Archive | July, 2007

Trojan Mimicks Windows Activation Interface – KardPhisher

Cybertroopers storming your ship?


Recently a new Trojan popped up that mimics the Windows activation interface, phishing for credit card details and even the PIN number.

The Trojan itself isn’t particularly advanced technically, it’s mostly just a social engineering attack.

Kardphisher

Symantec is reporting on a Trojan horse that mimics the Windows activation interface.

What they are calling Trojan.Kardphisher doesn’t do most of the technical things that Trojan horses usually do; it’s a pure social engineering attack, aimed at stealing credit card information. In a sense, it’s a standalone phishing program.

Once you reboot your PC after running the program, the program asks you to activate your copy of Windows and, while it assures you that you will not be charged, it asks for credit card information. If you don’t enter the credit card information it shuts down the PC. The Trojan also disables Task Manager, making it more difficult to shut down..

It’s a pretty interesting attack and it shows malware creators are getting more innovative, rather than looking for technical solutions and how to hide their key-loggers etc. they are just looking at ways to make the interface look more legitimate so unwary users give their information away themselves.

Running on the first reboot is clever. It inherently makes the process look more like it’s coming from Windows itself, and it removes the temporal connection to running the Trojan horse. The program even runs on versions of Windows prior to XP, which did not require activation.

This is not an attack that will sneak by you. The executable is nearly 1MB large. But if you find yourself in this situation you should be able to disable it in Windows Safe mode by removing the registry keys described in the Symantec writeup and deleting the program it points to. Updated antivirus software should also be able to remove it.

You can also read more about the Trojan on the Symantec page:

Symantec – Trojan.Kardphisher

Source: PCMag


Posted in: Malware, Social Engineering, Windows Hacking

Tags: , , , , , , ,

Posted in: Malware, Social Engineering, Windows Hacking | Add a Comment
Recent in Malware:
- PEiD – Detect PE Packers, Cryptors & Compilers
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan
- Veil Framework – Antivirus Evasion Framework

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,475 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,594 views
- US considers banning DRM rootkits – Sony BMG - 44,979 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Selenium – JavaScript Web Application Security Testing Tool

Cybertroopers storming your ship?


Selenium is a test tool for web applications. Selenium tests run directly in a browser, just as real users do. And they run in Internet Explorer, Mozilla and Firefox on Windows, Linux, and Macintosh. No other test tool covers such a wide array of platforms.

  • Browser compatibility testing. Test your application to see if it works correctly on different browsers and operating systems. The same script can run on any Selenium platform.
  • System functional testing. Create regression tests to verify application functionality and user acceptance.

Try it out! Get started with Selenium IDE for your first taste of Selenium’s power. You can run Selenium IDE tests in any supported browser using Selenium Core.

Any Language! Want to write tests in your favorite programming language? Try Selenium Remote Control; it currently supports writing tests in Java, .NET, Perl, Python and Ruby.

Supported Platforms:

Windows:

  • Internet Explorer 6.0
  • Firefox 0.8 to 1.5
  • Mozilla Suite 1.6+, 1.7+
  • Seamonkey 1.0
  • Opera 8

Mac OS X:

  • Safari 1.3+
  • Firefox 0.8 to 1.5
  • Camino 1.0a1
  • Mozilla Suite 1.6+, 1.7+
  • Seamonkey 1.0

Linux:

  • Firefox 0.8 to 1.5
  • Mozilla Suite 1.6+, 1.7+
  • Konqueror

Selenium uses JavaScript and Iframes to embed a test automation engine in your browser. This technique should work with any JavaScript-enabled browser. Because different browsers handle JavaScript somewhat differently, usually they have to tweak the engine to support a wide range of browsers on Windows, Mac OS X and Linux.

You can read more here.


Posted in: Hacking Tools, Programming, Web Hacking

Tags: , , , , ,

Posted in: Hacking Tools, Programming, Web Hacking | Add a Comment
Recent in Hacking Tools:
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,377 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,401,050 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,978 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Piping Data in DOS on Windows – Video

Don't let your data go over to the Dark Side!


Well this is my last week of exams, and today I got a free day, tomorrow it will be maths… Anyway while waiting for somebody I got bored and decided to make a small (tiny) video about piping data under windows, you know | …

In Unix-like computer operating systems, a pipeline is the original software pipeline: a set of processes chained by their standard streams, so that the output of each process (stdout) feeds directly as input (stdin) of the next one.

More at Wikipedia – Pipeline (UNIX)

As always a link on youtube (better quality than the last 2 videos): Tips&Tricks About Piping Data
A download link: Piping_data.wmv
My youtube channel =)


Posted in: Windows Hacking

Tags: , , , , , , , ,

Posted in: Windows Hacking | Add a Comment
Recent in Windows Hacking:
- Gdog – Python Windows Backdoor With Gmail Command & Control
- Empire – PowerShell Post-Exploitation Agent
- SamParser – Parse SAM Registry Hives With Python

Related Posts:

Most Read in Windows Hacking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,401,050 views
- Download pwdump 1.4.2 and fgdump 1.3.4 – Windows Password Dumping - 235,739 views
- Remote Network Penetration via NetBios Hack/Hacking - 234,948 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


tcpxtract – Extract Files from Network Traffic AKA Carving

Cybertroopers storming your ship?


tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called “carving”) is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. tcpxtract uses this technique specifically for the application of intercepting files transmitted across a network.

Other tools that fill a similar need are driftnet and EtherPEG. driftnet and EtherPEG are tools for monitoring and extracting graphic files on a network and is commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG is that they only support three filetypes with no easy way of adding more. The search technique they use is also not scalable and does not search across packet boundries.

tcpxtract features the following:


  • Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file.
  • With a quick conversion, you can use your old Foremost config file with tcpxtract.
  • Custom written search algorithm is lightning fast and very scalable.
  • Search algorithm searches across packet boundries for total coverage and forensic quality.
  • Uses libpcap, a popular, portable and stable library for network data capture.
  • Can be used against a live network or a tcpdump formatted capture file.

You can download tcpxtract here:

tcpxtract Version 1.0.1 source

Or read more here.


Posted in: Forensics, Hacking Tools, Network Hacking

Tags: , , , , , ,

Posted in: Forensics, Hacking Tools, Network Hacking | Add a Comment
Recent in Forensics:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- FastIR Collector – Windows Incident Response Tool
- Rekall – Memory Forensic Framework

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,372 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,104 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 28,215 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


June 2007 Commenter of the Month Competition Winner!

Don't let your data go over to the Dark Side!


Ah so this is what you’ve been waiting for!

As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June, we are now in the second month of the competition with new runnings starting yesterday, July 1st – Sponsored by GFI.

We are offering some pretty cool prizes like iPods and PSPs, along with cool GFI merchandise like shirts, keyrings and mugs.

GFI Goodies

So keep up the comments, and let’s keep the quality up!

By being one of the top 5 commenter’s you also have your name and chosen link displayed on the sidebar of every page of Darknet, with a high PR5 (close to 6) on most pages (3000+ spidered by Google).

So announcing the winner for June…it’s Daniel!

Commenters

With an honourable mention to therealdonquixote for his top quality comments.

Keep up the quality comments and stand a chance to win more cool prizes in July!


Posted in: Site News

Tags: , , , , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,569 views
- Get the ball rollin’ - 18,992 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,251 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95