security Oriented Fuzzing Tool
- Twittor – Backdoor Using Twitter For Command & Control

Related Posts:

Most Read in Programming:
- FLARE – Flash Decompiler to Extract ActionScript - 66,302 views
- Modern Exploits – Do You Still Need To Learn Assembly Language (ASM) - 26,494 views
- 4f: The File Format Fuzzing Framework - 23,858 views

Get 50% off your second year with our 2-year deal!


w3bfukk0r 0.2 Forced Browsing Tool Released

Don't let your data go over to the Dark Side!


w3bfukk0r is a forced browsing tool, it basically scans webservers (HTTP/HTTPS) for a directory by using HTTP HEAD command and brute force mechanism based on a word list. Features:

  • HTTP/HTTPS(SSL) support
  • Banner grabbing
  • User-Agent faking
  • Proxy support (HTTP/S)
  • Reports found and non-existend directories

Example output:

Note: Not all webservers are handling HTTP status codes correctly, so if the webserver doesn’t care about RFCs the report generated by w3bfukk0r may include false positives. Maybe we’ll find a good method to detect those false positives.

You can download w3bfukk0r 0.2 here:

w3bfukk0r-0.2.tar.gz


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Recon-ng – Web Reconnaissance Framework
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,968,675 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,384,813 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 673,792 views

Get 50% off your second year with our 2-year deal!


McAfee buying Tel Aviv startup Onigma for $15-25 million cash

Cybertroopers storming your ship?


Data security giant McAfee has bought a young Tel Aviv startup, Onigma, for somewhere between $15 million to $25 million cash, surmise hi-tech circles.

McAfee will be integrating the Onigma technology in its enterprise security solution, and will be recruiting dozens more Israeli developers for the startup, which will become a local R&D center.

Onigma was founded in December 2004 by Amir Sadeh, Ishay Green and Liad Agmon, three “graduates” of the technology division of the Israeli army intelligence forces. The company is run by Jim Penosky, who hailed from the OnDemand Partners consultancy.

The startup was devoted to a new area in data security: DLP, or Data Leakage Prevention from an enterprise servers.

Within days, the Onigma technology will be available via all McAfee outlets worldwide.

The technology enables the company to monitor all its workers and ensure they do not send confidential information beyond the enterprise boundaries, whether via Internet or external memory storage devices.

Among the company’s investors are the founders of Excellence-Nessuah, Gil Deutsch and Roni Biran.

Via e-mail from Raphael Fogel


Posted in: Privacy, Security Software

Tags: , , , , , , , ,

Posted in: Privacy, Security Software | Add a Comment
Recent in Privacy:
- Recon-ng – Web Reconnaissance Framework
- IPGeoLocation – Retrieve IP Geolocation Information
- The Panama Papers Leak – What You Need To Know

Related Posts:

Most Read in Privacy:
- Browse Anonymously at Work or School – Bypass Firewall & Proxy - 179,877 views
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,365 views
- Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies - 122,451 views

Get 50% off your second year with our 2-year deal!