Happy New Year to everyone and cheers to a fantastic 2008.
Let’s hope the year is buzzing with security news, there are interesting and exciting new developments and tools and the Darknet community can grow and become more active.
If you can help us promote the site we’d appreciate it! Just drop a mention to friends, link [...]

We’ve covered quite a few Storm stories – now it seems there is a new player in town, which could possibly the most advanced malware and botnet instigator so far.
It’s also something I’ve predicted before, peer to peer malware networks running without a command and control server, no single point of failure and much more [...]

To follow on from Whitetrash which I posted about previously, here is another tool to secure your web site or web application. Essentially it’s a very comprehensive set of rules for mod_security.
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server [...]

Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. We have just finished the seventh month of the competition in December and are now in the eight, starting a few days ago on January 1st – Sponsored [...]

Ah so Mr Alan Ralsky one of the biggest spammers of all-time is back in the news after his indictment with 10 others for running a large scale spam operation intended to inflate stocks artificially.
At one time it was thought Mr Ralsky and his friends were responsible for the majority of the spam sent, he’s [...]

The Revisionist is a tool for extracting and indexing hidden metadata (such as deleted or modified text) from large collections of MS Word files. It can operate whole Web sites or SMB or NFS directories. It is handy for pen-testing, or it can be used just to spot embarrassing secrets.
It’s useful in that it can [...]

GFI has recently conducted a survey concering corporate security in the US for small and medium sized enterprizes (SMEs).
Despite the best efforts of many small and medium sized companies, a recent US survey shows that four in 10 companies believe that their networks are not secure. Thirty-two percent of the companies also reported that they [...]

Unicornscan has always been a favourite of mine, especially for UDP scanning and scanning large networks (and getting it done fast).
Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. [...]

This is sad news, it seems UK is considering following the lead of the Germans and their recently implemented hacking law 202(c) regarding the making of ‘hacking tools‘ illegal.
It’s almost like making baseball bats illegal because you can hit someone with it, doesn’t matter its made for playing sport and that’s what most people use [...]

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments.
In Cisco IP Phone networks, it first dissects either [...]

So facebook has finally fallen victim, after the recent Orkut worm now we have malware infection from Facebook, an application called Secret Crush. The application was renamed as My Admirer but that seems to be gone now too.

The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that application called Secret [...]

As you all seem to pretty interested in Inguma, there’s something else similar called w3af – the fifth BETA was released a while back and the team are now working on the sixth.
w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application [...]

Ah I remember some of the nastiest viruses back in the day attaching themselves in the MBR (Master Boot Record) rendering most anti-virus software useless (as it sits on top of the OS).
Now it seems MBR infection is back in fashion for a new age of rootkits.

Security mavens have uncovered a new class of attacks [...]

sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Features

Full support for [...]

Another tale to do with advertising, it just goes to show it’s really not a good idea to run JavaScript from a 3rd party source on your site, especially if you don’t want your visitors redirected to a porn site!
This is just what happened to Perl.com a few days ago.

Visitors to Perl.com, the O’Reilly Media-owned [...]

The guys at BackTrack e-mailed me to let me know their Version 3 BETA has been released recently, and perhaps our readers would like to know about it.
For those that don’t know BackTrack evolved from the merging of two wide spread security related distributions – Whax and Auditor Security Collection. By joining forces and replacing [...]

What Is Mod AntiTamper (AT)
AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering.
Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated.

Is important to notice that [...]

It seems like malware pushers have found another avenue to delivery their payloads, Embassy websites. Which makes sense as they are probably not maintained well nor updated often meaning the chance they are easily compromised is quite high.
Plus a lot probably use off the shelf CMS software, which when not updated is a playground for [...]

Another tool for the security side, good for forensics, monitoring and auditing.
Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, [...]

It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla.
It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?).
It’s rated as low risk, but it can give away the existence of files [...]

Ah Metasploit development cycle seems to be picking up, I guess with greater community support the bugs get ironed out and the new features introduced faster.
Good to see an update so soon after Metasploit Framework v3.0 was released.
I keep closely up to date with Metasploit as it’s pretty much the best free tool out there [...]

Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on.
The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more likely [...]

Bruter 1.0 BETA 1 has been released. Bruter is a parallel login brute-forcer. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
Bruter is a tool for the Win32 platform only.

PROTOCOL SUPPORT
It currently supports the following services:

FTP
HTTP (Basic)
HTTP [...]

After banning hacking tools it looks like the German police are looking into digital wiretapping and creating ‘whitehat’ trojans for monitoring the bad guys…
Of course they define who the bad guys are, and according to law 202(c) it could be us..
This is very definitely questionable when it comes to ethics, it’s almost as bad as [...]

FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions. Version 1.3 was pending the ExploitMe tools availability to the public.
Changes for version 1.3
Category Information Gathering (Googling and Spidering)

GSI Google Site indexer (GSI Creates Site Maps based on Google queries. Useful for both Penetration Testing and Search Engine Optimization. GSI sends [...]

Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. We have just finished the eigth month of the competition in January and are now in the ninth, starting a few days ago on February 1st – Sponsored [...]

For some reason I’ve never posted about Kismet, and I don’t like to assume everyone knows everything. So for those who may not have heard of it, here’s Kismet.
Kismet is one of foundation tools Wireless Hacking, it’s very mature and does what it’s supposed to do.
Kismet is an 802.11 layer2 wireless network detector, sniffer, and [...]

It seems like some recently patched flaws in Adobe Reader are actively being exploited in the wild, mostly via malicious banners from various sites.
Nothing particularly nasty is happening, but a trojan is being installed which can intercept search engine results. It’s definitely recommended to update to the latest version (8.1.2).
Personally I don’t have such a [...]

Another protection for those building website and web applications, as it’s the the most common attack vector nowadays I think it’s important to be extra safe on this front.
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes [...]

Ok here’s something controversial for you guys to digest, there has been anecdotal evidence of US Customs seizing laptops before and examining the data…but it now seems to be rather more widespread.
It’s a little worrying to me how a government can just rummage through your data when you are totally innocent and they don’t even [...]

I quite often get people asking me where to get Wordlists, after all brute forcing and password cracking often relies on the quality of your word list.
Do note there are also various tools to generate wordlists for brute forcing based on information gathered such as documents and web pages (such as Wyd – password profiling [...]

Well seen as though we were talking about breaking passwords, here’s a tool for Firefox to help you manage your more secure passwords.
Better security without bursting your brain
Password Hasher is a Firefox security extension for generating site-specific strong passwords from one (or a few) master key(s).

What good security practice demands:

Strong passwords that are hard [...]

Once again Apple iPhone has been unlocked by a determined youngster, the same who was amongst the first to unlock it last year winning himself a rather nice car and a few 8gb iPhones.
It just shows nothing is infallible, all he needed to find was a writable memory address and he was pretty much done [...]

It looks like it might be time to update our very well received list of the 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) since we have Russix now and Backtrack new version is on the way out.
Russix is a Slax based Wireless Live Linux. It has been designed to be light (circa [...]

Ok more controversy for you guys, and once again it’s the UK leading a new initiative. This time it’s not against making hacking tools illegal, it’s against people downloading ‘pirated’ content from the Internet (using torrent sites etc.).
I do hope they can differentiate using torrents to download open source software or creative commons music and [...]

With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal.
I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently the [...]

A UK firm Virtuity has created data protection software called BackStopp which comes with ’self-destruct’ technology based on Wi-Fi and RFID tags that starts to run as and when a laptop is moved from its designated space.
So in layman’s terms, if the laptop is moved from its permitted zone (which is set by the user) [...]

Nessconnect is an open-source software package that can connect to a Nessus or Nessus compatible server and provides an advanced graphical user interface. It also provides a command line interface, and an application programming interface in Java. Users can create custom scan profiles, generate extensive reports, and perform differential scans and analysis. Nessconnect was previously [...]

Ah I think it’s time for controversy on a Tuesday, what do you think about this case where a hacker got some info on a company about it’s soon to be plummeting share prices by breaking into their computer. By investing $41,000 in stock potion trading on the shares that were about to drop – [...]

NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.
NetworkMiner makes use of OS fingerprinting databases from both p0f (by Michal Zalewski) and [...]

Hacking for money again? Well not really in this case, more like script kiddying for money – modifying an ‘off the shelf’ malware/bot package to evade detection and then cashing in on spamware affiliate fees.
I guess they could have made much with a 400,000 bot network – by renting it out for DDoS attacks to [...]

The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited nor does it do [...]

It seems like botnets are getting more sophisticated – we thought the Storm Worm was pretty hot, but some of these new contenders are showing the guys on the dark side has some advanced understanding of technology and the architecture many companies use…this enables them to get deeper inside and remain undetected

Researchers have unearthed two [...]

One of our favourite all time tools for attacking web applications has been updated! Burp Suite has now reached version 1.1! This is a major release – not a minor upgrade.
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate [...]

It seems like most countries are getting more serious about the illegal downloading and the protection of intellectual property, after the UK recently proposed disconnecting ‘pirates’ from the Internet – Australia is now considering following suit.
I guess this is just the start, laws will become more heavy handed and draconian as most of it is [...]

Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. We have just finished the ninth month of the competition in February and are now in the tenth, starting a few days ago on March 1st – Sponsored [...]

Ferret works on the concept of “data seepage”: bits of benign data that people willingly broadcast to the world (as opposed to “leakage”, which is data people want to hide from the world).

Examples of data seepage are what happens when you power-on your computer. It will broadcast to the world the list of WiFi access-points [...]

It seems the VX groups are all destined to die out slowly, viruses for fun, learning and definitely not profit are on the way out. Like many other things its become a commercial market.
The top infector this month being Adware for the first time ever, not a virus. 29A is one of the old skool [...]

Fusil is a fuzzing framework written in Python and distributed under GNU GPLv2 license. Fusil allows you to easily write “Fuzzing Projects” from a set of functions such as:

Create a process
Compile a C program
Watch a process
Watch syslog and so on

Fusil uses small “agents” which exchange messages to launch actions. e.g. MangleFile injects errors into [...]

This is pretty interesting – US, UK, Canada, Australia and New Zealand are taking part in a fictitious cyberwar as an exercise to prepare and plan for sustained cyber attacks including some of which have actually caused power outages.
I personally think it’s a great idea, I must have missed Cyber Storm I as this is [...]

cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.
Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.

If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – [...]

Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper has a large number of configuration options which are described on this page.

Nipper currently supports the following device types:

Cisco Switches (IOS)
Cisco Routers (IOS)
Cisco Firewalls [...]

For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems.
It’s becoming a mature and useful package! I’m glad to see continued developing and [...]

It seems like security/pen-testing software can be quite lucrative – especially with the prices Core Security charge for their flagship tool Core Impact (Around $25,000 per seat?).
They have offices in two countries and are now looking to expand into new markets, anyway this is a bit of corporate security news for a change. They have [...]

This tool is another one on the side of protection, again for web-based applications but this time for .NET applications it’s called .NETIDS (.NET Intrusion detection System). This tool is capable of detecting on attacks on web applications and gives the developer the possibility to react. The project files include filter rules and function stubs [...]

This Firewire hack seems to be creating a big buzz, from what I’ve read it also works on Vista as for some odd reason the Firewire port gets access to the whole memory space in DMA mode – not just what it needs to function – so you can read from anything stored in memory [...]

Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for SQL Injection.
The Exploit-Me series was [...]

This is another selection from the Old Skool Philes, I like these as they tend to generate some good discussion and they are a good introduction to newcomers to hacking on the mindset and workflow of getting access to a box. The exact methods may not work, but we aren’t here to train script kiddies, [...]

httprecon is a tool for advanced web server fingerprinting, similar to httprint that we mentioned previously.
The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis.
Besides the discussion [...]

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that [...]

I have been following this contest and was wondering which OS would be first to fall (if any) seen as though they were all fully patched and the latest versions. For those that don’t know Pwn2Own is a contest at CanSecWest open to anyone to hack a Windows, Linux or Mac OSX box with a [...]

WSFuzzer is a fuzzing tool targetting HTTP and SOAP based web services.
The program currently targets Web Services. In the current version HTTP based SOAP services are the only supported targets. This tool was created based on, and to automate, some of the manual SOAP pen testing work we perform. This tool is NOT meant to [...]

These spammers and scammers are getting rather clever, and very sneaky. This is still epedemic and seems to be happening more and more. It takes a re-write of many of the large sites online..which frankly isn’t going to happen is it?
It just shows once again the spammers will think of all kinds of weird little [...]

After nearly 10 years of developement Wireshark (formely known as Ethereal) has finally reached version 1!
For those that don’t know, Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the [...]

Well this is quite scary as biometrics are touted as the ultimate in security and two factor authentication with biometrics is about as ‘heavy’ as most places get.
The fact that the biometric data can be ’sniffed’ reconstructed and re-used…is worrying to say the least. Do any of you have biometric measures in your workplace?

A British [...]

ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so ProxyStrike was born.
Right now it has available SQL [...]

Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st 2007 and it’s been running since then! We have just finished the tenth month of the competition in March and are now in the eleventh, starting a few days ago on April 1st – Sponsored by GFI.
We are [...]

We wrote a while back about a new wave of sophisticated botnets, which were predicted to overtake Storm and become the largest infectors online.
It seems like it’s come true, after extensive research Damballa has uncovered the biggest botnet ever, which at present has over 400,000 unique IPs (in a space of only 24 hours) which [...]

A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for [...]

It seems like spammers are now moving to automated spam via popular web mail services as a way to bypass IP-blacklisting services.
It’s a large advantage for them as they can still use botnet sources to generate the e-mail but the source IP address will be from a ‘trusted’ domain such as Gmail or Yahoo!.

The growing [...]

The Web Security Gateway is a security-centric distribution of the Apache web server, bundled with additional security modules, and configured as a front-end (reverse) HTTP proxy. The goal is to mirror most of the features of commercial web application “firewalls”, with free and Open-Source software.
The Web Security Gateway provides a configurable caching, authentication, input validation, [...]

As you will have noticed we’ve posted quite a number of Fuzzing Tools built around different frameworks and in different languages..most for difference targets/purposes too.
Fuzzing has definitely exploded in the last year or so as more people try and understand it and code tools to automate the process. There are tools for Web Services Fuzzing, [...]

Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of [...]

It looks like someone is going after the bad guys in a new way, by hacking them back! It’s no news to us that many hacking tools and script kiddy trojan kits are badly programmed..a lot of them have back-doors and the client-side tools have easy exploits that enable you to take over the ‘hackers’ [...]

HDIV (HTTP Data Integrity Validator) is a Java Web Application Security Framework. HDIV extends web applications’ behaviour by adding Security functionalities, maintaining the API and the framework specification. This implies that we can use HDIV in applications developed in Struts 1.x, Struts 2.x, Spring MVC and JSTL in a transparent way to the programmer and [...]

It seems like Microsoft are starting to get serious about security, in a very progressive move they have said they are ok with ethical hackers finding security flaws in their online services.
It’s been fairly ok so far to hack away at software installed on your own hardware, but hitting remotely hosted applications has been a [...]

Everybody has a favorite shell; not so many under Windows as there are under Linux, but anyway…
As most will tell you there favorite shell under Linux would be bash, as under Windows not really having what to chose from they would say cmd.exe (ok, bash can be used under Windows via cygwin, if I remember [...]

WifiZoo is a tool to gather wifi information passively. It is created to be helpful in wifi pentesting and was inspired by ‘Ferret‘ from Errata Security.

The tool is intended to get all possible info from open wifi networks (and possibly encrypted also in the future, at least with WEP) without joining any network, and covering [...]

It seems like Russia wants to keep a tight reign on things, anything with Wifi capability must be licenses! That includes your phone…imagine having to apply for a permit to have a wireless AP at home?
Rather ridiculous no?

Business travellers to Russia might want to keep their laptops and iPhones well-concealed – not from muggers, necessarily, [...]

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM [...]

The same old story, if you ask people for something they will most likely give it without thinking of the consequences..
Even more so if you are a pretty girl, and in this case you offer someone chocolate. Hey who doesn’t love chocolate? I have to say I don’t love it enough to give out my [...]

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit [...]

Now this is a pretty interesting contest from the guys at Defcon, antivirus evasion! It’s a question that gets asked a LOT…how do I avoid AV?
There are various ways to do it and I’ll be interested to see which are used in the contest, the most elegant solutions of course get better prizes.

Security firms have [...]

CDPSnarf if a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.
The application is written in C using the popular PCAP library.

Sample Output
Cisco AIR-AP1231G-E-K9 Access Point:

$ sudo ./cdpsnarf eth2
Waiting for a CDP packet…

[#0] Sniffed [...]

A while back we reported how US customs owns your data, now it’s getting even worse. 10 days ago the US appeals court gave them rights to COPY all your data without notice even if there are no suspicions.
Anyone want to talk about dilution of intellectual property? Privacy? Or just basic human rights..

In a letter [...]

This is a pretty new tool and a very cool one, Hibernation is a fairly new feature for Windows so it’s good to see a new tool targeting that.
Microsoft provides a feature called Hibernation also know as suspend to disk that aims to save the system state into an undocumented file called hiberfil.sys. This file [...]

As far as I know this has been happening for some time, sometimes a patch comes out for a vulnerability that many people don’t know about (including the hackers) so they will see what problem the patch fixes (possibly through reverse engineering) then develop an exploit to leverage on the flaw.
It seems things are a [...]

rtpbreak 1.3a has been released, we initially brought you news of this tool back in August 2007 with the first announcement of rtpbreak.

With rtpbreak you can detect, reconstruct and analyze any RTP session. It doesn’t require the presence of RTCP packets and works independently form the used signaling protocol (SIP, H.323, SCCP etc). The input [...]

Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st 2007 and it’s been running since then! We have just finished the eleventh month of the competition in April and are now in the twelfth, starting a few days ago on May 1st – Sponsored by GFI.
We are [...]

Microsoft helping the good guys eh? I had someone ask me if I can get a hold of this so I did some checking up on..
I’d guess MS is doing this to sell additional software and services, but either way its a good thing to make a portable, easy to use and effective forensics toolkit.
Would [...]

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) available on the target/victim website.
It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn and so on. [...]

So a new initiative – the Open Source Computer Emergency Response Team known as oCERT has been set up one of the main sponsors being Google (read more here – Contributing to Open Source Software Security).

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or [...]

Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks.

Client-based attacks, especially targeting web clients, are becoming more and more popular. Browser-targeted [...]

Now this is an interesting turn of events, the Asprox botnet malware is being used to spread SQL Injection tools rather than sending out phishing e-mails as before.
It seems to install quite stealthily as well disguising itself as a Windows Service with a fairly convincing file name. It’s certainly interesting to see the evolution of [...]

Sometimes I wonder to myself have I mentioned a certain tool on the site, usually one of my favourites…often I search the site to find I have never posted about it.
It just goes to show how we often overlook some of the more ‘obvious’ choices, and to many people they may not be that obvious. [...]

Another big heist in the US netting a whole lot of juicy information on credit and debit cards, over half a million USD lost in this case alone. There’s a whole lot of fraud going on..
Not bad for fiddling with the cash register system of a restaurant chain. It just shows, anyone dealing with finanical [...]

Tmin is a simple utility meant to make it easy to narrow down complex test cases produced through fuzzing. It is closely related to another tool of this type, delta, but meant specifically for unknown, underspecified, or hard to parse data formats (without the need to tokenize and re-serialize data), and for easy integration with [...]

It makes sense, spammers will follow whatever is popular, wherever the social mass is at and reading they will bombard.
In the earlier days Myspace was a big target, now they are moving on to other sites such as Facebook. Social networking sites are an ideal place for spammers as they can exploit the trust between [...]

thc-Amap (Application MAPper) is another excellent tool more towards banner grabbing and protocol detection than OS-fingerprinting. But from the services running on a machine you can get a good idea of the OS and the purpose of the server.
Amap is a next-generation scanning tool for pentesters. It attempts to identify applications even if they are [...]

Oh dear, UK going backwards again. A bad case of Big Brother syndrome and once again under the blanket excuse of efforts against terrorism.
Please! That’s so old and tired now, do governments seriously think they can keep infringing people’s privacy and rights under the same old guise? Strike terror into the public by continually telling [...]

The major change is both tools now support 64-bit targets! Good news for us.
pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, and should be stable on XP SP2 and 2K3. If [...]

Ah TJX in the news again….after previously having the Largest Breach of Customer Data in U.S. History, now they are screwing people over that try to help them and their seemingly ridiculous information security policies.
Hello blank passwords? Sounds crazy but I believe it happens, at more places than just TJX. It’s sad that someone who [...]

We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features.
Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote [...]

If not the magic camera in the sky might think you are a terrorist and a squad of crack F16s might be dispatched to blow up your plane..
Don’t go to the toilet too often too, or walk around too much…or do anything really. Better just sit in your seat with a blank expression on your [...]

SIP devices are getting to be very common now, especially with open source bundled OS offerings like Trixbox making it easy to setup your own digital or IP-PBX.

Along with the frequent installations, many (if not most) VoIP devices have available a Web GUI for their configuration, management, and report generation. These Web GUIs are often [...]

Vishing, now there’s a new term for you. Basically its Phishing – but utilising VoIP call services, which makes it very easy to spoof the Caller ID.
Even though Caller ID Spoofing was Made Illegal in the USA – people will still continue to do it, remember the FCC said it’s still easy to spoof caller [...]

Angry IP scanner is a very fast IP address and port scanner.
It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.

Angry IP scanner simply pings each IP address to check if it’s alive, then [...]

Crackers briefly hijacked hacking tools website Metasploit.com on Monday.
Metasploit is an advanced open-source exploit development platform used by most pen-testers. A tool we often mention here on Darknet.
On Monday the site was redirected to a page announcing the site was “hacked by sunwear ! just for fun“, as recorded by Sunbelt Software.

Unidentified miscreants used an [...]

The OSWA-Assistant is a no-Operating-System-required standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer’s CDROM and making your computer boot from it!

This toolkit is [...]

Malware authors are getting sneaky again, in the latest turn of events they have started encrypting your files and holding them at ransom!
You have to pay up to get the ‘decryptor’ and get access to your files again. This is pretty dangerous…and cunning too. It’s not easily broken either, they are using RSA 1024-bit encryption!

Kaspersky [...]

SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:

svmap – this is a sip scanner. Lists SIP devices found on an IP range
svwar – identifies active extensions on a PBX
svcrack – an online password cracker for SIP PBX
svreport – manages sessions [...]

Another new development in the malware arena, this new version of Zlob will actually log onto your router and change the DNS settings to hijack your traffic.
Pretty interesting approach and it will work because 99% of people won’t change the default password on their routers. Let’s face it, have you changed it?

A new Trojan horse [...]

Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st 2007 and it’s been running since then! We have just finished the twelfth month of the competition in May and are now in the thirteenth, starting a few days ago on June 1st – Sponsored by GFI.
We’ve successfully [...]

ArpON (Arp handler inspectiON) is a portable handler daemon with some nice tools to handle all ARP aspects. It has a lot of features and it makes ARP a bit safer. This is possible using two kinds of anti Arp Poisoning tecniques, the first is based on SARPI or “Static ARP Inspection”, the second on [...]

Looks like India has them moving into the hacking scene young, it’ll happen anywhere with decent network infrastructure and disparate levels of economy. Look at Eastern Europe and China as other examples, India though due to it’s outsourcing culture and plentiful legitimate jobs in the IT industry doesn’t seem to suffer so many problems with [...]

Now this isn’t a new tool, and it’s not quite up to date as the author hasn’t updated it for a while – but it’s still exceedingly cool!
As you know most IP addresses are registered to companies or organizations in blocks, so you can identify which network an edit is coming from as Wikipedia logs [...]

It just goes to show, however smart you think you are…don’t bother trying to wreck someones data. In this case, even if the guy was pissed it was highly responsible as it involved medical records and could actually seriously effect someones life.
He was pretty careful but left a few clues behind, more than enough for [...]

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit [...]

Another one bites the dust with another reasonably hefty sentence, this time a botherder or botnet master.
Just under 4 years and a big chunk of change as a fine, I guess he probably has plenty of cash stashed somewhere though. These guys can really rake it in with their mass infectors of doom.

A US-based hacker [...]

If you don’t know, BackTrack is a top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
Back in January we mentioned the BackTrack Live Hacking CD BETA 3 was released, at last the final version is [...]

You might remember a while ago we mentioned MP3 spam, which in October last year was the latest evolution in spam.
Currently there is a new type annoying mail-server owners the world over, it’s known as NDR or Backscatter Spam and involved NDRs or Non Delivery Reports (those emails you get when you send a mail [...]

It just goes to show, having an aluminium lined wallet could really be useful! Hackers in the Netherlands found they could clone an access card using the Mifare chip, after that they traveled to London to try their technique out on the Oyster card (used on the London Underground), which uses the same chip.
It just [...]

There are quite a lot of SQL Injection Tools available and now there is one more to add to the stable for testing – Bsqlbf V2, which is a Blind SQL Injection Brute Forcer.

The original tool (bsqlbfv1.2-th.pl) was intended to exploit blind sql injection against a mysql backend database, this new version supports blind sql [...]

It looks like China is becoming a hotbed for malware and malicious websites (those sites that push malware infections via browser exploits).
They often used to be found in Korea and Taiwan and parts of Eastern Europe. According to the latest data more than half of the sites are now located in China.

More than half of [...]

Now this is an oldskool topic, wardialling! Some people still ask me about wardialling tools though, so here’s one I found recently written in Python.
PAW / PAWS is a wardialing software in python. It is designed to scan for ISDN (PAWS only) and “modern” analog modems (running at 9.6kbit/s or higher). Wardialing tools are – [...]

It seems like the Phishing crews at trying to get some new ideas on how to con people into giving away their credentials and leaking info.
The latest target appears to be Google Calendar.
As always be on your guard as these scams are coming from all directions.

A few months ago, spam came to Google Calendar. Now [...]

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic [...]

Some new statistics just came out regarding Browser Security, this is more in terms of which users are most likely to apply patches and be using the most secure version.
I would have thought Firefox would have been pretty high since the newer series prompt automatically new patches. My only guess is a lot of people [...]

Pantera is actually using an improved version of SPIKE Proxy and is a project under the umbrella of OWASP.
It’s aiming to be a more automated method for testing Web Application Security.

Features

User-friendly custom web GUI. (CSS): Pantera itself is a web application that runs inside the browser and can be customized using CSS by the user. [...]

Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st 2007 and it’s been running since then! We have just finished the thirteenth month of the competition in June and are now in the fourteenth, starting a few days ago on July 1st – Sponsored by GFI.
We’ve successfully [...]

The first stage of penetration testing is usually passive information gathering and enumeration (active information gathering). This is where tools like dnsenum come in, the purpose of DNSenum is to gather as much information as possible about a domain.

The program currently performs the following operations:

Get the host’s addresse (A record).
Get the namservers (threaded).

Get the MX [...]

Now this is an interesting privacy related case to think about over the weekend, Google has to reveal viewing details for Youtube to Viacom.
Anyone who has EVER watched a Youtube video, that’s pretty extreme. Luckily most people are using dynamic IP addresses, so it shouldn’t be too much of a concern.
Unless of course they decide [...]

FWAuto (Firewall Rulebase Automation) is a Perl script and should work on any system with Perl installed. Provide the running config of a PIX firewall to fwauto. It will analyze and give you a list of weak rules in your rule base and store the result in multiple output files.

Maybe there have been times when [...]

I stopped using ISP based e-mail accounts years ago, they always had lousy spam control and after joining a few mailing lists they used to get flooded with junk.
I always found web based mail systems to have much more effective spam filtering systems, plus I don’t have to waste my time and bandwidth downloading spam [...]

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
This is a tool that might be useful for both penetration testers performing white box tests and system admins trying [...]

It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy.
A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes a certain [...]

Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet [...]

Another disgruntled IT worked causing mayhem, remember the guy that destroyed all the medical records?
He got a pretty hefty sentence, now we have another who has locked everyone out of the new ’state of the art’ computer network in San Fransisco – he’s on a $5 million dollar bail so I’d say he’s in big [...]

This is a tool that has been around quite some time too, it’s still very useful though and it’s a very niche tool specifically for brute forcing Windows Terminal Server.

TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, since [...]

In the story we recently covered where Terry Childs had locked San Fransisco officials out of their own network, there is a new development.
He’s handed over the passcode to the Mayor, Gavin Newsom. It seems he came to his senses and he also seems to have VERY little faith in the IT administration for the [...]

MoocherHunter™ is a mobile tracking software tool for the real-time on-the-fly geo-location of wireless moochers and hackers. It’s included as part of the OSWA Assistant LiveCD we mentioned quite recently.’
I wanted to mention this tool separately as I think it’s very cool!

MoocherHunter™ identifies the location of an 802.11-based wireless moocher or hacker by the traffic [...]

There has been a lot of hype about this one, but this flaw is a real threat and the working exploits are now available in the wild.
To top that, they have already been ported into Metasploit!
I hope all the major ISPs are in a patching frenzy right now and not thinking to themselves that there [...]

We did mention nUbuntu long ago in our famous 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) article.
After that it stopped development for quite some time, thankfully some new blood has picked it up and development has started again!

With over a year of inactivity, the latest alpha of nUbuntu 8.04 has finally surfaced.
With [...]

After a recent survey it shows online banking may not be as secure as you might think. People tend to think banks are the pinnacle of security and that assumption continues to their websites.
Sadly however, even in my own personal experience, the truth is far from that. Many many banks have flaws that can leak [...]

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM [...]

This is a pretty old issue, but this is an interesting new implementation of an old idea. Using your browser history and by matching your browsing habits the site attempts to guess your gender with a weighting system according to the gender demographics for a list of fairly popular sites.
It’s not super accurate unless you [...]

SIPcrack is a suite for sniffing and cracking the digest authentication used in the SIP protocol.
The tools offer support for pcap files, wordlists and many more to extract all needed information and bruteforce the passwords for the sniffed accounts.

If you don’t have OpenSSL installed or encounter any building problems try ‘make no-openssl’ to build with [...]

For some of the long time readers, you might remember we’ve been covering the case of the UK Hacker Gary McKinnon for quite some time. The last post was about a year ago though in August 2007 when he Won Right to Lords Appeal Extradition Hearing.
The first post on the case was over 2 years [...]

Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st 2007 and it’s been running since then! We have just finished the fourteenth month of the competition in July and are now in the fifthteenth, starting a few days ago on August 1st – Sponsored by GFI.
We’ve successfully [...]

It’s somewhat ironic that shortly after the Kaminsky DNS bug went wild and almost immediately got ported into Metasploit that it was then used to attack HD Moore’s very own company BreakingPoint.
It happened just a couple of days ago, it doesnt seem to have been a targeted attack though more like mass spammers/scammers leveraging [...]

PuttyHijack is a POC tool that injects a dll into the PuTTY process to hijack an existing, or soon to be created, connection.

This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers. The injected DLL installs some hooks and creates a socket for [...]

We reported on this case back in September 2007, the largest US data breach in history so far (45 million customer records!).
It seems like finally the people behind it have been busted, 11 people have been charged by US authorities.

The US authorities have charged 11 people in connection with the theft of credit-card details in [...]

HeX is a project aimed at the NSM (Network Security Monitoring) community for use by network security analysts. The developers believe that simplicity and analysis work flow logic must be enhanced and emphasized through-out the process of designing this liveCD. Not only have they carefully chosen all the necessary applications and tools to be included [...]

Well another reason for you guys (and gals) to avoid social networks, a new worm is spreading. Again they are using the same ploys that have been leveraged for years on e-mail and instant messaging.
Trust is gained as the message or link/video/etc comes from a known source so people are more likely to click/open/play it [...]

As you all probably known since version 3 Nessus turned to a proprietary model and started charging for the latest plugins locking most of us out. Now we finally have a new, properly organised forked development with the name of OpenVAS – at last a decent and free Vulnerability Scanner!
OpenVAS stands for Open Vulnerability Assessment [...]

Another one bites the dust, this time for spying on a teenage girl via webcam. 4 years is a reasonable sentence this time I think as the case borders on many offenses such as blackmail, indecent behaviour, infringement of privacy, unlawful access and probably a few more.
It was a pretty simple hack as it goes, [...]

ISR-evilgrade is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates and exploiting the system or software.
How does it work?
It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victims [...]

So the latest news with the Gary McKinnon case that was he was trying to fight against Extradition, he started off with Appeals against US Extradition, then he Won The Right to Lords Appeal Extradition Hearing and then he lost the Lords case then went for the European Court.
Sadly it seems he lost his appeal [...]

We all know what botnets are (think so), but anyway let’s see a proper definition of botnets taken from shadowserver… and I quote:

A botnet is a collection of computers, connected to the internet, that interact to accomplish some distributed task. Although such a collection of computers can be used for useful and constructive applications, the [...]

What is XTest?
XTest is a simple, practical, and free, wired 802.1x supplicant security tool implementing the RFC 3847 EAP-MD5 Authentication method. It can be used to assess the password strength within wired ethernet environments that rely on 802.1x to protect IP Phones and the VoIP Infrastructure against rogue PC access. XTest is developed in C [...]

This one is of interest to me as I do actually use Twitter as a microblogging service and to keep up with what various friends are up to.
It’s quite an interesting wep app especially paired with something like Twitterfox in your browser and Twibble in your mobile phone.
It must have made it big now though [...]

The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don’t respond to requests with invalid community strings and the underlying UDP protocol does not reliably report closed UDP ports. [...]

So as most of you probably know the big buzz on the Internet last week was that Google (after supporting Firefox for so long) have actually launched their own browser.
It’s cooled Google Chrome. Now of course in typical Google fashion they call it BETA software, and a number of flaws have popped up during the [...]

What Does reDuh Do?
reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests.
Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially

What is it for?
a) Bob.Hacker has the ability to upload / create [...]

I did mention this earlier in the week when I was talking about Twitter being used as a malware distribution platform, there also seems to be an auto follow vulnerability that spammers would love.
Do you remember Myspace and samy with 900,000 friends? Now we have johng77536 on Twitter!

Last week, TechCrunch’s Jason Kincaid wrote about an [...]

This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each.
Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread.

Changes for v1.3

Wrote in-a-bind shell script that [...]

Now you think they’d know better than having Autorun enabled in the International Space Station? But no, they obviously didn’t and they got owned by some fairly innocuous thumb drive auto-spreader.
It wouldn’t really be news if anyone else got infected, but come on this is supposed to the pinnacle of security or something?

NASA confirmed this [...]

psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it has the fastest access to log data.
psad [...]

Purpose
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent [...]

A tool which allows one to hijack HTTP connections to steal cookies – even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.
Features:

Does Wireless injection when the NIC is in monitor mode

Supports Ethernet

Support for WEP (when the NIC is in monitor mode)

Known issues:

Sometimes the victim is not redirected correctly (particularly seen when [...]

This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not?
For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1’s and [...]

ohrwurm is a small and simple RTP fuzzer, it has been tested it on a small number of SIP phones, none of them withstood the fuzzing.

Features:

reads SIP messages to get information of the RTP port numbers
reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can be fuzzed
RTCP traffic [...]

There has been a big hoo-haa recently about a US ISP called Intercage who have said to have been harbouring spammers and scammers via their largest client an Eastern European webhost called Esthost.
Their plug got pulled 2 days ago by the upstream provider IP transit provider UnitedLayer after weeks of criticism from the community showing [...]

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database.
It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS:

MS-SQL Server

ORACLE
MySQL (experimental)

Attack Templates for:

MS Access
MySQL

ORACLE
PostgreSQL

MS-SQL Server

Also you can write your own attack template for any other database as well [...]

So it turns out you don’t need any fancy password cracking software like John the Ripper or Cain and Abel you just need a handful of £5 gift vouchers for Marks and Spencers!
But we had discussed this in part before, some people will give out their passwords if you just ask, some if you offer [...]

Dnsscan is a tool for finger printing open recursive resolvers. It runs in conjuction with a small server that knows how to reply to queries forwarded from probed resolvers. For example, assume that you have delegated osd.example.org:
osd.example.org. 900 IN [...]

It seems like ATM hacking is still the way to go for those into a bit of hardware hacking. One of the most notorious and well known ATM hackers was recently arrest in Turkey and a list of his tips discovered online where he also sold the ATM skimming equipment.
Well his tips can’t be THAT [...]

This is another tool that has been around for a long time and I’ve been using it for years since it’s earliest versions, oddly however I’ve never posted about it.
So here it for the few of you that haven’t heard of it, probably the best port scanner on the Windows platform, very fast and compact [...]

I guess most people have been led to believe this new generation of ePassports or biometric passports are more secure, will help us keep our privacy intact and help us mitigate against identity theft.
Well how wrong the propaganda is! THC (famous for their tools and research in security) has just released some technical information, tools [...]

Port Knocking came about in around 2003, but it has various weaknesses. There are plenty of implentations though (some quite advanced). Most of the problems are fixed however by fwknop!
fwknop stands for the “FireWall KNock OPerator”, and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop [...]

Another classic data leakage….and once again it happend on Ebay! This time it’s a British agency known as MI6 (Secret Intelligence Service) demonstrating a distinct lack of intelligence.
How on earth does something like even happen? Even smaller agencies and companies I’ve worked with have rigorous data destruction policies when old equipment is recycled or sold [...]

Another one from the old school, this tool has been around forever since way before wardriving was fashionable and when people still used pringles cans for antenna boosting.
It’s a favourite amongst Windows users, although it can’t do any real hacking (like breaking a WEP key) – it’s extremely fast and effecient in the detection of [...]

Some interesting security industry news, it seems like Symantec is really setting itself up to be the Microsoft of the security world.
They are buying up anything and everything and merging it into the Symantec borg…things that are successful of course. Their latest acquisition is the popular MessageLabs, a good example of both cloud computing and [...]

Ah can’t believe I haven’t posted about this one before, one of my favourite tools! It was a big breakthrough to have a passive OS-fingerprinting tool after relying on Nmap and Xprobe2 for the longest time.
OS fingerprinting is a very important part of a pen-test during the information gathering stage.
P0f v2 is a versatile passive [...]

It seems that people are truly shocked when their identities get exposed, and the vast majority use the same single password for ALL of their online accounts. That’s just crazy!
A ‘kind-hearted’ hacker recently exposed a bunch of online accounts (with passwords) to gain himself more status in a hacker forum (l33t sk1llz dudebro!).

WHEN Australian web [...]

This is another oldskool tool, but still relevant! TCP and UDP still work in the same way and firewalls/edge devices are still often configured wrongly.
Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or [...]

Microsoft users are being targeted again by malware via e-mail, scammers/spammers never give up and for once the e-mail looks fairly legitimate.
Usually this kind of ‘baitware’ is riddled with terrible grammar and horrible spellings, do make sure you brief the less security aware friends you have about this though just in case.

Email scams are a [...]

Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. In order to do that, it leverages well established techniques and technologies for text/xml manipulation such as XSLT, XQuery and Regular Expressions. Web-Harvest mainly focuses on HTML/XML based [...]

You may remember the story about the Pro ATM Hacker ‘Chao’ and his Tips a while back, apparently that was the start of a big global sting operation on credit card fraud.
Chao was admin/moderator on a community of carders (where they bought/sold stolen credit card info) called DarkMarket and the first to be busted, it [...]

We have covered quite a lot of Password Cracking tools and it’s not often a new one comes out, this one is for quite a specialised purpose (not a general all-purpose password cracker like John the Ripper or Cain & Abel), although you do need to use it alongside JTR.
This tool is for instantly cracking [...]

Now this is an interesting twist on an oldschool method of hacking, the monitoring of electromagnetic radiation.
You’d think it’d be easier to sniff the traffic from a wireless keyboard, but generally it’s not as they tend to be encrypted. Where as the electromagnetic radiation given off by a wired keyboard is not shielded or protected [...]

XSS-Proxy is an advanced Cross-Site-Scripting (XSS) attack tool. The documents, tools and other content on this site assume you have a basic understanding of XSS issues and existing exploitation methods. If you are not famliar with XSS, then I recommend you check out the primer links/docs below to get a better of idea of what [...]

Now this doesn’t happen all that often, it must be really serious! An Out-of-Band patch from Microsoft (since it’s famous ‘Patch Tuesday‘ it only releases patches on the second Tuesday of each month) has been released for a new RPC flaw.
I’d imagine it’s similar to the RPC flaw that spawned such disasters as Blaster and [...]

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, [...]

Google hacking was the big thing back in 2004, I actually did a talk on it in Hack in the Box 2004, it’s resurfaced again as a serious threat with Google noticing more queries relating to things like social security numbers.
The Google Hacking Database has been active for years now and there are hundreds of [...]

Sam Spade is one of the oldest network security tools around in terms of a neat package containing a lot of stuff you need, it’s one of the first things I used when I got into information security and I was on a crusade against spammers and scammers.
It has all kinds of useful tools in [...]

Robert Tappan Morris is a character of Internet lore, anyone who has studied Computer Science, Software Engineering or Computer Security will have heard of this guy.
He’s pretty much the fellow that made the Internet famous (for all the wrong reasons) and the first creator of a bit of self-replicating network based malware (now known as [...]

Whilst reading an article the other day I saw this mentioned and realised I haven’t written about this yet either, although I have written about the similar tool Goolag.
What is Gooscan?
Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on [...]

It seems the latest target for spammers, opportunists and those into Domain Squatting is the registration of interesting or possibly valuable Twitter usernames.
Twitter has exploded recently as a new ‘micro-blogging’ platform and it works really well, especially when combined with more traditional blogging and the host of tools that have been build around Twitter to [...]

MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing – or a bad thing.
But well here it is anyway.

Features

Receives a list of URLs as input
Recognizes the parameterized URLs from the list
Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
Automatic defacement – [...]

No surprise here, the malware authors are leveraging on the social engineering aspect of the US presidential elections.
In less than half a day Google Adwords adverts and custom malware was popping up conning users into a sense of security by using Obama’s name.

Malware purveyors have wasted no time capitalizing on Barack Obama’s landslide victory in [...]

This tool has been around for a LONG time in some form or another, some of you old-skool guys may remember a package called SATAN, this was the best semi-automatic security analysis tool around back then. From SATAN and it’s development came SARA, which is now in it’s 3rd generation.

Advanced Research’s philosophy relies heavily on [...]

Well WEP came down long ago, it was only a matter of time before the standard that succeeded it fell too – WPA. The big news last week was that WPA has been cracked finally, it’ll be discussed this week at the PacSec Conference.
After the insecurity of WEP was exposed the majority of routers and [...]

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use [...]

This is an interesting story, I’ll be watching how it develops – it’s not often you see a bounty for online crimes and especially one as enticing as 1 million dollars!
That’s a hell of a sum for nailing down some dodgy hackers who are running an extortion scam after a data leak.
I really wonder where [...]

Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.
Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool [...]

You might recall we reported a while ago about ’spam friendly’ ISP Intercage coming back online after having their plug pulled by upstream provider UnitedLayer.
They pledged to clean up their act though and drop their biggest client who was an Eastern European malware and phishing host.
This time another ISP has been suspected of hosting sites [...]

The Microsoft Security Assessment Tool (MSAT) is a free tool designed to help organizations like yours assess weaknesses in your current IT security environment, reveal a prioritized list of issues, and help provide specific guidance to minimize those risks. MSAT is an easy, cost-effective way to begin strengthening the security of your computing environment and [...]

Another teen hacker in the news, this guy looks like he has some formidable skills though with the list of crimes he’s perpetrated.
He’s pleaded guilty though, so he should get a reduced sentence and he’s still classified as a juvenile offender being only 17 – so that works in his favour too.

A juvenile hacker with [...]

ike-scan is a command-line tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

ike-scan allows you to:

Send IKE packets to any number of destination hosts, using a configurable output bandwidth or packet rate. (This is useful for VPN [...]

It’s a sad case when someone loses their career over an incidnet which was outside of their control, not everyone can be expected to keep their computers free of spyware and malware.
It just doesn’t happen.
Unfortunately for Julie Amero, she got some porn pop-ups at the wrong time in a class full of students. If you [...]

Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there [...]

After McColo was partially disconnected from the Internet by it’s peers global spam dropped noticeably.
It seems however that the spam was emanating from a zombie network and the control servers were hosted by McColo, the creators of the botnet (Srizbi) were smart about it though and built a fail-safe system into the the malware.
It should [...]

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment
You can find an online map of Firecat v1.4 here.
Changes for version 1.4

Information Gathering (Enumeration and Fingerprinting)

Passive Recon : PassiveRecon allows Information Security professionals the ability to perform “packetless” discovery of target [...]

You might remember the Sony BMG Rootkit fiasco back in 2006 when the whole Internet was up in arms about Sony installing a rootkit in the name of Digital Restriction Rights Management.
Another piece of malware has been uncovered that has been linked to Sony and their Fingerprint reader.

Researchers have unearthed rootkit-like functionality in an enterprise [...]

Recently we mentioned MSAT – Microsoft Security Assessment Tool and I recalled another tool which came out originally years and years ago and I’ve personally found useful in a few situations.
It’s good when you’re working on a Domain/Group Policy and you want to lock down one machine nice and tight, it can give some pretty [...]

I found an interesting article today which sums up most of the acryonyms involved in wireless networks and wireless security and explain them all in brief.
It may clear things up for some people who get overwhelmed by all the jargon, especially with the recent news hitting the mainstream about WPA being partially cracked.

Users have every [...]

I get a lot of these e-mails, sometimes I receive them almost every day. I had a thought the other day, it might be amusing if I shared them with you guys.
So I’ll post them up every time I receive 2-3. I’ve had a LOT of these kind of e-mails and some spooky ones too [...]

BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec. You may check benchmarks of all known good MD5 bruteforcers here.

Changes in 0.8

Added checks for errors when calling CUDA kernel.
Now you [...]

It seems like ‘vishing‘ (basically Phishing – but utilising VoIP call services) as it’s known is getting bigger, especially since the scammers have been using a flaw in Asterisk systems that allows them to hijack the VoIP exchange.
Older versions of Asterisk do have quite a number of serious flaws and it looks like scammers and [...]

To continue with some software targeted towards security and self-protection after posting about Microsoft Baseline Security Analyzer (MBSA) and Microsoft Security Assessment Tool (MSAT) we continue with one more – Secunia Personal Software Inspector. We did write about this software way back when Secunia first came out with their Secunia Software Inspector.
There’s now 3 versions [...]

It seems a new, fairly serious flaw has been discovered in Internet Explorer 7 – and as accounts go it’s been around for a couple of months in the underground.
The worrying part is, patch Tuesday was yesterday and after testing it’s been discovered that this flaw WAS NOT patched in the updates.
ISC reports that it’s [...]

sapyto is the first SAP Penetration Testing Framework, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities.
sapyto is periodically updated with the outcome of the deep research on the various security aspects in SAP systems.

Although sapyto is a versatile and powerful tool, it is of major importance for it [...]

I’m sure you’ve heard about the Microsoft IE7 Exploit that allows Remote Code Execution on XP & Vista, it turns out it’s actually much worse than first expected.
The exploit also affects IE5.01, IE6 and IE8 on all OS versions! That’s a pretty worrying turn of events for MS especially as they are seemingly leaving it [...]

An interesting collection of tools for pen-testing including a DoS tool (something you don’t often see publicly released).
Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or just for fun. Now he has decided to release it to the public.
The Tools

LetDown is a TCP [...]

Well it has happened before, quite recently in fact – back in October Microsoft rushed out a patch for the RPC exploit, which was the first time in 18 months they had issued an out of band patch.
Now just a couple of months later they are releasing another one (which should be available today – [...]

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system [...]

A lot of companies are moving towards virtualization, blade servers and sharing hardware components makes sense when you can have multiple logical servers on one physical machine. I’ve used VMWare in a few situations myself but mostly I don’t see a real requirement for using virtual machines (apart from hosting with a VPS).
There have always [...]

You might remember a while ago we posted about MultiInjector which claims to the first configurable automatic website defacement tool, it got quite a bit of interest and shortly after that it was updated. Anyway, good or bad I think people deserve to know what is out there.

Features

Receives a list of URLs as input
Recognizes the [...]

Another big flaw has been discovered in Microsoft software just a few days after they broke their patch cycle to issue a patch for the IE bug that allowed remote code execution.
This time however it doesn’t really effect home users or the general consumer, it’s a more specific server side vulnerability affecting Microsoft SQL Server [...]

Merry xmas everyone, here is the year end summary of retarded e-mails. We have had a splendid amount of retarded comments recently too and some decent e-mails too (but all asking the same thing “How do I start learning to be a hacker, what should I do, what should I read etc..I’ll write a post [...]

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.
Burp Suite [...]

Well it’s December 31st again that means shortly another year will be over and we will be ushering in 2009.
Let’s hope for another year full of exciting tools, new developments, more Microsoft exploits (and timely patches) and interesting issues to discuss.
I’d like to take this chance to thank you all for your continuing support, comments [...]