Archive | May, 2008

browserrecon – Passive Browser Fingerprinting

Cybertroopers storming your ship?


Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks.

Client-based attacks, especially targeting web clients, are becoming more and more popular. Browser-targeted attacks, drive-by pharming and web-based phishing provide a broad aspect of threats during surfing in the world wide web. Attacker might initialize and optimize their attacks by fingerprinting the target application to find the best possible way to compromise the client.

The browserrecon project is going to prove, that client-side fingerprinting is possible and useful too. In this particular implementation, currently available in php only, the given web browser is identified by the used http requests. Similar to the http fingerprinting provided within httprecon the header lines and values are analyzed and compared to a fingerprint database.

The current release of browserrecon is written in PHP. Therefore, you might be able to use browserrecon on a web server supporting PHP. If you want to include browserrecon in a given web application, the software has to support PHP itself or a fork of the PHP scripts.

You can download browserrecon here:

browserrecon-1.0-php.tar.gz

Or read more here.


Posted in: General Hacking, Privacy, Web Hacking

Tags: , , , , , , , , ,

Posted in: General Hacking, Privacy, Web Hacking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,168,215 views
- Hack Tools/Exploits - 622,206 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 432,557 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


oCERT – Responsing to Flaws in Open Source Software

Cybertroopers storming your ship?


So a new initiative – the Open Source Computer Emergency Response Team known as oCERT has been set up one of the main sponsors being Google (read more here – Contributing to Open Source Software Security).

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.

The service aims to help both large infrastructures, like major distributions, and smaller projects that can’t afford a full-blown security team and/or security resources. This means aiding coordination between distributions and small project contacts. The goal is to reduce the impact of compromises on small projects with little or no infrastructure security, avoiding the ripple effect of badly communicated or handled compromises, which can currently result in distributions shipping code which has been tampered with.

It’s a pretty interesting project and I hope it takes off – it will be a good place to gather information for small and large open source projects alike and make things more secure for everyone involved.

Check it out here:

http://ocert.org/


Posted in: Exploits/Vulnerabilities, General Hacking

Tags: , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,327 views
- AJAX: Is your application secure enough? - 120,029 views
- eEye Launches 0-Day Exploit Tracker - 85,481 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Recent in Hacking Tools:
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control
- SPF (SpeedPhish Framework) – E-mail Phishing Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,018 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,399,757 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,767 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Want Some COFEE? Microsoft Computer Online Forensic Evidence Extractor

Cybertroopers storming your ship?


Microsoft helping the good guys eh? I had someone ask me if I can get a hold of this so I did some checking up on..

I’d guess MS is doing this to sell additional software and services, but either way its a good thing to make a portable, easy to use and effective forensics toolkit.

Would it be better than your average security or forensics LiveCD? I wouldn’t know unless I can indeed get one of these COFEE sticks.

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB “thumb drive” that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer’s Internet activity, as well as data stored in the computer.

I’m guessing it’s the common suspects, mostly open source tools bundled together with a nice interface or some batch scripts.

‘Internet History’ – I bet it only works if they use Internet Explorer (history.dat anyone?) and not Firefox with caching turned off.

Passwords? Some rainbow cracking brute forcer and a few of the smaller rainbow tables would suffice.

But then with USB pen drives going up to 8-16gb nowadays you could fit almost a full set of Rainbow Tables for common characters.

Brad Smith, Microsoft’s general counsel, described COFEE in an interview.

“It’s basically a thumb drive that is like a Swiss army knife for law enforcement officials that are investigating computer crimes. If you’re a law enforcement official and let’s say you have access to a computer that might be used, for example, by a child predator, a lot of times they have information on their hard disk that’s encrypted, and you’ve got that information off in order to have a successful investigation and prosecution.

“In the past, people would have to literally unplug the computer, they would lose whatever was in RAM. They’d have to transport it somewhere else, and it would take at least four hours, often more to get at the heart of the information.”

A MS rep has confirmed that the kit is a compilation of publicly available forensics tools and it does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret ‘backdoors’ or other undocumented means.

So who’s gonna send me one?

Source: The Seattle Times


Posted in: Forensics, Windows Hacking

Tags: , , , , , , , ,

Posted in: Forensics, Windows Hacking | Add a Comment
Recent in Forensics:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- FastIR Collector – Windows Incident Response Tool
- Rekall – Memory Forensic Framework

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,365 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,088 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 28,180 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


April Commenter of the Month Competition Winner!

Don't let your data go over to the Dark Side!


Competition time again!

As you know we started the Darknet Commenter of the Month Competition on June 1st 2007 and it’s been running since then! We have just finished the eleventh month of the competition in April and are now in the twelfth, starting a few days ago on May 1st – Sponsored by GFI.

We are offering some pretty cool prizes like iPods and PSPs (or similar), along with cool GFI merchandise like shirts, keyrings and mugs.

And now the winner will also get a copy of the Ethical Hacker Kit.

GFI Goodies

Keep up the great comments and high quality interaction, we really enjoy reading your discussions and feedback.

Just to remind you of the added perks, by being one of the top 5 commenter’s you also have your name and chosen link displayed on the sidebar of every page of Darknet, with a high PR5 (close to 6) on most pages (4000+ spidered by Google).

So announcing the winner for April…it’s fever! He had a 10 comment lead on zupakcomputer, fever another new-comer came out of nowhere.

Comments for May have been very low so far, so it might be an easy win for someone this month :)

Commenter April

April saw some good discussions and was a little more lively than March, I hope May picks up bit! I’d like to thank you all for your participation! I hope it keeps getting better as 2008 develops with more interesting news and tools. Keep up the excellent discussions, it’s very interesting reading especially on some of the more controversial topics.

Thanks to everyone else who commented and thanks for your links and mentions around the blogosphere!

Feel free to share Darknet with everyone you know :)

Keep commenting guys, and stand to win a prize for the month of May!

We are still waiting for pictures from backbone, Sandeep and TRDQ, dirty and dre, eM3rC, fever, Sir Henry and goodpeople of themselves with their prizes!

Winner for June 2007 was Daniel with 35 comments.
Winner for July 2007 was backbone with 46 comments.
Winner for August 2007 was TheRealDonQuixote with 53 comments.
Winner for September 2007 was Sandeep Nain with 32 comments.
Winner for October 2007 was dre with 19 comments.
Winner for November 2007 was dirty with 38 comments.
Winner for December 2007 was Sir Henry with 84 comments.
Winner for January 2008 was goodpeople with 66 comments.
Winner for February 2008 was eM3rC with 122 comments.
Winner for March 2008 was Pantagruel with 66 comments.


Posted in: Site News

Tags: , , , , , , , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,569 views
- Get the ball rollin’ - 18,992 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,251 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


rtpbreak 1.3a Released – RTP Analysis and Hacking

Don't let your data go over to the Dark Side!


rtpbreak 1.3a has been released, we initially brought you news of this tool back in August 2007 with the first announcement of rtpbreak.
With rtpbreak you can detect, reconstruct and analyze any RTP session. It doesn’t require the presence of RTCP packets and works independently form the used signaling protocol (SIP, H.323, SCCP etc). The input is a sequence of packets, the output is a set of files you can use as input for other tools (wireshark/tshark, sox, grep/awk/cut/cat/sed and so on). It also supports wireless (AP_DLT_IEEE802_11) networks.

This is a list of scenarios where rtpbreak is a good choice:

  • reconstruct any RTP stream with an unknown or unsupported signaling protocol
  • reconstruct any RTP stream in wireless networks, while doing channel hopping (VoIP activity detector)
  • reconstruct and decode any RTP stream in batch mode (with sox, asterisk)
  • reconstruct any already existing RTP stream
  • reorder the packets of any RTP stream for later analysis (with tshark, wireshark, …)
  • build a tiny wireless VoIP tapping system in a single chip Linux unit
  • build a complete VoIP tapping system (rtpbreak would be just the RTP dissector module!)

This project is released under license GPL version 2.

You can download rtpbreak 1.3a here:

rtpbreak-1.3a.tgz

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control
- SPF (SpeedPhish Framework) – E-mail Phishing Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,018 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,399,757 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,767 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Patch Window Shrinking – Semi-Automated Reverse Engineering

Don't let your data go over to the Dark Side!


As far as I know this has been happening for some time, sometimes a patch comes out for a vulnerability that many people don’t know about (including the hackers) so they will see what problem the patch fixes (possibly through reverse engineering) then develop an exploit to leverage on the flaw.

It seems things are a little more advanced now with some semi-automated tools to do the job.

The length of time between the development of security patches and the development of exploits targeting the security holes they address has been dropping for some time.

Hackers exploit this period of time – the so-called patch window – to launch attacks against unpatched machines. Typically, exploits are developed by skilled hackers versed in the arcane intricacies of reverse engineering.

However, hackers have now begun using off-the-shelf tools to at least partially automate this process, a development that might lead to exploits coming out hours instead of days after the publication of patches.

It certainly does make the time between patch and exploit a lot faster, and this is fairly new. Thankfully someone has taken it upon themselves to research this subject further and educate us all about it.

It’s a scary thought having a working exploit a few minutes after receiving a patch! As you know many people don’t keep patches up to date, and those that do might only apply it after a few days so it gives the bad guys a dangerous windows in which they can mass-exploit people.

Security researchers at Berkeley, the University of Pittsburgh, and Carnegie Mellon have launched a research project investigating the approach [PDF], which relies on comparing the configuration of patched and unpatched machines.

In some cases hackers are able to develop an exploit just minutes after receiving a patch. Fortunately, for now, the technique is rather hit and miss. More often than not the semi-automated process creates tools that only crash vulnerable applications, rather than creating a means to inject hostile code onto vulnerable machines.

Over time the technique is only likely to get more reliable.

I am certainly sure the technique will get refined and become more effecient over time as with everything, the fact that it exists shows the evolution of hacking and that the boundaries are always going to be pushed aside.

Certainly something interesting to keep an eye on.

Source: The Register


Posted in: Exploits/Vulnerabilities, Programming

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Programming | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,327 views
- AJAX: Is your application secure enough? - 120,029 views
- eEye Launches 0-Day Exploit Tracker - 85,481 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Sandman – Read the Windows Hibernation File

Don't let your data go over to the Dark Side!


This is a pretty new tool and a very cool one, Hibernation is a fairly new feature for Windows so it’s good to see a new tool targeting that.

Microsoft provides a feature called Hibernation also know as suspend to disk that aims to save the system state into an undocumented file called hiberfil.sys. This file contains all the physical memory saved by the Operating System and aims to be restored by the user the next time the computer is powered on. Live forensics analysis is used to use physical memory dump to recover information on the targeted machine.

One of the main problems is to obtain a readable physical memory dump, hibernation is an efficient way to save and load physical memory. Hibernation analysis has notable advantages. System activity is totally frozen, therefore coherent data is acquired and no software tool is able to block the analysis. The system is left perfectly functional after analysis, with no side effects.

The hibernation file opens two valuable doors:

The first one is forensics analysis for defensive computing. Hibernation is an efficient and easy way to get a physical memory dump. But the main issue about it was: How to read the hiberfil.sys? This is why SandMan was born.

The second one is a new concept we will be introducing and called “offensics” which is a portmanteau from “offensive” and “forensics”. If we can read hiberfil.sys, can we rewrite it? The answer is: Yes, with SandMan you can.

Sandman is a C Library that aims to read the hibernation file, regardless of Windows version. Thus, it makes possible to do forensics live analysis on the dumped file.

For a good explanation and technical info I suggest you read the whitepaper:

SandMan Project, Whitepaper [PDF]

You can download Sandman here:

SandMan-1.0.080226.zip

Or read more here.


Posted in: Hacking Tools, Windows Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Windows Hacking | Add a Comment
Recent in Hacking Tools:
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control
- SPF (SpeedPhish Framework) – E-mail Phishing Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,018 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,399,757 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,767 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


US Really Owns Your Data Now!

Don't let your data go over to the Dark Side!


A while back we reported how US customs owns your data, now it’s getting even worse. 10 days ago the US appeals court gave them rights to COPY all your data without notice even if there are no suspicions.

Anyone want to talk about dilution of intellectual property? Privacy? Or just basic human rights..

In a letter dated Thursday, the group, which includes the Electronic Frontier Foundation (EFF), the American Civil Liberties Union and the Business Travel Coalition, called on the House Committee on Homeland Security to ensure searches aren’t arbitrary or overly invasive. They also urged the passage of legislation outlawing abusive searches.

The letter comes 10 days after a US appeals court ruled Customs and Border Protection (CBP) agents have the right to rummage through electronic devices even if they have no reason to suspect the hardware holds illegal contents. Not only are they free to view the files during passage; they are also permitted to copy the entire contents of a device. There are no stated policies about what can and can’t be done with the data.

I hope the government takes some notice of the letter and the worries over this legislation, it is something that would bother a lot of people. Especially those from European countries where privacy is an utmost concern and strongly protected by the government.

The lack of guidelines as to what can be done with the data are worrying too, what if you have commercially valuable or proprietary information there…can they distribute it freely after copying it from you?

Several of the groups are also providing advice to US-bound travelers carrying electronic devices. The Association of Corporate Travel Executives is encouraging members to remove photos, financial information and other personal data before leaving home. This is good advice even if you’re not traveling to the US. There is no reason to store five years worth of email on a portable machine.

In this posting, the EFF agrees that laptops, cell phones, digital cameras and other gizmos should be cleaned of any sensitive information. Then, after passing through customs, travelers can download the data they need, work on it, transmit it back and then digitally destroy the files before returning.

The post also urges the use of strong encryption to scramble sensitive data, although it warns this approach is by no means perfect. For one thing, CBP agents are free to deny entry to travelers who refuse to divulge their passwords. They may also be able to seize the laptop.

If you don’t give up YOUR passwords to YOUR private information, they can refuse you entry, isn’t that just charming?

I agree clean everything before you travel, work from online data…it may be inconvenient but it’s surely better than having the US government copy it.

Oh well, I’ve never been to the US and I’m not planning to…so here is even less reason to go.

Source: The Register


Posted in: Legal Issues, Privacy

Tags: , , , , , , , , , , , ,

Posted in: Legal Issues, Privacy | Add a Comment
Recent in Legal Issues:
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details
- More Drama About Hillary Clinton’s E-mail Leak – VNC & RDP Open

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,690 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,594 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,599 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95