Archive | March, 2007

ADN – Win32 Active Directory Navigator

Your website & network are Hackable


ADN – Active Directory Navigator is a little tool to visually explore an Active Directory and perform a simple dictionary attack against users’ password.

You can download the tool here:

ADN – Active Directory Navigator

MD5 4a1e3bb33a25d91d7d7a70877f8374ef
SHA1 a0bf80e9426835b88cc6604784d2d949efe5645f

Notes: It requires .NET framework and PCSoft framework


Posted in: Hacking Tools, Network Hacking, Windows Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Windows Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,482 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,417,609 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,523 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


MSN Password Stealing Trojan Becomes Public

Find your website's Achilles' Heel


Ah another trojan, this time targeting MSN Live logins for. The trojan has been made public by some kind citizen calling himself “Our Godfather” on the BitTorrent network.

The sad thing is…I guess it works and hundreds of people will have installed it.

Malware designed to steal users’ Windows Live Messenger password has been released onto the net. The password stealer was released for download via BitTorrent earlier this week by a hacker using the handle “Our Godfather”.

The malware comes in the form of an IMB download confirmed by anti-virus firm Sophos as containing a password-stealing Trojan horse. Victims would need to be tricked into downloading and executing the malware, which might be renamed in a bid to disguise its identity, in order for the exploit to work.

It works a bit like the common phishing schemes, but it uses actual software to emulate the MSN Messenger login screen rather than a web-page.

“It displays a fake Windows Live Messenger Login Screen and prompts for login details. Username and password are captured and stored in C:\pas.txt,” explained Sophos senior technology consultant Graham Cluley.

Sophos has named the malware as MSNfake-M and added protection against the code to its security software packages. Other anti-virus firms can be expected to follow suit.

Another reason to use Sophos I guess, they are always ahead of the curve on this stuff.

Source: The Register


Posted in: Malware, Windows Hacking

Tags: , , , , , , , , , ,

Posted in: Malware, Windows Hacking | Add a Comment
Recent in Malware:
- movfuscator – Compile Into ONLY mov Instructions
- MISP – Malware Information Sharing Platform
- PEiD – Detect PE Packers, Cryptors & Compilers

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,487 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,617 views
- US considers banning DRM rootkits – Sony BMG - 44,982 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Stompy – The Web Application Session Analyzer Tool

Your website & network are Hackable


A new tool dealing with web sessions was recently announced, it’s called stompy, a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they’re predictable or simply vulnerable to brute-force attacks, we do have a problem.

The tool has already revealed several problems in proprietary software platforms such as BEA WebLogic and Sun Java System Web Server (both have problems with their JSESSIONIDs).

Why bother?

Some session ID cookie generation mechanisms are well-studied and well-documented, and believed to be cryptographically secure (example: Apache Tomcat, PHP, ASP.NET builtins). This is not necessarily so for certain less researched enterprise web platforms – and almost never so for custom solutions that are frequently implemented inside the web application itself.

Yet, while there are several nice GUI-based tools designed to analyze HTTP cookies for common problems (Daves’ WebScarab, SPI Cookie Cruncher, Foundstone CookieDigger, etc), they all seem to rely on very trivial, if any, tests when it comes to unpredictability (“alphabet distribution” or “average bits changed” are top shelf); this functionality is often not better than a quick pen-and-paper analysis, and can’t be routinely used to tell a highly vulnerable linear congruent PRNG (rand()) from a well-implemented MD5 hash system (/dev/urandom).

What’s cool?

In order to have a fully automated, hands-off tool to reliably detect anomalies that are not readily apparent at a first glance stompy:

  • Automatically finds session IDs encoded as URLs, cookies, and in form inputs, then collects a statistically significant sample of data
  • Determines alphabet structure to transparently handle base64, uuencode, base32, hex, and any other sane encoding scheme without user intervention
  • Translates the data to isolated time-domain bitstreams to examine how SID bits at each position change in time,
  • Runs a suite of FIPS-140-2 PRNG evaluation tests on the sample
  • Runs an array of n-dimensional phase space tests to find deterministic correlations, PRNG hyperplanes, etc, etc.

Of course, the tool cannot prove the correctness of an implementation, and it is possible to devise predictable, cryptographically unsafe PRNGs that would pass these tests; still, the tool can find plenty of problems and oddities.

Stompy was updated due to feedback and:

  • It now supports SSL connections, custom-crafted requests including POSTs, and input from external sources (for evaluation of non-WWW tokens of any type)
  • It now uses GNU MP library to losslessly handle alphabets that do not directly map to binary (this is big)
  • Can run spatial correlation checks as well as temporal analysis of bitstreams in acquired samples
  • The output is much more readable, some minor bugs were fixed.

The latest version of Stompy can be downloaded here:

http://lcamtuf.coredump.cx/stompy.tgz


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,482 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,417,609 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,523 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Huge Online Loss by Swedish Bank Nordea – Claimed to be Biggest Loss?

Find your website's Achilles' Heel


A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD.

Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided by using 2 factor authentication such as hardware tokens or SMS verification.

Swedish bank Nordea has told ZDNet UK that it has been stung for between seven and eight million Swedish krona “up to £580,000” in what security company McAfee is describing as the “biggest ever” online bank heist.

Over the last 15 months, Nordea customers have been targeted by emails containing a tailormade Trojan, said the bank.

Nordea believes that 250 customers have been affected by the fraud, after falling victim to phishing emails containing the Trojan. According to McAfee, Swedish police believe Russian organised criminals are behind the attacks. Currently, 121 people are suspected of being involved.

If it’s a custom trojan I don’t see how anti-viral software would have helped, but then…executives and corporates tend to talk a lot of crap when it comes to technical issues.

Nordea spokesman for Sweden, Boo Ehlin, said that most of the home users affected had not been running antivirus on their computers. The bank has borne the brunt of the attacks, and has refunded all the affected customers.

Ehlin blamed successful social engineering for the heist, rather than any deficiencies in Nordea security procedures.

“It is more of an information rather than a security problem,” said Ehlin. “Codes are a very important thing. Our customers have been cheated into giving out the keys to our security, which they gave in good faith.”

As always just be wary, no point preaching here as the people reading this site know not to open random executables sent from anywhere unless they are signed and md5 hashed ;)

Source: Zdnet UK


Posted in: General Hacking, Malware, Privacy, Social Engineering

Tags: , , , , , , , , , , , , ,

Posted in: General Hacking, Malware, Privacy, Social Engineering | Add a Comment
Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,169,046 views
- Hack Tools/Exploits - 624,281 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 433,416 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


PwdHash from Stanford – Generate Passwords by Hashing the URL

Find your website's Achilles' Heel


The Common Password Problem.

Users tend to use a single password at many different web sites. By now there are several reported cases where attackers breaks into a low security site to retrieve thousands of username/password pairs and directly try them one by one at a high security e-commerce site such as eBay. As expected, this attack is remarkably effective.

A Simple Solution.

PwdHash is an browser extension that transparently converts a user’s password into a domain-specific password. The user can activate this hashing by choosing passwords that start with a special prefix (@@) or by pressing a special password key (F2). PwdHash automatically replaces the contents of these password fields with a one-way hash of the pair (password, domain-name).

As a result, the site only sees a domain-specific hash of the password, as opposed to the password itself. A break-in at a low security site exposes password hashes rather than an actual password. We emphasize that the hash function we use is public and can be computed on any machine which enables users to login to their web accounts from any machine in the world. Hashing is done using a Pseudo Random Function (PRF).

Phishing protection.

A major benefit of PwdHash is that it provides a defense against password phishing scams. In a phishing scam, users are directed to a spoof web site where they are asked to enter their username and password. SpoofGuard is a browser extension that alerts the user when a phishing page is encountered.

PwdHash complements SpoofGuard in defending users from phishng scams: using PwdHash the phisher only sees a hash of the password specific to the domain hosting the spoof page. This hash is useless at the site that the phisher intended to spoof.

You can find the PwdHash extension for Firefox here:

https://addons.mozilla.org/firefox/1033/

More info is available on the Stanford PwdHash site here:

Stanford PwdHash


Posted in: Countermeasures, Password Cracking, Security Software

Tags: , , , , , , , ,

Posted in: Countermeasures, Password Cracking, Security Software | Add a Comment
Recent in Countermeasures:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,083 views
- Password Hasher Firefox Extension - 117,768 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,722 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Blue-Ray DRM Cracked Already?

Find your website's Achilles' Heel


It didn’t take them long! A while ago some smart chaps worked out the a way to extract the HD DVD and Blu-ray Disc “volume keys” to decrypt AACS DRM on individual films (This was about 2 months ago).

Now they have cracked the scheme behind it, the so called “processing key” used to decrypt the DRM on all HD DVD and Blu-ray Disc films.

The copy protection technology used by Blu-ray discs has been cracked by the same hacker who broke the DRM technology of rival HD DVD discs last month. The coder known as muslix64 used much the same plain text attack in both cases. By reading a key held in memory by a player playing a HD DVD disc he was able to decrypt the movie been played and render it as an MPEG 2 file.

The latest Blu-ray hack was performed by muslix64 using a media file provided by Janvitos, through the video resource site Doom9, and applied to a Blu-ray copy of the movie Lord of War. In this case, muslix64 didn’t even need access to a Blu-ray player to nobble the DRM protection included on the title.

Nice eh, the guy doesn’t even HAVE a Blu-ray drive or player, yet he still managed to crack the screen by playing from a Blu-ray image file!

These DRM guys better buck up their ideas as they are getting owned all over the place, remember when the DVD encryption was cracked in a similar way, by Xing-Mpeg player keeping the key in plain text in memory.

Both HD DVD and Blu-ray use HDCP (High-Bandwidth Digital Content Protection) for playback display authentication and similar implementations of AACS (Advanced Access Content System) for content encryption.

The hack sidesteps, rather than defeats, the AACS encryption used as part of the content protection technology used by both next-generation DVD formats. The approach relies on obtaining a particular movie’s unique “key” and can’t therefore be trivially replicated to rip content across all titles encoded via a particular format, as tools like DVD Decryptor make easy with standard DVD titles.

muslix64 has however posted a 18KB tool that allows other to try their hand at extracting the keys of other Blu-ray Disc movies

Source: The Register


Posted in: General Hacking, Legal Issues

Tags: , , , , , , , , , ,

Posted in: General Hacking, Legal Issues | Add a Comment
Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,169,046 views
- Hack Tools/Exploits - 624,281 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 433,416 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


PReplay – A pcap Network Traffic Replay Tool for Windows

Find your website's Achilles' Heel


There are not many good tools for replaying traffic, most people use WireShark (formely known as Ethereal) for capturing the traffic, but what happens if you want to take that capture and reply it over the wire?

Someone has this problem so they decided to code their own solution, thankfully for us! There are quite a few tools to do this for *nix based systems but none for Windows, so here we go, a traffic replay tool for the Windows platform!

PReplay is a utility to replay captured data over the network, its main feature is that it will record the time difference between two packets (not very accurately but it works for micro/millisecond difference) it reads the capture file and then determines the time difference for the next packet.

You can give list of capture file which you want to send in the Preplay.ini in the [SendingFileName] section as below:

Semicolon (;) is used for commenting a line you don’t want the program to read, so you can
comment out the file name which you don’t want to send like this:


It will not send 2nd file.

SendingFilePath, here you can specify the directory which contains the captured files.

You can download PReplay here:

preplay.zip

This is version 1.1 which has a few fixes such as the ability to change the MAC and IP address of the gateway and client machine.


Posted in: Hacking Tools, Network Hacking, Security Software, Windows Hacking

Tags: , , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Security Software, Windows Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,482 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,417,609 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,523 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Microsoft’s Live OneCare the WORST Anti-Virus Solution

Your website & network are Hackable


An Austrian web site called AV Comparatives has done an ‘independent‘ test of 17 different Anti-Virus products and released the results online.

On this site you will find independent comparatives of Anti-Virus software. All products listed in our comparatives are already a selection of some very good anti-virus products. In order to get tested by us, companies must fulfill various conditions and minimum requirements.

Several free AV products were included, you can find the test here:

http://www.av-comparatives.org/

Navigate to ‘Comparatives – On-demand comparative / February 2007’

Microsoft’s Live OneCare was the only product receiving “Standard” level results detecting a fairly low 82.40% percent of malware.

The ‘winners’ were AntiVirusKit (AVK) with 99.45% and TrustPort AV WS with 99.36%.

Most seemed to score 96-97% detection with another group around 93%.

You can see many reports and results here:

AV Comparative

You can find additional in depth reports and details here.


Posted in: Countermeasures, Malware, Security Software, Windows Hacking

Tags: , , , , ,

Posted in: Countermeasures, Malware, Security Software, Windows Hacking | Add a Comment
Recent in Countermeasures:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,083 views
- Password Hasher Firefox Extension - 117,768 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,722 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


WordPress Download Server Compromised (2.1.1) – Get 2.1.2 NOW!

Your website & network are Hackable


Some sneaky hacker got into the WordPress download server and placed a backdoor in the latest available version (2.1.1).

Luckily within a day someone reported the exploit to the WordPress team and they took the site down to investigate.

This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

If you downloaded 2.1.1 as soon as it came out it should be ok, but a few days after that the compromised version was available.

Do install 2.1.2 and upgrade ASAP just to be safe.

If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.

If you are a web host or network administrator, block access to “theme.php” and “feed.php”, and any query string with “ix=” or “iz=” in it. If you’re a customer at a web host, you may want to send them a note to let them know about this release and the above information.

I’m thankful that the WordPress team has dealt with this situation so efficiently and professionally and it just gives me more faith in their team.

Good job WordPress!

Do make sure you let anyone using 2.1.1 know about this so they can upgrade ASAP.

This is just another lesson on why it’s important to check the md5 sum of files before using them..

Source: WordPress.org


Posted in: Exploits/Vulnerabilities, General Hacking, Web Hacking

Tags: , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,714 views
- AJAX: Is your application secure enough? - 120,083 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Let’s Digest Some Messages – md5 Hash Checker for Windows

Find your website's Achilles' Heel


Of course it’s a small article about md5… I really wondered how many Micro$oft Windows users check the md5 sum of programs that they download from the internet…

Do you really trust that much the mirror websites?
Even I could set up a mirror website for any download website and spread malformed packages to include, trojans, backdoors, viruses and so… That’s why many websites give you a md5 checksum of the specific fies…

Have a got a md5 calculation two?
If you’re a Windows users, then I’m not quite sure… while on the other side if you are a *nix user than it is improbable that you haven’t got one of this…

So while coding for myself a md5 calculator I though other users could use it to. Of course there are other alternatives on the net, but I do not really like that GUI shit…

usage:

download on Darknet :: backbones md5 calculator

Mirror 1 Mediafire :: backbones md5 calculator

No further versions will be released…

P.S. for easy access place it in your %WinDir%

md5.zip hash :: 894d6d941cab0c6a3648a5352b6aba11


Posted in: Cryptography, Security Software

Tags: , , , , , , ,

Posted in: Cryptography, Security Software | Add a Comment
Recent in Cryptography:
- PEiD – Detect PE Packers, Cryptors & Compilers
- DROWN Attack on TLS – Everything You Need To Know
- Dell Backdoor Root Cert – What You Need To Know

Related Posts:

Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,693 views
- Hackers Crack London Tube Oyster Card - 44,805 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 32,994 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95