Archive | September, 2009

SWFScan – Free Flash Application Security Scanner

Your website & network are Hackable


HP SWFScan is a free tool developed by HP Web Security Research Group, which will automatically find security vulnerabilities in applications built on the Flash platform.

HP is offering SWFScan because:

  • Their research shows that developers and increasingly implementing applications built on the Adobe Flash platform without the required security expertise.
  • As a result, they are seeing a proliferation of insecure applications being deployed on the web.
  • A vulnerable application built on the Flash platform widens your website’s attack surface creating more opportunity for malicious hackers.

How SWFScan works and what vulnerabilities it finds:

  • Decompiles applications built on the Adobe Flash platform to extract the ActionScript code and statically analyzes it to identify security issues such as information disclosure.
  • Identifies and reports insecure programming and deployment practices and suggests solutions.
  • Enables you to audit third party applications without requiring access to the source code.

You can download SWFScan here:

SwfScan.msi

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,978,068 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,420,034 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,929 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


UK Has The Worst Internet Security In Europe

Your website & network are Hackable


Interesting story for our British readers, seems like back in Old Blighty people are a bit lax when it comes to keeping their security software up to date.

Not only that, from the other aspects of the survey it seems UK is generally lacking in cybersecurity awareness and education with people not deleting dodgy files and a large percentage of people not using any kind of protection at all.

Brits are lax at updating their security software, compared to their European counterparts, says PC Tools. Worldwide research by the security firm revealed that a third of Brits never update their security software, compared to just five percent of German and seven percent of French web users.

Nearly one in ten Brits also admitted they don’t use any form of security software when surfing the web, compared to five percent of French and four percent of Germans. The UK is also lagging behind when it comes to deleting files sent from unknown sources. Just one percent of Brits will delete files sent by email, instant messenger or social networking sites compared to two percent of French web users and nine percent of Germans.

With auto-updates and software prompting you to up date I don’t know why it’s such a big problem, I would hazard a guess that it’s to do with the lack of Broadband penetration in UK.

There’s still a huge number of people using dial-up which makes it very cumbersome to update software, especially with file sizes getting bigger and bigger.

PC Tools said that 41 percent of all respondents use just one or two passwords across all the sites they visit online, while eight percent admitted to having just one password for all their online account. Of that eight percent, over half were French, while 35 percent were Brits and just 16 percent were German.

Michael Greene, vice president of product strategy, PC Tools, said: “While consumers are generally security conscious, they are not yet security savvy. The increased use of the internet among consumers is providing a lucrative market for cybercriminals and we are seeing more and more sophisticated techniques that lure consumers into clicking on malicious links or downloading malicious files”.

Over three quarters of Brits have some form of security software installed on their PC, compared to the global average of 57 percent. Worryingly, 53 percent of Brits also said they only act on a security alert if something strikes them as particularly dangerous.

From the stats, the average for those having some kind of security software installed is trumped by the Brits – but if they don’t update isn’t it useless.

And with 41% of people using only 2 different passwords for ALL online sites..that doesn’t bode well for anyone who gets hit with a targeted attack.

Source: Network World


Posted in: General News, Security Software

Tags: , , , , , ,

Posted in: General News, Security Software | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,393 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,842 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


MySqloit – SQL Injection Takeover Tool For LAMP

Your website & network are Hackable


MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySQL, PHP) and WAMP (Windows, Apache, MySQL, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints.

For example, the lack of multiple statements in one query makes MySQL an unpopular platform for remote code execution, compared to other platforms. This tool is written to demostrate how remote code execution can be performed on a database connector that do not support stack queries.

Key Features

  • SQL Injection detection using time based injection method
  • Database fingerprint
  • Web server directory fingerprint
  • Payload creation and execution

MySqloit is currently only tested on Linux. This is a new tool though so we should expect more development soon, I hope some of you guys can test it out and let the author know what you think.

You can download MySqloit v0.1 here:

MySqloitv0.1.tar

Or read more here.


Posted in: Database Hacking, Hacking Tools, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,399 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,388 views
- SQLBrute – SQL Injection Brute Force Tool - 40,934 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Apache.org Hacked Using Remote SSH Key

Your website & network are Hackable


Apache.org has been hacked quite a number of this times, last week it happened again and the whole infrastructure was down for a few hours while they sorted out what had happened and how to remedy it.

Apparently one the remote SSH keys was compromised allowed attacked to upload code, the scary part is they could upload a trojaned version of Apache, which over a few days could be downloaded by thousands of people.

Very little seems to be known about what damage was done and no-one is claiming responsibility for it.

The website of Apache was taken offline for several hours on Friday after the SSH remote administration key on one of its servers was compromised.

SSH is a widely used technology for remote administration, so in the worst scenario the compromise created a means for hackers to upload Trojanised code onto the download section of Apache’s website. Around 50 per cent of webservers run Apache, according to the latest stats from Netcraft, so any problem would be extremely widely felt.

It’s unclear at present whether any code on the Apache website was actually modified. Nor do we know how the attack was carried out or who was behind it.

According to the Apache Infrastructure Team, in their own words:

“To the best of our knowledge at this time, no end users were affected by this incident, and the attackers were not able to escalate their privileges on any machines.”

You can read their initial report here.

Apache’s web site was restored after DNS records were changed so that servers based in Europe rather than at the main US site were carrying the load.

Rik Ferguson, a security researcher at Trend Micro, notes that the same type of compromised SSH key problem led to attacks that attempted to install rootkits on Linux based systems in August 2008.

Screenshots of Apache’s statement on the incident, since removed, have been preserved for posterity in a blog posting by Trend Micro here and F-Secure here. ®

They have restored all the servers from back-up images and I hope they’ve changed all the SSH keys, we can keep an eye on the progress and see if any more details crop up.

It’d be interesting to know the motives behind the attack, was it political or for money?

Apache currently scores about 47% of all global web-servers, so we better hope there isn’t a backdoor slipped in.

Source: The Register (Thanks Droope)


Posted in: Exploits/Vulnerabilities, Linux Hacking

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Linux Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,748 views
- AJAX: Is your application secure enough? - 120,100 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Graudit – Code Audit Tool Using Grep

Find your website's Achilles' Heel


Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Usage


Graudit supports several options and tries to follow good shell practices. For a list of the options you can run graudit -h or see below. The simplest way to use graudit is;

You can download Graudit v1.1 here:

graudit-1.1.tar.bz2

Or read more here.


Posted in: Countermeasures, Exploits/Vulnerabilities, Programming

Tags: , , , , , , ,

Posted in: Countermeasures, Exploits/Vulnerabilities, Programming | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,100 views
- Password Hasher Firefox Extension - 117,778 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,727 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95