Archive | January, 2008

Bruter 1.0 Released – Parallel Windows Password Brute Forcing Tool

Your website & network are Hackable


Bruter 1.0 BETA 1 has been released. Bruter is a parallel login brute-forcer. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.

Bruter is a tool for the Win32 platform only.

PROTOCOL SUPPORT

It currently supports the following services:

  • FTP
  • HTTP (Basic)
  • HTTP (Form)
  • IMAP
  • MSSQL
  • MySQL
  • POP3
  • SMB-NT
  • SMTP
  • SNMP
  • SSH2
  • Telnet

DEPENDENCIES

You can download Bruter here:

Bruter_1.0_beta1.zip

Or read more here.


Posted in: Hacking Tools, Password Cracking, Windows Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Password Cracking, Windows Hacking | Add a Comment
Recent in Hacking Tools:
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis
- shadow – Firefox Heap Exploitation Tool (jemalloc)

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,981,486 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,434,327 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 680,901 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Multilingual Worm Spreads Over MSN Messenger

Find your website's Achilles' Heel


Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on.

The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more likely to work as most of the people on sometimes contact list are probably from the same country or at least use the same language.

The IRCBOT-RB Trojan poses as messages containing links to pictures on social networking sites such as MySpace and Facebook. Typical come-ons involve messages such as “Wanna see my pictures before i send em to facebook?”. Clicking on a link takes users to booby-trapped websites.

Unusually, the polyglot malware changes these messages according to the language of the affected operating system used. Compromised machines are infected by a simple bot agent that leaves the hardware hooked up to a central control server, awaiting instructions.

This would mean it’s much more believable than someone who speaks Portuguese to their friends sending a message in English. As usual please educate people not to blindly follow or click links and definitely don’t accept files sent by friends on MSN/Yahoo! or AIM as they are most likely auto-generated by a trojan.

Do message the person back manually and ask them if they really sent it.

Source: The Register


Posted in: Malware, Social Engineering

Tags: , , , , , , , , , ,

Posted in: Malware, Social Engineering | Add a Comment
Recent in Malware:
- Cuckoo Sandbox – Automated Malware Analysis System
- movfuscator – Compile Into ONLY mov Instructions
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,514 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,635 views
- US considers banning DRM rootkits – Sony BMG - 44,988 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Metasploit Framework v3.1 Released for Download

Find your website's Achilles' Heel


Ah Metasploit development cycle seems to be picking up, I guess with greater community support the bugs get ironed out and the new features introduced faster.

Good to see an update so soon after Metasploit Framework v3.0 was released.

I keep closely up to date with Metasploit as it’s pretty much the best free tool out there right now, and certainly the most exciting along with Nmap.

The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits. Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community.

The graphical user interface is a major step forward for Metasploit users on the Windows platform. Development of this interface was driven by Fabrice Mourron and provides a wizard-based exploitation system, a graphical file and process browser for the Meterpreter payloads, and a multi-tab console interface. “The Metasploit GUI puts Windows users on the same footing as those running Unix by giving them access to a console interface to the framework” said H D Moore, who worked with Fabrice on the GUI project.

The latest incarnation of the framework includes a bristling arsenal of exploit modules that are sure to put a smile on the face of every information warrior. Notable exploits in the 3.1 release include a remote, unpatched kernel-land exploit for Novell Netware, written by toto, a series of 802.11 fuzzing modules that can spray the local airspace with malformed frames, taking out a wide swath of wireless-enabled devices, and a battery of exploits targeted at Borland’s InterBase product line. “I found so many holes that I just gave up releasing all of them”, said Ramon de Carvalho, founder of RISE Security, and Metasploit contributor.

Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the tiny Nokia n800 handheld. Users can access Metasploit using the tab-completing console interface, the Gtk GUI, the command line scripting interface, or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools.

You can download Metasploit v3.1 here:

Metasploit v3.1 tar.gz
Metasploit v3.1 exe

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Linux Hacking, Windows Hacking

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Linux Hacking, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,990 views
- AJAX: Is your application secure enough? - 120,149 views
- eEye Launches 0-Day Exploit Tracker - 85,576 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Data Leakage Bug in Mozilla Firefox Confirmed

Find your website's Achilles' Heel


It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla.

It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?).

It’s rated as low risk, but it can give away the existence of files (if the attacker knows the name and location).

The bug resides in Firefox’s chrome protocol scheme and allows for a directory traversal when certain types of extensions are installed. Attackers could use it to detect if certain programs or files are present on a machine, gaining information to use in perpetrating another, more malicious exploit.

Normally, Firefox’s chrome package is restricted to a limited number of directories, but a bug in the way it handles escaped sequences (i.e. %2e%2e%2f) allows attackers to escape those confines and access more sensitive parts of a user’s computer. The exploit only works if a user has made use of Firefox extensions that are “flat,” this is, those that don’t package their files in a jar archive. Examples of flat add-ons include Download Statusbar and Greasemonkey.

You can protect yourself by using NoScript, which I would guess most of you guys are using already.

The open bug can be found here.

Source: The Register


Posted in: Exploits/Vulnerabilities, Privacy

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Privacy | Add a Comment
Recent in Exploits/Vulnerabilities:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,990 views
- AJAX: Is your application secure enough? - 120,149 views
- eEye Launches 0-Day Exploit Tracker - 85,576 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


argus – Auditing Network Activity – Performance & Status Monitoring

Find your website's Achilles' Heel


Another tool for the security side, good for forensics, monitoring and auditing.

Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.

Argus can be used to analyze and report on the contents of packet capture files or it can run as a continuous monitor, examining data from a live interface; generating an audit log of all the network activity seen in the packet stream. Argus can be deployed to monitor individual end-systems, or an entire enterprises network activity. As a continuous monitor, Argus provides both push and pull data handling models, to allow flexible strategies for collecting network audit data. Argus data clients support a range of operations, such as sorting, aggregation, archival and reporting. There is XML support for Argus data, which makes handling Argus data a bit easier.

Argus currently runs on Linux, Solaris, FreeBSD, OpenBSD, NetBSD, and MAC OS X and its client programs have also been ported to Cygwin. The software should be portable to many versions of Unix with little or no modification. Performance is such that auditing an entire enterprises Internet activity can be accomplished using modest computing resources.

You can download argus here:

argus-2.0.6 (various options available)

Or read more here.


Posted in: Countermeasures, Forensics, Network Hacking, Security Software

Tags: , , , , , , ,

Posted in: Countermeasures, Forensics, Network Hacking, Security Software | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,149 views
- Password Hasher Firefox Extension - 117,802 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,731 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Hacked Embassy Websites Delivering Malware

Your website & network are Hackable


It seems like malware pushers have found another avenue to delivery their payloads, Embassy websites. Which makes sense as they are probably not maintained well nor updated often meaning the chance they are easily compromised is quite high.

Plus a lot probably use off the shelf CMS software, which when not updated is a playground for hackers.

Add embassy websites to the growing list of hacked internet destinations trying to infect visitor PCs with malware.

Earlier this week, the site for the Netherlands Embassy in Russia was caught serving a script that tried to dupe people into installing software that made their machines part of a botnet, according to Ofer Elzam, director of product management for eSafe, a business unit of Aladdin that blocks malicious web content from its customers’ networks. In November the Ministry of Foreign Affairs of Georgia and Ukraine Embassy Web site in Lithuania were found to be launching similar attacks, he says.

Again it just goes to show that a lot of malicious attacks are based around human elements, in this case trust. People will naturally trust an Embassy website, so if you embed it with a message to download some kind of protective software…a lot of people will do it.

Frequently, the compromised websites launch code that scours a visitor’s machine for unpatched vulnerabilities in Windows or in applications such as Apple’s QuickTime media player. Such was the case in two recent hacking sprees that affected hundreds of thousands of sites, including those of mom-and-pop ecommerce companies and the City of Cleveland.

But in the case of the Netherlands Embassy, the attackers simply included text that instructed visitors to download and install the malware. Of course, no self-respecting Reg reader would fall for such a ruse. But sadly, Elzam says, because the instruction is coming from a trusted site, plenty of less savvy users do fall for the ploy. Saps.

Again we can just educate and spread the news, tell people not to trust any web sites if possible, use md5 hashes, use trusted sources, scan for the viruses etc..

Trust no one! (Except me of course *evil laugh*).

Source: The Register


Posted in: Malware, Spammers & Scammers, Web Hacking

Tags: , , , , , , ,

Posted in: Malware, Spammers & Scammers, Web Hacking | Add a Comment
Recent in Malware:
- Cuckoo Sandbox – Automated Malware Analysis System
- movfuscator – Compile Into ONLY mov Instructions
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,514 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,635 views
- US considers banning DRM rootkits – Sony BMG - 44,988 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


mod_anti_tamper – Anti Tamper Module for Apache 2.x

Find your website's Achilles' Heel


What Is Mod AntiTamper (AT)

AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering.

Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated.

Is important to notice that mod_anti_tamper is not an alternative to mod_security, which is more exaustive and useful for all web situations. AT could be a complement to mod_security.

Introduction

– What is HMAC

HMAC is a validation algorithm to check the integrity of informations coupled with a secret password (more here).

AT will automatically generate a password and will save it in a ‘safe’ place (root owner with 600 mode).

How AT Works

AT is composed by two primary active components.

1. A filter for url links integrity check.
2. A filter for cookie integrity check.

Download mod_anti_tamper here:

mod_anti_tamper_0.1-alpha.tgz

Or read more here.


Posted in: Countermeasures, Security Software, Web Hacking

Tags: , , , , , , , , ,

Posted in: Countermeasures, Security Software, Web Hacking | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,149 views
- Password Hasher Firefox Extension - 117,802 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,731 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


BackTrack Live Hacking CD BETA 3 Released

Find your website's Achilles' Heel


The guys at BackTrack e-mailed me to let me know their Version 3 BETA has been released recently, and perhaps our readers would like to know about it.

For those that don’t know BackTrack evolved from the merging of two wide spread security related distributions – Whax and Auditor Security Collection. By joining forces and replacing these distributions, BackTrack has gained massive popularity and was voted in 2006 as the #1 Security Live Distribution by insecure.org. Security professionals as well as new comers are using BackTrack as their favorite toolset all over the globe.

BackTrack has a long history and was based on many different linux distributions until it is now based on a Slackware linux distribution and the corresponding live-CD scripts. Every package, kernel configuration and script is optimized to be used by security penetration testers. Patches and automation have been added, applied or developed to provide a neat and ready-to-go environment.

Because Metasploit is one of the key tools for most analysts it is tightly integrated into BackTrack and both projects collaborate together to always provide an on-the-edge implementation of Metasploit within the BackTrack CD-Rom images or the upcoming remote-exploit.org distributed and maintained virtualization images (like VMWare images appliances).


Currently BackTrack consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals. This structure allows even newcomers to find the related tools to a certain task to be accomplished. New technologies and testing techniques are merged into BackTrack as soon as possible to keep it up-to-date.

It’s definitely a favourite amongst pen-testers, myself included.

You can donwload BackTrack BETA 3 here (Please try and use the torrent links and seed!):

BackTrack 3 Beta – 14-12-2007

Or read more here.


Posted in: Hacking Tools, Linux Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Linux Hacking | Add a Comment
Recent in Hacking Tools:
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis
- shadow – Firefox Heap Exploitation Tool (jemalloc)

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,981,486 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,434,327 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 680,901 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Perl.com Sends Visitors to P*rn Site!

Your website & network are Hackable


Another tale to do with advertising, it just goes to show it’s really not a good idea to run JavaScript from a 3rd party source on your site, especially if you don’t want your visitors redirected to a p*rn site!

This is just what happened to Perl.com a few days ago.

Visitors to Perl.com, the O’Reilly Media-owned resource, were redirected on 17th of January to a link farm pushing p*rn sites.

Geeks who hit the site were sent to grepblogs-dot-net, a site that offers links to live adult webcams, erotic blogs and adult erotic fiction, among other things. Closing the Internet Explorer browser window that contains the site caused another link farm of dubious links to open, from a site called cnomy-dot-com. It carries more p*rno links and banner ads claiming visitors have won a free iPod.

“I was aghast,” said Tom Christiansen, author of many of the most popular Perl reference books. “I need to understand the nature of the problem.”

Odd that the name of the p*rn site is pretty geeky too, grep blog? Doesn’t sound like your run of the mile adult webcam directory right?

I guess spammers and getting more clued in, targeting a Perl site..using a geeky blog name – pretty smart.

The episode is the latest example of the perils that come from running ads and javascript from a third-party website. In recent months, rogue ads hosted on DoubleClick, Real Media and others have infected websites. While such services often make life easier for administrators, they also create opportunities for miscreants to defraud users.

Since 2006, HTML code on the Perl.com website has pulled javascript off of the grepblogs site, said Dale Dougherty, general manager of the O’Reilly divisions that’s responsible for upkeep of Perl.com. Once the content on the grepblogs site changed, visitors to the site were soon redirected to other sites. O’Reilly admins fixed the problem at about 6:30 a.m. California time on Friday by nullifying the script.

As many of the members here have done, blocking JavaScript may be a good idea, blocking ads may help or just not surfing at all!

Of course not using Internet Exploder Explorer also goes a long way.

Source: The Register


Posted in: General Hacking, Spammers & Scammers, Web Hacking

Tags: , , , , , , , , , ,

Posted in: General Hacking, Spammers & Scammers, Web Hacking | Add a Comment
Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,169,801 views
- Hack Tools/Exploits - 625,918 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 434,231 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


sqlmap 0.5 – Automated SQL Injection Tool

Your website & network are Hackable


sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Features

  • Full support for MySQL, Oracle, PostgreSQL and Microsoft SQL Server database management system back-end.
  • Can also identify Microsoft Access, DB2, Informix and Sybase;
  • Extensive database management system back-end fingerprint based upon:
  • – Inband DBMS error messages
  • – DBMS banner parsing
  • – DBMS functions output comparison
  • – DBMS specific features such as MySQL comment injection
  • – Passive SQL injection fuzzing
  • It fully supports two SQL injection techniques:
  • – Blind SQL injection, also known as Inference SQL injection
  • – Inband SQL injection, also known as UNION query SQL injection

You can find the documentation here:

sqlmap README (HTML and PDF)

You can download sqlmap 0.5 here:

sqlmap-0.5 (tar/zip)

Or read more here.


Posted in: Database Hacking, Hacking Tools

Tags: , , , , , , ,

Posted in: Database Hacking, Hacking Tools | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,595 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,427 views
- SQLBrute – SQL Injection Brute Force Tool - 41,063 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95