Archive | 2012

MagicTree v1.1 Released For Download – Pen-Testing Productivity Tool

Find your website's Achilles' Heel


If you aren’t aware (yes we wrote about MagicTree v1.0) what MagicTree is..

Think of it this way, have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? The author certainly did, and that’s why they wrote MagicTree – so that it does such mind-numbing stuff for you, so you can spend your time hacking.

MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation. In case you wonder, “Tree” is because all the data is stored in a tree structure, and “Magic” is because it is designed to magically do the most cumbersome and boring part of penetration testing – data management and reporting.

And the good news? MagicTree 1.1 has been released and is available for download now!

Updates

  • Rapid 7 NeXpose XML import (both simple XML and full XML formats are supported)
  • Arachni XML import (as of 0.4.0.2. Thanks to Herman Stevens of Astyran for contribution)
  • OWASP Zed Attack Proxy XML import (development snapshot as of 6-Feb-2012)
  • New matrix query interface
  • Bug fix (#224) Remove orphan projects does not work anymore
  • Bug fix (#226) NPE in dumpData()
  • Bug fix (#239) “Uncaught exception in Swing thread: null. null” when saving a custom query into the repo
  • Bug fix (#241) Corrupted reference links in report templates
  • Bug fix (#242) Updated report templates to honor “ignore” status

You can download MagicTree v1.1 here:

MagicTree-1.1-build1643.jar

Or read more here.


Posted in: General Hacking, Security Software

Tags: , , , , , , , , , , , ,

Posted in: General Hacking, Security Software | Add a Comment
Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,169,128 views
- Hack Tools/Exploits - 624,435 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 433,495 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


UK Facebook Hacker Jailed For 8 Months

Find your website's Achilles' Heel


It’s a pretty harsh sentence if you ask me, especially since Facebook decided in July 2011 to start paying bug bounties.

I have to say though, this guy must be a pretty talented hacker to break into the Facebook servers – they aren’t exactly low hanging fruit. I’d imagine they are some of the most hammered servers in the World (especially by script kiddies).

Sadly, however talented he is, or whatever his intention was in reality – what he did was illegal and he can be punished (fairly harshly) for it.

York-based software development student has been sentenced to eight months in jail for hacking into social networking site Facebook, including three of its servers, from his bedroom.

According to the BBC, Glenn Mangham, 26, had admitted to hacking into Facebook between April and May 2011.

Mangham used an ethical hacking defence, saying that after he showed search engine Yahoo how it could improve its security, he wanted to do the same for Facebook.

Yahoo had “rewarded” Mangham (with GBP7,000) for revealing its vulnerabilities previously, his lawyer Tom Ventham said.

However, prosecutor Sandip Patel said that Mangham had acted “with determination, undoubted ingenuity and it was sophisticated, it was calculating”.

Patel told London’s Southwark Crown Court that Mangham had “unlawfully accessed and hacked” into Facebook’s website and its computers from his bedroom in Yorkshire, and then downloaded “invaluable” intellectual property onto an external hard drive.

It’s not the first time Facebook has been hacked or security issues have surfaced, but it is the first time I recall someone being jailed for it. Facebook security hasn’t always had the best reputation – remember not long ago – Facebook Attachment Uploader Owned By A Space.

Yah that wasn’t a flaw that could be leveraged to hack Facebook itself, but it was a demonstration of some of the sloppy coding involved in Facebook.


Judge Alistair McCreath said that Mangham’s actions were not “just a bit of harmless experimentation” – despite acknowledging that Mangham had never intended to pass on the hacked information nor make any money from it.

“You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance.

“You and others who are tempted to act as you did really must understand how serious this is.

“The creation of that risk, the extent of that risk and the cost of putting it right mean at the end of it all, I’m afraid a prison sentence is inevitable,” McCreath said.

Prosecutor Patel said that Facebook spent $200,000 (GBP126,108) on investigating Mangham’s hacking.

A spokesperson for the social network said that personal user data was not compromised by the breach, and added: “We take any attempt to gain unauthorised access to our network very seriously, and we work closely with law enforcement authorities to ensure that offenders are brought to justice.”

No one is publishing exactly what the hack was, how he got in, or even what data he got access to – but Facebook are taking it seriously so I imagine it was an important part of their infrastructure.

But they state no personal user data was compromised, so I’m not exactly sure what he got hold of.

Source: Network World


Posted in: Exploits/Vulnerabilities, Legal Issues, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Legal Issues, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,738 views
- AJAX: Is your application secure enough? - 120,091 views
- eEye Launches 0-Day Exploit Tracker - 85,536 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


xSQLScanner – Database Password Cracker & Security Audit Tool For MS-SQL & MySQL

Find your website's Achilles' Heel


xSQL Scanner is a advanced SQL audit tool that allows users to find weak passwords and vulnerabilities on MS-SQL and MySQL database servers.

The objective of xSQLScanner is to assist the Security Analyst or Penetration Tester in auditing the security of MS-SQL and MySQL database servers.

xSQLScanner

Features

  • Test for weak password fast;
  • Test for wear/user passwords;
  • Wordlist option;
  • Userlist option;
  • Portscanner
  • Range IP Address audit and more.

Windows – xsqlscanner-1.2.zip
Linux – xsqlscan-mono.tgz

Or read more here.


Posted in: Database Hacking, Hacking Tools

Tags: , , , , , , , , , , , , ,

Posted in: Database Hacking, Hacking Tools | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,385 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,386 views
- SQLBrute – SQL Injection Brute Force Tool - 40,921 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


At Last – Adobe Launches Sandboxed Flash Player For Firefox

Find your website's Achilles' Heel


Finally a proactive measure from Adobe to try and remedy the horrible security flaws they have introduced to Firefox with their Flash Player.

There have been some massive hacks recently due to Flash –

Hackers Exploiting Latest Adobe Flash Bug On Large Scale
Adobe Patches Latest Flash Zero Day Vulnerability
Adobe Promises Patch For Flash 0-day Being Used In Targeted Attacks

Those 3 were all in 2011!

Adobe has released a beta version of Flash Player for Firefox, which has better protection against vulnerability exploits because of a new sandboxed architecture.

“The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach,” said Peleus Uhley, platform security strategist at Adobe, in a blog post on Monday. “Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities.”

In secure software development, sandboxing refers to the practice of isolating a process from the operating system in order to minimize the fallout of a potential exploit. This type of technology has gained popularity in recent years, primarily because of its use in Google Chrome, a browser that has never experienced a successful remote code execution attack so far.

Adobe decided to implement sandboxing in Adobe Reader back in 2010 in order to counter the large number of exploits that targeted the product and its users. The technology was built into Adobe Reader X (10.0) and is based on the same sandboxing principles that Google used when developing Chrome.

Later that same year Adobe also launched a sandboxed version of Flash Player for Chrome and promised to explore the possibility of doing the same for other browsers. The new sandboxed Flash Player for Firefox, which works with Windows Vista and Windows 7, is the result of those efforts.

They have been talking about sandboxing for a long time and did mention they wanted to sandbox Adobe PDF Reader too, Chrome has had great success with it’s sandbox model and I’m sure many more software vendors will follow suit.

It’s good to see this approach with the web becoming an extremely dangerous place and more and more commerce is moving online, this gives us a deadly mix of poor security and lots of money floating around.


Critical Flash Player vulnerabilities have regularly been exploited to infect computers with malware during the past several years. Along with Java and Adobe Reader, Flash Player is one of the most attacked software applications, because its vulnerabilities can usually be exploited by simply visiting a malicious website.

“Since its launch in November 2010, we have not seen a single successful exploit in the wild against Adobe Reader X,” Uhley said. “We hope to see similar results with the Flash Player sandbox for Firefox once the final version is released later this year.”

However, the success of this version at deterring cybercriminals from writing Flash Player exploits in the future will largely depend on how quickly it gets adopted. In order to speed up the process, Adobe is working on a new update mechanism, the company’s senior manager for corporate communications, Wiebke Lips, said.

Having a sandboxed version of Flash Player for every major browser, not just Chrome and Firefox, is also important, if Adobe wants cybercriminals to lose interest in its product. “We are currently in the process of researching the best path to provide Flash Player sandbox protection for Internet Explorer,” Lips said.

However, because Internet Explorer has a completely different plug-in architecture than Chrome and Firefox, namely ActiveX, developing a sandboxed Flash Player version for it requires a different approach, Lips said. Nevertheless, the current version of Flash Player supports Protected Mode in Internet Explorer 7 or later on Windows Vista and Windows 7.

I’d like to see them implement a much better and more user-friendly update system for Flash player, so when the update comes out more users get it ASAP.

Also, this is only for Firefox and the largest target for malware peddlers is Internet Exploder Explorer – so they better get that version sorted out soon too.

Source: Network World


Posted in: Countermeasures, Security Software, Web Hacking

Tags: , , , , , , , , , , , , , ,

Posted in: Countermeasures, Security Software, Web Hacking | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,091 views
- Password Hasher Firefox Extension - 117,773 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,724 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool

Find your website's Achilles' Heel


theHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.

The sources supported are:

  • Google – emails,subdomains/hostnames
  • Google profiles – Employee names
  • Bing search – emails, subdomains/hostnames,virtual hosts
  • Pgp servers – emails, subdomains/hostnames
  • Linkedin – Employee names
  • Exalead – emails,subdomain/hostnames

New Features

  • Time delays between requests
  • XML and HTML results export
  • Search a domain in all sources
  • Virtual host verifier
  • Shodan computer database integration
  • Active enumeration (DNS enumeration,DNS reverse lookups, DNS TLD expansion)
  • Basic graph with stats

Examples


Searching emails accounts for the domain microsoft.com, it will work with the first 500 google results:

Searching emails accounts for the domain microsoft.com in a PGP server, here it’s not necessary to specify the limit.

Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:

Searching in all sources at the same time, with a limit of 200 results:

You can download theHarvester here:

theHarvester-2.1_BH2011_Arsenal.tar

Or read more here.


Posted in: Hacking Tools, Privacy, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Privacy, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,834 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,419,092 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,780 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Super Powered Malware Sandwiches Found In The Wild – Frankenmalware

Find your website's Achilles' Heel


Now this is quite a fascinating story, especially if you know anything about Malware and have interests in that area.

It seems the latest development is the accidental development of new super-malware strains created by viruses infecting executable files of worms. Worms are generally executable files and well, viruses infect executables – so you can imagine what happens.

Now the franken-worm has both the characteristics of the original worm and it also carries the virus – so when it spreads, the virus also spreads.

Viruses are accidentally infecting worms on victims’ computers, creating super-powered strains of hybrid software nasties.

The monster malware spreads quicker than before, screws up systems worse than ever, and exposes private data in a way not even envisioned by the original virus writers.

A study by antivirus outfit BitDefender found 40,000 such “Frankenmalware samples” in a study of 10 million infected files in early January, or 0.4 per cent of malware strains sampled. These cybercrime chimeras pose a greater risk to infected users than standard malware, the Romanian antivirus firm warns.

“If you get one of these hybrids on your system, you could be facing financial troubles, computer problems, identity theft, and a wave of spam thrown in as a random bonus,” said Loredana Botezatu, the BitDefender analyst who carried out the study. “The advent of malware sandwiches throws a new twist into the world of malware. They spread more efficiently, and will become increasingly difficult to predict.”

BitDefender doesn’t have historical data to go on. Even so it posits that frankenmalware is likely to grow at the same rate as regular computer viruses, or about 17 per cent year on year.

There’s really unlimited possibilities with this, and the great thing (to me anyway) is that it occurred by complete accident. I guess the next step up would be virus authors purposely hunting down worm files and infecting them with additional capabilities.

There’s always been cases of malware in the past that hunt down other malware and remove them from the host machine.


All of the malware hybrids analysed by BitDefender so far have been created accidentally. However, the risk posed by these combos could increase dramatically as crooks latch onto the idea of deliberately splicing malware strains together to see what sticks. This is on top of efforts by blackhat coders to add extra features to others’ viruses and unleash the updated builds onto the unsuspecting public.

BitDefender carried out its study after finding a sample of the Rimecud worm that was infected by the Virtob file infector. Rimecud is designed to steal online passwords for e-banking or e-mail accounts, among other functions. Virtob creates a hacker-controlled backdoor on infected systems.

“Imagine these two pieces of malware working together – willingly or not – on the same compromised system,” Botezatu explains. “That PC faces a twofold malware with twice as many command and control servers to query for instructions; moreover, there are two backdoors open, two attack techniques active and various spreading methods put in place. Where one fails, the other succeeds.”

I wonder what will happen in the future with this and if the bad guys will really jump on this already sailing ship and use it to their advantage.

If you are interested you can read more on BitDefender’s Malware city blog here:

Virus infects worm by mistake

Source: The Register


Posted in: Malware

Tags: , , , , , , , , , , ,

Posted in: Malware | Add a Comment
Recent in Malware:
- movfuscator – Compile Into ONLY mov Instructions
- MISP – Malware Information Sharing Platform
- PEiD – Detect PE Packers, Cryptors & Compilers

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,488 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,617 views
- US considers banning DRM rootkits – Sony BMG - 44,982 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Mobius Forensic Toolkit 0.5.10 – Forensics Framework To Manage Cases & Case Items

Your website & network are Hackable


Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Mobius Forensic Toolkit


Installation

As root, type:

Usage

Run mobius_bin.py.

You can download Mobius 0.5.10 here:

mobiusft-0.5.10.tar.gz
mobiusft-0.5.10.zip

Or read more here.


Posted in: Forensics

Tags: , , , , , , , ,

Posted in: Forensics | Add a Comment
Recent in Forensics:
- Web Application Log Forensics After a Hack
- CapTipper – Explore Malicious HTTP Traffic
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,419 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,250 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 28,711 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Sprint Adds Google Wallet Into New NFC Capable Phones

Find your website's Achilles' Heel


Oh look, another aspect of security and privacy to consider as Google pushes its’ mobile payment solution ‘Wallet’ onto two new NFC capable phones – the Galaxy Nexus & LG Viper.

If you haven’t heard of the service you can find out more here – Google Wallet (Wikipedia).

The main concern here (security wise) is that this relies on a secure storage on the phone of your cryptographic keys that allow you to carry out transactions.

Sprint’s two newly announced 4G handsets both support Google Wallet, bringing an important boost to Google’s aspirations, but they also hammer the death nail into WiMAX in the USA.

Sprint’s last 4G handset, the “Sprint Nexus S 4G”, was a WiMAX device, but Sprint has admitted backing the wrong 4G horse and is now transitioning to LTE across its network. So the operator will now be selling Google’s Galaxy Nexus and LG’s Viper handsets, both with support for Google Wallet for those wanting pay-by-bonk functionality.

Supporting the ability to make payments by tapping the phone against a reader isn’t just a matter of supporting Near Field Communications (NFC), you also need a secure element in which to store the cryptographic keys, which will be under the control of a mutually-trusted party, and then an application with which to make the payments.

Both the Galaxy Nexus and the Viper have a module built into the phone, under the control of Google – which is trusted by Mastercard and Visa. So far only Google itself and Citibank have created applications with which a user can make payments, and despite offering to pay for users’ groceries, Google Wallet is proving something of a slow burner at best.

I’d imagine the wallet system will have functionality to auto-reload from your credit card too, so if someone can manage to grab those cryptographic keys from the ‘secure’ area on your phone – you might be in for a surprise when you get your next credit card statement.

The plus side is, the adoption rate so far seems to be super low – so it’s not much of a risk right now.


It has not been helped by Verizon asking to have the functionality disabled in its spin of the Galaxy Nexus. The operator claims the decision was down to integration issues, but it is widely believed to have made the call in order to hold back a competitor until the US-operator-consortium wallet, ISIS, comes online.

ISIS uses a secure element held in the SIM – and thus under the operators’ control – and should work with any handset supporting the SWP (Single Wire Protocol) standard for NFC/SIM communications.

So once ISIS is available then the operators will start pushing it out to everyone with an SWP-supporting handset, including the Google Galaxy Nexus and LG Viper. Google needs to move fast and grab some market share before the operators shut it out, which is why these new handsets are so important to the Chocolate Factory as well as to Sprint.

There’s a whole lot of politics going on too with a new mobile payment system set to come online soon – ISIS – founded by…wait for it…AT&T, T-Mobile and Verizon. Yah, screw whoever tries to mess with ISIS – because they are gonna be in big trouble – the only major US operator missing is Sprint.

I’m guessing that’s why they are going with Google Wallet, there’s a very short article on Wikipedia about ISIS here.

Source: The Register


Posted in: Cryptography, Hardware Hacking, Privacy

Tags: , , , , , , , , , , , , , , ,

Posted in: Cryptography, Hardware Hacking, Privacy | Add a Comment
Recent in Cryptography:
- PEiD – Detect PE Packers, Cryptors & Compilers
- DROWN Attack on TLS – Everything You Need To Know
- Dell Backdoor Root Cert – What You Need To Know

Related Posts:

Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,701 views
- Hackers Crack London Tube Oyster Card - 44,812 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 33,002 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework

Find your website's Achilles' Heel


Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.

This version includes lots of goodies, including:

  • A new light-weight RPC implementation (No more XMLRPC)
  • High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans
  • Updated WebUI to provide access to HPG features and context-sensitive help
  • Accuracy improvements and bugfixes for the XSS, SQL Injection and Path Traversal modules
  • New report formats (JSON, Marshal, YAML)
  • Cygwin package for Windows

New plugins


  • ReScan — It uses the AFR report of a previous scan to extract the sitemap in order to avoid a redundant crawl.
  • BeepNotify — Beeps when the scan finishes.
  • LibNotify — Uses the libnotify library to send notifications for each discovered issue and a summary at the end of the scan.
  • EmailNotify — Sends a notification (and optionally a report) over SMTP at the end of the scan.
  • Manual verification — Flags issues that require manual verification as untrusted in order to reduce the signal-to-noise ratio.
  • Resolver — Resolves vulnerable hostnames to IP addresses.

IF you want a slightly more detailed description of what’s changed you can check here, or view the ChangeLog.

You can download Arachni v0.4 here:

Windows – arachni-v0.4.0.2-cygwin.exe
Linux – arachni-v0.4.0.2-cde.tar.gz

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,835 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,419,093 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,780 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Recent in Malware:
- movfuscator – Compile Into ONLY mov Instructions
- MISP – Malware Information Sharing Platform
- PEiD – Detect PE Packers, Cryptors & Compilers

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,488 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,617 views
- US considers banning DRM rootkits – Sony BMG - 44,982 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95