Archive | February, 2013

ARPwner – ARP & DNS Poisoning Attack Tool

Your website & network are Hackable


ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of sslstrip and is coded 100% in python and on Github, so you can modify according to your needs.

ARPwner

This tool was released by Nicolas Trippar at BlackHat USA 2012.

For the tool to work you need pypcap, so assuming are using a Debian derivative OS (like all sane people do) – you’ll need to do this first:

You can download ARPwner here:

ARPwner.zip

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- PyExfil – Python Data Exfiltration Tools
- Netdiscover – Network Address Discovery Tool
- Kautilya – Human Interface Device Hacking Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,000,861 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,511,437 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 692,060 views


Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit

Your website & network are Hackable


There’s an awful lot of high profile hacks going on lately, with some people linking them to the Chinese and a large-scale attack on Western companies. Before this, Twitter Breach Leaks 250,000 User E-mails & Passwords – was probably the most high profile case.

Now Apple, Facebook and quite possibly hundreds of other companies have been hit by a drive by browser exploit in Java on the Mac OSX platform.

Apple has already issued an update for this vulnerability and also a malware scanner which will detect common variations of the infection.

Apple, Facebook and “hundreds of other companies” have had their Mac computers hacked in a sophisticated campaign mounted by an unknown adversary.

Attackers were able to infect Apple, along with other businesses around the world with Mac malware delivered via a Java zero-day vulnerability, Reuters reported on Tuesday, after receiving information from a source at Apple.

The hack used the same Java zero-day and associated Mac malware as the one which Facebook disclosed last week, the Apple source indicated.

Hundreds of companies, including defense contractors, have been infected with the same malicious software, the source said.

“This is the first really big attack on Macs,” Reuters’s source said, “Apple has more on its hands than the attack on itself.”

Apple plans to release a software tool to detect and remove the Java-related malware, the company said in a statement to AllThingsD. Java has not shipped with Macs since the release of OS X Lion.

The whole Chinese hacker thing is a bit of a media frenzy though, as you’d know if you’ve been reading this site for a while – these attacks have been going for a while.

Mandiant is not helping the situation either with their 60 page report on Chinese hacking on American companies – Mandiant gains instant fame after Chinese hack report.


The Mac malware could have been used to deliver a backdoor onto the computers via the installation of an SSH Daemon, allowing hackers to remotely control parts of the affected system, Finnish virus experts F-Secure indicated in a blog post on Monday.

At the time, they classed the Facebook hack as a “watering hole” attack, which sought to target Facebook users by infecting the company behind the social network.

With the revelations from Apple, it appears the attack could have been part of a widespread hacking campaign against various companies including Facebook and Twitter as well.

At the time of writing Google had not responded to queries about whether it had also been targeted, and Microsoft declined to comment.

The news comes alongside the release of a report on Tuesday that linked the Chinese People’s Liberation Army to hackers that have been mounting a “Cold War” style campaign against Western companies.

The report implicated the PLA in a variety of major hacking campaigns that have occurred over the past few years, including 2011’s RSA hack that compromised SecurID encryption tokens.

The US administration have also added some fuel to the fire with a 141 page PDF strategy – Obama’s new cyber-security tactics finger corrupt staff, China.

It goes without saying, but if you’re running a Mac, make sure you apply the latest patches from Apple.

Source: The Register


Posted in: Apple, Exploits/Vulnerabilities

Tags: , , , , , , , , , , , , ,

Posted in: Apple, Exploits/Vulnerabilities | Add a Comment
Recent in Apple:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 83,106 views
- Apple Struggling With Security & Malware - 24,150 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 16,038 views


Weevely – PHP Stealth Tiny Web Shell

Find your website's Achilles' Heel


Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing.

  • More than 30 modules to automatize administration and post exploitation tasks:
    • Execute commands and browse remote filesystem, even with PHP security restriction
    • Audit common server misconfigurations
    • Run SQL console pivoting on target machine
    • Proxy your HTTP traffic through target
    • Mount target filesystem to local mount point
    • Simple file transfer from and to target
    • Spawn reverse and direct TCP shells
    • Bruteforce SQL accounts through target system
    • Run port scans from target machine
    • And so on..
  • Backdoor communications are hidden in HTTP Cookies
  • Communications are obfuscated to bypass NIDS signature detection
  • Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection

You can download Weevely v1.0 here:

weevely-1.0.tar.gz

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking

Tags: , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Mirai DDoS Malware Source Code Leaked
- mimikittenz – Extract Plain-Text Passwords From Memory
- Massive Yahoo Hack – 500 Million Accounts Compromised

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 236,495 views
- AJAX: Is your application secure enough? - 120,376 views
- eEye Launches 0-Day Exploit Tracker - 85,869 views


Twitter Breach Leaks 250,000 User E-mails & Passwords

Find your website's Achilles' Heel


The big news for the past few days was a rather sizable Twitter hack, although it’s only a small percentage of the 140 million strong Twitter user-base – 250,000 is still a large number.

If you were affected you will have received a password reset e-mail and will be prompted to change your password if you try and login via the Web.

There seems to have been a spate recently of fairly high profile attacks originating from China, I saw someone say “If you haven’t been hacked by China this month, you aren’t working hard enough”.

If you find that your Twitter password doesn’t work the next time you try to login, you won’t be alone. The service was busy resetting passwords and revoking cookies on Friday, following an online attack that may have leaked the account data of approximately 250,000 users.

“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data,” Bob Lord, Twitter’s director of information security, writes in a blog post.

According to Lord, Twitter was able to shut down the attack within moments of discovering it, but not before the attackers were able to make off with what he calls “limited user information,” including usernames, email addresses, session tokens, and the encrypted and salted versions of passwords.

The encryption on such passwords is generally difficult to crack – but it’s not impossible, particularly if the attacker is familiar with the algorithm used to encrypt them.

As a precaution, Lord says Twitter has reset the passwords of all 250,000 affected accounts – which, he observes, is just “a small percentage” of the more than 140 million Twitter users worldwide.

There haven’t been many details disclosed about this attack, but it seems Twitter managed to discover it whilst it was actually taking place – and managed to shut it down fairly fast. It seems, by the data leaked, that the attacker managed to compromise a fairly core part of the Twitter infrastructure.

They have reacted quickly though and reset the affected accounts, which indicates they know exactly what data the attackers managed to access.


If yours is one of the accounts involved, you’ll need to enter a new password the next time you login. Lord reminds all Twitter users to choose strong passwords – he recommends 10 or more characters, with a mix of letters, numbers, and symbols – because simpler passwords are easier to guess using brute-force methods. In addition, he recommends against using the same password on multiple sites.

Lord says Twitter’s investigation is ongoing, and that it’s taking the matter extremely seriously, particularly in light of recent attacks experienced by The New York Times and The Wall Street Journal:

This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.

Although the attack took place this week, it seems to have no relationship to the outage that took Twitter offline for several hours on Thursday. On the other hand, however, Lord’s post does make rather cryptic mention of the US Department of Homeland Security’s recent recommendation that users disable the Java plug-in in their browsers. He mentions Java twice, in fact.

You can read the Twitter response here:

Keeping our users secure

Both the WSJ and NYT have recently been raided by China based hacking crews, no one knows if this is the work of government backed cyberterrorism squads, or just private hackers doing it for profit or even fun. You can read more about that here:

First the NYT, now the Wall Street Journal: But are hacking attacks from China new?

Source: The Register


Posted in: Exploits/Vulnerabilities, General News

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, General News | Add a Comment
Recent in Exploits/Vulnerabilities:
- Mirai DDoS Malware Source Code Leaked
- mimikittenz – Extract Plain-Text Passwords From Memory
- Massive Yahoo Hack – 500 Million Accounts Compromised

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 236,495 views
- AJAX: Is your application secure enough? - 120,376 views
- eEye Launches 0-Day Exploit Tracker - 85,869 views