Archive | November, 2009

Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)

Don't let your data go over to the Dark Side!


It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag.

Binging is a simple tool to query Bing search engine. It will use your Bing API key and fetch multiple results. This particular tool can be used for cross domain footprinting for Web 2.0 applications, site discovery, reverse lookup, host enumeration etc. One can use various different directives like site, ip etc. and run queries against the engine. On top of it tool provides filtering capabilities so you can ask for unique URLs or hosts. It is also possible to filter results by applying power of regular expression. Get your Bing API key and use this tool for your audit, assessment and research.

You can download Binging here:

Binging.zip

Or read more here.


Posted in: Hacking Tools, Privacy, Web Hacking

Tags: , , , , , , , , , , , , , ,

Posted in: Hacking Tools, Privacy, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Recon-ng – Web Reconnaissance Framework
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,969,323 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,387,230 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 674,122 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Windows 7 UAC (User Access Control) Ineffective Against Malware

Cybertroopers storming your ship?


There have been a few stories about Windows 7, even one about Windows 7 UAC before and now it’s officially on sale I’d expect there to be many more.

As always malware and mass infections is a numbers game so the bad guys will always target the most popular and prolific operating systems to increase their chances of widespread infections.

For me personally UAC in Windows Vista was simply a pain in the ass, so much so I just turned it off completely as did most people rendering it completely ineffective. They seem to have toned it down in Windows 7 to make it less invasive and perhaps as a byproduct have made it less effective.

A researcher at Sophos reports putting Windows 7’s User Account Control feature to the test and finding the technology failed to block numerous pieces of malware. Microsoft, however, stresses that UAC is only one part of Windows 7’s security.

A researcher at Sophos called the UAC feature in Windows 7 ineffective after numerous pieces of malware snuck by the technology in a test.

Microsoft first introduced User Account Control in Windows Vista to improve security. After some users complained the number of alerts it generated were annoying, the company pledged to cut down on the number of prompts in Windows 7. The move however has raised concerns in the security community, and Sophos Senior Security Adviser Chester Wisniewski said his test proves Microsoft took it a step too far.

Wisniewski wrote on his blog Nov. 3 that seven of the 10 pieces of malware he tested ran with the default AUC enabled in Windows 7 without generating any prompts. As part of the test, no antivirus software was installed on the system. Two of the malware samples did not work in Windows 7; of the remaining eight, only one generated a prompt, and that one still would have been installed had the user clicked yes, Wisniewski told eWEEK.

I’d imagine it only throws an alert if the software being installed tries to modify system files or place itself in system directories (c:/windows etc).

That would make sense to me, and yes it would make it ineffective against malware and even more ineffective when the bad guys work out how it functions and adapt to that.

Nothing much new here though is it, run anything on Windows XP and you’ll get no warnings..so just be vigilant. I’d rather Microsoft try an educate people on good security practice rather than trying to implement half-arsed technical measures to protect against wetware ignorance.

When asked about the test, Microsoft officials pointed to the other features of Windows 7 that have improved security.

“Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware; this includes features like Security Development Lifecycle (SDL), User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP),” a spokesperson said.

“Windows 7 retains all of the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released,” the spokesperson added. “Coupled with Internet Explorer 8—which includes added malware protection with its SmartScreen Filter—and Microsoft Security Essentials, Windows 7 provides flexible security protection against malware and intrusions.”.

All the above technologies are great and they do help a LOT when it comes to exploitation of vulnerabilities and trying to execute shell-code. But that’s not the biggest threat, the biggest threat is idiot users installing malware ‘by accident‘ on their own computers.

So yes, however obvious it may seem to us – you still need to install Anti-virus software on Windows 7.

Source: eWeek


Posted in: Countermeasures, Malware, Windows Hacking

Tags: , , , , , , , , , , ,

Posted in: Countermeasures, Malware, Windows Hacking | Add a Comment
Recent in Countermeasures:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,985 views
- Password Hasher Firefox Extension - 117,692 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,696 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


UCSniff 3.0 Released – VoIP/IP Video Sniffing Tool

Cybertroopers storming your ship?


UCSniff is a VoIP & IP Video Security Assessment tool that integrates existing open source software into several useful features, allowing VoIP and IP Video owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C/C++, and available on Linux and Windows, the software is free and available for anyone to download, under the GPLv3 license.

Why?

UCSniff was created as a Proof of Concept demonstration tool and a method of creating awareness around VoIP/UC threats. It can be used by VoIP/UC Administrators to test their own VoIP or Video Infrastructure in a pilot before vulnerabilities are rolled into production. It can also be used by security professionals as a method of convincing IT decision makers that security best practices should be applied to VoIP/UC in the same way that they are applied to other TCP/IP based, client-server applications.

New Features

  • Real time VoIP and Video monitoring.
  • New codec support, G729, G726, G723.
  • GUI version of Windows and Linux.
  • TFTP MitM Modification of IP phone settings.
  • New VideoSnarf tool – Converts offline RTP pcap file to media file.
  • Windows VLAN implementation, for VLAN Hopping in Windows.

Or read more here.


Posted in: General Hacking

Tags: , , , , , , , , , , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,167,492 views
- Hack Tools/Exploits - 620,759 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 431,974 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Using Cloud Computing To Crack Passwords – Amazon’s EC2

Don't let your data go over to the Dark Side!


Now this is interesting a proper mathematical calculation for using cloud computing to crack passwords, now Amazon has opened up their EC2 (Elastic Compute Cloud) the cost of massive parallel processing power has come right down.

And guess what, someone thought of using it to crack passwords. It seems the cut-off would be a 12 character password as even with all lower case characters it would cost USD1.5 million to crack.

It gets exponentially cheaper as you remove each character (due to the calculation using the power of the number of characters) so a 10 character password would only cost you just over USD2000!

Forget what you’ve learned about password security. A simple pass code with nothing more than lower-case letters may be all you need – provided you use 12 characters.

That’s the conclusion of security consultant David Campbell, who calculated the cost of waging a brute-force attack on various types of passwords using cloud computing services offered by Amazon.

Based on hourly fees Amazon charges for its EC2 web service, it would cost more than $1.5m to brute force a 12-character password containing nothing more than lower-case letters a through z. But user beware, an 11-character code costs less than $60,000 to crack, and a 10-letter phrase costs less than $2,300.

Adding upper-case letters and numbers to a password offers some additional security, but not as much as you might think. Such a phrase using 10 characters would cost less than $60,000 to attack, while an 11-character code would cost roughly $2.1m. Even passwords that contain an additional 32 characters such as !@#$% are relatively cheap to crack if they are short enough. An eight-character password would cost a little more than $106,000.

I’d say adding upper case letters and numbers makes quite a difference, a 10 character passwords jumps from just over USD2000 to crack all the way up to USD60,000. That’s a factor of 30!

I’d say a 10 character password containing uppercase, lowercase, numbers and specials characters should be well into the millions and keep you fairly safe.

I did write some guidelines and tips on creating a secure password a while back, you can check it out here – Good Password Guidelines – How to Make a Strong/Secure Password.

The analysis, which Campbell posted here, builds off of research fellow security consultant Haroon Meer of SensePost presented earlier this year at the Black Hat conference. In it, he showed how EC2 could provide criminals using stolen credit cards with the equivalent of a super computer to crack encryption keys and passwords.

And that, in turn, will require new ways of thinking on the part of white hats.

“As it becomes possible now for the black hat community to get their hands on large amounts of computing power, we as security professionals are going to need to reassess threat models that we thought previously were not a factor,” said Campbell. “Using stolen credit cards, they could create a super computer that would be faster potentially than what the three-letter agencies have and they wouldn’t be paying for the CPU cycles.”

Although Amazon takes pains to ration resources it makes available to single customers, Meer showed it was possible to get around such limitations using a single credit card. Presumably, it would be even easier to bypass those controls using hundreds or thousands of stolen credit cards, something that is trivial for criminals to get a hold of. Campbell’s assumptions are based on simple arithmetic.

It’s interesting research nevertheless, I’d say Cloud Computing is only going to get more powerful and cheaper to rent so character based passwords may become completely defunct at some point in the future.

The computing power is not at the point where you have to worry about your 1024 bit RSA encryption quite yet, but it may well be in the near future as it’s already advised to use a 2048 bit key length!

Combining this platform with the abundance of stolen credit card details the blackhats have could be quite devastating.

Source: The Register


Posted in: General Hacking, Password Cracking

Tags: , , , , , , , , , , , , ,

Posted in: General Hacking, Password Cracking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,167,492 views
- Hack Tools/Exploits - 620,759 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 431,974 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


RATS – Rough Auditing Tool for Security

Don't let your data go over to the Dark Side!


RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.

RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential severity of each problem, to better help an auditor prioritize. This tool also performs some basic analysis to try to rule out conditions that are obviously not problems.

As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool.

Requirements


RATS requires expat to be installed in order to build and run. Expat is often installed in /usr/local/lib and /usr/local/include. On some systems, you will need to specify –with-expat-lib and –with-expat-include options to configure so that it can find your installation of the library and header. Expat can be found here.

You can download RATS here:

Source Code: rats-2.4.tgz

Or read more here.


Posted in: Countermeasures, Exploits/Vulnerabilities, Programming, Security Software

Tags: , , , , , , , , , , , , ,

Posted in: Countermeasures, Exploits/Vulnerabilities, Programming, Security Software | Add a Comment
Recent in Countermeasures:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,985 views
- Password Hasher Firefox Extension - 117,692 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,696 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95