Archive | February, 2009

SSLstrip – HTTPS Stripping Attack Tool

Find your website's Achilles' Heel


This tool provides a demonstration of the HTTPS stripping attacks that was presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation on the homepage.

To get this running:

  • Flip your machine into forwarding mode.
  • Setup iptables to redirect HTTP traffic to sslstrip.
  • Run sslstrip.
  • Run arpspoof to convince a network they should send their traffic to you.

That should do it.


How does this work?

First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).

At this point, sslstrip receives the traffic and does its magic.

You can download sslstrip 0.2 here:

sslstrip-0.2.tar.gz

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis
- shadow – Firefox Heap Exploitation Tool (jemalloc)

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,981,455 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,434,208 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 680,878 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Hackers Targeting Xbox Live Players with DoS Attacks

Find your website's Achilles' Heel


Well the day has come when money-minded botnet owners have turned their services towards online gaming. For a small fee (USD20) you can get someone to set you up with the software to ‘boot’ people from the Xbox Live network.

It’s always been a problem in gaming, if something can get hold of your IP address they can DoS you off the network or at least make it so laggy you can no longer play properly.

Most legacy games however were hosted on central or public servers so that wasn’t an issue, but with Xbox live most of the games are hosted by one of the participants – so that guy effectively has access to everyone’s IP address.

Xbox Live is being targeted by malicious hackers selling services that kick players off the network.

The booting services are proving popular with players who want a way to get revenge on those who beat them in an Xbox Live game.

The attackers are employing data flooding tools that have been used against websites for many years.

Microsoft is “investigating” the use of the tools and said those caught using them would be banned from Xbox Live.

“There’s been a definite increase in the amount of people talking about and distributing these things over the last three to four weeks,” said Chris Boyd, director of malware research at Facetime Communications.

Yah so Microsoft is going to ban them? I bet they are really bothered, the guys making the money probably don’t even use the tools themselves apart from testing and if they do they probably use hijacked accounts.

The poor schmucks who are going to get banned are the ones who have paid the hackers to set them up with some tools they don’t really understand.

It seems like it’s really picked up in the last month or so and is becoming a serious issue on the Xbox Live network.

“The smart thing about these Xbox tools is that they do not attack the Xbox Live network itself,” he said.

He said the tools work by exploiting the way that the Xbox Live network is set up. Game consoles connecting to the Xbox network send data via the net, and for that it needs an IP address.

Even better, said Mr Boyd, games played via Xbox Live are not hosted on private servers. “Instead,” he said, “a lot of games on Xbox Live are hosted by players.”

If hackers can discover the IP address of whoever is hosting a game they can employ many of the attacks that have been used for years against websites, said Mr Boyd. One of the most popular for the Xbox Live specialists is the Denial of Service attack which floods an IP address with vast amounts of data.

In basic terms they are just using a traditional DDoS attack on Xbox Live players, there’s no special or new technology involved here. Whoever is at the receiving end would have their net connection disrupted – not just their connection to Xbox Live.

With an estimated 17 million players on the Xbox Live network this could become a significant issue and as with any kind of DoS attack it’s really quite difficult to prevent.

Unless they change the whole architecture and make the hosting centralized – then they have to take the brunt of the bandwidth and infrastructure costs rather than with the current peer-to-peer hosting system.

Source: BBC (Thanks Navin)


Posted in: Exploits/Vulnerabilities, Hardware Hacking, Network Hacking

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hardware Hacking, Network Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,985 views
- AJAX: Is your application secure enough? - 120,148 views
- eEye Launches 0-Day Exploit Tracker - 85,576 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


WMAT Released – Web Mail Auth Tool For Testing Web Mail Logins

Find your website's Achilles' Heel


WMAT is Web Mail Auth Tool that provide some essential functions for testing web mail logins, written in python with support of pyCurl.

How it works?

It is very simple, You give WMAT file with usernames, file with passwords, URL of web mail app and chose pattern for attack. Patterns are XML files that define post/get fields, http method, referer, success tag, etc … for each web mail applications.

There are currently patterns for horde, squirrelmail, kerio and mdaemon web mail.

The XML pattern files look like this:


The author of WMAT requests for help from the community with the patterns, the author of the pattern will be credited in the author field of the XML file.

There are some more options like setting timeout (time between each request), bell on success and option for writing output in file. More can be seen in the Readme file here.

For future versions the following additions are planned:

  • using a proxy
  • special addon for generation of usernames/passwords
  • automatic recognizer of web app

You can download WMAT here:

wmat.zip
Python source.

Or read more here.


Posted in: Hacking Tools, Password Cracking, Web Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Password Cracking, Web Hacking | Add a Comment
Recent in Hacking Tools:
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis
- shadow – Firefox Heap Exploitation Tool (jemalloc)

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,981,455 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,434,208 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 680,878 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Hackers Target 0-Day Vulnerability In Adobe PDF Reader & Acrobat

Your website & network are Hackable


Another flaw in the Adobe product suite! It seems like PDF is turning into a complex animal, complexity of course always brings more security issues.

It was only back in February last year when there was a bug in Adobe Reader, and almost exactly a year later another one.

This time it’s a zero-day just hit and it is being actively exploited, with the worrying statement made that the fix will come in the ‘following weeks‘.

Hackers are targeting a zero-day vulnerability affecting Adobe Reader and Acrobat with malicious PDF files. Adobe officials say a fix for the issue will be available for Adobe Reader and Adobe Acrobat in the coming weeks.

Hackers have once again turned to PDF files to spread their wares, this time assaulting a zero-day flaw affecting Adobe Reader and Acrobat.

Fortunately, the unpatched bug is on the company’s radar, and fixes for Adobe Reader 9 and Acrobat 9 are slated to be available March 11. Updates for earlier versions will come later, company officials said in an advisory.

The bug is due to an error in the parsing of certain structures in PDF files. If exploited successfully, the bug could allow a hacker to take complete control of a vulnerable system.

Ok March 11th, only about 3 weeks to get a fix for a potentially very serious problem. Allowing complete control over the system, with the majority of people still using the Administrator account to user their computers on a day-to-day basis – that’s not good.

I don’t see how patch management will help here either, the patch won’t be out until 3 weeks after the exploit has become public. With attacks being targeted initially, and becoming more wide spread I would have thought immediate patching would have been more suitable.

“In parsing a specially-crafted embedded object, a bug in the reader allowed the attacker to overwrite memory at an arbitrary location,” blogged McAfee researcher Geok Meng Ong. “The attacks, found in the field, use the infamous heap spray method via JavaScript to achieve control of code execution.”

“While the distribution of this exploit thus far appears to be targeted, new variants are expected as more information is made public,” the researcher continued. “As with the Conficker experience, the lack of good patch management is a very worrying trend that deserves more attention from IT security practitioners. Adobe is expected to release a patch very soon.”

In the meantime, security researchers at the Shadowserver Foundation recommend users consider disabling JavaScript. Symantec also recommended Adobe users keep their antivirus up-to-date.

“While we continue to investigate this issue, customers are advised to follow best practices and only open email attachments from people they trust,” blogged Symantec researcher Patrick Fitzgerald. “Enabling DEP (Data Execution Prevention) for Adobe Reader will also help prevent this type of attack.”

There are some measures to can take to combat the problem, if you’re using Adobe on a corporate network you might want to think about pushing out some changes via Group Policy.

And well once again, another reason to use Foxit! PDF Reader.

Source: eWeek


Posted in: Exploits/Vulnerabilities, Malware

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Malware | Add a Comment
Recent in Exploits/Vulnerabilities:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,985 views
- AJAX: Is your application secure enough? - 120,148 views
- eEye Launches 0-Day Exploit Tracker - 85,576 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


DShield Web Honeypot Project – Alpha Version Released

Find your website's Achilles' Heel


For those of you who are not familiar with DShield (where have you been? under a rock?) it’s a Cooperative Network Security Community. Basically what that means is they collect firewall logs and map out the trends.

Like when there was a worm going around that bruteforced SSH2 you could see a spike in port 22 traffic, to quote the about page.

The ISC uses the DShield distributed intrusion detection system for data collection and analysis. DShield collects data about malicious activity from across the Internet. This data is cataloged and summarized and can be used to discover trends in activity, confirm widespread attacks, or assist in preparing better firewall rules.

Currently the system is tailored to process outputs of simple packet filters. As firewall systems that produce easy to parse packet filter logs are now available for most operating systems, this data can be submitted and used without much effort.

If you want to know how to submit you can find out here.

Anyway to get back to the point, with the trend for development moving towards web applications DShield has come out with a Web Honeypot project.

The overall idea is to build something like DShield (which collects firewall logs) for webapps.

The goal of the project is to collect quantitative data measuring the activity of automated or semi-automated probes against web applications. First of all, we will not just look for “attacks”. We look for “probes”. If they are malicious or not can only be determined in context.

We will not look for 0-day style or targeted attacks. Maybe we will get lucky and catch one. But in order to detect them, we would need sensors in specific networks. What we are after is more the “background noise”.

How does it work?
A: The Web Honeypot is made up of 3 elements: a client, a set of templates and a logging system. All web requests destined for the honeypot are passed to the honeypot client. The client attempts to match the specific web application requested to one of the templates installed in the honeypot. If a suitable template is found then it is sent back to the requester. If there is no template available, a default web page is returned. In both cases the specific web application request is logged and sent to a central DShield database.

Should I run this on my production environment?
A: That depends on your risk tolerance. If your organization is willing to approve it, then the program itself is designed so that it can run as a virtual host under apache. You could assign unused IP addresses to the honeypot virtual host.

Can I run this at home?
A: Several people already are. If you can forward port 80 to your honeypot machine, then it will work.
Installation:

Will the Web Honeypot work on my OS?
A: Currently the Web Honeypot works on Windows (2000 or later) and Linux OS with install packages available for: Debian, Redhat, openSUSE and Mac OSX.

Does it run on Windows/IIS/PHP?
A: It should with some minor modifications. IIS does not support the same redirection of all requests that apache does.

You can download the Web Honeypot here:

webhoneypot-alpha.tgz

Or read more here.


Posted in: Countermeasures, Forensics, Security Software, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Countermeasures, Forensics, Security Software, Web Hacking | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,148 views
- Password Hasher Firefox Extension - 117,802 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,731 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Satellite Feed Hacking – Your Data Isn’t Private!

Find your website's Achilles' Heel


Hardware hacking is an interesting area and something not too many people get into as the soldering irons, capacitors and chipsets seem daunting. I did have a play around with cable boxes and satellite feeds in my earlier years and was surprised to find how insecure they were.

Most traffic is transmitted unencrypted, the stuff that is encrypted generally uses very weak algorithms or isn’t even encrypted – it’s just encoded (BASE64 etc).

Hacker Adam Laurie has spent a lot of time hacking away at Satellite feeds and has become quite a subject matter expert.

White-hat hacker Adam Laurie knows better than to think email, video-on-demand, and other content from Sky Broadcasting and other satellite TV providers is a private matter between him and the company. That’s because he’s spent the past decade monitoring satellite feeds and the vast amount of private information they leak to anyone with a dish.

“Looking at what kind of data you can see being broadcast, some of that is quite surprising,” he says. “Things you would expect to be secure turn out not to be secure. The most worrying thing is you can just see all this data going by.”

Using off-the-shelf components Laurie assembled himself, it’s not hard for him to spot private emails in transit, web browsing sessions, and live stock market data that’s not supposed to be available for free. The most unforgettable thing he’s seen came in 1997, when television reporters in Paris used unsecured feeds to beam back what was supposed to be closed-circuit coverage of Princess Diana’s death to a UK television network.

Laurie presented his findings at the Blackhat con yesterday, there is no whitepaper, audio or tool available for download yet but you can grab the presentation slides here [PDF].

There has been research done by other hackers on the same subject (Jim Geovedi, Raditya Iryandi, and Anthony Zboralski) and they have exposed similar flaws, you can read the paper they published here [PDF].

Hacking into satellite receivers is a lot easier now than it used to be, thanks to their wide-spread embrace of Linux. In the old days, he had to build dedicated hardware to monitor transmissions. Now, Laurie’s Dreambox has an ethernet interface and its own shell, making it a snap to pipe its feed into a laptop. From there, he can analyze packets using standard programs such as Wireshark.

Other equipment includes a 1-meter dish and a diseq motor to point it at particular satellites. The cost of the gear is under $1,000.

Laurie has also developed software that analyzes hundreds of channels to pinpoint certain types of content, including traffic based on TCP, UDP, or SMTP. The program offers a 3D interface that allows the user to quickly isolate email transmissions, web surfing sessions, or television feeds that have recently been set up.

“The visualization technique makes it easy to spot things that are trying not to be spotted,” Laurie says.

Sounds like some pretty fancy software with some neat visualization allowing you to quickly pinpoint the data you are interested in, I hope he publishes it – or at least gives it a good demo so we can see how it works.

The slides gives an idea of what he’s been up to and how easy it is now with a modified Dreambox, I’ll be looking out for more info!

Source: The Register


Posted in: Hardware Hacking, Legal Issues, Privacy

Tags: , , , , , , , , , , , ,

Posted in: Hardware Hacking, Legal Issues, Privacy | Add a Comment
Recent in Hardware Hacking:
- Fitbit Vulnerability Means Your Tracker Could Spread Malware
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- The Jeep HACK – What You Need To Know

Related Posts:

Most Read in Hardware Hacking:
- Elevator/Lift Hacking !!!!! - 79,178 views
- Military Communications Hacking – Script Kiddy Style - 49,803 views
- Hackers Crack London Tube Oyster Card - 44,942 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Fast-Track 4.0 – Automated Penetration Testing Suite

Your website & network are Hackable


The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers.

For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when David Kennedy was on a penetration test and found that there was generally a lack of tools or automation in certain attacks that were normally extremely advanced and time consuming.

In an effort to reproduce some of David’s advanced attacks and propagate it down to the team at SecureState, David ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us.

Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride.

It’s something a lot of people will enjoy as many parts of a pen-test are very monotonous and don’t really take your full concentration, a semi-automated approach with a skillful eye watching for false-positives and false-negatives is always more effective and efficient than fully manual or fully automated testing.

DependenciesMetasploit 3, SQLite, PYMSSQL, FreeTDS, Pexpect, ClientForms, Beautiful Soup, and Psycho.

Installation – When extracting the tarball, run the setup.py file by executing python setup.py install, this will install the needed dependencies MINUS SQLite and Metasploit 3, you should specify the metasploit path or it will default to the BackTrack 3 installation menu. Once the installation is completed, Fast-Track should be fully functional.

You can download Fast-Track 4.0 here:

fasttrack.tgz

Or read more here.


Posted in: Exploits/Vulnerabilities, General Hacking, Hacking Tools

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking, Hacking Tools | Add a Comment
Recent in Exploits/Vulnerabilities:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,985 views
- AJAX: Is your application secure enough? - 120,148 views
- eEye Launches 0-Day Exploit Tracker - 85,576 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


NSA Together With Mitre CWE and SANS Identifies Top 25 Programming Errors

Find your website's Achilles' Heel


Secure programming is a huge issue and it’s the lack of it that causes all the problems we have with vulnerabilities and the exploits associated with them. If everywhere developers followed secure programming practices we wouldn’t have buffer overflow issues or unsanitized parameters leading to SQL Injection.

The NSA (National Security Agency), working with MITRE, SANS, and dozens of industry experts from many other organizations, has published a valuable list of the top 25 most dangerous programming errors.

I hope more companies take notice of this and train their developers properly, rather than squeezing maximum efficiency and LOC out of them – teach them to code properly and securely too!

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

The list is the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe. It leverages experiences in the development of the SANS Top 20 attack vectors (http://www.sans.org/top20/) and MITRE’s Common Weakness Enumeration (CWE) (http://cwe.mitre.org/). MITRE maintains the CWE web site, with the support of the US Department of Homeland Security’s National Cyber Security Division, presenting detailed descriptions of the top 25 programming errors along with authoritative guidance for mitigating and avoiding them. The CWE site also contains data on more than 700 additional programming errors, design errors, and architecture errors that can lead to exploitable vulnerabilities.

The main goal for the Top 25 list is to stop vulnerabilities at the source by educating programmers on how to eliminate all-too-common mistakes before software is even shipped. The list will be a tool for education and awareness that will help programmers to prevent the kinds of vulnerabilities that plague the software industry. Software consumers could use the same list to help them to ask for more secure software. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.

It’s good to see such a comprehensive project being published on the Internet for free, the aim behind this is just to make more secure code. There’s no hidden commercial agenda or aim to sell services or software packages on the back of this.

If you know anyone in the development field I suggest you forward the list to them and tell them to send it to anyone involved in software development (same goes for commercial and non-commercial projects).

There’s no excuse for insecure code!

The Top 25 list was developed at the end of 2008. Approximately 40 software security experts provided feedback, including software developers, scanning tool vendors, security consultants, government representatives, and university professors. Representation was international. Several intermediate versions were created and resubmitted to the reviewers before the list was finalized. More details are provided in the Top 25 Process page

To help characterize and prioritize entries on the Top 25, a threat model was developed that identifies an attacker who has solid technical skills and is determined enough to invest some time into attacking an organization. More details are provided in Appendix B.

Weaknesses in the Top 25 were selected using two primary criteria:

  • Weakness Prevalence: how often the weakness appears in software that was not developed with security integrated into the software development life cycle (SDLC).
  • Consequences: the typical consequences of exploiting a weakness if it is present, such as unexpected code execution, data loss, or denial of service.

Prevalence was determined based on estimates from multiple contributors to the Top 25 list, since appropriate statistics are not readily available.

It’s assumed the attacker has some strong technical skills, is intent on data theft or theft of resources and is willing to spend an estimate 20 hours per software module. This is not realistic and in a blackhat situation you could bet they would be willing to spend much more than 20 hours.

Even if you aren’t directly involved in software development, it’s an interesting study and for people doing pen-tests/code audits and web application assessments it’s a goldmine of information to research further on.

If you get your techniques down on each of these 25 vulnerabilities you should be able to pretty much break anything open.

Source: CWE


Posted in: Exploits/Vulnerabilities, Programming

Tags: , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Programming | Add a Comment
Recent in Exploits/Vulnerabilities:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,985 views
- AJAX: Is your application secure enough? - 120,148 views
- eEye Launches 0-Day Exploit Tracker - 85,576 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


BackTrack BETA 4 Released for Public Download

Find your website's Achilles' Heel


The Remote Exploit Development Team is happy to announce the release of BackTrack 4 Beta. In this latest version of BackTrack 4 there have been some conceptual changed and some new and exciting features. The most significant of these changes is the expansion from the realm of a Pentesting LiveCD towards a full blown “Distribution”.

Now based on Debian core packages and utilizing the Ubuntu software repositories, BackTrack 4 can be upgraded in case of update. When syncing with the BackTrack repositories, you will regularly get security tool updates soon after they are released.

If you don’t know what BackTrack is – it’s the result of merging the two innovative penetration testing live linux distributions Auditor and Whax. Backtrack provides a thorough pentesting environment which is bootable via CD, USB or the network (PXE). The tools are arranged in an intuitive manner, and cover most of the attack vectors. Complex environments are simplified, such as automatic Kismet configuration, one click Snort setup, precompiled Metasploit lorcon modules, etc. BackTrack has been dubbed the #1 Security Live CD by Insecure.org, and #36 overall.

New Features

  • Kernel 2.6.28.1 with better hardware support.
  • Native support for Pico e12 and e16 cards is now fully functional, making BackTrack the first pentesting distro to fully utilize these awesome tiny machines.
  • Support for PXE Boot – Boot BackTrack over the network with PXE supported cards!
  • SAINT EXPLOIT – kindly provided by SAINT corporation for our users with a limited number of free IPs.
  • MALTEGO – The guys over at Paterva did outstanding work with Maltego 2.0.2 – which is featured in BackTrack as a community edition.
  • The latest mac80211 wireless injection patches are applied, with several custom patches for rtl8187 injection speed enhancements. Wireless injection support has never been so broad and functional.
  • Unicornscan – Fully functional with postgress logging support and a web front end.
  • RFID support
  • Pyrit CUDA support…
  • New and updated tools – the list is endless!

This BETA release is considered stable and usable. Some tools were kept back from this version, and will be soon added to the repositories. Some minor bugs have been discovered and will be fixed with updated packaged.

It would also be appreciated if you could use this latest release and give some feedback to the development team to improve it and ensure it works with your specific hardware config (especially the wireless features).

You can download BackTrack BETA 4 here:

DVD ISO Image – bt4-beta.iso
VMware Image – bt4-beta-vm-6.5.1.rar

Or read more here.


Posted in: Hacking Tools, Linux Hacking, Network Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Linux Hacking, Network Hacking | Add a Comment
Recent in Hacking Tools:
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis
- shadow – Firefox Heap Exploitation Tool (jemalloc)

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,981,455 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,434,208 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 680,878 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Microsoft Offers $250K Bounty for Conficker Author

Find your website's Achilles' Heel


We did mention Conficker when it broke out back in January causing one of the largest scale infections ever seen (an estimated 9 million machines in just a few months).

The latest news is that Microsoft are offering a bounty to catch the author of the malware, we have seen this back in 2003/4 (The Anti-virus Reward Program) but it’s been pretty dormant since then. An interesting move some might say, but really, will it work?

Microsoft is offering a $250,000 reward for information that leads to the arrest and conviction of the virus writers behind the infamous Conficker (Downadup) worm.

The bounty, announced Thursday, represents a revival of Microsoft’s mothballed Anti-virus Reward Program, launched in 2003 and virtually moribund since 2004.

In 2003, Redmond put up a $250,000 reward for tips leading to the arrest and conviction of the virus writers behind the infamous SoBig and Blaster worms. It extend this offer to other examples of malware, but there’s only ever been one payout.

Erstwhile college friends of German VXer Sven Jaschan, who was convicted of writing the Sasser worm, picked up a $250,000 payout for their efforts.

So it shows in some circumstances it can work, some ‘friends’ of the Sasser author grassed him up and earnt themselves a tidy pay packet.

It just shows, you can’t really trust anyone nowdays. They haven’t been running this program on any of the interim malware explosions however, so it’ll be interested to see if times have changed and any results will be yielded.

Conficker has infected 10 million computers, going by recent estimates, so it’s no great surprise to find that Microsoft has reactivated the program. Even if it doesn’t lead to any arrests, the possibility of betrayal will give the authors of the worm pause for thought before they activate the monster botnet their malware has established.

In related news, Microsoft is partnering with security researchers, the Internet Corporation for Assigned Names and Numbers (ICANN), and operators within the domain name system to disable domains used by Conficker. Infected machines are programmed to dial into a constantly varying pre-programmed range of servers every day in order to obtain instructions.

Seperately OpenDNS rolled out a Conficker tracking and blocking scheme earlier this week.

It looks like a lot of measures are going into place to limit the damage Conficker can cause and attempting of course to stop it spreading far and wide.

With 10 million infections already, I think they have a lot of catching up to do and a lot of work ahead of them.
Source: The Register


Posted in: Legal Issues, Malware, Windows Hacking

Tags: , , , , , , , , , ,

Posted in: Legal Issues, Malware, Windows Hacking | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,703 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,635 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,627 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95