Archive | May, 2007

ISIC – IP Stack Integrity & Stability Checker

Your website & network are Hackable


ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.) It generates piles of pseudo random packets of the target protocol. The packets be given tendencies to conform to. Ie 50% of the packets generated can have IP Options. 25% of the packets can be IP fragments… But the percentages are arbitrary and most of the packet fields have a configurable tendency.

The packets are then sent against the target machine to either penetrate its firewall rules or find bugs in the IP stack.

ISIC also contains a utility generate raw ether frames to examine hardware implementations.

Other novel uses people have found for ISIC include IDS testing, stack fingerprinting, breaking sniffers and barraging the IRC kiddie.

Warning:

ISIC may break shit, melt your network, knock out your firewall, or singe the fur off your cat

You can read more and download ISIC from Packet Factory here:

http://www.packetfactory.net/Projects/ISIC/ (Direct download)


Posted in: Hacking Tools, Network Hacking, Programming

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Programming | Add a Comment
Recent in Hacking Tools:
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool
- Kautilya – Human Interface Device Hacking Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,000,316 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,508,978 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 691,681 views


Comprehensive SQL Injection Cheat Sheet

Your website & network are Hackable


A reader e-mailed me a while ago about a fairly comprehensive SQL Injection ‘Cheat Sheet’ they had created and posted up.

I compared it to the other ones I had bookmarked, and it was different enough to be worth posting.

Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences.

Samples are provided to allow reader to get basic idea of a potential attack and almost every section includes a brief information about itself.

It’s worthy resource to save on your Hacking pendrive and bookmark in your portable Firefox.

http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/


Posted in: Database Hacking, Web Hacking

Tags: , , , , , ,

Posted in: Database Hacking, Web Hacking | Add a Comment
Recent in Database Hacking:
- Securing MySQL Installation on Ubuntu 16.04 LTS
- BBQSQL – Blind SQL Injection Framework
- DBPwAudit – Database Password Auditing Tool

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 77,668 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,609 views
- SQLBrute – SQL Injection Brute Force Tool - 41,804 views


Ubuntu Ultimate Edition is Cool

Find your website's Achilles' Heel


Basically Ubuntu Ultimate Edition is Ubuntu Edgy Eft with a whole lot of software pre-added.

Sadly the author had to removed Java, Flash and Acrobat reader due to licensing agreements. But don’t worry as there is a custom repository in the release which includes all of these and much more.

Ubuntu Ultimate Edition

  • SMP Support (dual core CPUS) / works with single core as well
  • 121 Additional Updates
  • New Grub boot screen
  • New theme and animated bootscreen
  • New GDM theme
  • New splash screen & wallpaper
  • Updated Beryl
  • Capture card support – TVTime / ATI-All-in-wonder
  • Gaim Beta 6 – prebuilt with plugins.
  • GKRealm – Realtime hardware monitor
  • MGM – Moaning Goat Meter
  • Newer Amarok then can be obtained from edgy repos
  • Hardinfo – System information
  • GTKPod – Ipod Sync software
  • HTop – Process viewer
  • Sysinfo – System information
  • IPodder – Ipod sync software
  • XSensors – Hardware sensor software
  • Addition networking and wireless tools
  • Gpixpod – Photo sync software for Ipod
  • IPodslave – an iPod IO slave
  • Xpenguins – Thanks Maddog

Current version is 1.2 which has a whole bunch of new software and fixed an issues with Dual Core processors.

Please use torrents if you can or mirror first, unfortunately Ubuntu Ultimate 1.2 can not be downloaded locally due to bandwidth consumption, if you have some space to host a mirror please let the authors know.

You can find out more at:

Ubuntu Ultimate Edition

Ubuntu Ultimate 1.2 TORRENT

Ubuntu Ultimate 1.2 Mirror


Posted in: General Hacking

Tags: , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,551 views
- Hack Tools/Exploits - 634,168 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,509 views


VoIP Security Testing Tools List from VoIPSA

Find your website's Achilles' Heel


The VoIP Security Alliance (VOIPSA) is pleased to announce the public release of its VoIP security tool list. Check it out at:

http://www.voipsa.org/Resources/tools.php

This VoIP Security Tool List provides categories, descriptions and links to current free and commercial VoIP security tools.

This list was developed to address the current void of VoIP security testing resources and sites, for vendors and VoIP users alike. It is separated into the following seven broad categories:

  • VoIP Sniffing Tools
  • VoIP Scanning and Enumeration Tools
  • VoIP Packet Creation and Flooding Tools
  • VoIP Fuzzing Tools
  • VoIP Signaling Manipulation Tools
  • VoIP Media Manipulation Tools
  • Miscellaneous Tools

The key objectives of the list are as follows:

  1. Provide links to tools that help test the efficacy of implemented best practices outlined by VOIPSA’s Best Practices Project.
  2. Facilitate the open discussion of VoIP security tool information to help users better audit and defend their VoIP devices and deployments.
  3. Provide vendors the information needed to proactively test their VoIP devices’ ability to function and withstand real-world attacks.

VoIPSA Resources.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool
- Kautilya – Human Interface Device Hacking Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,000,316 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,508,978 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 691,681 views


Recent Down-time at Darknet

Find your website's Achilles' Heel


Apologies for the recent down-time at Darknet, the longest we’ve had so far I think.

The disk-array crashed completely, hardware fault, so rebuilding and recovering the data from the bad disk, then restoring everything was a fairly long process.

The site was back up quite early but the database inaccessible due to the taxing of the processor by the restore process.

Everything should be back to normal now though and smooth sailing from here on, we took the opportunity to rebuild everything and install all the latest versions powering the back-end of the site, so if anything we should be more stable and slightly faster now.

If you have a site or blog do feel free to drop us a link, you can find codes and banners here.

And of course subscribe to our RSS feed, or subscribe by e-mail!

Darknet Feed

Enjoy.


Posted in: Site News

Tags: , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,635 views
- Get the ball rollin’ - 19,007 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,276 views


Outpost Security Suite PRO Review

Your website & network are Hackable


Agnitum Outpost Security Suite Pro is a step up from their Agnitum Outpost Firewall PRO
with a more wholistic look at security.

The suite also includes pre-emptive threat protection, anti-spam protection and safe-surfing.

The Software is fairly sizeable at around 36MB, you can download it here, for a 30 day free trial.

Outpost Security Suite Pro

As I’ve mentioned before I think most of the things a software or desktop firewall protects against can be mitigated with a little education and good Anti-Virus software such as Avast! or BitDefender (both free for home users). This suite does go a little further, but by using Firefox and software such as SpyBot Search & Destroy and the Bayesian spam filtering in Thunderbird (Plus turn on Spam Assassin on your hosting package) – most of the additional ‘protection’ can also be gained for free.

Outpost Security Suite does have a vast array of features which I wont list here, you can read them yourself on the Outpost Security Suite Features page.

It covers all of the important stuff, including 360 degree malware protection…

The download is pretty slow over here in Asia due to our pitiful International links, and as normal after hooking some system DLL’s you need to reboot after installing, it’s very easy to install and it definitely aimed at less technical users, as are most similar products.

It has some extra stuff over the firewall which seems to be a basic kind of IDS, more advanced malware detection and protection (attempts at pre-emptive to stop infections) and protection again rootkits with ‘SmartScan‘ technology.

It seems to use the same kind of Database base as the other products in the Agnitum line-up.

The Anti-Spam part also integrates nicely with Outlook Express and Outlook giving you “Spam” and “Not Spam” buttons just like Hotmail/Gmail/Yahoo!.

Outpost Security Suite Pro

It doesn’t seem to support Thunderbird though, which is sad.

All in it’s a good product and if you are in the market for a security suite and you don’t like the big bloated offerings from the giants or you need to recommend one I think it’s about the best you can get.

Of course 90% of the problems these types of software are meant to solve can be avoided with some common sense and education, but as we’ve seen, sadly common sense is not very common. That’s why software protection for Windows machines still has a real lively market space.

You can more screenshots here.

You can download Agnitum Outpost Firewall Pro here.

The trial is available for a 30 day period, after that it will cost $49.95 (This is $10 more than Agnitum Outpost Firewall PRO) for a single computer and a year worth of updates. Full pricing information including a family package is available here.


Posted in: Advertorial, Countermeasures, Security Software

Tags: , , , , , , , ,

Posted in: Advertorial, Countermeasures, Security Software | Add a Comment
Recent in Advertorial:
- Securing MySQL Installation on Ubuntu 16.04 LTS
- An Introduction To Web Application Security Systems
- Everything You Need To Know About Web Shells

Related Posts:

Most Read in Advertorial:
- eLearnSecurity – Online Penetration Testing Training - 42,262 views
- Acunetix Web Vulnerability Scanner 6 Review - 15,412 views
- Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements - 15,280 views


GFI Free Endpoint Scanner – Online Portable Storage Device Scanning

Find your website's Achilles' Heel


Recently GFI launched a free, online portable storage device scanner called EndPointScan.

http://www.endpointscan.com

EndPointScan, is an industry-first, free online service that allows anyone to check what devices are or have been connected to computers on their network and by whom.

Using this diagnostic tool, one can identify those areas where the use of portable storage devices could pose a risk to the integrity of the company’s systems and data.

The uncontrolled use of portable mass storage devices like USB sticks, CDs, floppies, smartphones, MP3 players, handhelds, iPods & digital cameras coupled with data theft techniques such as “pod slurping”, are a major threat to network security and could lead to security breaches, data theft, viruses and other malware being uploaded to a company’s network.


Earlier this year, for example, a scientist who worked with DuPont was arrested after he had copied $400 million worth of commercially-sensitive information from the network. This is why it is vital for you to know what devices have been or are currently in use on your company’s network and to be in a position to take action where the risk of a breach is high.

Sadly the first thing I saw when loading the Endpoint page was:

We’re sorry, this version of EndPointScan does not work with your web browser

You need Internet Explorer 6 or later in order to be able to run EndPointScan.

The release news is here and the actual tool can be found at:

http://www.endpointscan.com


Posted in: Advertorial, Countermeasures, Security Software

Tags: , , , , , , ,

Posted in: Advertorial, Countermeasures, Security Software | Add a Comment
Recent in Advertorial:
- Securing MySQL Installation on Ubuntu 16.04 LTS
- An Introduction To Web Application Security Systems
- Everything You Need To Know About Web Shells

Related Posts:

Most Read in Advertorial:
- eLearnSecurity – Online Penetration Testing Training - 42,262 views
- Acunetix Web Vulnerability Scanner 6 Review - 15,412 views
- Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements - 15,280 views


Hacker Files, Tools & Software Repository – leetupload.com

Your website & network are Hackable


This site is dedicated as a repository for “hacking” programs for Windows and Linux. Please note that hacking means nothing but tweaking or cleverly resolving a problem. Use the programs as you wish, but this site or its provider are not responsible in terms of how you use these programs, (i.e. for educational purposes only).

leetupload.com

http://www.leetupload.com/

The point of the site is to gather as much ‘hacking’ material, such as video/document tutorials, code, exploits, etc. into one large site before these valuable materials eventually dissipate into the ether.

If you wish to contribute to the project please do so a it’s certainly a good thing and we at Darknet fully support this kind of initiative.

You can browse the leetupload database here:

http://www.leetupload.com/dbindex2/

It’s always good to have centralised repositories to aid the rapid location of certain tools or exploits.


Posted in: Exploits/Vulnerabilities, Hacking Tools

Tags: , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools | Add a Comment
Recent in Exploits/Vulnerabilities:
- Mirai DDoS Malware Source Code Leaked
- mimikittenz – Extract Plain-Text Passwords From Memory
- Massive Yahoo Hack – 500 Million Accounts Compromised

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 236,469 views
- AJAX: Is your application secure enough? - 120,368 views
- eEye Launches 0-Day Exploit Tracker - 85,855 views


Scapy – Interactive Network Packet Manipulation

Find your website's Achilles' Heel


Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.

Scapy

What makes Scapy different from most other networking tools

First, with most other tools, you won’t build someting the author did not imagine. These tools have been built for a specific goal and can’t deviate much from it. For example, an ARP cache poisoning program won’t let you use double 802.1q encapsulation. Or try to find a program that can send, say, an ICMP packet with padding (I said padding, not payload, see?). In fact, each time you have a new need, you have to build a new tool.

Second, they usually confuse decoding and interpreting. Machines are good at decoding and can help human beings with that. Interpretation is reserved to human beings. Some programs try to mimic this behaviour. For instance they say “this port is open” instead of “I received a SYN-ACK”. Sometimes they are right. Sometimes not. It’s easier for beginners, but when you know what you’re doing, you keep on trying to deduce what really happened from the program’s interpretation to make your own, which is hard because you lost a big amount of information. And you often end up using tcpdump -xX to decode and interpret what the tool missed.

Third, even programs which only decode do not give you all the information they received. The network’s vision they give you is the one their author thought was sufficient. But it is not complete, and you have a bias. For instance, do you know a tool that reports the padding ?

You can grab the latest version here for Linux:

Scapy.py for Linux

And Windows here:

Scapy.py for Windows

Or…

Scapy latest executable zip
Scapy latest tarball
Scapy’s debian package (not always up to date)
Scapy’s RPM package (not always up to date)

You can read more and find examples, presentations and so on here:

http://www.secdev.org/projects/scapy/


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool
- Kautilya – Human Interface Device Hacking Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,000,316 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,508,978 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 691,681 views


That ‘magic’ number

Find your website's Achilles' Heel


09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

This is everywhere today. Every major news site has this ‘magic’ number in it. Digg.com had stories with more than 24.000 diggs (that’s actually the first time I see that many).

In case you’ve been in a cave for the last 24 hours, the number above is the ‘Processing Key’ for most movies released so far (in HD-DVD format).

This, along with other things, enables users to watch HD-DVD movies in GNU/Linux. That same number also made possible the creation of BACKUPHDDVD.

Since a number CANNOT be copyrighted, share it!

Not everyone is interested in piracy …


Posted in: Cryptography, Linux Hacking

Tags: , , , ,

Posted in: Cryptography, Linux Hacking | Add a Comment
Recent in Cryptography:
- Signal Messaging App Formal Audit Results Are Good
- SHA-256 and SHA3-256 Are Safe For the Foreseeable Future
- Up1 – Client Side Encrypted Image Host

Related Posts:

Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,908 views
- Hackers Crack London Tube Oyster Card - 45,425 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 33,372 views