Archive | April, 2008

CDPSnarf – CDP Packet Sniffer

Cybertroopers storming your ship?


CDPSnarf if a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.

The application is written in C using the popular PCAP library.

Sample Output

Cisco AIR-AP1231G-E-K9 Access Point:

You can download CDPSnarf here:

CDPSnarf 0.1.6

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- Recon-ng – Web Reconnaissance Framework
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,969,187 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,386,798 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 674,066 views

Get 50% off your second year with our 2-year deal!


AV Firms Split Over Defcon Contest

Don't let your data go over to the Dark Side!


Now this is a pretty interesting contest from the guys at Defcon, antivirus evasion! It’s a question that gets asked a LOT…how do I avoid AV?

There are various ways to do it and I’ll be interested to see which are used in the contest, the most elegant solutions of course get better prizes.

Security firms have split over the merits of a hacking contest aimed against anti-virus packages planned for August’s Defcon conference.

Anti-virus firm Sophos reckons the exercise will serve only to increase the volume of malware in circulation, further taxing the resources of already hard-pressed security firms. However, net security services firm MessageLabs reckons the proposed Race to Zero competition has some merits as an exercise. It compared the wheeze to penetration testing against corporate networks.

During the proposed Race to Zero contest, delegates to the Defcon hacker conference will be invited to develop techniques to modify supplied virus samples so that these variants are able to evade detection by anti-virus packages. The contest will progress in difficulty leading to awards at its conclusion including “most elegant obfuscation” and “most deserving of beer” as well as an overall winner.

I am of course pro-knowledge, so I think this contest is a great idea. As stated similar research conducted in the past has been useful..so why not this time?

Personally I think signature based virus detection is very weak and heuristic scanning is nowhere near as good as it should be. The AV vendors needs to get their collectives acts together and develop some cool new stuff that effectively blocks unknown malware rather than permanently playing a catch-up game.

Contest organisers said that the exercise will help to demonstrate shortcomings in signature-based virus detection. They also want to highlight weaknesses among anti-virus vendors exposed by the testing process, which will involve passing modified samples through a number of antivirus engines housed on a closed portal. Modified samples will not be released into the wild, the organisers explain. Results of the contest, a fringe event planned outside the main Defcon conference programme, are due to be presented during the annual Las Vegas-based hacking jamboree.

Despite these assurances some security vendors are less than impressed. Graham Cluley, senior technology consultant for Sophos, said: “The last thing the world needs is more malware. It’s really disappointing to see that Defcon appears to be condoning the creation of malware in this way.

“If people really want to test the quality of different anti-virus products there are well established ways of doing it – and testing industry initiatives like ATMSO are working hard at improving standards,” he added.

I would have thought Sophos were amongst the more progressive AV vendors, but it seems not so. Anyway it’s definitely something to watch and we’ll be keeping an interested eye on it.

Source: The Register


Posted in: Countermeasures, Events/Cons, Malware

Tags: , , , , , , , , , , , , ,

Posted in: Countermeasures, Events/Cons, Malware | Add a Comment
Recent in Countermeasures:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,984 views
- Password Hasher Firefox Extension - 117,691 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,696 views

Get 50% off your second year with our 2-year deal!


Technitium MAC Address Changer v4.8 Released for Download – Free

Cybertroopers storming your ship?


Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit by the manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Network (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box. Technitium MAC Address Changer is coded in Visual Basic 6.0.

There are some famous, commercial tools available in the market for US$19.99 to as much as US$1500 (!), but Technitium MAC Address Changer is available for FREE. We don’t charge for just changing a registry value! Also knowing how this works doesn’t require extensive research as some commercial tool providers claim!

Features

  • Identifies the preset applied to currently selected Network Interface Card (NIC) automatically making it easy to identify settings.
  • Changes MAC address of Network Interface Card (NIC) including Wireless LAN Cards, irrespective of its manufacturer or its drivers.
  • Has latest list of all known manufacturers (with corporate addresses) to choose from. You can also enter any MAC address and know which manufacturer it belongs to.
  • Allows you to select random MAC address from the list of manufacturers by just clicking a button.
  • Restarts your NIC automatically to apply MAC address changes instantaneously.
  • Allows you to create Configuration Presets, which saves all your NIC settings and makes it very simple to switch between many settings in just a click and hence saves lot of time.
  • Allows you to Import or Export Configuration Presets to or from another file, which saves lot of time spent in reconfiguration.
  • Has command line interface which allows you to perform all the tasks from the command prompt or you can even create a DOS batch program to carry out regular tasks.

You can download Technitium MAC Address Changer v4.8 here:

Technitium-MAC-Address-Changer

Or read more here.


Posted in: General Hacking

Tags: , , , , , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,167,469 views
- Hack Tools/Exploits - 620,692 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 431,958 views

Get 50% off your second year with our 2-year deal!


Chocolate Owns Your Passwords

Don't let your data go over to the Dark Side!


The same old story, if you ask people for something they will most likely give it without thinking of the consequences..

Even more so if you are a pretty girl, and in this case you offer someone chocolate. Hey who doesn’t love chocolate? I have to say I don’t love it enough to give out my passwords..

A survey out today by the organizers of the tech-security conference Infosecurity Europe found that 21% of 576 London office workers stopped on the street were willing to share their computer passwords with a good looking woman holding a clipboard. People were offered a chocolate bar in exchange for the information. More than half of the people surveyed said they used the same password for everything.

That’s 1 in 5, amazing! It just shows a bit of simple social engineering targeted against a certain company or just using a certain location will yield valuable info.

Similar tests have been conducted before, I would have though awareness might be slightly higher now – but it seems like it’s just the same.

As depressing as the survey may be for the security pros whose job it is to keep corporate networks safe, the results are a substantial improvement over last year. That was when 64% of people were willing to give away their passwords. But there were other disturbing signs this year: 61% of workers surveyed shared their birthdates and a similar number – 60% of men and 62% of women – shared their names and telephone numbers.

This doesn’t sound particularly damaging, but cyber criminals could use this information to craft so-called phishing emails that install malicious computer code when opened or try to convince people to cough up more damaging information like a bank account number.

It’s good to see a substantial improvement since last year, but still I’d prefer if the figures were below 5%. Sharing personal info is also a bad idea as it gives people with malicious intent a lot more ammunition to break into the corporate cookie jar.

Most peoples’ passwords are likely to be based on personal information unless they are generated by the company…if complex passwords are generated by the company it’s generally even easier..as they will be written on a post-it not in the drawer or under the keyboard.

Source: WSJ


Posted in: Privacy, Social Engineering

Tags: , , , , , ,

Posted in: Privacy, Social Engineering | Add a Comment
Recent in Privacy:
- Recon-ng – Web Reconnaissance Framework
- IPGeoLocation – Retrieve IP Geolocation Information
- The Panama Papers Leak – What You Need To Know

Related Posts:

Most Read in Privacy:
- Browse Anonymously at Work or School – Bypass Firewall & Proxy - 179,893 views
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,365 views
- Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies - 122,462 views

Get 50% off your second year with our 2-year deal!


Pass-The-Hash Toolkit v1.3 is Available for Download

Cybertroopers storming your ship?


The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Pass-The-Hash Toolkit

Pass-The-Hash Toolkit is comprised of three tools: IAM.EXE, WHOSTHERE.EXE and GENHASH.EXE.

GENHASH.EXE
This is just a utility that uses some undocumented Windows functions to generate the LM and NT hash of a password. This tool is useful to test IAM.EXE and WHOSTHERE.EXE and perhaps to do some other things. Pretty simple and small tool.

IAM.EXE
This tools allows you to change your current NTLM credentials without having the cleartext password but the hashes of the password. The program receives a username, domain name and the LM and NT hashes of the password; using this it will change in memory the NTLM credentials associated with the current windows logon session. After the program performs this operation, all outbound network connections to services that use for authentication the NTLM credentials of the currently logged on user will utilize the credentials modified by IAM.EXE.

WHOSTHERE.EXE
This tools will list logon sessions with NTLM credentials (username,domain name, LM and NT hashes). Logon sessions are created by windows services that log in using specific users, remote desktop connections, etc. This tool has many uses, one that i think is interesting: Let’s say you compromised a Windows Server that is part of a Windows Domain (e.g.: Backup server) but is NOT the domain controller.

You can download Pass-The-Hash Toolkit v1.3 here:

Source Code

Latest stable release (1.3), updated on February 29, 2008.

Win32 binaries

Latest stable release (1.3), updated on February 29, 2008.

Or read more here.


Posted in: Hacking Tools, Windows Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Windows Hacking | Add a Comment
Recent in Hacking Tools:
- Recon-ng – Web Reconnaissance Framework
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,969,187 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,386,798 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 674,066 views

Get 50% off your second year with our 2-year deal!


Russia Heavy Handed Registration for Wifi

Cybertroopers storming your ship?


It seems like Russia wants to keep a tight reign on things, anything with Wifi capability must be licenses! That includes your phone…imagine having to apply for a permit to have a wireless AP at home?

Rather ridiculous no?

Business travellers to Russia might want to keep their laptops and iPhones well-concealed – not from muggers, necessarily, but from the country’s recently formed regulatory super-agency, Rossvyazokhrankultura (short for the Russian Mass Media, Communications and Cultural Protection Service).

In the UK, Ofcom made deregulation one of its first priorities upon coming into existence, but the Russian equivalent is doing just the reverse, including an ominous-sounding policy of requiring registration for every Wi-Fi device and hotspot, according to a report this week from news agency Fontanka.

Deregulation? In Russia? It seems like that really is a joke. Privates registration are supposed to take 10 days..for hotspots? Bundles of paperwork and red-tape, everywhere else in the World is embracing free and easy Wifi, whole cities are countries are being covered in Wifi and it seems like Russia is trying to kill it off.

Rossvyazokhrankultura’s interpretation of current law holds that users must register any electronics that use the frequency involved in Wi-Fi communications, said Vladimir Karpov, the deputy director of the agency’s communications monitoring division, according to an English commentary provided by website The Other Russia.

Aside from public hotspots, the registration requirement also applies to home networks, laptops, smart phones and Wi-Fi-enabled PDAs, Karpov reportedly said. Registration only permits use by the owner.

So that pretty much covers absolutely anything that can emit or receive a Wifi signal…and only to be used by the owner?

I wonder does that mean if we are sitting together and I let you use my phone to surf using Wifi we are breaking the law?

Source: Computer World


Posted in: Legal Issues, Privacy

Tags: , , , , , , , ,

Posted in: Legal Issues, Privacy | Add a Comment
Recent in Legal Issues:
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details
- More Drama About Hillary Clinton’s E-mail Leak – VNC & RDP Open

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,681 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,584 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,593 views

Get 50% off your second year with our 2-year deal!


WifiZoo v1.3 Released – Passive Info Gathering for Wifi

Don't let your data go over to the Dark Side!


WifiZoo is a tool to gather wifi information passively. It is created to be helpful in wifi pentesting and was inspired by ‘Ferret‘ from Errata Security.

The tool is intended to get all possible info from open wifi networks (and possibly encrypted also in the future, at least with WEP) without joining any network, and covering all wifi channels.

WifiZoo does the following:

  • gathers bssid->ssid information from beacons and probe responses
  • gathers list of unique SSIDS found on probe requests
  • gathers the list and graphs which SSIDS are being probed from what sources
  • gathers bssid->clients information and outputs it in a file that you can later use with graphviz and get a graph with “802.11 bssids->clients”.
  • gathers ‘useful’ information from unencrypted wifi traffic (ala Ferret,and dsniff, etc); like pop3 credentials, smtp traffic, http cookies/authinfo, msn messages,ftp credentials, telnet network traffic, nbt, etc.

You can download WifiZoo v1.3 here:

wifizoo_v1.3.tgz

Or read more here.


Posted in: Hacking Tools, Privacy, Wireless Hacking

Tags: , , , , , ,

Posted in: Hacking Tools, Privacy, Wireless Hacking | Add a Comment
Recent in Hacking Tools:
- Recon-ng – Web Reconnaissance Framework
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,969,187 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,386,798 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 674,066 views

Get 50% off your second year with our 2-year deal!


Shelling our way up

Don't let your data go over to the Dark Side!


Everybody has a favorite shell; not so many under Windows as there are under Linux, but anyway…

As most will tell you there favorite shell under Linux would be bash, as under Windows not really having what to chose from they would say cmd.exe (ok, bash can be used under Windows via cygwin, if I remember well).

But if you remeber well I wrote an article a while back about PowerShell, and so it seems that nowadays Windows users have a brand new shell which at some points can be quite impresive…

Anyway this article was ment to compare bash – PowerShell, but rather than doing that I would advice you to take a look on Wikipedia Comparison of computer Shells; this way you can decide which shell is the best (suitable) for you…

P.S. PowerShell being a freshly developed shell may have some glitches, as I found one some time ago NetCat & PowerShell -> disaster


Posted in: General News

Tags: , , , , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,365 views
- eEye Launches 0-Day Exploit Tracker - 85,455 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,618 views

Get 50% off your second year with our 2-year deal!


Microsoft Opens the Gates to Hack Their Web Services

Cybertroopers storming your ship?


It seems like Microsoft are starting to get serious about security, in a very progressive move they have said they are ok with ethical hackers finding security flaws in their online services.

It’s been fairly ok so far to hack away at software installed on your own hardware, but hitting remotely hosted applications has been a big no-no with individuals facing legal action even when they were just trying to help.

In a first for a major company, Microsoft has publicly pledged not to sue or press charges against ethical hackers who responsibly find security flaws in its online services.

The promise, extended Saturday at the ToorCon security conference in Seattle, is a bold and significant move. While researchers are generally free to attack legally acquired software running on their own hardware, they can face severe penalties for probing websites that run on servers belonging to others. In some cases, organizations have pursued legal action against researchers who did nothing more than discover and responsibly report serious online vulnerabilities.

Personally I welcome such a move and hope more companies act in a foreword thinking and ethically just manner. There are many good guys finding flaws, and sadly then don’t report them for fear or litigation. In turn the bad guys find the same flaws and exploit them for gain.

Actions by more big companies to ‘ok’ ethical hacking would make things a little more secure for everybody.

As things stand, researchers frequently turn a blind eye to gaping security holes on websites for fear of suffering a fate similar to that of Eric McCarty. The prospective student at the University of Southern California found a flaw in the school’s online application system that gave him access to other applicants’ records. In 2006, he was charged with computer intrusion after producing proof of his finding.

“There’s definitely a lot of trepidation among legitimate researchers to find flaws in public-facing web applications because you never know how [companies] are going to react,” said Alex Stamos, a founding partner at iSEC Partners, a firm that provides penetration-testing services. “That hurts us because the only people finding these flaws are the bad guys.”

For once I’m praising Microsoft, I know it’s an odd and rare occurrence but they are doing the right thing!

I’m sure you guys have a lot to say about this one..

Source: The Register


Posted in: General Hacking, Legal Issues, Web Hacking

Tags: , , , , , ,

Posted in: General Hacking, Legal Issues, Web Hacking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,167,469 views
- Hack Tools/Exploits - 620,692 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 431,958 views

Get 50% off your second year with our 2-year deal!


HDIV – Java Web Application Security Framework

Don't let your data go over to the Dark Side!


HDIV (HTTP Data Integrity Validator) is a Java Web Application Security Framework. HDIV extends web applications’ behaviour by adding Security functionalities, maintaining the API and the framework specification. This implies that we can use HDIV in applications developed in Struts 1.x, Struts 2.x, Spring MVC and JSTL in a transparent way to the programmer and without adding any complexity to the application development. It is possible to use HDIV in applications that don’t use Struts 1.x, Struts 2.x, Spring MVC or JSTL, but in this case it is necessary to modify the application (JSP pages).

Functionality

INTEGRITY: HDIV guarantees integrity (no data modification) of all the data generated by the server which should not be modified by the client (links, hidden fields, combo values, radio buttons, destiny pages, etc.). Thanks to this property HDIV helps to eliminate most of the vulnerabilities based on the parameter tampering.

EDITABLE DATA VALIDATION: HDIV eliminates to a large extent the risk originated by attacks of type Cross-site scripting (XSS) and SQL Injection using generic validations of the editable data (text and textarea).

CONFIDENTIALITY: HDIV guarantees the confidentiality of the non editable data as well. Usually lots of the data sent to the client has key information for the attackers such as database registry identifiers, column or table names, web directories, etc.

ANTI-CROSS SITE REQUEST FORGERY (CSRF) TOKEN: Random string called a token is placed in each form and link of the HTML response, ensuring that this value will be submitted with the next request. This random string provides protection because not only does the compromised site need to know the URL of the target site and a valid request format for the target site, it also must know the random string which changes for each visited page.

You can download HDIV here:

hdiv 2.0.4

Or read more here.


Posted in: Countermeasures, Web Hacking

Tags: , , , , , , ,

Posted in: Countermeasures, Web Hacking | Add a Comment
Recent in Countermeasures:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,984 views
- Password Hasher Firefox Extension - 117,691 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,696 views

Get 50% off your second year with our 2-year deal!