Archive | March, 2008

Nipper 0.11.5 Released – Network Device Configuration Security Auditing Tool

Your website & network are Hackable


Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper has a large number of configuration options which are described on this page

Nipper currently supports the following device types:

  • Cisco Switches (IOS)
  • Cisco Routers (IOS)
  • Cisco Firewalls (PIX, ASA, FWSM)
  • Cisco Catalysts (NMP, CatOS, IOS)
  • Cisco Content Service Switches (CSS)
  • Juniper NetScreen Firewalls (ScreenOS)
  • CheckPoint Firewall-1 (FW1)
  • Nokia IP Firewalls (FW1)
  • Nortel Passport Devices
  • SonicWALL SonicOS Firewalls (SonicOS)

The security audit includes details of the findings, together with detailed recommendations. The security audit can be modified using command lineparameters or an external configuration file.

Network filtering audits include the following, all of which can be modified:


  • Rule lists end with a deny all and log
  • Rules allowing access from any source
  • Rules allowing access from network sources
  • Rules allowing access from any source port
  • Rules allowing access to any destination
  • Rules allowing access to destination networks
  • Rules allowing access to any destination service
  • Rules that do not log
  • Deny rules that do not log
  • Rules that are disabled
  • Rules that reject rather than drop
  • No bypass rules exist
  • Default rules

This update (0.11.5) includes improvements to support for Cisco PIX / ASA / FWSM firewalls, SonicWALL SonicOS firewalls, CheckPoint Firewall-1 and Nokia IP firewalls. It also includes a host of other updates.

The output from Nipper can be in HTML, Latex, XML or Text formats. Furthermore, Nipper will reverse any Cisco type-7 passwords identified, all other encrypted passwords can be output to a John-the-Ripper file for further strength testing. By default, input is retrieved from stdin and is output (in HTML format) to stdout.

Nipper is available for Linux, Windows and other platforms. You can download Nipper here:

Nipper 0.11.5

Or read more here.


Posted in: Hacking Tools, Network Hacking, Security Software

Tags: , , , , , ,

Posted in: Hacking Tools, Network Hacking, Security Software | Add a Comment
Recent in Hacking Tools:
- dnmap – Distributed Nmap Framework
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,982,227 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,436,907 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,300 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Goolag – GUI Tool for Google Hacking

Your website & network are Hackable


cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.

Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.

If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – offering certain “scanning” possibilities.

Nevertheless, gS is different from other applications released to date for the following reasons:

  • There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
  • Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command line options and no knowledge of Google hacking are required to test one’s host.
  • Goolag Scanner comes with its own dorks-database, but it is not limited to such.
  • gS uses a very simple xml-document, which is readable and part of the distribution.

This software requires Microsoft .NET Framework Version 2.0.

You can download Goolag here:

Goolag (1.0.0.40)

Or read more here.


Posted in: Hacking Tools, Privacy, Web Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Privacy, Web Hacking | Add a Comment
Recent in Hacking Tools:
- dnmap – Distributed Nmap Framework
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,982,227 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,436,907 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,300 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Cyber Storm II – US, UK & 3 Others Involved in Mock Cyberwar

Your website & network are Hackable


This is pretty interesting – US, UK, Canada, Australia and New Zealand are taking part in a fictitious cyberwar as an exercise to prepare and plan for sustained cyber attacks including some of which have actually caused power outages.

I personally think it’s a great idea, I must have missed Cyber Storm I as this is the first time I’ve heard about this program.

Participants of Cyber Storm II, which also include about 40 private-sector companies, will enact a scenario in which “persistent, fictitious adversaries” launch an extended attack using websites, email, phones, faxes and other communications systems. Other countries involved are Australia, New Zealand and Canada.

Cyber Storm II comes two weeks after the Pentagon released an assessment of China’s military might, warning the People’s Liberation Army was intent on expanding its capabilities for cyber warfare. It also comes amid intelligence reports that utilities in several countries have sustained cyber attacks that caused power outages.

It seems to be something like Business Continuity Planning for malicious attacks, it’s definitely a healthy exercise and it will teach a lot of people what it’s really like to be under pressure from a serious and persistent attack. That’s making a hefty assumption that those attacking really know what they are doing…I somehow doubt they can emulate a large scale DDoS attack from a huge Botnet.

Companies including Cisco, Juniper Networks, Dow Chemical, Air Products & Chemical and Wachovia are participating. Nine US states and at least 18 federal agencies are also involved. They represent the chemical, information technology, communications and transportation industries, which are considered critical parts of the infrastructure. The US Department of Homeland Security is hosting the event – no doubt with danishes and plenty of Starbucks coffee.

The exercises are designed to sharpen and assess participants’ ability to respond to a multi-day, coordinated attack and better understand the “cascading effects” such attacks can have.

There is some pretty heavy players involved like cisco and Juniper, so they should know what they are doing.

I do hope it leads to some knowledge, procedures and experience essential to defending against cyber terrorism.

Source: The Register


Posted in: Countermeasures, General Hacking

Tags: , , , , , , , , , ,

Posted in: Countermeasures, General Hacking | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,160 views
- Password Hasher Firefox Extension - 117,807 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,734 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Fusil Fuzzer 0.7 – Fuzzing Functions in Python

Your website & network are Hackable


Fusil is a fuzzing framework written in Python and distributed under GNU GPLv2 license. Fusil allows you to easily write “Fuzzing Projects” from a set of functions such as:

  • Create a process
  • Compile a C program
  • Watch a process
  • Watch syslog and so on

Fusil uses small “agents” which exchange messages to launch actions. e.g. MangleFile injects errors into valid file (PDF file, AVI movie, JPEG picture etc.). And then Fusil uses generated filename to run a process.

Currently available projects are ClamAV, Firefox (contains an HTTP server), gettext, gstreamer, identify, libc_env, libc_printf, libexif, linux_syscall, mplayer, php, poppler, vim and xterm.

For fuzzing safety, Fusil limits process memory, process priority, only copies a few environment variables, creates a temporary directory used as working directory, etc.

You can download Fusil 0.7 here:

fusil-0.7.tar.gz (INSTALL doc)

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming

Tags: , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming | Add a Comment
Recent in Exploits/Vulnerabilities:
- ERTS – Exploit Reliability Testing System
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- Intel Hidden Management Engine – x86 Security Risk?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,035 views
- AJAX: Is your application secure enough? - 120,160 views
- eEye Launches 0-Day Exploit Tracker - 85,579 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


VXers Group 29A Calls it Quits

Your website & network are Hackable


It seems the VX groups are all destined to die out slowly, viruses for fun, learning and definitely not profit are on the way out. Like many other things its become a commercial market.

The top infector this month being Adware for the first time ever, not a virus. 29A is one of the old skool groups that has been around for a long time, they have quite some accolades for ‘firsts’ in virus development.

29A, hexadecimal for 666, is an underground VXer collective known for creating the first Win 2000 virus, the first 64bit virus, and early examples of mobile malware that infected devices such as PDAs.

The group also published information on how to create viruses through an irregular magazine, seven editions of which were republished on its website. The magazine contained examples of virus source code and tutorials on how to write malware.

The group has been in decline since its heyday at the turn of the century. A steady exodus of members over recent years accelerated early this year as it emerged that GriYo, Vecna, and Z0MBiE left the collective.

I guess within 5-10 years most hacking and VX groups will die out as the business gets taken over by people doing it for purely commercial reasons, accelerating development to make more money from infecting people with simplistic variants of proven strains of worms and trojans.

As previously reported, other less well known VXer groups are dying the death, a development symptomatic of changes in the malware market. Profit has replaced mischief, intellectual curiosity, or a desire to make a name for yourself as the motive for creating malware.

Traditional virus writers have drifted away from the scene to be replaced by more shadowy coders creating sophisticated Trojans aimed at turning an illicit profit. Enforcement action against virus writers has acted as a further disincentive for hobbyists, at least.

Instead of getting proof of concept malware from the likes of 29A, we’re dealing with the Storm Worm Trojan and other sophisticated “professionally developed” botnet clients.

The interesting malware is likely to die out, proof of concept and doing things because they are difficult are not very profitable. The control channels and bots are likely to get more sophisticated, but the infectors will remain based around social engineering and hiding from AV signatures.

Source: The Register


Posted in: Malware, Virology

Tags: , , , , , , , , ,

Posted in: Malware, Virology | Add a Comment
Recent in Malware:
- Cuckoo Sandbox – Automated Malware Analysis System
- movfuscator – Compile Into ONLY mov Instructions
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,517 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,636 views
- US considers banning DRM rootkits – Sony BMG - 44,988 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Ferret Version 1.1 – Data Seepage Detection Tool

Your website & network are Hackable


Ferret works on the concept of “data seepage”: bits of benign data that people willingly broadcast to the world (as opposed to “leakage”, which is data people want to hide from the world).

Examples of data seepage are what happens when you power-on your computer. It will broadcast to the world the list of WiFi access-points you’ve got cached on your computer, the previous IP address you used (requested by DHCP), your NetBIOS name, your login ID, and a list of servers (via NetBIOS request) you want connections to.

Even if you then establish a VPN connection to hide everything else, you’ve already broadcasted this information to everyone on the local network.

The FERRET tool gathers this broadcasted information and correlates it. It demonstrates how much you expose to hackers.

The latest version of the Data Seepage detection tool, Ferret, is available for download. It is still in a rough form but compiles cleanly on Linux and Windows. A number of bug fixes have been introduced as well as new functionality.

You can download the Blackhat slides here:

BH_DC_07_Data_seepage.ppt

Get Ferret 1.1 here:

Ferret-1_1.zip

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- dnmap – Distributed Nmap Framework
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,982,227 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,436,907 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,300 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


February Commenter of the Month Competition Winner!

Find your website's Achilles' Heel


ompetition time again!

As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. We have just finished the ninth month of the competition in February and are now in the tenth, starting a few days ago on March 1st – Sponsored by GFI.

We are offering some pretty cool prizes like iPods and PSPs (or similar), along with cool GFI merchandise like shirts, keyrings and mugs.

And now the winner will also get a copy of the Ethical Hacker Kit.

GFI Goodies

Keep up the great comments and high quality interaction, we really enjoy reading your discussions and feedback.

Just to remind you of the added perks, by being one of the top 5 commenter’s you also have your name and chosen link displayed on the sidebar of every page of Darknet, with a high PR5 (close to 6) on most pages (4000+ spidered by Google).

So announcing the winner for February…it’s eM3rC! eM3rC had a massive comment spree last month and obliterated the nearest competitor by a clear 52 comments.

Pantagruel I thought it was your turn! And you had enough comments to win in a normal month

Commenter February

February has been an extremely active month for comments with some interesting discussions happening, I’d like to thank you all for your participation! I hope it keeps getting better as 2008 develops with more interesting news and tools. Keep up the excellent discussions, it’s very interesting reading especially on some of the more controversial topics.

Thanks to everyone else who commented and thanks for your links and mentions around the blogosphere!

Feel free to share Darknet with everyone you know :)

Keep commenting guys, and stand to win a prize for the month of March!

We are still waiting for pictures from backbone, Sandeep and TRDQ, dirty and dre and Sir Henry and goodpeople of themselves with their prizes!

Winner for June 2007 was Daniel with 35 comments.
Winner for July 2007 was backbone with 46 comments.
Winner for August 2007 was TheRealDonQuixote with 53 comments.
Winner for September 2007 was Sandeep Nain with 32 comments.
Winner for October 2007 was dre with 19 comments.
Winner for November 2007 was dirty with 38 comments.
Winner for December 2007 was Sir Henry with 84 comments.
Winner for January 2008 was goodpeople with 66 comments.


Posted in: Site News

Tags: , , , , , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,594 views
- Get the ball rollin’ - 19,003 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,263 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Australia to Follow the UK in Terminating Content Pirates

Find your website's Achilles' Heel


It seems like most countries are getting more serious about the illegal downloading and the protection of intellectual property, after the UK recently proposed disconnecting ‘pirates’ from the Internet – Australia is now considering following suit.

I guess this is just the start, laws will become more heavy handed and draconian as most of it is driven by money…even though a lot of artists now say they suspect they sell more albums because people have heard their music online.

I mean just look at Sean Kingston and Souljah Boy who got famous from Myspace.

The Government will examine new legislative proposals being unveiled in Britain this week to target people who download films and music illegally. Internet service providers (ISPs) there might be legally required to take action against users who access pirated material.

The music industry estimates 1 billion songs were traded illegally by Australians last year.

Under the three-strikes policy, a warning would be first issued to offenders who illegally share files using peer-to-peer technology to access music, TV shows and movies free of charge. The second strike would lead to the offender’s internet access being suspended; the third would cancel the offender’s internet access.

The three strike system is similar to the proposition in UK to disconnect after an initial warning and a temporary suspension.

Australia has never had the best Internet for downloading anyway as bandwidth is fairly expensive and most ISPs charge by the MB.

She said action had been taken to remove illegally downloaded tracks from blogs, Cyberlocker and BitTorrent sites but this had failed to stem the estimated 2.8 million Australians downloading music illegally last year.

“Because P2P file sharing involves these music files sitting on individual people’s computers, there is very little that MIPI can do to remove those files or stop them being shared,” she said. “That’s why we have been pushing a proposal to internet service providers for a commonsense system of warning notices which, if unheeded, would ultimately result in a user having their account suspended or disconnected.”

National Internet Industry Association chief executive Peter Corones said his members’ reservations over the three-strikes and code of conduct proposals would be discussed with Mr Conroy this week.

I wonder who will be next following these laws? And how will this change the way people use P2P? Bring on the encrypted tunnels? Or private VPNs to other countries to download using their IP address?

Either way it’s something keep an eye on.

Source: Sydney Morning Herald


Posted in: Legal Issues, Privacy

Tags: , , , , , , , , ,

Posted in: Legal Issues, Privacy | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,706 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,636 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,628 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Burp Suite v1.1 Available for Download

Your website & network are Hackable


One of our favourite all time tools for attacking web applications has been updated! Burp Suite has now reached version 1.1! This is a major release – not a minor upgrade.

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

Key features unique to Burp Suite include:

  • Ability to “passively” spider an application in a non-intrusive manner, with all requests originating from the user’s browser.
  • One-click transfer of interesting requests between tools, e.g. from the Burp Proxy request history, or the Burp Spider results tree.
  • Detailed analysis and rendering of requests and responses.
  • Extensibility via the IBurpExtender interface, which allows third-party code to extend the functionality of Burp Suite. Data processed by one tool can be used in arbitrary ways to affect the behaviour and results of other tools.
  • Centrally configured settings for downstream proxies, web and proxy authentication, and logging.
  • Tools can run in a single tabbed window, or be detached in individual windows.
  • All tool and suite configuration is optionally persistent across program loads.
  • Runs in both Linux and Windows.

New features in version 1.1 include:

  • Improved analysis of HTTP requests and responses wherever they appear, with browser-quality HTML and media rendering.
  • Burp Sequencer, a new tool for analysing session token randomness.
  • Burp Decoder, a new tool for performing manual and intelligent decoding and encoding of application data.
  • Burp Comparer, a new utility for performing a visual diff of any two data items.
  • Support for custom client and server SSL certificates.
  • Ability to follow 3xx redirects in Burp Intruder and Repeater attacks.
  • Improved interception and match-and-replace rules in Burp Proxy.
  • A “lean mode”, for users who prefer less functionality and a smaller resource footprint.

You can download Burp Suite here:

burpsuite_v1.1.zip
burpsuite_v1.1.tar.gz

Or read more here.


Posted in: Hacking Tools, Network Hacking, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Web Hacking | Add a Comment
Recent in Hacking Tools:
- dnmap – Distributed Nmap Framework
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,982,227 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,436,907 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,300 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


New Sophisticated Botnets Discovered

Find your website's Achilles' Heel


It seems like botnets are getting more sophisticated – we thought the Storm Worm was pretty hot, but some of these new contenders are showing the guys on the dark side has some advanced understanding of technology and the architecture many companies use…this enables them to get deeper inside and remain undetected

Researchers have unearthed two previously undetected botnets that exhibit sophisticated new capabilities that could significantly advance the dark art of cyber crime.

One of them, dubbed MayDay by security firm Damballa, uses new ways to send and receive instructions to infected machines. One communication method uses standard HTTP that is sent through an organization’s web proxy. That allows the malware to circumvent a common security measure employed by many large companies.

Indeed, Tripp Cox, vice president of engineering and operations at Damballa, says he’s observed MayDay running inside some of the world’s most elite organizations, including Fortune 50 companies, educational institutions and ISPs. (He declines to identify them by name.)

It seems like the numbers are nowhere near as high as Storm, but with this advanced technology it might be hard to count. This new worm spends a minimal time connected to the control channel to ensure it avoids detection.

Some big (and important) companies have fallen victim to this, so they could be getting hold of some seriously juicy info.

The botnet also uses two separate peer-to-peer technologies so zombies can stay in touch with each other, presumably as a back-up measure in case the central channel is disconnected. One protocol communicates using the internet control message protocol (ICMP) and the other uses the transmission control protocol. The ICMP traffic is obfuscated so it’s indecipherable to the human eye. Damballa researchers are still working to figure out exactly what kind of information is being transported over the channel.

Up until now, the zombie army popularly known as Storm has been the 800-pound gorilla of the botnet underground. Having recently marked it’s one-year birthday, it is believed to comprise about 85,000 infected machines. It was responsible for about 20 percent of the world’s spam over the past six months, according to MessageLabs, which provides email and web filtering services to more than 16,000 business customers.

I would guess however the aim of these newer more sophisticated botnets is not for spamming, they should have something more nefarious in mind. Perhaps extortion, insider trading or even terrorism.

Who knows?

Source: The Register


Posted in: Malware, Spammers & Scammers

Tags: , , , , , , , , , , ,

Posted in: Malware, Spammers & Scammers | Add a Comment
Recent in Malware:
- Cuckoo Sandbox – Automated Malware Analysis System
- movfuscator – Compile Into ONLY mov Instructions
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,517 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,636 views
- US considers banning DRM rootkits – Sony BMG - 44,988 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95