Archive | December, 2009

FindDomains v0.1.1 Released – Discover Domains/Sites/Hosts

Your website & network are Hackable


FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.

It retrieves domain names/web sites which are located on specified ip address/hostname.

In order to use FindDomains you need to:

  1. Create an appid from “Bing Developers” at this link.
  2. It’ll be like that : 32AFB589D1C8B4FEC73D4BCB6EA0AD810E0FA2C7
  3. When you have registered an appid, enter it to the “appid.txt” which is in the program directory.

Features

  • Uses Bing search engine. Works with first 1000 records.
  • Multithreaded on crawling and DNS resolution.
  • Performs DNS resolution for extracted domains to eleminate cached/old records.
  • Has a console interface so it can be very useful with some command-line foo.
  • Works with Mono. But running under Windows is more efficient.

Sample usage

Requirements

  • .NET Framework 3.5. Also working with Mono.

You can dowload FindDomains v.0.1.1 here:

FindDomainsv0.1.1.rar

Or read more here.


Posted in: Hacking Tools, Privacy, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Privacy, Web Hacking | Add a Comment
Recent in Hacking Tools:
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool
- Kautilya – Human Interface Device Hacking Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,000,970 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,511,994 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 692,133 views


Microsoft IIS Semicolon Bug Leaves Servers Vulnerable

Your website & network are Hackable


The latest news breaking over the Christmas period is that of a fairly serious bug in IIS that allows local file inclusion (LFI) of any filetype due a bug in the way IIS filters handle semicolons (;).

Secunia has confirmed the vulnerability “on a fully patched Windows Server 2003 R2 SP2 running Microsoft IIS version 6. Other versions may also be affected”.

Although oddly it only classifies the bug as “Less critical” – basically a 2/5 on their threat scale.

A researcher has identified a vulnerability in the most recent version of Microsoft’s Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension “.asp.” By appending “;.jpg” or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.

There appears to be some disagreement over the severity of the bug, which Dalili said affects all versions of IIS. While he rated it “highly critical,” vulnerability tracker Secunia classified it as “less critical,” which is only the second notch on its five-tier severity rating scale.

It’s a pretty nasty bug if you ask me, it means any CMS, forum software or gallery page where users are allowed to upload files (running on IIS) can be owned by a webshell without any effort at all.

Even if an app doesn’t allow native uploading, LFI can now be executed using another exploit and it will bypass any filtering IIS provides against executable files such as .asp scripts.

I don’t really see how this bug is “Less critical” – I’d imagine there’s some mass pwnage going around the World right now.

“Impact of this vulnerability is absolutely high as an attacker can bypass file extension protections by using a semicolon after an executable extension such as ‘.asp,’ ‘.cer,’ ‘.asa’ and so on,” Dalili wrote. “Many web applications are vulnerable against file uploading attacks because of this weakness of IIS.”

In an email to El Reg, Dalili offered the following attack scenario:

“Assume a website which only accepts JPG files as the users’ avatars. And the users can upload their avatars on the server. Now an attacker tries to upload “Avatar.asp;.jpg” on the server. Web application considers this file as a JPG file. So, this file has the permission to be uploaded on the server. But when the attacker opens the uploaded file, IIS considers this file as an ASP file and tries to execute it by ‘asp.dll.’

“So, the attacker can upload a web-shell on the server by using this method. Most of the uploaders only control the last part of the files as their extensions, and by using this method, their protection will be bypassed.”

Microsoft as per usual is ‘looking into it’ – I would guess within a week or so users will be screaming for a patch in the next round of updates planned for January if not sooner.

Although if you are using IIS, I wouldn’t hold your breath for an out of schedule patch – we all know what Microsoft thinks of those.

Source: The Register


Posted in: Exploits/Vulnerabilities, Web Hacking, Windows Hacking

Tags: , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Mirai DDoS Malware Source Code Leaked
- mimikittenz – Extract Plain-Text Passwords From Memory
- Massive Yahoo Hack – 500 Million Accounts Compromised

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 236,505 views
- AJAX: Is your application secure enough? - 120,376 views
- eEye Launches 0-Day Exploit Tracker - 85,870 views


Merry Christmas 2009

Your website & network are Hackable


I’d just like to take this opportunity to wish you all a merry xmas 2009, enjoy the festive season and I hope santa brought you whatever nifty gadgets you wished for.


Posted in: Site News

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,636 views
- Get the ball rollin’ - 19,008 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,276 views


hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool

Your website & network are Hackable


hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby, licensed under GNU General Public License version 3 (GPLv3). Its goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests.

hostmap helps you using several techniques to enumerate all the hostnames associated with an IP address.

Features

  • DNS names and virtual hosts enumeration
  • Multiple discovery techniques, to read more see documentation.
  • Results correlation, aggregation and normalization
  • Multithreaded and event based engine
  • Platform independent

Changes/New Features in v0.2

  • Fully refactored and rewritten in Ruby.
  • User requested interrupt (CTRL+C) now is handled.
  • Added Rakefile to automatize task. For example readme and API documentation rebuilding.
  • Changed info gathering plugin architecture. Now using PlugMan library.
  • Added some host names to brute forcing dictionaries.
  • Added parsing of alternate subject (subjectAltName) from X.509 certificates.
  • Added info gathering plugin using dnshistory.org.
  • Added wildcard domains detection.
  • Added wildcard X.509 certificate detection.
  • Added -d option to use a user supplied list of DNS servers
  • Added blacklist for second level TLD (for example co.uk) detection.
  • Added an enumeration plugin to use Microsoft Bing via API. API key must be provided in configuration file.
  • Added a configuration file (hostmap.conf) to keep user settings.
  • Added option –http-ports to specify the ports to check for an HTTP/HTTPS service.

You can see the complete list of changes here.

The user manual is available here – README.pdf [PDF]

You can download hostmap 0.2 here:

hostmap-0.2.tar.gz

Or read more here.


Posted in: Hacking Tools, Network Hacking, Web Hacking

Tags: , , , , , , , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Web Hacking | Add a Comment
Recent in Hacking Tools:
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool
- Kautilya – Human Interface Device Hacking Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,000,970 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,511,994 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 692,133 views


Brittany Murphy Dies & Scareware Scammers Strike

Find your website's Achilles' Heel


It seems to be a trend now, whenever someone famous dies some kind of malware or phishing scam will pop up playing on their death with the usual social engineering aspect.

The most memorable one recently of course was the passing of The King of Pop – Michael Jackson

The latest one is Brittany Murphy who passed away last Sunday, search results lead users to fake anti-virus products labeled as ‘scareware’ tactics.

Actress Brittany Murphy’s sudden death, just like Michael Jackson’s untimely demise before her, has quickly been exploited by scareware scammers.

A spike in searches on Murphy’s death has been taken as a theme for Black Hat SEO attacks, designed to push sites that have been hacked to redirect surfers to scareware portals into prominence in search engine results.

Windows users who click on links to poisoned search results get exposed to a fake anti-virus scan, designed to frighten users into buying rogue security software of little or no utility.

They have to act fast of course to get their results ranking at the top during the aftermath of a celebrity death.

For most tech-savvy users I don’t think it would be much of an issue, but for the average joe it seems they are fairly gullible when it comes to promises of anti-viral solutions.

Net security firm F-Secure, which has a full write-up of the attack here, detects the strain of scareware involved in the attack as Fakevimes-T. More detail on how search results were poisoned can be found in a blog posting be WebSense here.

Murphy, who starred in movies including 8 Mile, Sin City and Spun died on Sunday, 20 December after collapsing at her LA home. She was only 32. The precise cause of death is yet to be determined but an autopsy is planned. ®

It’s a sad event nevertheless and I hope the news doesn’t come out that yet another celebrity died from a drug overdose.

It has been rumoured that Brittany Murphy used drugs due to intense Hollywood pressure to maintain her slim stature.

Oh well, Merry Christmas indeed!

Source: The Register


Posted in: Malware, Social Engineering, Spammers & Scammers

Tags: , , , , , , , , , , , , ,

Posted in: Malware, Social Engineering, Spammers & Scammers | Add a Comment
Recent in Malware:
- Androguard – Reverse Engineering & Malware Analysis For Android
- Android Devices Phoning Home To China
- Linux kernel.org Hacker Arrested After Traffic Stop

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,577 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,706 views
- US considers banning DRM rootkits – Sony BMG - 45,006 views


PDFResurrect v0.9 Released – PDF Analysis and Scrubbing Utility

Find your website's Achilles' Heel


PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions.

This tool can also “scrub” or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.

Release Notes

v0.9 is a bug fix release and addresses the gathering of data (within limit) for the Creator MetaData at the end of a PDF. The previous version would stop prematurely, or possibly get too much info (in certain cases).

You can download PDFResurrect v0.9 here:

pdfresurrect-v0_9.tar.gz

Or read more here.


Posted in: Hacking Tools, Privacy

Tags: , , , , , , , ,

Posted in: Hacking Tools, Privacy | Add a Comment
Recent in Hacking Tools:
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool
- Kautilya – Human Interface Device Hacking Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,000,970 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,511,994 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 692,133 views


Is Google Public DNS Safe?

Your website & network are Hackable


Google recently launched a public DNS service similar to the popular service over at OpenDNS, you can find it on Googlecode here – http://code.google.com/speed/public-dns/.

The first obvious reaction for the infosec crowd (with all the recent DNS flaws), is to question the security of the Google DNS service.

HD Moore has done some good analysis on the service as outlined below.

Yesterday, Google launched its new Public DNS service. Among the benefits that Google is claiming for the new service is that it helps to secure DNS for users. Is that an accurate claim?

One of the big issues that security researcher Dan Kaminsky disclosed about DNS insecurity in 2008 was that DNS request information isn’t quite as random as it should be. The way DNS works is that each DNS request is supposed to carry with it a random number transaction ID. But it turns out that the random number is only one out of 65,000. DNS is at risk when there isn’t enough randomization and a hacker can ‘guess’ the number.

So is Google’s Public DNS random enough? I got a comment from famed security researcher, H D Moore on that point. Moore knows what he’s talking about when it comes to DNS exploits as his Metasploit tool was among the first to have a weaponized version of the Kaminsky DNS flaw.

It seems like the port allocation of the Google DNS system is adequately random even though it’s drawing from a fairly small port range.

So the claims this could be a more secure DNS server for most systems are true, it will protect against DNS cache poisoning attacks at least.

Moore has now put together a mapping of Google’s source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports.

According to HD, it looks like Google’s focus on security might be on the right track and the DNS could be good at preventing cache poisoning attacks.

His sample size is only 10,000 requests here, which isn’t a huge number but does give a decent sample in my view. He has also graphed source ports, transaction IDS and a comparison of source ports to those transaction IDs.

I’ll switch over from OpenDNS and give the Google system a try, maybe it’ll reduce the lag time a little.

If anyone else is already using it, do share with us your thoughts in the comment section below.

Source: Internet News (Thanks Navin)


Posted in: General News, Network Hacking

Tags: , , , , , , , ,

Posted in: General News, Network Hacking | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,467 views
- eEye Launches 0-Day Exploit Tracker - 85,870 views
- Seattle Computer Security Expert Turns Tables On The Police - 44,764 views


Microsoft CAT.NET v1.1.1.9 – Binary Code Analysis Tool .NET

Find your website's Achilles' Heel


CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.

CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within a managed code (C#, Visual Basic .NET, J#) application you are developing. It does so by scanning the binary and/or assembly of the application, and tracing the data flow among its statements, methods, and assemblies.

This includes indirect data types such as property assignments and instance tainting operations. The engine works by reading the target assembly and all reference assemblies used in the application — module-by-module — and then analyzing all of the methods contained within each. It finally displays the issues its finds in a list that you can use to jump directly to the places in your application’s source code where those issues were found.

The following rules are currently support by this version of the tool

  • Cross Site Scripting
  • SQL Injection
  • Process Command Injection
  • File Canonicalization
  • Exception Information
  • LDAP Injection
  • XPATH Injection
  • Redirection to User Controlled Site

System Requirements

Supported Operating Systems: Windows Vista; Windows XP

OS: XP, Vista Software: .NET Framework 2.0, Visual Studio 2005 or 2008.

You can download CAT.NET here:

CATNETx32.msi

Or read more here.


Posted in: Programming, Security Software, Windows Hacking

Tags: , , , , , , , , , , , , , , , , , , ,

Posted in: Programming, Security Software, Windows Hacking | Add a Comment
Recent in Programming:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- movfuscator – Compile Into ONLY mov Instructions
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode

Related Posts:

Most Read in Programming:
- FLARE – Flash Decompiler to Extract ActionScript - 67,496 views
- Modern Exploits – Do You Still Need To Learn Assembly Language (ASM) - 28,782 views
- 4f: The File Format Fuzzing Framework - 23,878 views


Facebook Pushes Out New Privacy Settings

Your website & network are Hackable


There have been plenty of stories about Facebook in the past and the latest is about their new privacy system. From what I understand they have abandoned the previous concept of “Networks” and now everyone is open to everyone else.

The network system was initially relevant when the site was targeted at only US college students, it easily allowed students from the same college to find each other. But now since it’s become global and the networks had changed into countries or even continents it was rather too open.

Facebook is urging its 350 million users to open their kimonos to the entire internet as part of its revamped security settings.

Unveiled on Wednesday, the social network’s new privacy controls are designed are to expose a user’s personal data – including status updates, posted content, and details about friends and family – to everyone on the wild, wild web.

Facebook says the freely-shared data “makes it easier for people to find and learn about you” — but critics claim it’s a actually ploy to drive up Facebook traffic by getting more of its pages cataloged by RSS feeds and search engines.

The surprising part is, when receiving the prompt today it suggests you open ALL your data to everyone! So instead of the expected tighter default privacy settings it’s pushing its users to disregard privacy totally.

It would make sense for them to push this, because if everyone opens everything there is far more for the search engines to spider and as a byproduct Facebook traffic will increase earning them more in the way of ad revenue.

Starting now, when a current user logs into Facebook, they will be asked to review and update their privacy settings. Users are then prompted to make changes to who (and what) is allowed to ogle various sections of their profile and postings.

While Facebook allows users to retain their old settings quite easily, the recommended options strongly encourage a brave new world of personal data sharing.

It should be noted that users under 18 are restricted to sharing details with Facebook friends no matter which options they select.

I’d imagine anyone here (if they even use Facebook) would already have fairly restrictive Facebook privacy settings in place..and well it’s easy enough to keep your old settings.

But for the less savvy user I think they may well take the suggestions and apply them…which is really not a good idea.

We will have to wait a few days and see if there is any major outcry.

Source: The Register


Posted in: General News, Privacy

Tags: , , , , , , , ,

Posted in: General News, Privacy | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,467 views
- eEye Launches 0-Day Exploit Tracker - 85,870 views
- Seattle Computer Security Expert Turns Tables On The Police - 44,764 views


inSSIDer v1.2.3.1014 – Wi-Fi network scanner For Windows

Find your website's Achilles' Heel


inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn’t work well with Vista and 64-bit XP, we built an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems.

What’s Unique about inSSIDer?

  • Use Windows Vista and Windows XP 64-bit.
  • Uses the Native Wi-Fi API.
  • Group by Mac Address, SSID, Channel, RSSI and “Time Last Seen.”
  • Compatible with most GPS devices (NMEA v2.3 and higher).

How can inSSIDer help me?

  • Inspect your WLAN and surrounding networks to troubleshoot competing access points.
  • Track the strength of received signal in dBm over time.
  • Filter access points in an easy to use format.
  • Highlight access points for areas with high Wi-Fi concentration.
  • Export Wi-Fi and GPS data to a KML file to view in Google Earth

InSSIDer is licensed under the Apache License, Version 2.0. The source code is freely available from the public Subversion repository at http://www.metageek.net/svn/trunk.

You can download inSSIDer here:

Inssider_Installer.msi

Or read more here.


Posted in: Hacking Tools, Network Hacking, Wireless Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Wireless Hacking | Add a Comment
Recent in Hacking Tools:
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool
- Kautilya – Human Interface Device Hacking Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,000,970 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,511,994 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 692,133 views