Archive | June, 2007

OAPScan – Oracle Application Server Scanner

Your website & network are Hackable


We got an e-mail a while back about this new and apparently simple Oracle Application Server scanner.

It detects web pages, DADs (Database Access Descriptors) and test applications installed by default.

It may be useful for system hardening and pen-test.

You can download OAPScan here:

OAPScan.tar.gz


Posted in: Database Hacking, Hacking Tools

Tags: , , , , , ,

Posted in: Database Hacking, Hacking Tools | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,383 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,386 views
- SQLBrute – SQL Injection Brute Force Tool - 40,920 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


VBootkit Bypasses Vista’s Digital Code Signing

Find your website's Achilles' Heel


At Black Hat Europe (in Amsterdam) security experts from India (Nitin and Vipin Kumar of NV labs) demonstrated a special boot loader that gets around Vista’s code-signing mechanisms. Known as VBoot and launching from a CD and booting Vista it can make on-the-fly changes in memory and in files being read.

In a demonstration, the “boot kit” managed to run with kernel privileges and issue system rights to a CMD shell when running on Vista RC2 (build 5744), even without a Microsoft signature

Experts say that the fundamental problem that this highlights is that every stage in Vista’s booting process works on blind faith that everything prior to it ran cleanly. The boot kit is therefore able to copy itself into the memory image even before Vista has booted and capture interrupt 13, which operating systems use for read access to sectors of hard drives, among other things.

As soon as the NT Boot sector loads Bootmgr.exe, VBootkit patches the security queries that ensure integrity and copies itself into an unused area of memory. Something similar is done with the subsequent boot stages of Winload.exe and NTOSKrnl.exe so that the boot kit is running in the background when the system is finally booted; at no time are Vista’s new security mechanisms, which were intended to prevent unsigned code from being executed with kernel privileges, set off.

Interesting eh, seen as though Microsoft touts Vista as so secure…and it’s already been taken apart.

It might lead to some interesting workarounds for DRM and video content protection.

From the Black Hat release:

Vboot kit is first of its kind technology to demonstrate Windows vista kernel subversion using custom boot sector. Vboot Kit shows how custom boot sector code can be used to circumvent the whole protection and security mechanisms of Windows Vista. The booting process of windows Vista is substantially different from the earlier versions of Windows. The talk will give you:

  • details and know abouts for the Vista booting process.
  • explain the vboot kit functionality and how it works.
  • insight into the Windows Vista Kernel.

We will also review sample Ring 0 Shell code (for Vista). The sample shellcode effectively raises the privileges of certain programs to SYSTEM. A live demonstration of vboot kit POC will be done.

Source: Heise Security


Posted in: Exploits/Vulnerabilities, Malware, Windows Hacking

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Malware, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,735 views
- AJAX: Is your application secure enough? - 120,090 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


ProxyFuzz – MITM Network Fuzzer in Python

Find your website's Achilles' Heel


ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

ProxyFuzz is a good tool for quickly testing network protocols and provide with basic proof of concepts. Using this tool you will be amazed by the poor quality of software and you will see clients and servers dying upon unexpected input, just be prepared to see the very weird behaviours.

Syntax of ProxyFuzz:

A demo of ProxyFuzz is available here.

The video shows ProxyFuzz proxying traffic between a VMWare Console and a VMWare Server. This is just a dumb example of the things you can do with this tool.

Download ProxyFuzz 0.1 Source Code

Download ProxyFuzz 0.1 Windows Binary

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,815 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,418,993 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,765 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


The Kcpentrix Project – Penetration Testing Toolkit LiveDVD

Find your website's Achilles' Heel


The Kcpentrix Project was founded in May 2005 , KCPentrix 1.0 was liveCD designed to be a standalone Penetration testing toolkit for pentesters, security analysts and System administrators

What’s New in KcPentrix 2.0

Now release 2.0 is a liveDVD, It features a lot of new or up to date tools for auditing and testing a network, from scanning and discovering to exploiting vulnerabilities

Kcpentrix is based on SLAX 5, a Slackware live DVD, the Powerful modularity which Kcpentrix uses, allow it to be easily customised and include relevant modules.

It has switched to 2.6 kernel line and Zisofs compression was replaced by SquashFS, which provides better compression ratio and higher read speed.

You can download the ISO from Kcpentrix.com or Securitydistro.com here:

Kcpentrix v2.0

Or read more here.

Some of the key tools/software included:

ARP

arping-2.04
seringe
arp-sk
arpspoof

Continue Reading →


Posted in: Exploits/Vulnerabilities, Hacking Tools, Linux Hacking

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Linux Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,735 views
- AJAX: Is your application secure enough? - 120,090 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Hackers Invited to Crack Internet Voting

Your website & network are Hackable


This is some pretty interesting news, rather than trying to cover things up like normal during July the Philippine government will be soliciting hackers to test the security of their Internet voting system.

I think it’s a great initiative from the International Foundation for Electoral System.

Local and foreign computer hackers will be tapped to try and break into an Internet-based voting system that will be pilot tested by the country’s Commission on Elections (Comelec) starting July 10.

The Internet voting system, developed by Spanish firm Scytl Consortium, is worth $452,000. Comelec will pilot test the system from July 10 to 30 for voters in Singapore, where there are 26,853 registered absentee voters.

The results of the polls, which will use survey questions, will be non-binding, which means it will not affect official elections results.

I think it might work out better if some kind of prize or at least incentive was offered for anyone who could successfully compromise the voting system, things usually work out better that way.

Comelec commissioner Florentino Tuason Jr. told local reporters they have already asked the help of the International Foundation for Electoral System (IFES), a Washington-based IFES non-profit organization, in getting professional hackers to test the security of the Internet voting system.

“When Scytl presented the system, everybody was impressed on the security features. It is covered by international patent and it has been declared secured by no less than Switzerland and everyone in the global community should respect that decision,” Tuason told reporters in a conference Tuesday.

Scytl’s computerized voting system is also being used in countries such as the U.S., Switzerland, and Belgium.

It’ll certainly be interesting to see how the systems ‘impressive security’ stands up against a bunch of random hackers.

Source: All Headline News


Posted in: Exploits/Vulnerabilities, General Hacking, Web Hacking

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,735 views
- AJAX: Is your application secure enough? - 120,090 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


sqlninja 0.1.2 Released for Download – SQL Injection Tool

Find your website's Achilles' Heel


sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment.

It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. It is written in PERL and runs on Unix-like boxes.

Features

  • Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability)
  • Bruteforce of ‘sa’ password
  • Privilege escalation to ‘sa’ if its password has been found
  • Creation of a custom xp_cmdshell if the original one has been disabled
  • Upload of netcat.exe (or any other executable) using only 100% ASCII GET/POST requests, so no need for FTP connections
  • TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
  • Direct and reverse bindshell, both TCP and UDP
  • DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames

What’s New?

  • Test mode, that checks whether the configuration is correct and the injection is successful
  • Debug option, which allows to print SQL commands and raw HTTP request/response data. Useful when things are not working and you want to see what’s going on under the hood
  • Files are uploaded to %TEMP%, bypassing possible write restrictions
  • A simplified way to configure the injection parameters
  • Interactive config file generation

You can find it, together with a flash demo of its features, at the address:

http://sqlninja.sourceforge.net


Posted in: Database Hacking, Hacking Tools, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,383 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,386 views
- SQLBrute – SQL Injection Brute Force Tool - 40,920 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


AOL Has An Odd Password System

Your website & network are Hackable


An interesting snippet from last month, AOL seems to have a strangely configued password system.

Users can enter up to 16 characters as a password, but the system only reads the first 8 and discards the rest. They are basically truncating the password at 8 characters.

A reader wrote in Friday with an interesting observation: When he went to access his AOL.com account, he accidentally entered an extra character at the end of his password. But that didn’t stop him from entering his account. Curious, the reader tried adding multiple alphanumeric sequences after his password, and each time it logged him in successfully.

It turns out that when someone signs up for an AOL.com account, the user appears to be allowed to enter up to a 16-character password. AOL’s system, however, doesn’t read past the first eight characters.

And if you can’t work out what’s wrong with this..well.

How is this a bad set-up, security-wise? Well, let’s take a fictional AOL user named Bob Jones, who signs up with AOL using the user name BobJones. Bob — thinking himself very clever — sets his password to be BobJones$4e?0. Now, if Bob’s co-worker Alice or arch nemesis Charlie tries to guess his password, probably the first password he or she will try is Bob’s user name, since people are lazy and often use their user name as their password.

And she’d be right, in this case, because even though Bob thinks he created a pretty solid 13-character password — complete with numerals, non-standard characters, and letters — the system won’t read past the first eight characters of the password he set, which in this case is exactly the same as his user name. Bob may never be aware of this: The AOL system also will just as happily accept BobJones for his password as it will BobJones$4e?0 (or BobJones + anything else, for that matter).

Not smart eh? AOL apparently are ‘looking into it’ and that’s all they’ve said regarding the matter.

Bruce Schneier, chief technology officer BT Counterpane, called the set-up “sloppy and stupid.”

Source: Washington Post


Posted in: General Hacking, Password Cracking

Tags: , , , , , ,

Posted in: General Hacking, Password Cracking | Add a Comment
Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,169,118 views
- Hack Tools/Exploits - 624,422 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 433,488 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Fake NetBIOS Tool – Simulate Windows Hosts

Your website & network are Hackable


Some cool free tools made by folks from the French Honeynet Project.

FakeNetBIOS is a family of tools designed to simulate Windows hosts on a LAN. The individual tools are:

  • FakeNetbiosDGM (NetBIOS Datagram)
  • FakeNetbiosNS (NetBIOS Name Service)

Each tool can be used as a standalone tool or as a honeyd responder or subsystem.

FakeNetbiosDGM sends NetBIOS Datagram service packets on port UDP 138 to simulate Windows hosts bradcasts. It sends periodically NetBIOS announces over the network to simulate Windows computers. It fools the Computer Browser services running over the LAN and so on.

FakeNetbiosNS is a NetBIOS Name Service daemon, listening on port UDP 137. It responds to NetBIOS Name requests like real Windows computers: for example ‘ping -a’, ‘nbtstat -A’ and ‘nbtstat -a’, etc.

You can download the tools here:

FakeNetBIOS-0.91.zip

There are a few others things here:

http://honeynet.rstack.org/tools.php


Posted in: Hacking Tools, Network Hacking, Windows Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Windows Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,815 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,418,993 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,765 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Government Accountability Office Report Slams FBI Internal Security

Your website & network are Hackable


Ah, FBI slammed again, it’s not the first time this has happened.

Remember when a Consultant Breached FBI’s Computers?

It also reminds me of when Homeland Security Scored an F for Internal Security AGAIN

The Government Accountability Office, the federal government’s watchdog agency, Thursday released a report critical of the FBI’s internal network, asserting it lacks security controls adequate to thwart an insider attack.

In the report, titled “Information Security: FBI Needs to Address Weaknesses in Critical Network,” the authors — Gregory Wilshusen, GAO’s director of information security issues, and Chief Technologist Keith Rhodes — said the FBI lacks adequate network security controls.

The FBI “has an incomplete security plan,” the report concluded.

Those who are supposed to protect eh?

The bureau, which had the opportunity to review the GAO’s findings before publication, responded that it wasn’t arguing with some of the technical observations expressed in the GAO report, but disagreed that the FBI is open to unacceptable risk of an insider attack.

In a letter of response to the GAO, Dean Hall, the FBI’s deputy CIO, and Zalmal Azni, the FBI’s CIO, noted, “The FBI concurs with many of the GAO’s technical recommendations and the programmatic recommendation to continue the implementation of information security activities in order to fully establish a comprehensive Information Assurance Program.”

Let’s hope they can make less excuses and just sort it out.

Source: PC World


Posted in: General Hacking

Tags: , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,169,118 views
- Hack Tools/Exploits - 624,422 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 433,488 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Trinity Rescue Kit – Free Recovery and Repair for Windows

Your website & network are Hackable


Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

It is possible to boot TRK in three different ways:

  • As a bootable CD which you can burn yourself from a downloadable isofile
  • From a USB stick/disk (optionally also a fixed disk), installable from Windows or from the bootable TRK cd
  • From network over PXE, which requires some modifications on your local network.
    TRK is a complete commandline based distribution, apart from a few tools like qtparted, links, partition image and midnight commander

It’s recommend to keep a copy of TRK in your toolkit, we at Darknet do find it useful, especially for reseting passwords and fixing messed up file systems.

A summary of the main features:


  • easily reset windows passwords
  • 4 different virusscan products integrated in a single uniform commandline with online update capability
  • full ntfs write support thanks to ntfs-3g (all other drivers included as well)
  • clone NTFS filesystems over the network
  • wide range of hardware support (kernel 2.6.19.2 and recent kudzu hwdata)
  • easy script to find all local filesystems
  • self update capability to include and update all virusscanners
  • full proxyserver support.
  • run a samba fileserver (windows like filesharing)
  • run a ssh server
  • recovery and undeletion of files with utilities and procedures
  • recovery of lost partitions
  • evacuation of dying disks
  • UTF-8 international character support

You can download the latest TRK 3.2 here:

Trinity Rescue Kit: Download


Posted in: Hacking Tools, Linux Hacking, Network Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Linux Hacking, Network Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,815 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,418,993 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,765 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95