Archive | July, 2007

Wfuzz – A Tool for Bruteforcing/Fuzzing Web Applications

Don't let your data go over to the Dark Side!


Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

The tool is based on dictionaries and ranges, you choose where you want to bruteforce just by replacing the part of the URL or the POST by the keyword FUZZ.

It’s very flexible, here are some functionalities:

  • Recursion (When doing directory bruteforce)
  • Post data bruteforcing
  • Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
  • Colored output on all systems
  • Hide results by return code, word numbers, line numbers, etc.
  • URL encoding
  • Cookies
  • Multithreading
  • Proxy support
  • All parameters bruteforcing (POST and GET)
  • Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more.

Example:

This will bruteforce the site http://www.mysite.com/FUZZ in search of resources (directories, scripts, files,etc), it will hide from the output the return code 404 (for easy reading the results), it will use the dictionary commons.txt for the bruteforce.

It was created to facilitate the task in Web Applications assessments, it’s a tool by pentesters for pentesters.

You can download Wfuzz here:

Wfuzz 1.1 – Win32
Wfuzz 1.1 – Unix

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,569 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,401,859 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,116 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Hackers Steal U.S. Government Corporate Data from PCs – AGAIN

Cybertroopers storming your ship?


Seems like a social engineering type attack again relying on human ignorance and stupidity. Based around some kind of malware reporting back to a central repository.

Remember kids if a deal is too good to be true…it isn’t.

Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings on advertisements and e-mail, a computer security firm said.

The victims include consulting firm Booz Allen, computer services company Unisys Corp, computer maker Hewlett- Packard Co and satellite network provider Hughes Network Systems, a unit of Hughes Communications Inc, said Mel Morris, chief executive of British Internet security provider Prevx Ltd.

Of the list, only Unisys acknowledged that viruses had been detected and removed from two PCs, saying no information had been leaked. A Department of Transportation spokeswoman said the agency could not find any indication of a breach and a spokeswoman for Hughes said she was unaware of any breaches.

They were fairly selective about their targets which meant they stayed under the radar for some time.

Prevx said the malware it identified uses a program named NTOS.exe that probes PCs for confidential data, then sends it to a Web site hosted on Yahoo Inc. That site’s owner is likely unaware it is being used by hackers, Morris said.

He believes the hackers have set up several “sister” Web sites that are collecting similar data from other squadrons of malware. It was not clear whether the hackers used any information stolen from more than 1,000 PCs.

The hackers only targeted a limited group of computers, which kept traffic down and allowed them to stay under the radar of security police, who tend to identify threats when activity reaches a certain level.

The fact is off the shelf AV solutions CANNOT detect custom malware, this has been known about for a long time but it’s never really sunken in to the brains of the people in charge.

A little bit of programming and a little bit of imagination and most companies can still be owned with a custom trojan.

Source: Reuters


Posted in: General Hacking

Tags: , , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,168,317 views
- Hack Tools/Exploits - 622,489 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 432,635 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Babel Enterprise – Cross Platform System Auditing Tool

Cybertroopers storming your ship?


Babel Enterprise is a systems auditing tool. Babel performs a security level check of the machine, or hardening. The check consists of a number of auditing tests that obtain a snap of the security status of each machine. The result is a security index of the system that is given after each execution. It a non-intrusive tool, meaning that it does not make any changes in the system at all. It simply takes note of what is not working properly and reports it to the user. .

Babel Enterprise has being designed to manage security on many different systems, different technologies and versions, and different issues and requirements. It is a distributed management system, multi-user, that allows redundant installation in all its critical components. Each change occurring in the system can be watched and marked automatically each time a new audit policy is executed. Users can add, delete or modify existing elements to see exactly if the system works better or worse and why. Babel Enterprise uses a pragmatic approach, evaluating those aspects of the system the represent a security risk and that can be improved with the intervention of an administrator.

Babel Enterprise has a version of its agent for each of the latest Microsoft operating systems, Windows 2003 and Windows XP, and the main Unix system: Solaris 10, AIX 5.x, SUSE GNU/Linux 9 ES and Ubuntu Dapper, although they can be easily adapted to different versions and other UNIX OSs (such as BDS or HP-UX )

Babel currently has modules for auditing many different aspects of system security. These are some examples of currently implemented audit modules:

  • Service minimization.
  • Centralized file hashing.
  • Anomalous SUID0 executable detection.
  • File permissions checker.
  • Password strength tests.
  • Generic registry lookup (Windows)
  • Remote services configuration.
  • Audit for Kernel networking and security parameters.
  • Apache2 configuration auditing
  • User accounts auditing
  • Root environment audit
  • UID0 users detection.
  • Centralized patch management.
  • Centralized software inventory.
  • Listening ports auditing.
  • Inetd / Xinetd minimization.

You can download the latest stable version of Babel Enterprise here:

Babel Enterprise 1.0 version.

Or read more here.

BTW I’ve noticed recently quite a few of the tools that’s I’ve marked for posting require some kind of registration to access to the download.

Are you guys still interested in such things? As I tend to ignore it if it requires my details and find something else.


Posted in: Countermeasures, Security Software

Tags: , , , , , , , ,

Posted in: Countermeasures, Security Software | Add a Comment
Recent in Countermeasures:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,031 views
- Password Hasher Firefox Extension - 117,720 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,707 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


TimeWarner DNS Hijacking IRC Servers to Stop DDoS Attacks

Don't let your data go over to the Dark Side!


An interesting happening this week, some ISP’s have been jacking the DNS entries for certain IRC networks to crack down on zombie/bot infections.

Is it ethical? Should they be doing this to their users?

I first got wind of this from a post on Full Disclosure mailing list from an IRC network administrator.

You can read that e-mail here:

Major ISPs arbitrarily blocking IRC and hijacking DNS entries

Internet service provider Cox Communications is reportedly diverting attempts to reach certain online chat channels and redirecting them to a server that attempts to remove spyware from the computer. By doing so the company seems to be attempting to cleanse computers of malware that hijacks the computers resources to send spam and participate in online service attacks as part of a large network of compromised computers known as a botnet.

Specifically, Cox’s DNS server is responding to a domain name request for an Internet Relay Chat server. Instead of responding with the correct IP address for the server, Cox sends the IP address of its own IRC server (70.168.70.4). That server then sends commands to the computer that attempt to remove malware.

They seem to run some kind of script when the user connects to try and ‘clean’ the machine from infection….even if it’s not infected.

IRC is still used heavily, I don’t really use it much anymore apart from Freenode. The Darknet channel used to be on DALnet back in the day.

Freenode is pretty happening for open source projects though.

Though clever, the tactic is being heavily debated by networking experts on the NANOG mailing list, some of whom question the effectiveness of the technique and who question whether blocking access to the channels for all users (by breaking the DNS protocol) in order to stop some malware is the appropriate solution. Cox does not seem to be blocking all IRC channels, but anyone trying to reach those channels using Cox’s DNS servers will be unable to reach them.

IRC channels are heavily used by programmers, non-traditional communities and black-hat hackers, among others. The malware-infected zombie computers Cox is attempting to clean can also be controlled remotely by having them connect to an IRC channel where they get instructions from their controller.

Interesting stuff eh?

I’m not really sure where I stand ethically on this…what about you?

Source: Wired Blog


Posted in: Malware, Network Hacking

Tags: , , , , , , , , , ,

Posted in: Malware, Network Hacking | Add a Comment
Recent in Malware:
- PEiD – Detect PE Packers, Cryptors & Compilers
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan
- Veil Framework – Antivirus Evasion Framework

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,475 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,594 views
- US considers banning DRM rootkits – Sony BMG - 44,979 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Dr. Morena – Firewall Configuration Testing Tool

Cybertroopers storming your ship?


Dr.Morena is a tool to confirm the rule configuration of a Firewall.

The configuration of a Firewall is done by combining more than one rule. Sometimes a rule configuration may reside in a place other than the basic rule configuration place. In such a case, it is difficult to confirm whether it is an intended configuration by the system administrators. (Is an unnecessary hole open, or is a necessary hole open?).

We prepare a computer which has two network interface for this tool. Then, each network interface is connected to each of the network interfaces on both sides of the Firewall. The packet the source IP address and the destination IP address is forged and sent to the Firewall from one network interface. The packet which passed through the Firewall is confirmed in the other network interface. The rule of the Firewall is confirmed from the packets which passed through the Firewall, and the packets which didn’t pass.

This tool can check the rules without depending on the way of the Firewall is configured.

There is two modules in Dr. Morena – similar to the Firewal Tester (FTester). The first module is a check engine, and the second module is a packet list making engine.

Checker, which is the check engine, makes the check packet according to given packet information, and sends and receives this packet. Also, the check engine confirms whether the packet passed through the firewall, and returns the checked result.

Ideally, it is good to be able to check all packets of all services from all Internet Protocol addresses to all Internet Protocol addresses when we check the rules of a firewall. However, it is impossible to check all packets in appropriate time. Therefore, it is necessary to check the firewall by using only some limited packets. However, efficiency is bad in the check which uses packets chosen at random. Then, it is necessary to check the firewall by using the packet intended for an important address and the service listed in the security policy etc. by priority.

ListMaker, which is the check packet list making engine, lists necessary packets for the check, from information classified according to the importance degree.

You can download Dr. Morena here as an rpm file:

drmorena-0.2.0-1.i386.rpm

Or read more here.


Posted in: Network Hacking, Security Software

Tags: , , , , , , ,

Posted in: Network Hacking, Security Software | Add a Comment
Recent in Network Hacking:
- SubBrute – Subdomain Brute-forcing Tool
- WAFW00F – Fingerprint & Identify Web Application Firewall (WAF) Products
- IPGeoLocation – Retrieve IP Geolocation Information

Related Posts:

Most Read in Network Hacking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,401,859 views
- Wep0ff – Wireless WEP Key Cracker Tool - 514,232 views
- THC-Hydra – The Fast and Flexible Network Login Hacking Tool - 327,041 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Some Guidelines on How to Secure your Ubuntu Installation

Don't let your data go over to the Dark Side!


Since Ubuntu is getting so fantastically popular nowadays I thought this might be useful to some of you.

I personally think Ubuntu is great, the features, ease of installation, stability and especially the work they have done on things like wireless drivers make it a breeze to get up and running.

It is a pretty secure distro by default, but there are a few little things you can do to tighten it up.

If you don’t know what Ubuntu is you can check it out here:

http://www.ubuntu.com/

Ubuntu is a community developed, linux-based operating system that is perfect for laptops, desktops and servers. It contains all the applications you need – a web browser, presentation, document and spreadsheet software, instant messaging and much more.

If you wan’t to get into Linux I suggest you try this and Mandriva first.

Anyway recently I found a good security guide for Ubuntu, so run through the steps and lock your OS down.

If you’ve recently switched from Windows to the Linux distribution Ubuntu, you’ve probably experienced a decrease in spyware — and malware in general — on your system. But although Ubuntu is billed as the ultra-secure solution, you should know that even though Ubuntu’s default install has its flaws, like every other operating system.

The Big Ol’ Ubuntu Security Resource


Posted in: General News, Linux Hacking

Tags: , , , , , , , , , , ,

Posted in: General News, Linux Hacking | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,378 views
- eEye Launches 0-Day Exploit Tracker - 85,486 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,719 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


piggy – Download MS-SQL Password Brute Forcing Tool

Don't let your data go over to the Dark Side!


Piggy is yet another tool for performing online password guessing against Microsoft SQL servers.

It supports scanning multiple servers using a dictionary file or a file with predefined accounts (username and password combinations).

It’s a pretty simple tool and has a Win32 binary verson – it is a command line tool however.

You can download it here:

piggy-src-1_0_1.zip (Source code)
piggy-win32-1_0_1.zip (Binary version)


Posted in: Database Hacking, Hacking Tools, Password Cracking

Tags: , , , , , , , , ,

Posted in: Database Hacking, Hacking Tools, Password Cracking | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,181 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,341 views
- SQLBrute – SQL Injection Brute Force Tool - 40,738 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


The greatest virus of all time

Don't let your data go over to the Dark Side!


There is a virus on the net from a long time, the damage inflicted by it is unstoppable, or at least that was though, check it out yourself

…just kidding, it does not exist but such a virus would be something great =)


Posted in: Virology

Tags: ,

Posted in: Virology | Add a Comment
Recent in Virology:
- The greatest virus of all time
- the Art of Virology 03h
- the Art of Virology 02h

Related Posts:

Most Read in Virology:
- The greatest virus of all time - 67,664 views
- the Art of Virology 00h - 8,797 views
- the Art of Virology 01h - 7,547 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Learn to use Metasploit – Tutorials, Docs & Videos

Cybertroopers storming your ship?


Metasploit is a great tool, but it’s not the easiest to use and some people get completely lost when trying to get the most out of it.

To help you guys out here is a bunch of links, videos, tutorials and documents to get you up to speed.

You can start with this, a good flash tutorial that shows you step by step how to use it:

Metasploit at Iron Geek

This video covers the use of Metasploit, launched from the Auditor Boot CD, to compromise an unpatched Windows XP box by using the RPC DCOM (MS03-026) vulnerability.

There’s a presentation by HD Moore himself at Cansecwest 2006:

csw06-moore.pdf

And a couple of videos spawned from that here:

Computer defense – TASK Presentation

The most up to date video for Metasploit 3 can be found here:

Exploring Metasploit 3 and the New and Improved Web Interface – Part 1


Exploring Metasploit 3 and the New and Improved Web Interface – Part 2

The Metasploit site itself also has some fantastic documentation, a good place to start is here:

http://framework.metasploit.com/msf/support

The Metasploit book is a good start too:

Using Metasploit

The Security Focus article is a good reference too if a little outdated:

Metasploit Framework, Part 1
Metasploit Framework, Part 2

So get hacking, Metasploit is great!


Posted in: Exploits/Vulnerabilities, Hacking Tools

Tags: , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,366 views
- AJAX: Is your application secure enough? - 120,031 views
- eEye Launches 0-Day Exploit Tracker - 85,486 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


FTester – Firewall Tester and IDS Testing tool

Don't let your data go over to the Dark Side!


The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.

The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the ‘connection spoofing’ option. A script called freport is also available for automatically parse the log files.

Of course this is not an automated process, ftest.conf must be crafted for every different situation. Examples and rules are included in the attached configuration file.

The IDS (Intrusion Detection System) testing feature can be used either with ftest only or with the additional support of ftestd for handling stateful inspection IDS, ftest can also use common IDS evasion techniques. Instead of using the configuration syntax currently the script can also process snort rule definition file.

Features:

  • Firewall testing
  • IDS testing
  • Simulation of real TCP connections for stateful inspection firewalls and IDS
  • Connection spoofing
  • IP fragmentation / TCP segmentation
  • IDS evasion techniques

Requirements:

The following PERL modules are required: Net::RawIP, Net::PcapUtils, NetPacket

You can download FTester here:

ftester-1.0.tar.gz

Or you can read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,569 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,401,859 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,116 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95