Archive | November, 2007

MPAA Hacker Robert Anderson Revealed

Your website & network are Hackable


This story reads like something from one of those glamourised Hollywood ‘hacker’ movies like Swordfish or Antitrust.

The legendary MPAA hacker has been revealed, and it looks like he himself got social engineered and dumped…he should have realised when you are playing with unscrupulous people you are setting yourself up to get screwed.

Promises of Hollywood fame and fortune persuaded a young hacker to betray former associates in the BitTorrent scene to Tinseltown’s anti-piracy lobby, according to the hacker.

In an exclusive interview with Wired News, gun-for-hire hacker Robert Anderson tells for the first time how the Motion Picture Association of America promised him money and power if he provided confidential information on TorrentSpy, a popular BitTorrent search site.

According to Anderson, the MPAA told him: “We would need somebody like you. We would give you a nice paying job, a house, a car, anything you needed…. if you save Hollywood for us you can become rich and powerful.”

Promised him everything he’d dreamed of eh? Then in the end…fascinating read anyway.

But once Anderson turned over the data and cashed the MPAA’s check, he quickly realized that Garfield had no further use for him. “He lost interest in me,” he says. Anderson felt abandoned: During negotiations with Garfield, the hacker had become convinced he was starting a long-term, lucrative relationship with the motion picture industry. “He was stringing me along personally.”

Hollywood’s cold shoulder put Anderson’s allegiance back up for grabs, and about a year later he came clean with TorrentSpy’s Bunnell in an online chat. “‘I sold you out to the MPAA,'” Anderson says he told Bunnell. “I felt guilty (for) what happened and I kinda also thought at that point the MPAA wasn’t going to do anything.”

Some pretty tricky business..so if you are a hacker for hire, you’d better be careful who you are dealing with.

Source: Wired


Posted in: Legal Issues, Privacy

Tags: , , , , , , , , , , , , ,

Posted in: Legal Issues, Privacy | Add a Comment
Recent in Legal Issues:
- Criminal Rings Hijacking Unused IPv4 Address Spaces
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,724 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,661 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,635 views

Get protected with Sucuri


GFI End of Year Offer – Up to 50% Off

Find your website's Achilles' Heel


Just a quick note as I know many of you guys are in corporate security positions and might be looking for some of the solutions GFI offers.

They are having a Q4 promotion with up to 50% off on some of their products/services.


  • GFI MailEssentials – 25%
  • GFI MailEssentials & GFI MailSecurity Suite – 25%
  • GFI MailSecurity – 50%
  • GFI FAXmaker – 15%

You can read more here:

GFI Q4 promotional offers


Posted in: Advertorial, Countermeasures, Security Software

Tags: , , , , , ,

Posted in: Advertorial, Countermeasures, Security Software | Add a Comment
Recent in Advertorial:
- Everything You Need To Know About Web Shells
- Web Application Log Forensics After a Hack
- Defence In Depth For Web Applications

Related Posts:

Most Read in Advertorial:
- eLearnSecurity – Online Penetration Testing Training - 42,009 views
- Acunetix Web Vulnerability Scanner 6 Review - 15,347 views
- Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements - 15,201 views

Get protected with Sucuri


Pass-The-Hash Toolkit v1.1 Available for Download

Find your website's Achilles' Heel


The concept of passing the hash on Windows came about a while ago, now there’s a tool for it in it’s second revision (which fixed some problems with foreign language Windows versions and Windows 2003).

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Utilities in the toolkit:

IAM.EXE: Pass-The-Hash for Windows. This tool allows you to change your current NTLM credentials withouth having the cleartext password but the hashes of the password. The program receives a username, domain name and the LM and NT hashes of the password; using this it will change in memory the NTLM credentials associated with the current windows logon session.

WHOSTHERE.EXE: This tool will list logon sessions with NTLM credentials (username,domain name, LM and NT hashes). Logon sessions are created by windows services that log in using specific users, remote desktop connections, etc.

GENHASH.EXE: This is a small utility that generates LM and NT hashes using some ‘undocumented’ functions of the Windows API. This is a small tool to aid testing of IAM.EXE.

You can download Pass-The-Hash Toolkit v1.1 here:

Source:

pshtoolkit_src_v1.1.tgz

Binaries:

pshtoolkit_v1.1.tgz

Or you can read more here.


Posted in: Hacking Tools, Password Cracking, Windows Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Password Cracking, Windows Hacking | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,992,068 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,477,235 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 687,026 views

Get protected with Sucuri


Tutorial for Fuzzled – Writing a Fuzzer with the Fuzzled Framework

Your website & network are Hackable


If you remember we mentioned Fuzzled a little while back, the PERL fuzzing framework. Apparently Fuzzled 1.1 should be coming out soon.

Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them.

Someone was kind enough to write a short paper on how to use fuzzled to write a simple fuzzer. The paper includes some techniques used to dismantle protocols including documentation, observation and static analysis.

To quote the author:

The paper includes some of the techniques I use to dismantle protocols including documentation, observation and static analysis. It then moves on to the fundamentals of implementing a protocol using the framework. I talk about base requests, namespaces and tieing them together with factories with reference to Fuzzled::Protocol::HTTP, an example included in the framework. The paper also highlights a few tricks to the framework, including developing multi-threaded fuzzers, identifying offsets and parsing packets. It ends with my techniques to identify vulnerabilities highlighted by fuzzers.

You can download the paper here:

WAFUTFF [PDF]


Posted in: Hacking Tools, Programming

Tags: , , , , , , , ,

Posted in: Hacking Tools, Programming | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,992,068 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,477,235 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 687,026 views

Get protected with Sucuri