Archive | January, 2007

Wep0ff – Wireless WEP Key Cracker Tool

Your website & network are Hackable


Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.

It uses combination of fragmentation and evil twin attacks to generate
traffic which can be used for KoreK-style WEP-key recovery.

This tool can be used to mount fake access point attack against WEP-based wireless clients.

This code tested patched madwifi-old drivers with athraw support, but also works with madwifi-ng. With madwifi-ng you need to create two virtual interfaces: one in master mode (for fake AP) and second in monitor mode (to listen on).


How to Use:
1. Setup fake AP with KARMA tools or iwconfig

2. Start this program (./wep0ff ath0raw 00:01:02:03:04:05)
3. Wait until client connect to fake access point
4. Launch airodump-ng to collect packets
5. Launch aircrack-ng to recover WEP key

You can download it here:

Wep0ff


Posted in: Hacking Tools, Network Hacking, Wireless Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Wireless Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,978,090 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,420,137 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,940 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


PHP Security Specialist (Stefan Esser) Resigns

Your website & network are Hackable


This is sad news as PHP hasn’t particularly had a good security record in the past.

He has voiced his frustrations with the internal workings of the PHP team and the development process, he has been working hard to make PHP inherently more secure…But from the look of things it seems like he was having a tough time.

Stefan Esser, PHP security specialist and member of the official PHP Security Response Team has, he says, had enough – in his blog he has announced his immediate resignation from the PHP Security Response Team. He states that he has various reasons for doing so, the most important of which is that his attempt to make PHP safer “from the inside” is futile. According to Esser, as soon as you try to criticise PHP security, you become persona-non-grata in the security team. In addition many of his suggestions were ignored because the developers considered Esser’s choice of words, too abrasive. He says that he had stopped counting the number of times he was called a traitor when he published a bug report on a vulnerability in PHP.

Too abrasive? It’s security for goodness sake, it’s an important matter..Can’t they just suck up their egos for once and admit they are wrong and make the freaking thing more secure.

Esser wants to continue to publish his reports without worrying about whether or not a patch is available. He no longer wishes to cover up the slowness of the reaction time between discovery of a vulnerability and publication of this information. It is reasonable to expect that he will be publishing substantially more vulnerabilities in PHP in the future.

The disagreement between Esser and the PHP team seems to be particularly inflamed by the matter of how best to improve the security of PHP. While Esser feels that certain PHP functions are intrinsically unsafe (for example allow_url_fopen/allow_url_include) and should therefore be revised, many developers, including PHP specialists Zend, think that the security problems in PHP applications have simply been caused by inexperienced programmers.

I have to admit that is the wrong attitude, the language should make it as hard as possible for inexperienced programmers to make the application insecure.

That’s why Typesafe languages came about..

Source: Heise Security


Posted in: Exploits/Vulnerabilities, General News, Web Hacking

Tags: , , , , , ,

Posted in: Exploits/Vulnerabilities, General News, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,749 views
- AJAX: Is your application secure enough? - 120,100 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Data Recovery – A Decent Article

Find your website's Achilles' Heel


Data recovery is an important subject and it’s definitely a good thing to have a positive understanding of data recovery and how it could effort you personally or your business.

So someone told me about this Data recovery article which is a decent original reference to data recovery which contains some good original information, links to other similar resources, free data recovery downloads and an explanation of the main parts involved.

Definition: Data recovery is the salvaging of data originally stored on media such as magnetic disks and tapes and which has become corrupt or inaccessible.

The sidebar is pretty useful on the Data recovery article so do check it out, it has software, services and links to more information on industry standard sites like Wikipedia.

It also has related articles and related companies like OnTrack.

The article also covers some basic parts of forensics, like how when an item is deleted it’s not actually gone, just the marker in the file allocation table is removed.

Can erased data be recovered?

Yes, usually. When you delete a file the file is not actually deleted. It’s just the entry in the index pointing to the file’s actual location that is deleted. The file itself is left untouched but subsequent work you do on the PC could overwrite the location where the file was so it’s important to minimise any amateur attempts at data recovery.

This is something we’ve stressed many times at Darknet as any old $29.95 undelete tool can recover these files easily.

The important part of the article is the part about what mistakes you can make, this is crucial if you wish to save your data integrity in case of a failure.

I do find the design of the page a little plain (it looks like something designed in 1997) and the pink and light blue colour scheme jars my eyes a little.

The info is laid out clearly though and the site is easy to navigate, which is a good thing.

You can read more about Data Recovery at Wiki here.


Posted in: Forensics, General Hacking

Tags: , , , , ,

Posted in: Forensics, General Hacking | Add a Comment
Recent in Forensics:
- Web Application Log Forensics After a Hack
- CapTipper – Explore Malicious HTTP Traffic
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,423 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,254 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 28,737 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


WordPress 2.0.7 Follows Hot on the Tail of WordPress 2.0.6

Your website & network are Hackable


Recently a bug in certain versions of PHP came to the attention of the WordPress developers, this bug could cause a security vulnerability in your any blogs running version 2.0.6 or below blog. It was fairly easy to work around, so they decided to release 2.0.7, just 10 days after the release of 2.0.6, to fix the PHP security problem and the Feedburner issue that was in 2.0.6. It is recommended that everyone running WordPress 2.0.6 or lower upgrade to this new version.

Because this is a much smaller update than previous versions, you do not have to update all of the WordPress files if you’re upgrading from version 2.0.6. Here is the list of files that have changed since 2.0.6:

  • wp-admin/inline-uploading.php
  • wp-admin/post.php
  • wp-includes/classes.php
  • wp-includes/functions.php
  • wp-includes/version.php
  • wp-settings.php

Download WordPress 2.0.7 here

And just as a reminder, the next major version of WordPress (2.1) is due out by the end of the month, but the 2.0 branch of WordPress will continue to be maintained for several years.


Posted in: Exploits/Vulnerabilities, Web Hacking

Tags: , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,749 views
- AJAX: Is your application secure enough? - 120,100 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Pentagon Hacker Gary McKinnon Appeals against US Extradition

Your website & network are Hackable


It seems like it’s getting really serious in the Gary McKinnon case, he’s facing what looks like his last appeal against the US anti-terror law case against him for hacking some NASA systems by guessing the weak passwords.

Not like he’s really a terrorist, or did any damage…he did something very stupid though, bruised the ego of the US..not a good idea.

Gary McKinnon, the Pentagon hacker, faces what might be his last appeal hearing against extradition on 13 February 2007 at London’s Court of Appeal.

McKinnon, 40, faces possible trial under US anti-terror laws over alleged attacks on military and NASA systems between 2001 and 2002. The Scot lost his first appeal against extradition in an High Court hearing last July but the unemployed sysadmin was given leave to take his case to a higher court. Failure this time around will mean that the only possible avenue left to him would be an appeal to the House of Lords, to avoid charges which might land him in prison for up to 70 years.

Come on, how is he a terrorist..he’s just another geek who believes in the cover ups about UFOs and extra terrestrial life forms. He was just digging around to get some info that he believes should be free, he had no nefarious intentions.

McKinnon has had these charges over his head since March 2002, when he was arrested by officers from the UK’s National High Tech Crime Unit. The case against him lay dormant until July 2005 – he’s been unable to find work since then. His lawyers say he should be tried in the UK over his offences, rather than the US.

McKinnon (AKA Solo) admits he looked at computer systems without permission, but claims he did no harm. He got involved in hacking after reading Disclosure by Stephen Grea, which convinced him that the US had harvested advanced technology from UFOs and kept this knowledge secret, to the detriment of the public.

He better be careful anyway, it’s really looking rather serious for our friend Gary.

Source: The Register


Posted in: General News, Legal Issues

Tags: , , , , , , , , , , ,

Posted in: General News, Legal Issues | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,393 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,843 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


SPIKE Proxy – Application Level Security Assessment

Find your website's Achilles' Heel


SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include:

  • Automated SQL Injection Detection
  • Web Site Crawling (guaranteed not to crawl sites other than the one being tested)
  • Login form brute forcing
  • Automated overflow detection
  • Automated directory traversal detection

Not all web applications are built in the same ways, and hence, many must be analyzed individually. SPIKE Proxy is a professional-grade tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting, but it’s completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on. SPIKE Proxy is available for Linux and Windows.

Note: that SPIKE Proxy requires a working install of Python and pyOpenSSL on Linux. This is included in the Windows distribution.

SPIKE is a fairly mature tool having been around since about 2003, we at Darknet use Spike Proxy along with the Burp Suite for web application security analysis.

You can download SPIKE here:

Download for Linux | Download for Windows

Limited information can be found here:

Immunity Free Software


Posted in: Hacking Tools, Network Hacking, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,978,090 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,420,137 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,940 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Rock Phish Group Accounts for 50% of Online Scams?

Find your website's Achilles' Heel


It seems common in most things, and it’s the same in infosec and especially malware, phishing and spam.

The majority of malware, phishing attacks and spam mails are coming from the same few sources, I’d say it’s a case of 80/20.

20% of the people are sending 80% of the messages, one of the big groups is Rock Phish.

The first thing you need to know about Rock Phish is that nobody knows exactly who, or what, they are.

Wikipedia defines the Rock Phish Kit as “a popular tool designed to help nontechnical people create and carry out phishing attacks,” but according to security experts, that definition is not correct. They say that Rock Phish is actually a person, or perhaps a group of people, who are behind as much as one-half of the phishing attacks being carried out these days.

No one can say for sure where Rock Phish is based, or if the group operates out of a single country.

It would surprise me very much if they operated from a single country or were limited to just 1-2 locations.

“They are sort of the Keyser Söze of phishing,” said Zulfikar Ramzan, senior principal researcher with Symantec’s Security Response group, referring to the secretive criminal kingpin in the 1995 film The Usual Suspects.

“They’re doing some pretty scary things out there,” he added.

This criminal organization first appeared in late 2004 and was given the name “Rock Phish” because the URLs (Uniform Resource Locators) on the group’s fake sites included a distinctive subdirectory named “rock,” a technique the group abandoned once phishing filters began looking for the word.

They seem to generally go after Ebay and PayPal the two most lucurative accounts online I would say as they both store real live credit card details.

Apparently they are responsible for more than 50% of the phishing attacks we see.

Source: Computer World


Posted in: General News, Phishing, Spammers & Scammers

Tags: , , , , , , , , , , , , , ,

Posted in: General News, Phishing, Spammers & Scammers | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,393 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,843 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Nmapview – Graphical Interface (GUI) for Nmap on Windows

Find your website's Achilles' Heel


Finally a replacement for the way outdated and rather crappy NmapFE!

Unfortunately sometimes we do have to actually use Windows, and Nmap cleverly overcame the problems with raw sockets on Windows SP2 by using ATM frames instead, so it’s cool.

Now we just need a decent GUI so it fits into the whole scheme of things, and here we have it, Nmapview! NmapFE was ancient, outdated and no longer had all the options.

Also bear in mind NmapView required the Microsoft .NET Framework 2.0 to work and obviously you need a working Nmap which means having Winpcap.

Features of NmapView:

  • Automatic composition of the string of command based on selection of checkbox, textbox, ecc
  • Automatic selection of checkbox and textbox, etc. based on tightens of insert comand string.
  • In the composition commands, the options of version 4.20 of Nmap are previewed all.
  • Supported version NSE (Nmap Scripting Engine) by Diman Todorov.
  • Of every option or parameter one detailed description through ToolTipHelp is supplied.
  • The configuration parameters that preview text are history between the various sessions. (The story memory use Windows user login section)
  • The option and the parameters are distributed in logical section (Target specification, Host Discover, Scan Techniques, etc.) based on the documentation of Fyodor.

You can Download NmapView v0.4 here.

You can find full info on NmapView here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,978,090 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,420,137 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,940 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Microsoft Word 0-day Exploits – QUESTION.DOC

Your website & network are Hackable


There’s been quite a few Microsoft related exploits recently, but not in Windows, people have moved their focus towards the application layer and the top of the OSI stack.

This time it was a 0-day Vulnerability in Microsoft Word.

The original news comes from SANS Internet Storm Center Diary (ISC).

Microsoft has reported Word 2003, Word 2002, Word 2000 and Word Viewer 2003 are reportedly affected.

The vulnerability is being exploited in the wild, the malicious document is called QUESTION.DOC.

Password stealing Trojan spreads with this vulnerability, link to the McAfee PWS-Agent.g writeup.

US-CERT reported today that “Word fails to properly handle malformed data structures allowing memory corruption to occur”. This vulnerability is public CVE-2006-6456 now.


Posted in: Exploits/Vulnerabilities, Windows Hacking

Tags: , , , , ,

Posted in: Exploits/Vulnerabilities, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,749 views
- AJAX: Is your application secure enough? - 120,100 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


AttackAPI 2.0 Alpha – JavaScript Hacking Suite

Find your website's Achilles' Heel


AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques, simple but powerful JavaScript console and powerful attack channel and associated API for controlling zombies.

AttackAPI 2.0 branch is a lot better then the 1.x. Now it is a lot easier to code JavaScript attack
vectors. There are also quite a few improvements that will become obvious once you start using it.

The demonstrations do not outline all AttackAPI features so spend some time over the source code. The documentation is on its way. Any code and doc contributions will be greatly appreciated.

Full information on AttackAPI 2.0 Alpha can be found here:

http://www.gnucitizen.org/projects/attackapi/

You can also check the SVN for more information:

http://www.gnucitizen.org/svn/attackapi


Posted in: Hacking Tools, Programming, Web Hacking

Tags: , , , , , ,

Posted in: Hacking Tools, Programming, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,978,090 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,420,137 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,940 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95