Archive | September, 2011

Multi Threaded TCP Port Scanner For Linux & Windows

Your website & network are Hackable


This tool is exactly what it says, it’s a Multi Threaded TCP Port Scanner with possibility to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. It will tell you the MAC address of the target and the service running – works on both Linux and Windows.

Version 2.0 adds SYN scanning capabilities and much more:

  • Added option -s for SYN scan.
  • Scanning made faster thanks to SYN scan
  • Added even more default ports
  • Improved error handler for SYN scan
  • Improved text output
  • Fixed minor bugs

A new branch of the program has been created to support SYN scan. SYN scan was necessary because under some circumstances of heavy load, the TCP Connect scan can hang routers. SYN scan is multithreaded and uses the standard library pcap on Unix/Linux operating systems. Please be aware that SYN scan requires a higher level of authorization, if compared to connect sockets: in Unix/Linux pscan requires root privilege. In some operating systems, SYN scan is performed using connectionless “raw” sockets, therefore the usage of pscan is subject to possible restriction to the usage of raw sockets in such operating systems.


With SYN scan, option -w is not used because the program does not use connected sockets, so it doesn’t have to loop reading a socket until the timeout is reached. The receive function doesn’t have to poll over a number of sockets, but simply reads the packets passing through the network card, for all ports, and displays the message of “open port” when the packet coming from the remote IP contains the information that the remote port is open. For the same reason, options -a and -n are not used. The first one because packets sent to closed ports are simply not being replied to, so they cannot be counted; the second one because the function that reads packets is one, and performs this by reading packets from the network card, not from multiple sockets.

You can download Multi Threaded TCP Port Scanner v2.0 here:

threaded-syn-port-scanner-2.0.zip

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,991,859 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,476,273 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,908 views

Get protected with Sucuri


MySQL.com Compromised & Spreading Malware

Your website & network are Hackable


The latest story doing the rounds is that MySQL.com got hacked and was serving malware which put it on the Google malware block list.

It appears to be in the clear now though and it’s accessible again via Google. It seems to be a similar case with that of the recent Linux.com and Kernel.org hacks – in which the sites were compromised via developers who had access.

In this case it seems MySQL.com was compromised by malware that spreads itself via FTP from client machines, it then uploads malicious JavaScript to any sites the client machine has access to and propagates malware using those sites.

Hackers recently compromised the website hosting the open-source MySQL database management system and caused it to infect the PCs of visitors who used unpatched browsers and plug-ins, security researchers said.

MySQL.com was infected with mwjs159, website malware that often spreads when compromised machines are used to access restricted FTP clients, a blog post from Sucuri Security reported. The hack caused people visiting the site to be redirected to a site that attempted to install malware on visitors’ computers using code from the Blackhole exploit kit, separate researchers from Armorize said.

“It exploits the visitor’s browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, …), and upon successful exploitation, permanently installs a piece of malware into the visitor’s machine, without the visitor’s knowledge,” Armorize researchers warned. “The visitor doesn’t need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.”

Officials with the Oracle-owned MySQL didn’t respond to email seeking comment for this post.

I would say MySQL.com is a fairly high traffic site so this attack may have triggered a fair amount of infections – especially if the people visiting were using outdated versions of Windows or old versions of Internet Explorer.

But then again, I’d find that fairly unlikely – people browsing to the site of the #1 Open Source RDBMS would most likely be using Linux, or fully updated Windows systems with Chrome or Firefox.

That’s what I’d like to think anyway…


The reported breach is the latest to affect the distribution system for a widely used piece of open-source software. The kernel.org and Linux.com websites used to develop and distribute the Linux operating system remain inaccessible four weeks after it was infected with malware that gained root access, modified system software, and logged passwords and transactions of the people who used them. Representatives haven’t said when they expect the sites to be operational again.

Besides sullying the reputation of open-source software as more secure alternative to competing applications from Microsoft and other for-profit companies, the compromises have sparked concerns about the purity of the code the sites host. If attackers were able to secretly alter the code with backdoors, they could potentially surveil or gain control over sensitive networks that rely on the applications.

In the MySQL.com hack, the attackers appear to have aimed for the less ambitious goal of infecting the desktop machines of those who visited the site. At time of writing, just five of the top 44 antivirus providers were detecting the threat, according to this analysis from VirusTotal.

Sucuri speculated the site was infected after a MySQL developer was compromised and had his password stolen.

It doesn’t seem to be as serious as the Linux.com/Kernel.org compromises as in this case it’s simply JavaScript uploaded via FTP from a developer account – the actual server hosting MySQL.com wasn’t really hacked and there was no root access gained.

It seems like they have cleared the infection up now, I wonder if they have any stats on how many people were effected by the malware?

Source: The Register


Posted in: Database Hacking, Exploits/Vulnerabilities

Tags: , , , , , , , , , ,

Posted in: Database Hacking, Exploits/Vulnerabilities | Add a Comment
Recent in Database Hacking:
- DBPwAudit – Database Password Auditing Tool
- VTech Hack – Over 7 Million Records Leaked (Children & Parents)
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 77,222 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,522 views
- SQLBrute – SQL Injection Brute Force Tool - 41,445 views

Get protected with Sucuri


NetworkMiner v1.1 Released – Windows Packet Analyzer & Sniffer

Find your website's Achilles' Heel


NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

NetworkMiner has, since the first release in 2007, become popular tool among incident response teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world.


It’s been a long time since we last mentioned NetworkMiner, it was back in 2008 – NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows.

Now there’s a new version!

New in v1.1

The new version supports features such as:

  • Extraction of Google Analytics data
  • Better parsing of SMB data
  • Support for PPP frames
  • Even more stable than the 1.0 release

You can download NetworkMiner v1.1 here:

NetworkMiner_1-1.zip

Or read more here.


Posted in: Forensics, Hacking Tools, Network Hacking, Windows Hacking

Tags: , , , , , , , , , ,

Posted in: Forensics, Hacking Tools, Network Hacking, Windows Hacking | Add a Comment
Recent in Forensics:
- CuckooDroid – Automated Android Malware Analysis
- Cuckoo Sandbox – Automated Malware Analysis System
- Web Application Log Forensics After a Hack

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,495 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,623 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 30,356 views

Get protected with Sucuri


Google Patches 32 Chrome Browser Bugs & Releases Version 14

Find your website's Achilles' Heel


Google and their Chrome browser have really been stepping things up lately when it comes to security and browsing, we reported not along ago on Google Chrome To Protect Users Against Malicious Executables.

Also since we reported on the Chrome bug bounty program back in February 2010 – Google Willing To Pay Bounty For Chrome Browser Bugs – it seems to have been a great success.

They’ve paid out a fair amount of money and patched 32 vulnerabilities in the latest version of Chrome (v14) – do note though, none of the vulnerabilities were of a critical level.

Google today patched 32 vulnerabilities in Chrome, paying more than $14,000 in bug bounties as it also upgraded the stable edition of the browser to version 14.

The company called out a pair of developer-oriented additions to Chrome 14 and noted new support for Mac OS X 10.7, aka Lion, including full-screen mode and vanishing scrollbars.

Google last upgraded Chrome’s stable build in early August. Google produces an update about every six weeks, a practice that rival Mozilla also adopted with the debut of Firefox 5 last June.

Fifteen of the 32 vulnerabilities were rated “high,” the second-most-serious ranking in Google’s four-step scoring system, while 10 were pegged “medium” and the remaining seven were marked “low.”

None of the flaws were ranked “critical,” the category usually reserved for bugs that may allow an attacker to escape Chrome’s anti-exploit sandbox. Google has patched several critical bugs this year, the last time in April.

Six of the vulnerabilities rated high were identified as “use-after-free” bugs, a type of memory management flaw that can be exploited to inject attack code, while seven of the bugs ranked medium were “out-of-bounds” flaws, including a pair linked to foreign language character sets used in Cambodia and Tibet.

I think the whole bug bounty model is great, I mean look at it this way – Google has paid out $14,000 in bug bounties for these vulnerabilities. That’s a small fraction of what it would cost to get a ‘professional’ company to do as a VA or code-audit on the software.

Plus for the researchers, they get to practise their skills and make a little pocket money on the side. I don’t expect anyone to hand over any critical 0-day type exploits for the amount Google is offering, but still – it makes the browser more secure.

And at the end of the day, more secure browsers make for less virus laden family members and colleagues (and less of that annoying work which we can’t escape for us).


Google paid $14,337 in bounties to nine researchers, including $3,500 to “miaubiz” and $2,337 to Sergey Glazunov, another regular bug finder.

The company’s security team also credited others, including researchers who work for Microsoft and Apple, for “working with us in the development cycle and preventing bugs from ever reaching the stable channel.” Some of those researchers were also awarded bounties, but Google did not spell out the amounts of those awards.

As per its practice, Google barred access to the Chrome bug-tracking database for the 32 vulnerabilities to prevent outsiders from obtaining details on the flaws. The company only opens the database after users have had time to update the browser.

Google also added a pair of developer-only features to Chrome 14, including support for the Web Audio API (application programming interface) and for “native client,” an open-source technology that runs software written in C and C++ within Chrome’s security sandbox.

The Mac version of Chrome 14 also supports Lion’s new approach to scrollbars, which appear only when a user is actively scrolling through the browser window. Chrome 14 also now runs in Lion’s full-screen mode, triggered via the icon in the upper right of the browser or by pressing Ctrl-Command-F.

But Chrome’s full-screen support isn’t polished or finished; the browser won’t return to its windowed view with a press of the Escape key, as do Apple’s home-grown applications in Lion.

Seems like Google had some help from Apple and Microsoft too – good to see the big boys working together.

I’ve given up on Firefox, I tried using Chrome for a while but didn’t really get on with it (seemed like a massive memory hog). I’ve recently switched to Palemoon (a Windows optimised version of Firefox) and it’s great so far.

Source: Network World


Posted in: Countermeasures, Exploits/Vulnerabilities

Tags: , , , , , , , , , , ,

Posted in: Countermeasures, Exploits/Vulnerabilities | Add a Comment
Recent in Countermeasures:
- Bearded – Security Automation Platform
- An Introduction To Web Application Security Systems
- OpenIOC – Sharing Threat Intelligence

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,265 views
- Password Hasher Firefox Extension - 117,882 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,751 views

Get protected with Sucuri


Coliseum Lab By eLearnSecurity – Web Application Security Lab

Your website & network are Hackable


Coliseum Labs is a revolutionary new product by eLearnSecurity, it’s a 100% practical training device for people wanting to learn more about penetration testing.

Basically Coliseum is a framework which allows students to learn web application security through 100% practical hands on training. With the specially crafted web applications ready for you to study, hack and learn from straight away! These web applications known in the system as battles within the arenas are sand-boxed environments that allow the student to benefit from complete user isolation without the need to configure local virtual machines.

The framework also allows the student to create from scratch their own vulnerable web applications which can be shared between the community to enhance the environment, giving everyone new and exciting challenges to continually study, hack and learn from.

Coliseum Lab

Main Points

  • 100% hands on training
  • Virtual labs: no virtual machines needed
  • 14 educational challenges
  • Get hints and tips when you are stuck
  • Goal based challenges: claim your trophy!
  • Multi-platform: play on different targets
  • Chat with fellow students during lab time
  • Fits our Pentesting courses
  • Prepares you for eCPPT certification
  • Unlimited access for 1 or 2 months
  • Enroll now and start your period later
  • Access to our forums for support

This is an extremely practical way of learning more about pen-testing and getting to try out the tools you will have to master in a hands-on and task driven environment.

eLearnSecurity are offering some exclusive bundles for Darknet readers if you are interested in getting on the Coliseum Lab to help during your pen-testing course.

If you want to learn more about the eLearnSecurity penetration testing courses, you can read our reviews here – Pentesting Student or Pentesting Professional and read their article here:

Read this before signing up for any Penetration Testing Course

The discount coupon is DARKNELS-SEPT-30 and discounts the bundles by 5% if used before September 30th:

Professional course + 1 month in Coliseum Lab

Student course + 1 month in Coliseum Lab

Exclusively for Darknet readers you can get a free pass for Coliseum Labs here:

Coliseum Lab Demo

Please note – these offers are only valid BEFORE SEPTEMBER 30th – so don’t hang around.


Posted in: Advertorial, General Hacking

Tags: , , , , , , , ,

Posted in: Advertorial, General Hacking | Add a Comment
Recent in Advertorial:
- Everything You Need To Know About Web Shells
- Web Application Log Forensics After a Hack
- Defence In Depth For Web Applications

Related Posts:

Most Read in Advertorial:
- eLearnSecurity – Online Penetration Testing Training - 42,003 views
- Acunetix Web Vulnerability Scanner 6 Review - 15,347 views
- Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements - 15,201 views

Get protected with Sucuri


Lilith – Web Application Security Audit Tool

Find your website's Achilles' Heel


LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html form tags , which often refer to dynamic pages that might be subject to SQL injection or other flaws. It works as an ordinary spider and analyses pages, following hyperlinks, injecting special characters that have a special meaning to any underlying platform.

Any Web applications scanner can never perform a full 100% correct audit. Therefore, a manual re-check is necessary. Hence, be aware that Lilith might come up with several false positives.

LiLith is a program that verifies the security of a web application. As a security consultant, the author often sees web applications that contain security flaws. A web application is a complex entity and cannot be fully checked with “just any tool”, therefor I recommend you to manually verify any results.

How the entire “scanning” process works is different from so called “CGI scanners”, such as nikto and n-stealth. This program will surf to a website and crawls through all the links, just as a user would to. On any possible input field, such as text boxes, page id’s, … LiLith will attempt to inject any characters that might have a special meaning for any underlying technology such as SQL.

For more information, it is recommended to read the following white paper: web dissection using lilith.

You can download Lilith here:

lilith-06atar.gz

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,991,859 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,476,273 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,908 views

Get protected with Sucuri


WAVSEP – Web Application Vulnerability Scanner Evaluation Project

Find your website's Achilles' Heel


The author of WAVSEP (Shay Chen) e-mailed quite some time back about this project, but I have to say I honestly didn’t have time to look at it back then. It popped back up on my radar again when it was mentioned by the author of – Arachni v0.3 – his tool did extremely well in the WAVSEP tests.

The benchmark tests the SQL Injection and Reflected XSS vulnerability detection accuracy of12 commercial web application scanners and 48 free & open source web application scanners, and discusses the capabilities of many others (including information about a potential Trojan horse in one of them).

In addition to the benchmark, the author has published a detailed feature comparison between all the scanners (which generally include every open source or free to use web application vulnerability scanner commonly available)

The research compares the following aspects of these tools:

  • Number & Type of Vulnerability Detection Features
  • SQL Injection Detection Accuracy
  • Reflected Cross Site Scripting Detection Accuracy
  • General & Special Scanning Features

And what the author believes to me most important is that during his research he has developed a toolkit that can be used by any individual or organization to test the accuracy of web application scanners in a very detailed and accurate manner.

I for one applaud his efforts and I think this is a great project, of course there’s no completely objective ranking for these kind of things – but this study does give you a good idea of where different apps stand especially in terms of SQL Injection and XSS detection.

A lot of the tools we’ve written about here at Darknet come out tops (unsurprisingly).

The benchmark and reports (about 13 in total) can be found here:

http://sectooladdict.blogspot.com/

The framework for assessing vulnerability scanners was implemented in JEE and can be downloaded here:

wavsep-v1.0.3-war.zip

Or you can read more here.


Posted in: Web Hacking

Tags: , , , , , , , , , ,

Posted in: Web Hacking | Add a Comment
Recent in Web Hacking:
- PunkSPIDER – A Web Vulnerability Search Engine
- UFONet – Open Redirect DDoS Tool
- Everything You Need To Know About Web Shells

Related Posts:

Most Read in Web Hacking:
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,908 views
- Web Based E-mail (Hotmail Yahoo Gmail) Hack/Hacking with JavaScript - 312,075 views
- Download youtube.com videos? - 156,586 views

Get protected with Sucuri


Recent in Exploits/Vulnerabilities:
- PunkSPIDER – A Web Vulnerability Search Engine
- Dropbox Hacked – 68 Million User Accounts Compromised
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,817 views
- AJAX: Is your application secure enough? - 120,265 views
- eEye Launches 0-Day Exploit Tracker - 85,737 views

Get protected with Sucuri


winAUTOPWN v2.7 Released – Windows Autohacking Tool

Find your website's Achilles' Heel


I’ve always been skeptical about this tool, especially seen as though the first version was released on April Fools day in 2009, anyway it’s 2 years later now and it still seems to be around so I think it’s worth publishing an update.

If any of you have actually tested this tool out, do drop a comment below.

winAUTOPWN and bsdAUTOPWN are minimal Interactive Frameworks which act as a frontend for quick systems vulnerability exploitation. It takes inputs like IP address, Hostname, CMS Path, etc. and does a smart multi-threaded portscan for TCP ports 1 to 65535. Exploits capable of giving Remote Shells, which are released publicly over the Internet by active contributors and exploit writers are constantly added to winAUTOPWN/bsdAUTOPWN. A lot of these exploits are written in scripting languages like python, perl and php. Presence of these language interpreters is essential for successful exploitations using winAUTOPWN/bsdAUTOPWN.

Exploits written in languages like C, Delphi, ASM which can be compiled are pre-compiled and added along-with others. On successful exploitation winAUTOPWN/bsdAUTOPWN gives a remote shell and waits for the attacker to use the shell before trying other exploits. This way the attacker can count and check the number of exploits which actually worked on a Target System.

New in v2.7

This version covers almost all remote exploits up-till mid-July 2011 and a few older ones as well. This version incorporates a few new commandline parameters: -perlrevshURL (for a PERL Reverse Shell URL), – mailFROM (smtpsender) and -mailTO (smtpreceiver). These are the commandline arguments required for a few exploits which require remote connect-back using a perl shell and email server exploits requiring authentication respectively. This version also tackles various internal bugs and fixes them.


A complete list of all Exploits in winAUTOPWN is available in CHANGELOG.TXT
A complete list of User Interface changes is available in UI_CHANGES.txt

Also, in this version :

  • BSDAUTOPWN has been upgraded to version 1.5.
  • In this release you will also find pre-compiled binaries for :
  • FreeBSD x86
  • FreeBSD x64
  • DragonFly BSD x86

You can download winAUTOPWN v2.7 here:

winAUTOPWN_2.7.RAR

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Windows Hacking

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- PunkSPIDER – A Web Vulnerability Search Engine
- Dropbox Hacked – 68 Million User Accounts Compromised
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,817 views
- AJAX: Is your application secure enough? - 120,265 views
- eEye Launches 0-Day Exploit Tracker - 85,737 views

Get protected with Sucuri