all posts from June 2007


June 29th, 2007

OAPScan - Oracle Application Server Scanner

We got an e-mail a while back about this new and apparently simple Oracle Application Server scanner.
It detects web pages, DADs (Database Access Descriptors) and test applications installed by default.

It may be useful for system hardening and pen-test.
You can download OAPScan here:
OAPScan.tar.gz

June 28th, 2007

VBootkit Bypasses Vista’s Digital Code Signing

At Black Hat Europe (in Amsterdam) security experts from India (Nitin and Vipin Kumar of NV labs) demonstrated a special boot loader that gets around Vista’s code-signing mechanisms. Known as VBoot and launching from a CD and booting Vista it can make on-the-fly changes in memory and in files being read.
In a demonstration, the “boot [...]

June 27th, 2007

ProxyFuzz - MITM Network Fuzzer in Python

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

ProxyFuzz is a good tool for [...]

June 26th, 2007

The Kcpentrix Project - Penetration Testing Toolkit LiveDVD

The Kcpentrix Project was founded in May 2005 , KCPentrix 1.0 was liveCD designed to be a standalone Penetration testing toolkit for pentesters, security analysts and System administrators
What’s New in KcPentrix 2.0
Now release 2.0 is a liveDVD, It features a lot of new or up to date tools for auditing and testing a network, from [...]

June 25th, 2007

Hackers Invited to Crack Internet Voting

This is some pretty interesting news, rather than trying to cover things up like normal during July the Philippine government will be soliciting hackers to test the security of their Internet voting system.
I think it’s a great initiative from the International Foundation for Electoral System.

Local and foreign computer hackers will be tapped to try and [...]

June 22nd, 2007

sqlninja 0.1.2 Released for Download - SQL Injection Tool

sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment.
It should be used by penetration testers to help and automate the process of taking [...]

June 21st, 2007

AOL Has An Odd Password System

An interesting snippet from last month, AOL seems to have a strangely configued password system.
Users can enter up to 16 characters as a password, but the system only reads the first 8 and discards the rest. They are basically truncating the password at 8 characters.

A reader wrote in Friday with an interesting observation: When he [...]

June 20th, 2007

Fake NetBIOS Tool - Simulate Windows Hosts

Some cool free tools made by folks from the French Honeynet Project.
FakeNetBIOS is a family of tools designed to simulate Windows hosts on a LAN. The individual tools are:

FakeNetbiosDGM (NetBIOS Datagram)
FakeNetbiosNS (NetBIOS Name Service)

Each tool can be used as a standalone tool or as a honeyd responder or subsystem.
FakeNetbiosDGM sends NetBIOS Datagram service packets on [...]

June 19th, 2007

Government Accountability Office Report Slams FBI Internal Security

Ah, FBI slammed again, it’s not the first time this has happened.
Remember when a Consultant Breached FBI’s Computers?
It also reminds me of when Homeland Security Scored an F for Internal Security AGAIN.

The Government Accountability Office, the federal government’s watchdog agency, Thursday released a report critical of the FBI’s internal network, asserting it lacks security controls [...]

June 18th, 2007

Trinity Rescue Kit - Free Recovery and Repair for Windows

Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.
It is possible to boot TRK in three different ways:

As a bootable CD which you can burn yourself from a downloadable isofile
From a USB stick/disk (optionally [...]

June 16th, 2007

Netstat Revealed!

Another video in 2-3 days… I think i this becoming like a mania for me… Anyway in this video i played around with netstat so that for those who do not play with it could see the possibilities it offers to us… no more tutorials like:

netstat -a
to view all you connections
the end

… because I have [...]

June 15th, 2007

Phrack 64 Released - It’s been a long time..

Finally a new Phrack! Phrack 64 has been released a while back at the end of May, and it’s been quite a wait.
At the beginning in 1985, Phrack started as an anarchy magazine. You can learn from the first issues how to create your own bomb or how to seriously take advantage of the world [...]

June 14th, 2007

Fuzzled - PERL Fuzzing Framework

There has been an explosion of fuzzing tools lately, quite a few we have mentioned here on Darknet.
Someone else noticed this, and wondered where is the Perl framework to complete the family? With that in mind he spent the last few months working on something that should fill the gap - Fuzzled.

Fuzzled is a [...]

June 13th, 2007

Darknet Videos

I was thinking that the darknet authors should create videos when they write about different tools… It should be fun to see presentations… and also would bring darknet more hits…
I made a video for my previous article, and uploaded it to youtube: stealth techniques - syn

…for better quality download it: here
Is any author on darknet [...]

June 8th, 2007

stealth techniques - syn

Or half-open scanning technique is the first of three to come series about stealth scanning… The other two are Xmas/Fin/Null and idle/zombie scan techniques…
Intro
This is a series of three to come articles about stealth scanning, everything that I am going to present is hping oriented so if you want to learn this techniques you’d better [...]

June 8th, 2007

yahoo password grabber

Phishers never give up, password theft protected pages? But what about password protected messenger application… No more to say check it out (lame)…
Link :: www.ourgodfather.com
Another Yahoo anti-phising (did you know?):
zahoo.com (also yahoo, for the ones that have inverted keyboard y-z)

June 8th, 2007

Priamos Project - SQL Injector and Scanner

PRIAMOS is a powerful SQL Injector & Scanner

You can search for SQL Injection vulnerabilities and inject vulnerable string to get all Database names, Tables and Column data with the injector module.
You should only use PRIAMOS to test the security vulnerabilities of your own web applications (obviously).
The first release of PRIAMOS contain only SQL Server Database [...]

June 6th, 2007

Zalewski (lcamtuf) Strikes Again - More Vulnerabilites in IE and Firefox

Our Polish friend and expert security researcher, Michal Zalewski (lcamtuf), known for his endless stream of vulnerabilities in all manners of software, has struck again.
This time with some pretty serious flaws in both Internet Exploder Explorer and Firefox. This time it’s 4, 2 in IE and 2 in Firefox.
The first which effects fully patched IE6 [...]

June 5th, 2007

SQLBrute - SQL Injection Brute Force Tool

SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities. It supports time based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and doesn’t require non-standard libraries (there is some code in there for pycurl, [...]

June 4th, 2007

Michigan Man Fined $400 for Using Coffee Shop’s Wi-Fi Network

Well this is a harsh turn of events, a while back an ‘ethics expert’ said Wifi Jacking is OK, now this poor guy has got pretty harshly screwed for using an open wireless connection from a nearby coffeeshop.

A Michigan man has been fined $400 and given 40 hours of community service for accessing an [...]


Sitemap - ShaolinTiger - DigiSniper - Digital Photography
Shutter Asia Photography Forum - We Ate This