Archive | December, 2010

India Central Bureau of Investigation (CBI) Site Still Down

Cybertroopers storming your ship?


There has been quite a lot of chatter online about this case, politically there are long standing disputes between India and Pakistan and naturally these also extend to online wars – which inevitably end in defacement.

The latest target from the group calling themselves the Pakistani Cyber Army was the site for the Central Bureau of Investigation in India – http://cbi.nic.in/.

Almost 4 days after the defacement, the site still appears to be down.

Close to four days after the site of India’s key investigation agency, the Central Bureau of Investigation (CBI), was hacked and defaced, the web site is still inaccessible to users.

The CBI is doing a thorough security audit, and plugging all holes to prevent another hack, Vinita Thakur, a spokeswoman said on Tuesday. She didn’t say when that would be complete, and the site restored.

The web site of the CBI was hacked and defaced on Friday night. The hackers calling themselves the “Pakistani Cyber Army” left a message saying that the attack was in revenge for similar Indian attacks on Pakistani sites.

The CBI’s IT systems were not compromised by the hack, as the web site and the CBI’s computer systems are separate, Thakur said.

They say they are doing a thorough audit and they are going to plug all the holes, but in reality – we know that’s not true because it’s not possible. They both seem to be stuck in a catch 22 situation as both the Indian and Pakistani sides continue with revenge attacks for the previous defacement.

Almost immediately after this attack the Indian Cyber Army executed another hack and deface job to retaliate. And well, whatever happens after this – it’s not going to be pretty for either side.


The information that the hackers had access to was public information, she added.

The border dispute between India and Pakistan over Kashmir has often spilled online, with both sides attempting to hack each other’s web sites.

The web site of Pakistan’s Oil & Gas Regulatory Authority was hacked on Saturday by a group called “Indian Cyber Army” in retaliation for the CBI web site hack, according to media reports from Pakistan.

The web site which displayed the message “This Account has been suspended” late Saturday, has since been restored.

The Pakistani site that was attacked is back up and accessible to the public again, but as of now I’m still seeing some database access error messages in the sidebar and at the top of the page – http://www.ogra.org.pk/.

My guess would be that this is not going to stop any time soon.

Source: Network World


Posted in: General News

Tags: , , , , , , , , , , , , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,366 views
- eEye Launches 0-Day Exploit Tracker - 85,461 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,623 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)

Cybertroopers storming your ship?


There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI).

A new simple tool was released recently which focuses purely on LFI attacks.

Functions

  • Automatically find the root of the file system
  • Detect default files outside of the web folder
  • Attempts to detect passwords inside the files
  • Supports basic authentication
  • Can use null byte to bypass some controls
  • Writes a report of the scan to a file

You can download LFIMAP 1.4.3 here:

lfimap-1.4.3.tar.gz

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking

Tags: , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,128 views
- AJAX: Is your application secure enough? - 119,997 views
- eEye Launches 0-Day Exploit Tracker - 85,461 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Cloud Computing Use By Criminals Increasing

Cybertroopers storming your ship?


Over the last couple of years Cloud Computing has started gaining some real leverage, it’s being deployed on a wide scale, it’s becoming more affordable and the platforms supplying such services are becoming more stable.

Of course the natural progression of this wider adoption is the focus of the security community and naturally the bad guys too.

There are already tools/services that will rate your Cloud Security and there have been demonstrations of Password Cracking using Cloud Platforms.

Legitimate businesses may well be turning to the Cloud in increasing numbers, but so too are illegitimate business, according to the Minister for Home Affairs and Justice, Brendan O’Connor.

In a speech, given at the International Association of Privacy Professionals Annual Conference in Sydney, O’Connor said cyber criminals were increasingly exploiting the Cloud to achieve their own aims.

“Cyber criminals can not only steal data from Clouds, they can also hide data in Clouds,” he said. “Rogue Cloud service providers based in countries with lax cybercrime laws can provide confidential hosting and data storage services, which facilitates the storage and distribution of criminal data, avoiding detection by law enforcement agencies. By way of example, O’Connor said cyber criminals could use the Cloud to secretly store and distribute child abuse material for commercial purposes.

“Cyber criminals can control servers in Clouds, denying legitimate users access to websites and targeting websites with repeated messages or images,” he said. “There have also been suggestions that Clouds can be used as launching pads for new attacks, such as trying all possible password combinations to break into encrypted data.”

According to O’Connor, the late 2009 attack on Google and several other companies was a reminder of how vulnerable systems and data were.

The whole Cloud model is a boon for cyber-criminals as they can effectively rent as much computing power and storage space as they need with stolen credit card details. They can keep it private if they want, and it’s distributed virtually ‘bullet-proof’ hosting.

I’m sure it’s something which will become more prevalent and I’m pretty sure it’s something which the authorities will start looking into soon. The one thing that will get everyone hot and bothered is if it’s discovered that a Cloud Platform is being used for any form of terrorism.


In order to mitigate the risks posed by cyber security, increased transparency and confidence building between Cloud service providers, businesses and government agencies was required, O’Connor said.

For its part, the government was seeking to achieve this through Australian Federal Police’s (AFP) High Tech Crime Unit, a child exploitation tracking system developed by CrimTrac, and thought leadership from the Australian Government Information Management Office (AGIMO).

“AGIMO has consulted widely across government, and is currently investigating a number of issues, including: the vulnerability of offshore data storage; the extra-territorial legal issues around compliance and privacy; and, the contractual arrangements necessary to achieve appropriate levels of security,” O’Connor said.

“Because Cloud service providers aren’t interchangeable, the difficulties inherent in swapping providers will also need to be considered, along with the ability to retrieve information in the event of a disaster or vendor failure.”

In addition, there may also be increased security or privacy risks for governments if a Cloud had unrelated customers sharing hardware and software resources, with the concentration of resources and data in one place providing an attractive target for cyber-criminals.

As with any new platform it needs to mature and it needs some kind of legislation to crack down on illegal activities plus laws to deal with privacy, data segregation and so on.

It’s certainly an area which has sparked some interest and I’m sure we’ll all be watching it closely. I do deal with some large scale web deployments that need high-availability/clustered/cloud platform components so I’m pretty sure some of you do to.

Source: Network World


Posted in: General Hacking, Web Hacking

Tags: , , , , , , ,

Posted in: General Hacking, Web Hacking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,167,589 views
- Hack Tools/Exploits - 620,963 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 432,042 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Armitage – Cyber Attack Management & GUI For Metasploit

Don't let your data go over to the Dark Side!


Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.

Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver.

For discovery, Armitage exposes several of Metasploit’s host management features. You can import hosts and launch scans to populate a database of targets. Armitage also visualizes the database of targets–you’ll always know which hosts you’re working with and where you have sessions.

Armitage assists with remote exploitation–providing features to automatically recommend exploits and even run active checks so you know which exploits will work. If these options fail, you can use the Hail Mary approach and unleash db_autopwn against your target database.

For those of you who are hacking post-2003, Armitage exposes the client-side features of Metasploit. You can launch browser exploits, generate malicious files, and create Meterpreter executables.

Once you’re in, Armitage provides several post-exploitation tools built on the capabilities of the Meterpreter agent. With the click of a menu you will escalate your privileges, dump password hashes to a local credentials database, browse the file system like your local, and launch command shells.

Finally, Armitage aids the process of setting up pivots, a capability that lets you use compromised hosts as a platform for attacking other hosts and further investigating the target network. Armitage also exposes Metasploit’s SOCKS proxy module which allows external tools to take advantage of these pivots. With these tools, you can further explore and maneuver through the network.

If you want to learn more about Metasploit there are also some great resources here:

Learn to use Metasploit – Tutorials, Docs & Videos

Requirements

To use Armitage, you need the following:

  • Linux or Windows
  • Java 1.6+
  • Metasploit Framework 3.5+
  • A configured database. Make sure you know the username, password, and host.

Armitage Changelog

You can download Armitage here:

Windows – armitage112510.zip
Linux – armitage112510.tgz

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,128 views
- AJAX: Is your application secure enough? - 119,997 views
- eEye Launches 0-Day Exploit Tracker - 85,461 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95