Archive | September, 2007

PSP All Version Firmware Homebrew Hack Surfaces

Keep on Guard!


Seen as though we get a lot of searches for PSP firmware updates and information about homebrew, I thought I’d post about this which popped up a few months ago.

In what undoubtedly will be remembered as a historic and life-changing event for PSP enthusiasts everywhere, a group of coders (Noobz and Archaemic, to be exact) have exploited a loophole in the Ubisoft game Lumines which enables homebrew-ing on all PSP firmware versions, from 1.00 to 3.50. This first ever all-firmware hack is a significant development, as homebrewing up until now has required specific versions (and usually the use of downgraders). No word yet on how Ubisoft feels about being party to this party, but something tells us Sony isn’t going to be real stoked.

I wonder how the game companies feel when its their software being used to hack something.

This made me chuckle though…

Update: On a completely unrelated note, Lumines has moved from a rank of 797 on Amazon’s movers & shakers, to the number 1 slot with a sales gain of something like + 13,166%.

Why doesn’t that surprise me :D

Source: Engadget


Posted in: General Hacking, General News, Hardware Hacking

Tags: , , , , , , , , ,

Posted in: General Hacking, General News, Hardware Hacking | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,733 views
- Hack Tools/Exploits - 634,501 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,703 views


FLARE – Flash Decompiler to Extract ActionScript

Keep on Guard!


Flare processes an SWF and extracts all scripts from it. The output is written to a single text file. Only ActionScript is extracted, no text or images. Flare is freeware. Windows, Mac OS X and Linux versions are available.

The main purpose of decompiler is to help you recover your own lost source code. However, there are other uses, like finding out how a component works, or trying to understand poorly documented interface. Depending on where you live, some of them may be forbidden by law. It’s your responsibility to make sure you don’t break the law using Flare.

If you develop Flash applications for living, you probably know that your code is not secure in SWF. It’s not the existence of decompiler that makes your code insecure though, it’s design of SWF format. Although no ActionScipt is stored there, most of it can be recovered from bytecodes.

Most recent Flare version is 0.6.

Windows Explorer Shell Extension

Download flare06setup.exe. After installation right-click on any SWF file in Windows Explorer and choose Decompile from context menu. Flare will decompile somename.swf and store decomiled code in somename.flr in the same folder. somename.flr is a simple text file, you can open it with your favorite text editor. If Flare encounters problems during decompilation, it will display some warnings. If everything goes well, it will quit silently. That’s all, Flare has no other GUI. To unistall, execute Start>Programs>Flare>Uninstall.

Mac OS X Droplet


Get flare06.dmg. After mounting the disc image drop an SWF file onto the Flare icon in Finder. The decompiled ActionScript will be stored in SWF’s folder with FLR extension. Open it with your text editor. You can decompile multiple SWF files at once. The droplet is compiled on OS X 10.3. It should work on 10.2 and 10.4. There is no Flare for OS 9.

Command Line Versions

DOS/Windows binary: flare06doswin.zip
Mac OS X binary: flare06mac.tgz
Linux x86 binary: flare06linux.tgz
Linux x86 64-bit binary: flare06linux64.tgz
Solaris x86 binary: flare06solaris.tgz

There is no installation procedure for command line versions. Just create a folder named flare somewhere and unpack the archive there. To uninstall, delete the folder and you’re done.

Or read more here.


Posted in: Hacking Tools, Programming, Web Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Programming, Web Hacking | Add a Comment
Recent in Hacking Tools:
- HexorBase – Administer & Audit Multiple Database Servers
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,001,139 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,512,701 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 692,279 views


France Complaining of China Hacks Too

Outsmart Malicious Hackers


After the recent fiasco about the Pentagon being Hacked by Chinese Military another few governments have piped up with information about cyber surveillance by China.

The latest is France.

It seems like right now china has it’s fingers in many pies.

France has become the fourth country to speak out against hackers in China following an attack on French government systems.

Francis Delon, France’s secretary general for national defence, claimed that the country’s systems had been compromised and that the evidence pointed to China.

“We have proof that there was involvement with China,” he said. “But that is not to say the Chinese government.”

It’s interesting to see people talk about ‘proof’ when in a virtual world what proof can you have? It can from a Chinese IP address? Is there any proof that says that Chinese IP address wasn’t compromised by a Russian hacker and used to channel attacks?

Diversion and subterfuge are common even in non-political hacking scenarios.

America, the UK and Germany have similarly complained of security attacks that came from the region.

US officials claimed that the Chinese military successfully hacked computers inside the Pentagon in June.

Meanwhile, German chancellor Angela Merkel also complained that her government’s systems had been penetrated by Chinese hackers, raising the subject with Chinese president Hu Jintao.

It seems they are racking up quite some intel on a number of countries.

China has of course again denied ALL of the claims laid against it.

Source: vnunet


Posted in: General Hacking, Legal Issues

Tags: , , , , , , , , , , , ,

Posted in: General Hacking, Legal Issues | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,733 views
- Hack Tools/Exploits - 634,501 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,703 views


PIRANA – Exploitation Framework for Email Content Filters

Keep on Guard!


PIRANA is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform.

PIRANA’s goal is to test whether or not any vulnerability exists on the content filtering platform.

This tool uses the excellent shellcode generator from the Metasploit framework!

You can download PIRANA here:

pirana-0.3.3.tar.gz

Or can read more here.

There is also an accompanying paper that explains what are the vulnerabilities of a SMTP content filter. It also presents what techniques were used in PIRANA to improve reliability and stealthiness.

You can download the paper here:

SMTP content filters.pdf


Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking

Tags: , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Mirai DDoS Malware Source Code Leaked
- mimikittenz – Extract Plain-Text Passwords From Memory
- Massive Yahoo Hack – 500 Million Accounts Compromised

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 236,521 views
- AJAX: Is your application secure enough? - 120,379 views
- eEye Launches 0-Day Exploit Tracker - 85,872 views


Driftnet – View Images From Live Network Traffic

Outsmart Malicious Hackers


Inspired by EtherPEG, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

Driftnet

EtherPEG was a program that sniffed for JPEGs passing by on the AirPort networks at MacHack, and showed them on the huge screen to shame people into a) turning the 802.11 encryption on, or b) reducing amount of pr0n they download at weirdo Mac conventions.

Driftnet can do the same for your office, and make an attractive desktop accessory to boot. The program promiscuously sniffs and decodes any JPEG downloaded by anyone on your LAN, displaying it in an attractive, ever changing mosaic of fluffy kittens, oversized navigation buttons, and blurred images of Big Brother Elizabeth fiddling. It’s UNIX only. Your sysadmin is undoubtedly running it already.

Driftnet is in a rather early stage of development. Translation: you may not be able to make it compile, and, if you do, it probably won’t run quite right. To stand a chance of compiling it, you will need libpcap, GTK, libgif/libungif and libjpeg. If you want to play music, you need mpg123 or mpg321 or whatever. So far, driftnet has only been tested — I use the term in its loosest sense — on Linux and Solaris. If you want a Microsoft Windows version, well, go ahead and write one– the libraries you need support Microsoft Windows too.

You can also now use driftnet with Jamie Zawinski’s webcollage, so that it can run as a screen saver.

You can download Driftnet here:

driftnet-0.1.6.tar.gz

Or read more here.


Posted in: General Hacking

Tags: , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,733 views
- Hack Tools/Exploits - 634,501 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,703 views


Pentagon Hacked by Chinese Miltary

Outsmart Malicious Hackers


The details are still a bit shaky, but this news has been making the rounds.

Apparently the the hack attack in June on the Pentagon may have been carried out by the Chinese Military (People’s Liberation Army).

One senior US official said the Pentagon had pinpointed the exact origins of the attack. Another person familiar with the event said there was a “very high level of confidence…trending towards total certainty” that the PLA was responsible. The defence ministry in Beijing declined to comment on Monday.

Angela Merkel, Germany’s chancellor, raised reports of Chinese infiltration of German government computers with Wen Jiabao, China’s premier, in a visit to Beijing, after which the Chinese foreign ministry said the government opposed and forbade “any criminal acts undermining computer systems, including hacking”.

Forbade eh? More likely to be encouraged. Cyber terrorism and cross border attacks for information gathering are not restricted to the realms of movies.

These things do happen, people do follow Sun Tzu and gather as much information as they can about their possible enemies.

The PLA regularly probes US military networks – and the Pentagon is widely assumed to scan Chinese networks – but US officials said the penetration in June raised concerns to a new level because of fears that China had shown it could disrupt systems at critical times.

“The PLA has demonstrated the ability to conduct attacks that disable our system…and the ability in a conflict situation to re-enter and disrupt on a very large scale,” said a former official, who said the PLA had penetrated?the?networks?of US defense companies and think-tanks.

Hackers from numerous locations in China spent several months probing the Pentagon system before overcoming its defenses, according to people familiar with the matter.

China has denied this obviously…but that leaves a lot to be desired still.

Source: Financial Times


Posted in: General Hacking

Tags: , , , , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,733 views
- Hack Tools/Exploits - 634,501 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,703 views


ServiceCapture – HTTP Traffic Capture for Debugging Flash

Outsmart Malicious Hackers


ServiceCapture runs on your pc and captures all HTTP traffic sent from your browser or IDE. It is designed to help Rich Internet Application(RIA) developers in the debugging, analysis, and testing of their applications.

You can download the free trial below. After it is installed and running, visit the Macromedia Exchange with your web browser (some configuration needed for Mozilla). You should see a good mix of XML and Flash Remoting traffic deserialized into an easy to read format.

Remote Service Deserialization
ServiceCapture is the only tool of its kind to deserialize and display all Flash Remoting or AMF traffic in a simple-to-use interface. ServiceCapture now also deserializes SOAP and JSON-RPC traffic into easy to use object trees.

Bandwidth Simulation
ServiceCapture also has a unique bandwidth simulation feature. This allows engineers to throttle their bandwidth to simulate dial-up, dsl, and cable connection speeds, even when your entire application is being served locally.

URL to File Mapping
Mapping URLs to files allows you to transparently replace a server response with data from a local file. This allows you to test and develop local files against remote environments.

You can download ServiceCapture here:

ServiceCapture v1.2.19 (Windows)


Posted in: Hacking Tools, Programming, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Programming, Web Hacking | Add a Comment
Recent in Hacking Tools:
- HexorBase – Administer & Audit Multiple Database Servers
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,001,139 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,512,701 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 692,279 views


August Commenter of the Month Competition Winner!

Outsmart Malicious Hackers


Ah it’s that time again! It wasn’t as close as last month, but it was pretty close again.

As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. We have just finished the third month of the competition in August and are now in the fourth, starting starting a few days ago on September 1st – Sponsored by GFI.

We are offering some pretty cool prizes like iPods and PSPs, along with cool GFI merchandise like shirts, keyrings and mugs.

GFI Goodies

Keep up the great comments and high quality interaction, we really enjoy reading your discussions and feedback.

Just to remind you of the added perks, by being one of the top 5 commenter’s you also have your name and chosen link displayed on the sidebar of every page of Darknet, with a high PR5 (close to 6) on most pages (3000+ spidered by Google).

So announcing the winner for August…it’s TheRealDonQuixote, very narrowly beating Sandeep Nain!

Commenters August

TRDQ actually wins this month rather than getting an honourable mention like the previous two months, this month we’d like to commend Nobody_Holme for his top quality comments in the month of August.

Keep commenting guys, and stand to win a prize for the month of September!

Winner of the month for June was Daniel with 35 comments.
Winner of the month for July was backbone with 46 comments.


Posted in: Site News

Tags: , , , , , , , , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,636 views
- Get the ball rollin’ - 19,008 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,276 views


2007 Hacker Reverse Engineering Challenge

Outsmart Malicious Hackers


Similar to the Hacker Challenge in 2006, it is being run by a U.S. company performing security testing and security metric research. The purpose of this challenge is to evaluate the effectiveness of software protections. The results of this effort will be used to improve protection measures.

There will be three distinct, yet related, phases to this contest. The first phase will be a hacker challenge, for which anyone can register to participate. The second stage of the contest will be a market (based on the Phase 1 challenge). Participation in this second phase will be by invitation only, based on performance in the first phase. The third phase of the contest will be a more challenging hacker challenge; this phase may or may not be invitation-only. There are opportunities to earn money in all three phases of the contest.

All file downloads and uploads necessary for the contest will be possible after the participant has logged in. The market will also be visible, at the appropriate time, after logging in.

You can read more here.

http://www.hackerchallenge.org/

All payments are in U.S. dollars, and will be made anonymously via PayPal with prizes up to $50,000USD for the three phases.

You can register here.


Posted in: Events/Cons

Tags: , , , , , , , , ,

Posted in: Events/Cons | Add a Comment
Recent in Events/Cons:
- Mac owned on 2nd day of Pwn2Own hack contest
- 2007 Hacker Reverse Engineering Challenge
- Chaos Communication Camp (CCC) 2007 – Germany

Related Posts:

Most Read in Events/Cons:
- 2007 Hacker Reverse Engineering Challenge - 13,487 views
- Mac owned on 2nd day of Pwn2Own hack contest - 12,936 views
- The Black & White Ball UK – Whitehat vs Blackhat - 6,442 views