Archive | June, 2008

ArpON – ARP Handler Detect and Block ARP Poisoning/Spoofing

Don't let your data go over to the Dark Side!


ArpON (Arp handler inspectiON) is a portable handler daemon with some nice tools to handle all ARP aspects. It has a lot of features and it makes ARP a bit safer. This is possible using two kinds of anti Arp Poisoning tecniques, the first is based on SARPI or “Static ARP Inspection”, the second on DARPI or “Dynamic ARP Inspection” approach.

Keep in mind other common tools fighting ARP poisoning usually limit their activity only to point out the problem instead of blocking it, ArpON does it using SARPI and DARPI policies.

Finally you can use ArpON to pentest some switched/hubbed LAN with/without DHCP protocol, in fact you can disable the daemon in order to use the tools to poison the ARP Cache.

However ArpON is also a good tool to a clever sysadmin aware of security related topics. It is a tool born to make ARP secure in order to avoid ARP Spoofing/Poisoning etc.

Static ARP Inspection

When SARPI starts, it saves statically all the ARP entries it finds in the ARP cache in a static cache called SARPI Cache. Note that you can also manage the ARP cache before starting SARPI, through the “ARP CACHE MANAGER” feature of ArpON.

Dynamic ARP Inspection

DARPI startup phase consists in cleaning up the ARP cache, deleting all of its entries. This is due because ARP cache may have poisoned entries from the beginning. DARPI handles the so called DARPI cache, applying different policies to different kinds of packets.

You can download ArpON here:

ArpON-1.10.tar.gz

Or read more here.


Posted in: Countermeasures, Network Hacking

Tags: , , , , , , , ,

Posted in: Countermeasures, Network Hacking | Add a Comment
Recent in Countermeasures:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,031 views
- Password Hasher Firefox Extension - 117,718 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,707 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


May Commenter of the Month Competition Winner!

Cybertroopers storming your ship?


Competition time again!

As you know we started the Darknet Commenter of the Month Competition on June 1st 2007 and it’s been running since then! We have just finished the twelfth month of the competition in May and are now in the thirteenth, starting a few days ago on June 1st – Sponsored by GFI.

We’ve successfully been holding this contest for a year now!

We are offering some pretty cool prizes like iPods and PSPs (or similar), along with cool GFI merchandise like shirts, keyrings and mugs.

And now the winner will also get a copy of the Ethical Hacker Kit.

GFI Goodies

Keep up the great comments and high quality interaction, we really enjoy reading your discussions and feedback.

Just to remind you of the added perks, by being one of the top 5 commenter’s you also have your name and chosen link displayed on the sidebar of every page of Darknet, with a high PR5 (close to 6) on most pages (5000+ spidered by Google).

So announcing the winner for May…it’s Bogwitch! He’s been one of our best long terms commenter’s and has been with us since before the contest in the early days of Darknet.

I’m glad he won as his comments have been consistently of high quality and often entertaining too.

Comments for June have been quite low so far, so it might be an easy win for someone again this month :) I didn’t manage to grab the site on the day before the month turned…so I just spend a while coming up with an SQL query to grab the counts from the database for the month of May.

Commenter May

Jinesh Doshi was pretty close behind in second place. There were some good discussions in May and I hope to see them continue in June! I’d like to thank you all for your participation! I hope it keeps getting better as 2008 develops with more interesting news and tools. Keep up the excellent discussions, it’s very interesting reading especially on some of the more controversial topics.

Thanks to everyone else who commented and thanks for your links and mentions around the blogosphere!

Feel free to share Darknet with everyone you know :)

Keep commenting guys, and stand to win a prize for the month of June!

We are still waiting for pictures from backbone, Sandeep and TRDQ, dirty and dre, eM3rC, fever, Sir Henry and goodpeople of themselves with their prizes!

Winner for June 2007 was Daniel with 35 comments.
Winner for July 2007 was backbone with 46 comments.
Winner for August 2007 was TheRealDonQuixote with 53 comments.
Winner for September 2007 was Sandeep Nain with 32 comments.
Winner for October 2007 was dre with 19 comments.
Winner for November 2007 was dirty with 38 comments.
Winner for December 2007 was Sir Henry with 84 comments.
Winner for January 2008 was goodpeople with 66 comments.
Winner for February 2008 was eM3rC with 122 comments.
Winner for March 2008 was Pantagruel with 66 comments.
Winner for April 2008 was fever with 44 comments.


Posted in: Site News

Tags: , , , , , , , , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,569 views
- Get the ball rollin’ - 18,992 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,251 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


New Zlob Trojan Alters Your Router Settings

Don't let your data go over to the Dark Side!


Another new development in the malware arena, this new version of Zlob will actually log onto your router and change the DNS settings to hijack your traffic.

Pretty interesting approach and it will work because 99% of people won’t change the default password on their routers. Let’s face it, have you changed it?

A new Trojan horse masquerading as a video “codec” required to view content on certain Web sites tries to change key settings on the victim’s Internet router so that all of the victim’s Web traffic is routed through servers controlled by the attackers.

According to researchers contacted by Security Fix, recent versions of the ubiquitous “Zlob” Trojan (also known as DNSChanger) will check to see if the victim uses a wireless or wired hardware router. If so, it tries to guess the password needed to administer the router by consulting a built-in list of default router username/password combinations. If successful, the malware alters the victim’s domain name system (DNS) records so that all future traffic passes through the attacker’s network first.

It’s a pretty nifty piece of logic and coding, pretty simple too once you’ve thought of the idea. Just grep the gateway address from the machine (using the correct interface) then try and connect to it with a pre-compiled list of default user names and passwords.

Then bingo you’re in a little insertion of new DNS servers and you’re set!

Relatively few people ever change the default username and password on their wireless routers. I see this often, even among people who have locked down their wireless routers with encryption and all kinds of other security settings: When I confront them about why they haven’t changed the default credentials used to administer the router settings, their rationale is that, ‘Well, why should I change it? An attacker would need to already have a valid connection on my network in order to reach the router administration page, so what’s the difference?’

Obviously, an attack like this illustrates the folly of that reasoning.

Indeed flawed reasoning, you should never leave anything with default passwords if possible as it’s just another weakness waiting to be exploited.

Not to say you will get infected with this malware, because that is unlikely, but someone on your network might…and if you haven’t changed the password the hijack could effect you too (it wouldn’t effect me because my DNS servers are static in my network interface settings as set by me).

Source: Washington Post


Posted in: Hardware Hacking, Malware

Tags: , , , , , , , , , ,

Posted in: Hardware Hacking, Malware | Add a Comment
Recent in Hardware Hacking:
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- The Jeep HACK – What You Need To Know
- Rowhammer – DDR3 Exploit – What You Need To Know

Related Posts:

Most Read in Hardware Hacking:
- Elevator/Lift Hacking !!!!! - 78,891 views
- Military Communications Hacking – Script Kiddy Style - 49,776 views
- Hackers Crack London Tube Oyster Card - 44,696 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


SIPVicious v0.2.3 – VoIP/SIP Auditing Toolkit

Don't let your data go over to the Dark Side!


SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:

  • svmap – this is a sip scanner. Lists SIP devices found on an IP range
  • svwar – identifies active extensions on a PBX
  • svcrack – an online password cracker for SIP PBX
  • svreport – manages sessions and exports reports to various formats

svmap

This is a sip scanner. When launched against ranges of ip address space, it will identify any SIP servers which it finds on the way. Also has the option to scan hosts on ranges of ports. For usage instructions check out SvmapUsage.

svwar

Traditionally a war dialer used to call up numbers on the phone network to identify ones that are interesting from ones that are not. With SIP, you can do something similar to identify active users.


svcrack

This is a password cracker making use of digest authentication. It is able to crack passwords on both registrar servers and proxy servers. It can make use of ranges of numbers or a dictionary file full of possible passwords.

svreport

Able to manage sessions created by the rest of the tools and export to pdf, xml, csv and plain text.

You can download SIPVicious v0.2.3 here:

sipvicious-0.2.3.tar.gz

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,486 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,401,446 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,050 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Virus Variant Extorts You by Encrypting Your Files

Cybertroopers storming your ship?


Malware authors are getting sneaky again, in the latest turn of events they have started encrypting your files and holding them at ransom!

You have to pay up to get the ‘decryptor’ and get access to your files again. This is pretty dangerous…and cunning too. It’s not easily broken either, they are using RSA 1024-bit encryption!

Kaspersky Lab found a new variant of Gpcode, a dangerous encryptor virus has appeared, – Virus.Win32.Gpcode.ak. Gpcode.ak encrypts files with various extensions including, but not limited, to .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h and more using an RSA encryption algorithm with a 1024-bit key.

Kaspersky Lab succeeded in thwarting previous variants of Gpcode when Kaspersky virus analysts were able to crack the private key after in-depth cryptographic analysis. Their researchers have to date been able to crack keys up to 660 bits. This was the result of a detailed analysis of the RSA algorithm implementation. It has been estimated that if the encryption algorithm is implemented correctly, it would take 1 PC with a 2.2 Ghz processor around 30 years to crack a 660-bit key.

It’s pretty smart going after the files that users are most likely to value, I was surprised to see .cpp and .h in there, but I guess the malware being written by programmers they would see those files as valuable too.

I wonder if Kasperky will be able to bust open this 1024-bit private key, so far they haven’t and honestly – I’m not hopeful.

At the time of writing, Kaspersky researchers are unable to decrypt files encrypted by Gpcode.ak since the key is 1024 bits long and they have not found any errors in implementation yet. Thus, at the time of writing, the only way to decrypt the encrypted files is to use the private key which only the author has.

After Gpcode.ak encrypts files on the victim machine it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor.

So watch out (not that I need to tell you guys) and make sure your non-savvy friends understand the dangers of surfing carelessly and downloading nonsense without checking the source properly.

Having your important files end up in an encrypted container isn’t pretty…yes you could have some back-up system in place, but what’s the chance of you spotting the files before your backup runs? After that you are just backing up the encrypted files anyway..

Source: Net Security


Posted in: Exploits/Vulnerabilities, Malware, Spammers & Scammers

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Malware, Spammers & Scammers | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,359 views
- AJAX: Is your application secure enough? - 120,031 views
- eEye Launches 0-Day Exploit Tracker - 85,486 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


OSWA Assistant – Wireless Hacking & Auditing LiveCD Toolkit

Don't let your data go over to the Dark Side!


The OSWA-Assistant is a no-Operating-System-required standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer’s CDROM and making your computer boot from it!

This toolkit is a contribution to the wireless security/auditing community and, as the “Assistant” moniker implies, and is designed for the following groups of people:

  • IT-security auditors and professionals who need to execute technical wireless security testing against wireless infrastructure and clients;
  • IT professionals who have responsibility for ensuring the secure operation and administration of their organization’s wireless networks;
  • SME (Small & Medium Enterprise) and SOHO (SmallOffice-HomeOffice) businesses who do not have either the technical expertise or the resources to employ such expertise to audit their wireless networks;
  • Non-technical-users who run wireless networks at home and who would like to audit the security of their wireless home networks and laptops but don’t know how.

You can download OSWA Assistant here:

oswa-assistant.iso

Or read more here.


Posted in: Hacking Tools, Network Hacking, Wireless Hacking

Tags: , , , , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Wireless Hacking | Add a Comment
Recent in Hacking Tools:
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,486 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,401,446 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,050 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Metasploit Site Hijacked by ARP Poisoning Attack

Cybertroopers storming your ship?


Crackers briefly hijacked hacking tools website Metasploit.com on Monday.

Metasploit is an advanced open-source exploit development platform used by most pen-testers. A tool we often mention here on Darknet.

On Monday the site was redirected to a page announcing the site was “hacked by sunwear ! just for fun“, as recorded by Sunbelt Software.

Unidentified miscreants used an ARP poisoning attack aimed at the network of Metasploit’s hosting provider in order to pull off the hack. The Metasploit project was quickly restored. H D Moore, the creator of the project, explained what happened in response to online reports of the hack.

“Another customer on the same ISP was compromised and used to ARP poison all servers in that subnet. I corrected the problem by setting a static ARP entry and notifying the ISP. To make it very clear – the metasploit.com servers were not compromised, nor have been to this date,” he said

So don’t worry, the Metasploit packages are safe as the server was NOT compromised it was a network level attack and a redirect rather than an actual intrusion.

Source: The Register


Posted in: Network Hacking, Web Hacking

Tags: , , , , , , ,

Posted in: Network Hacking, Web Hacking | Add a Comment
Recent in Network Hacking:
- SubBrute – Subdomain Brute-forcing Tool
- WAFW00F – Fingerprint & Identify Web Application Firewall (WAF) Products
- IPGeoLocation – Retrieve IP Geolocation Information

Related Posts:

Most Read in Network Hacking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,401,446 views
- Wep0ff – Wireless WEP Key Cracker Tool - 514,229 views
- THC-Hydra – The Fast and Flexible Network Login Hacking Tool - 327,028 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Angry IP Scanner – Cross Platform Port Scanner

Don't let your data go over to the Dark Side!


Angry IP scanner is a very fast IP address and port scanner.

It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.

Angry IP scanner simply pings each IP address to check if it’s alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be extended with plugins.

It also has additional features, like NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, web server detection, customizable openers, etc.

Scanning results can be saved to CSV, TXT, XML or IP-Port list files. With help of plugins, Angry IP Scanner can gather any information about scanned IPs. Anybody who can write Java code is able to write plugins and extend functionality of Angry IP Scanner.

In order to increase scanning speed, it uses multithreaded approach: a separate scanning thread is created for each scanned IP address. It is also cross platform running on Windows, Linux & Mac.

You can download Angry IP Scanner version 3.0-beta3 below:

Executable for Windows 2000/XP/Vista
Executable JAR for any distribution of Linux (32-bit)

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,486 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,401,446 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,050 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


‘Untraceable’ Phone Frauders Vishing for Credit Cards

Don't let your data go over to the Dark Side!


Vishing, now there’s a new term for you. Basically its Phishing – but utilising VoIP call services, which makes it very easy to spoof the Caller ID.

Even though Caller ID Spoofing was Made Illegal in the USA – people will still continue to do it, remember the FCC said it’s still easy to spoof caller ID. This scam as always includes some Social Engineering, it’s not that easy after all to get people to give up their important info over the phone.

Scams involving email and fake banking websites may get all the attention, but a recent rash of fraudulent phone calls shows criminals haven’t given up on more traditional tools for tricking people into surrendering credit card numbers and other sensitive information.

The calls begin with a recording that makes a tempting offer – usually for a lower credit-card interest rate or an extended car warranty – and then invite the caller to speak to a live agent. The agents then ask for information including the credit card number and expiration, name, address, and in some cases social security number and other data. Recipients who have fallen for the ploy report finding charges as high as $900 on their credit card.

So be careful, don’t be tempted by lower credit card rates or any kind of nonsense offers that you receive from strangers. Honestly I don’t believe any readers of Darknet would fall for this kind of thing..but as always educate those you aren’t so savvy and you are doing your part.

The surge of calls come as security researchers report an up-tick in so-called vishing attacks, which use VoIP, or voice over IP, to trick people into turning over banking credentials and other sensitive data. Last fall, more than 12,000 people in Texas were targeted in a scam that attempted to capture their account details for eTrade and two local banks, according to a recent report from iSIGHT Partners.

Vishers typically set up demo accounts with one of the many VoIP providers, carry out their attack and then move to another provider. The attacks observed in the report were different from the recent scam, however. They typically rely on emails that encourage recipients to call an automated number and manually enter their account information.

It’s worrying, people are getting spammed, scammed and phished from every direction now. All these frauds and spammers are making technology more complex and polluting the Internet with stuff like CAPTCHAs.

I guess it’s here to stay though, so we have to accept with it and deal with it as best we can.

Source: The Register


Posted in: Social Engineering, Spammers & Scammers

Tags: , , , , , , , , ,

Posted in: Social Engineering, Spammers & Scammers | Add a Comment
Recent in Social Engineering:
- Phishing Frenzy – E-mail Phishing Framework
- FSFlow – A Social Engineering Call Flow Application
- Source Code Hosting Service Code Spaces Deleted By Hacker

Related Posts:

Most Read in Social Engineering:
- How to get Ops and takeover a channel on IRC Hack Hacking - 179,417 views
- Domain Stealing or How to Hijack a Domain - 44,392 views
- Michael Jackon Spam/Malware – RIP The King Of Pop - 25,555 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Sipflanker – Locate SIP (VoIP) Device Web Interfaces

Cybertroopers storming your ship?


SIP devices are getting to be very common now, especially with open source bundled OS offerings like Trixbox making it easy to setup your own digital or IP-PBX.

Along with the frequent installations, many (if not most) VoIP devices have available a Web GUI for their configuration, management, and report generation. These Web GUIs are often on default, meaning that the moment you install the IP phone or IP PBX, the Web GUI is immediately available on the network. And unfortunately it is also common for the username and password to have default values.

Sipflanker will help you find these SIP devices with potentially vulnerable Web GUIs in your network.

What the application does is search the range of IPs you specify, and checks if port 5060 is available. Whether open or close, port usually 5060 indicates the presence of a SIP device. Then it checks if port 80 (http) is open. The combination of an open port 80, together with port 5060, either open or closed, signals a probable SIP device with a Web GUI.

Sipflanker then proceeds to extract the website, and fingerprint the device. You can find default passwords for IP phones here.

You can download sipflanker here:

sipflanker1.5beta.zip

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,486 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,401,446 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,050 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95