Archive | May, 2007

ISIC – IP Stack Integrity & Stability Checker

Don't let your data go over to the Dark Side!


ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.) It generates piles of pseudo random packets of the target protocol. The packets be given tendencies to conform to. Ie 50% of the packets generated can have IP Options. 25% of the packets can be IP fragments… But the percentages are arbitrary and most of the packet fields have a configurable tendency.

The packets are then sent against the target machine to either penetrate its firewall rules or find bugs in the IP stack.

ISIC also contains a utility generate raw ether frames to examine hardware implementations.

Other novel uses people have found for ISIC include IDS testing, stack fingerprinting, breaking sniffers and barraging the IRC kiddie.

Warning:

ISIC may break shit, melt your network, knock out your firewall, or singe the fur off your cat

You can read more and download ISIC from Packet Factory here:

http://www.packetfactory.net/Projects/ISIC/ (Direct download)


Posted in: Hacking Tools, Network Hacking, Programming

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Programming | Add a Comment
Recent in Hacking Tools:
- wildpwn – UNIX Wildcard Attack Tool
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,781 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,402,781 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,248 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Comprehensive SQL Injection Cheat Sheet

Cybertroopers storming your ship?


A reader e-mailed me a while ago about a fairly comprehensive SQL Injection ‘Cheat Sheet’ they had created and posted up.

I compared it to the other ones I had bookmarked, and it was different enough to be worth posting.

Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences.

Samples are provided to allow reader to get basic idea of a potential attack and almost every section includes a brief information about itself.

It’s worthy resource to save on your Hacking pendrive and bookmark in your portable Firefox.

http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/


Posted in: Database Hacking, Web Hacking

Tags: , , , , , ,

Posted in: Database Hacking, Web Hacking | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,185 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,344 views
- SQLBrute – SQL Injection Brute Force Tool - 40,741 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Ubuntu Ultimate Edition is Cool

Don't let your data go over to the Dark Side!


Basically Ubuntu Ultimate Edition is Ubuntu Edgy Eft with a whole lot of software pre-added.

Sadly the author had to removed Java, Flash and Acrobat reader due to licensing agreements. But don’t worry as there is a custom repository in the release which includes all of these and much more.

Ubuntu Ultimate Edition

  • SMP Support (dual core CPUS) / works with single core as well
  • 121 Additional Updates
  • New Grub boot screen
  • New theme and animated bootscreen
  • New GDM theme
  • New splash screen & wallpaper
  • Updated Beryl
  • Capture card support – TVTime / ATI-All-in-wonder
  • Gaim Beta 6 – prebuilt with plugins.
  • GKRealm – Realtime hardware monitor
  • MGM – Moaning Goat Meter
  • Newer Amarok then can be obtained from edgy repos
  • Hardinfo – System information
  • GTKPod – Ipod Sync software
  • HTop – Process viewer
  • Sysinfo – System information
  • IPodder – Ipod sync software
  • XSensors – Hardware sensor software
  • Addition networking and wireless tools
  • Gpixpod – Photo sync software for Ipod
  • IPodslave – an iPod IO slave
  • Xpenguins – Thanks Maddog

Current version is 1.2 which has a whole bunch of new software and fixed an issues with Dual Core processors.

Please use torrents if you can or mirror first, unfortunately Ubuntu Ultimate 1.2 can not be downloaded locally due to bandwidth consumption, if you have some space to host a mirror please let the authors know.

You can find out more at:

Ubuntu Ultimate Edition

Ubuntu Ultimate 1.2 TORRENT

Ubuntu Ultimate 1.2 Mirror


Posted in: General Hacking

Tags: , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,168,365 views
- Hack Tools/Exploits - 622,605 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 432,685 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


VoIP Security Testing Tools List from VoIPSA

Don't let your data go over to the Dark Side!


The VoIP Security Alliance (VOIPSA) is pleased to announce the public release of its VoIP security tool list. Check it out at:

http://www.voipsa.org/Resources/tools.php

This VoIP Security Tool List provides categories, descriptions and links to current free and commercial VoIP security tools.

This list was developed to address the current void of VoIP security testing resources and sites, for vendors and VoIP users alike. It is separated into the following seven broad categories:

  • VoIP Sniffing Tools
  • VoIP Scanning and Enumeration Tools
  • VoIP Packet Creation and Flooding Tools
  • VoIP Fuzzing Tools
  • VoIP Signaling Manipulation Tools
  • VoIP Media Manipulation Tools
  • Miscellaneous Tools

The key objectives of the list are as follows:

  1. Provide links to tools that help test the efficacy of implemented best practices outlined by VOIPSA’s Best Practices Project.
  2. Facilitate the open discussion of VoIP security tool information to help users better audit and defend their VoIP devices and deployments.
  3. Provide vendors the information needed to proactively test their VoIP devices’ ability to function and withstand real-world attacks.

VoIPSA Resources.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- wildpwn – UNIX Wildcard Attack Tool
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,781 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,402,781 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,248 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Recent Down-time at Darknet

Cybertroopers storming your ship?


Apologies for the recent down-time at Darknet, the longest we’ve had so far I think.

The disk-array crashed completely, hardware fault, so rebuilding and recovering the data from the bad disk, then restoring everything was a fairly long process.

The site was back up quite early but the database inaccessible due to the taxing of the processor by the restore process.

Everything should be back to normal now though and smooth sailing from here on, we took the opportunity to rebuild everything and install all the latest versions powering the back-end of the site, so if anything we should be more stable and slightly faster now.

If you have a site or blog do feel free to drop us a link, you can find codes and banners here.

And of course subscribe to our RSS feed, or subscribe by e-mail!

Darknet Feed

Enjoy.


Posted in: Site News

Tags: , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,571 views
- Get the ball rollin’ - 18,992 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,251 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Outpost Security Suite PRO Review

Don't let your data go over to the Dark Side!


Agnitum Outpost Security Suite Pro is a step up from their Agnitum Outpost Firewall PRO
with a more wholistic look at security.

The suite also includes pre-emptive threat protection, anti-spam protection and safe-surfing.

The Software is fairly sizeable at around 36MB, you can download it here, for a 30 day free trial.

Outpost Security Suite Pro

As I’ve mentioned before I think most of the things a software or desktop firewall protects against can be mitigated with a little education and good Anti-Virus software such as Avast! or BitDefender (both free for home users). This suite does go a little further, but by using Firefox and software such as SpyBot Search & Destroy and the Bayesian spam filtering in Thunderbird (Plus turn on Spam Assassin on your hosting package) – most of the additional ‘protection’ can also be gained for free.

Outpost Security Suite does have a vast array of features which I wont list here, you can read them yourself on the Outpost Security Suite Features page.

It covers all of the important stuff, including 360 degree malware protection…

The download is pretty slow over here in Asia due to our pitiful International links, and as normal after hooking some system DLL’s you need to reboot after installing, it’s very easy to install and it definitely aimed at less technical users, as are most similar products.

It has some extra stuff over the firewall which seems to be a basic kind of IDS, more advanced malware detection and protection (attempts at pre-emptive to stop infections) and protection again rootkits with ‘SmartScan‘ technology.

It seems to use the same kind of Database base as the other products in the Agnitum line-up.

The Anti-Spam part also integrates nicely with Outlook Express and Outlook giving you “Spam” and “Not Spam” buttons just like Hotmail/Gmail/Yahoo!.

Outpost Security Suite Pro

It doesn’t seem to support Thunderbird though, which is sad.

All in it’s a good product and if you are in the market for a security suite and you don’t like the big bloated offerings from the giants or you need to recommend one I think it’s about the best you can get.

Of course 90% of the problems these types of software are meant to solve can be avoided with some common sense and education, but as we’ve seen, sadly common sense is not very common. That’s why software protection for Windows machines still has a real lively market space.

You can more screenshots here.

You can download Agnitum Outpost Firewall Pro here.

The trial is available for a 30 day period, after that it will cost $49.95 (This is $10 more than Agnitum Outpost Firewall PRO) for a single computer and a year worth of updates. Full pricing information including a family package is available here.


Posted in: Advertorial, Countermeasures, Security Software

Tags: , , , , , , , ,

Posted in: Advertorial, Countermeasures, Security Software | Add a Comment
Recent in Advertorial:
- 13 WordPress Security Tips From Acunetix
- Acunetix WVS 10 Released – Keeping Your Website Secure just got Easier
- Double For Your Money With Acunetix Vulnerability Scanner

Related Posts:

Most Read in Advertorial:
- eLearnSecurity – Online Penetration Testing Training - 41,262 views
- Acunetix Web Vulnerability Scanner 6 Review - 15,228 views
- Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements - 15,045 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


GFI Free Endpoint Scanner – Online Portable Storage Device Scanning

Cybertroopers storming your ship?


Recently GFI launched a free, online portable storage device scanner called EndPointScan.

http://www.endpointscan.com

EndPointScan, is an industry-first, free online service that allows anyone to check what devices are or have been connected to computers on their network and by whom.

Using this diagnostic tool, one can identify those areas where the use of portable storage devices could pose a risk to the integrity of the company’s systems and data.

The uncontrolled use of portable mass storage devices like USB sticks, CDs, floppies, smartphones, MP3 players, handhelds, iPods & digital cameras coupled with data theft techniques such as “pod slurping”, are a major threat to network security and could lead to security breaches, data theft, viruses and other malware being uploaded to a company’s network.


Earlier this year, for example, a scientist who worked with DuPont was arrested after he had copied $400 million worth of commercially-sensitive information from the network. This is why it is vital for you to know what devices have been or are currently in use on your company’s network and to be in a position to take action where the risk of a breach is high.

Sadly the first thing I saw when loading the Endpoint page was:

We’re sorry, this version of EndPointScan does not work with your web browser

You need Internet Explorer 6 or later in order to be able to run EndPointScan.

The release news is here and the actual tool can be found at:

http://www.endpointscan.com


Posted in: Advertorial, Countermeasures, Security Software

Tags: , , , , , , ,

Posted in: Advertorial, Countermeasures, Security Software | Add a Comment
Recent in Advertorial:
- 13 WordPress Security Tips From Acunetix
- Acunetix WVS 10 Released – Keeping Your Website Secure just got Easier
- Double For Your Money With Acunetix Vulnerability Scanner

Related Posts:

Most Read in Advertorial:
- eLearnSecurity – Online Penetration Testing Training - 41,262 views
- Acunetix Web Vulnerability Scanner 6 Review - 15,228 views
- Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements - 15,045 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Hacker Files, Tools & Software Repository – leetupload.com

Don't let your data go over to the Dark Side!


This site is dedicated as a repository for “hacking” programs for Windows and Linux. Please note that hacking means nothing but tweaking or cleverly resolving a problem. Use the programs as you wish, but this site or its provider are not responsible in terms of how you use these programs, (i.e. for educational purposes only).

leetupload.com

http://www.leetupload.com/

The point of the site is to gather as much ‘hacking’ material, such as video/document tutorials, code, exploits, etc. into one large site before these valuable materials eventually dissipate into the ether.

If you wish to contribute to the project please do so a it’s certainly a good thing and we at Darknet fully support this kind of initiative.

You can browse the leetupload database here:

http://www.leetupload.com/dbindex2/

It’s always good to have centralised repositories to aid the rapid location of certain tools or exploits.


Posted in: Exploits/Vulnerabilities, Hacking Tools

Tags: , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,380 views
- AJAX: Is your application secure enough? - 120,032 views
- eEye Launches 0-Day Exploit Tracker - 85,488 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Scapy – Interactive Network Packet Manipulation

Don't let your data go over to the Dark Side!


Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.

Scapy

What makes Scapy different from most other networking tools

First, with most other tools, you won’t build someting the author did not imagine. These tools have been built for a specific goal and can’t deviate much from it. For example, an ARP cache poisoning program won’t let you use double 802.1q encapsulation. Or try to find a program that can send, say, an ICMP packet with padding (I said padding, not payload, see?). In fact, each time you have a new need, you have to build a new tool.

Second, they usually confuse decoding and interpreting. Machines are good at decoding and can help human beings with that. Interpretation is reserved to human beings. Some programs try to mimic this behaviour. For instance they say “this port is open” instead of “I received a SYN-ACK”. Sometimes they are right. Sometimes not. It’s easier for beginners, but when you know what you’re doing, you keep on trying to deduce what really happened from the program’s interpretation to make your own, which is hard because you lost a big amount of information. And you often end up using tcpdump -xX to decode and interpret what the tool missed.

Third, even programs which only decode do not give you all the information they received. The network’s vision they give you is the one their author thought was sufficient. But it is not complete, and you have a bias. For instance, do you know a tool that reports the padding ?

You can grab the latest version here for Linux:

Scapy.py for Linux

And Windows here:

Scapy.py for Windows

Or…

Scapy latest executable zip
Scapy latest tarball
Scapy’s debian package (not always up to date)
Scapy’s RPM package (not always up to date)

You can read more and find examples, presentations and so on here:

http://www.secdev.org/projects/scapy/


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- wildpwn – UNIX Wildcard Attack Tool
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,781 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,402,781 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,248 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


That ‘magic’ number

Cybertroopers storming your ship?


09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

This is everywhere today. Every major news site has this ‘magic’ number in it. Digg.com had stories with more than 24.000 diggs (that’s actually the first time I see that many).

In case you’ve been in a cave for the last 24 hours, the number above is the ‘Processing Key’ for most movies released so far (in HD-DVD format).

This, along with other things, enables users to watch HD-DVD movies in GNU/Linux. That same number also made possible the creation of BACKUPHDDVD.

Since a number CANNOT be copyrighted, share it!

Not everyone is interested in piracy …


Posted in: Cryptography, Linux Hacking

Tags: , , , ,

Posted in: Cryptography, Linux Hacking | Add a Comment
Recent in Cryptography:
- DROWN Attack on TLS – Everything You Need To Know
- Dell Backdoor Root Cert – What You Need To Know
- ISIS Running 24-Hour Terrorist Crypto Help-desk

Related Posts:

Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,656 views
- Hackers Crack London Tube Oyster Card - 44,704 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 32,927 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95