Archive | March, 2010

WebRaider – Automated Web Application Exploitation Tool

Find your website's Achilles' Heel


WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point

Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload.

  • It’s only one request therefore faster,
  • Simple, you don’t need a tool you can do it manually by using your browser or a simple MITM proxy,
  • Just copy paste the payload,
  • CSRF(able), It’s possible to craft a link and carry out a CSRF attack that will give you a reverse shell,
  • It’s not fixed, you can change the payload,
  • It’s short, Generally not more than 3.500 characters,
  • Doesn’t require any application on the target system like FTP, TFTP or debug.exe,
  • Easy to automate.

Dependencies

Internally WebRaider uses Metasploit. The authors use a specific version of Metasploit, they trimmed the fat from Metasploit to launch it faster and make it smaller. You can change the paths and make it work with the latest Metasploit of your own setup.

Also note due to the reverse shells and Metasploit components this software will be detected a virus by AV software.

You can download WebRaider here:

WebRaider-0.2.3.8.zip

Or read more here.


Posted in: Database Hacking, Hacking Tools, Web Hacking

Tags: , , , , , , , , , , , , , , , ,

Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,375 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,382 views
- SQLBrute – SQL Injection Brute Force Tool - 40,914 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Energizer Duo USB Battery Charger Software Has Backdoor Trojan

Find your website's Achilles' Heel


There has been a number of interested stories lately especially related to hardware, the latest doing the rounds is this one where a seemingly innocuous USB battery charger has been installing some nasty remote control software onto users systems.

The charger at fault is the Energizer Duo USB Battery Charger, you’re only at risk if you’re a windows user and downloaded the software for the charger from the Energizer site (specfically from – www.energizer.com/usbcharger).

There’s a good breakdown and technical description at the kb.cert here – Vulnerability Note VU#154421.

A Trojan backdoor found its way into Energizer Duo USB battery charger software downloads.

Malware bundled in a charger-monitoring software download package opens up a back door on compromised Windows PCs. The contaminated file is automatically downloaded from the manfacturer’s website during the installation process, not bundled with an installation CD.

Symantec warns that a file called “Arucer.dll”, which it identifies as Trojan-Arugizer, that is installed on compromised systems is capable of all manner of mischief. This includes sending files to the remote attacker or downloading other strains of malware, as instructed via commands on a back channel controlled by hackers.

It’ll be interesting to see how the malicious .dll file got into the software bundle in the first place without any detection.

Was it a server/network hack or did it come from wherever the devices were manufactured (the header info in the .dll seems to indicate once again the source is China).

Hopefully within the next week or so we’ll hear some more news as to what actually happened, or more likely it’ll be swept under the carpet and we won’t hear a peep.

In a statement, Energizer acknowledged the problem and discontinued sale of the affected device, the Duo Charger (Model CHUSB). The battery maker has also launched an investigation into how backdoor functionality found its way into its software.

“Energizer has discontinued sale of this product and has removed the site to download the software. In addition, the company is directing consumers that downloaded the Windows version of the software to uninstall or otherwise remove the software from your computer. This will eliminate the vulnerability. In addition CERT and Energizer recommend that users remove a file that may remain after the software has been removed. The file name is Arucer.dll, which can be found in the Window system32 directory.

Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software. Additional technical information can be found here.”

The compile time for the file is May 10, 2007 so that means most likely the malicious file has been packaged into the software for the past 3 years! It looks like Energizer might have some major clean-up operation to carry out.

There’s a good technical write-up by Symantec here:

Back Door Found in Energizer DUO USB Battery Charger Software

Network World has also published a follow-up article here:

The Energizer DUO Trojan: What You Need to Know

Source: The Register


Posted in: Legal Issues, Malware

Tags: , , , , , , , , , , ,

Posted in: Legal Issues, Malware | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,699 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,617 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,614 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


SAHI – Web Automation & Application Security Testing Tool

Your website & network are Hackable


Sahi is an automation tool to test web applications. Sahi injects javascript into web pages using a proxy and the javascript helps automate web applications.

Sahi is a tester friendly tool. It abstracts out most difficulties that testers face while automating web applications. Some salient features include excellent recorder, platform and browser independence, no XPaths, no waits, multi-threaded playback, excellent Java interaction and inbuilt reporting.

Features

  • Browser and Operating System independent
  • Powerful recorder which works across browsers
  • Powerful Object Spy
  • Intuitive and simple APIs
  • Javascript based scripts for good programming control
  • Version Controllable text-based scripts
  • In-built reports
  • In-built multi-threaded or parallel playback of tests
  • Tests do not need the browser window to be in focus
  • Command line and ant support for integration into build processes
  • Supports external proxy, HTTPS, 401 & NTLM authentications
  • Supports browser popups and modal dialogs
  • Supports AJAX and highly dynamic web applications
  • Scripts very robust
  • Works on applications with random auto-generated ids
  • Very lightweight and scalable
  • Supports data-driven testing. Can connect to database, Excel or CSV file.
  • Ability to invoke any Java library from scripts

Limitations

  • Framesets/pages with frames/iframes loading pages from multiple domains is not supported. Sahi cannot handle pages which have other pages from different domains embedded in them using iframes or frames. So you cannot have a page from google.com having an iframe with a page from yahoo.com. Note that this is not the same as switching between domains, where you navigate from a google.com page to a yahoo.com page, which will work in Sahi.
  • File upload field will not be populated on browsers for javascript verification. File upload itself works fine

You can download SAHI here:

sahi_20100302.zip

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,662 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,418,301 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,649 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Boffins Crack OpenSSL Library Using Power Fluctuations

Find your website's Achilles' Heel


Now this is a very interesting technique, as far as I know I’ve not seen anything similar to this before. It’s like a rather bizarre meld of hardware hacking and software exploitation using cryptographic algorithm cracking techniques.

Some rather smart fellas have found a way to extract the private SSL key from a device by creating fluctuations in the power supply and reading the output whilst the device was encrypting data using the private key.

In around 100 hours they could deduce the complete 1024-bit private key stored on the device.

Computer scientists say they’ve discovered a “severe vulnerability” in the world’s most widely used software encryption package that allows them to retrieve a machine’s secret cryptographic key.

The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systems throughout the world. Although the attack technique is difficult to carry out, it could eventually be applied to a wide variety of devices, particularly media players and smartphones with anti-copying mechanisms.

“Wherever you need to verify the origin of a piece of software or a piece of information, those building blocks come in handy,” said Karsten Nohl, an independent security researcher who in unrelated attacks has broken encryption in widely used smartcards and cordless phones. “The OpenSSL library provides much more than just SSL.”

Now although this flaw can be deemed extremely serious and the number of applications and operating systems that use OpenSSL is huge…the fact that they need physical access to the device the manipulate the power supply means the scope of the attack is limited.

It’s not something you could pull off on a remote server in a data center for example.

It would be interesting however for cracking private keys on consumer hardware devices to access the private network that the device hooks onto for updates/subscription packages etc.

The scientists, from the University of Michigan’s electrical engineering and computer science departments, said the bug is easily fixed by applying cryptographic “salt” to an underlying error-checking algorithm. The additional randomization would make the attack unfeasible. An OpenSSL official, who asked that his name not be published, said engineers are in the process of pushing out a patch and stressed the attack is difficult to carry out in real-world settings.

The university scientists found that they could deduce tiny pieces of a private key by injecting slight fluctuations in a device’s power supply as it was processing encrypted messages. In a little more than 100 hours, they were able to feed the device enough “transient faults” that they were able to assemble the entirety of its 1024-bit key.

“This is probably not as much of a threat to a server system as it is to a consumer device,” said Todd Austin, one of the scientists who devised the attack. “The place where this would be more applicable would be if you want to attack a Blu-ray player (where) you have an environment where someone is giving you a device that has a private key to protect intellectual property and you have physical access to the device.”

But as per usual for cryptographic attacks, they are usually researched and developed by scientists and work in the theoretical realm far better than they do in reality for practical exploitation.

Either way it’s an interesting attack and an interesting use of technology, of course OpenSSL will be patching the problem shortly (adding a simple salt will negate the attack).

What will they come up with next?

Source: The Register


Posted in: Cryptography, Exploits/Vulnerabilities, Hardware Hacking

Tags: , , , , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities, Hardware Hacking | Add a Comment
Recent in Cryptography:
- PEiD – Detect PE Packers, Cryptors & Compilers
- DROWN Attack on TLS – Everything You Need To Know
- Dell Backdoor Root Cert – What You Need To Know

Related Posts:

Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,699 views
- Hackers Crack London Tube Oyster Card - 44,807 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 32,999 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Ncrack – High Speed Network Authentication Cracking Tool

Your website & network are Hackable


Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients.

Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more.

Ncrack was started as a “Google Summer of Code” Project in 2009. While it is already useful for some purposes, it is still unfinished, alpha quality software. It is released as a standalone tool, be sure to read the Ncrack man page to fully understand Ncrack usage.

You can download Ncrack ALPHA here:

Tarball: ncrack-0.01ALPHA.tar.gz
Windows Binary: ncrack-0.01ALPHA-setup.exe

Or read more here.


Posted in: Hacking Tools, Network Hacking, Password Cracking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Password Cracking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,662 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,418,301 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,649 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


High Tech Ticket Scalpers Earn $25 Million Profits

Find your website's Achilles' Heel


Today’s news is that a company in the US has been using CAPTCHA breaking technology to run a very profitable ticket scalping operation.

Reports state they netted a $25 Million USD profit over a 6 year period, which is an industry is extremely lucrative especially for a reasonably small operation.

Of course they way in which they did this was extremely unscrupulous, snapping up prime tickets within seconds of them opening then selling them later for much inflated prices.

Federal prosecutors have accused four men of fraudulently obtaining more than 1.5 million concert and sporting-even tickets by hacking the computer systems of multiple vendors.

Over a six-year period, the men employed computer scripts that snapped up tickets to some of the hottest events just a fraction of a second after they went on sale, according to documents filed in US District Court in New Jersey. The scheme, which generated more than $25m in profit, froze out legitimate customers by defeating mechanisms designed to block automated purchases by scalpers.

The 43-count indictment provides a detailed account into the means the men used to fraudulently obtain huge caches of premium tickets to concerts by Bruce Springsteen, Coldplay, and last year’s Sugar Bowl American college football contest. By hacking the sites’ captchas and automatically submitting website forms, they completed purchases in fractions of seconds, securing them front-row seats that were impossible for most fans to obtain.

You know they are going too far when their own employees start warning the bosses they are pushing the ticket prices too high.

As someone who attends concerts I would find this kind of thing extremely annoying and unfair..unless of course it was me running the scam and profiting.

But that’s a different story. Either way, it looks like they have finally been busted and all the details exposed, I’ll be interested to see what the punishment will be as at the end of the day the people losing out are not the artists or the ticket brokers but the actual fans themselves who have been overpaying for premium tickets.

The indictment names four principals of Nevada-based Wiseguy Tickets, which from 2002 until early last year generated more than $121 million in revenue buying tickets and then reselling them at massively inflated prices. Their ability to shut out the rest of market was so consummate that one employee allegedly warned his boss the company might suffer a backlash from ticket brokers and fans alike if it raised prices too high.

“So, whenever you think about pricing, please also think that you are a monopoly not just for your brokers, but for their clients as well – those small clients no longer have the opportunity to score on their own on the web and feel vindicated,” the employee wrote in a 2007 email. “If you do 1 million in tickets in 2007, this means that 1 million people will be displaced from the seats they deserved and further 1 million will pay far more for the seat they are in than they are supposed to.”

To make the hack work, Wiseguys employed OCR, or optical character recognition, technology that automated the process of solving captchas, the challenge and response puzzles designed to ensure a website form is being filled out by a human rather than a script.

The indictment mostly lays charges under wire fraud and unauthorized access, so definitely within the white collar crime arena.

Lowson, the founder of the company has been detained whilst two other were released on bail. The 4th person charged is currently out of the US and is expected to be charged within the coming weeks.

I’ll be watching out for this case as I’m interested to see what kind of punishment is going to be handed out.

Source: The Register


Posted in: Legal Issues, Spammers & Scammers

Tags: , , , , , , , , , , ,

Posted in: Legal Issues, Spammers & Scammers | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,699 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,617 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,614 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Web Security Dojo – Training Environment For Web Application Security

Your website & network are Hackable


Web Security Dojo is a free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo

What?
Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v9.10.

Why?

The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.

Web Security Dojo currently contains:

Targets –

  • OWASP’s WebGoat v5.2
  • Damn Vulnerable Web App v1.0.6
  • Hacme Casino v1.0
  • OWASP InsecureWebApp v1.0
  • Simple training targets by Maven Security (including REST and JSON)

Tools –

  • Burp Suite (free version) v1.3
  • w3af cvs version
  • OWASP Skavengerv0.6.2a
  • OWASP Dirbuster v1.0 RC1
  • Paros v3.2.13
  • Webscarab v20070504-1631
  • Ratproxy v1.57-beta
  • sqlmap v0.7
  • Helpful Firefox add-ons

You can download Web Security Dojo here:

VMWare image – dojo_v1.0-vmware.zip
VirtualBox image – dojo_v1.0-virtualbox.zip

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,662 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,418,301 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,649 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95