Darknet - The Darkside » Tiago Faria

Nmap Port Scanner 4.50 Released for Download

Tiago Faria — Thu, 13 Dec 2007 21:56:23 +0000

At last a new major release of Nmap!

If for some odd reason you don’t already know what Nmap is, it is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

The changelog shows 320 changes since 4.00 with a lot of great stuff in this release! It has a brand new GUI and results viewer (Zenmap), a scripting engine allowing you to write your own scripts for high-performance network discovery (or use one of the 40 scripts shipped with it), the 2nd generation OS detection system (now with more than a thousand fingerprints), nearly 1,500 more version detection signatures, and a lot more!

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

That ‘magic’ number

Tiago Faria — Wed, 02 May 2007 16:31:33 +0000

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

This is everywhere today. Every major news site has this ‘magic’ number in it. Digg.com had stories with more than 24.000 diggs (that’s actually the first time I see that many).

In case you’ve been in a cave for the last 24 hours, the number above is the ‘Processing Key’ for most movies released so far (in HD-DVD format).

This, along with other things, enables users to watch HD-DVD movies in GNU/Linux. That same number also made possible the creation of BACKUPHDDVD.

Since a number CANNOT be copyrighted, share it!

Not everyone is interested in piracy …

NMAP 4.20 released

Tiago Faria — Fri, 08 Dec 2006 09:40:47 +0000

This is just a simple warning to all NMAP users out there. If you’re registered on the announcement mailing list you already now this, otherwise, heads up.

NMAP 4.20 has been released with something that looks promising. 2nd generation OS detection. The changelog is available here.

Enjoy!

Installing Nessus on Debian-based OSs like Ubuntu

Tiago Faria — Tue, 14 Nov 2006 13:17:02 +0000

With this simple tutorial I will explain how to install Nessus client (nessus) and Nessus Daemon (nessusd) and properly register it, so you don’t end up with the limitations of a non-registered version of the vulnerability scanner.

Installing:

I personally use apt-, however, you may choose any other package manager.

apt-get install nessus nessusd -y

This will install the nessus client and server, and the -y is used to answer YES to the confirmation of apt-get.

We have now installed both the client and the server. Let’s proceed to the addition of a user:

nessus-adduser

Display:

gouki@8104:~$ sudo nessus-adduser Using /var/tmp as a temporary file holder

Add a new nessusd user ----------------------


Login : darknet

Authentication (pass/cert) [pass] :

Login password :

Login password (again) :
User rules

----------

nessusd has a rules system which allows you to restrict the hosts

that darknet has the right to test. For instance, you may want

him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done :

(the user can have an empty rules set)
Login             : darknet

Password          : ***********

DN                :

Rules             :
Is that ok ? (y/n) [y] y

user added.
About this display:
When asked about Authentication (pass/cert) [pass] : just press enter, as we will not use any.

When asked about rules for the specific user, press CTRL+D, as we will not enter any rules for the user.
Starting the Daemon:
By default, nessusd has not started. To manully force him to, you will need to do the following:
sudo /etc/init.d/nessusd start
Registering Nessus:
Nessus will work without being registered, however, it will have limitations. Unnecessary limitations, since it is easily registered.
Nessus Registration page - Go here and start the proccess.
After you have entered your e-mail address, the instructions on how to register will not work on Debian-based OSs.
On the eMail from the Nessus team, you will be instructed to this path: /opt/nessus/bin/nessus-fetch, however, the path should be replaced by /usr/bin, making the complete registration command: sudo /usr/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXX-XXXX
You should now have a complete and working installation of Nessus. Enjoy and remember, automatic scanners are not 1337! =)
TIP: Before starting to use Nessus, update the plugins by doing the following:

sudo nessus-update-plugins



New Firefox vulnerability – DoS and [DELETED] – UPDATED
Tiago Faria — Tue, 31 Oct 2006 19:38:16 +0000

This has just been posted to Bugtraq.
For now you can test if your version is vulnerable, here. (will cause Firefox to close)
So far Firefox 1.5.0.7 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable.
The code used on the test page and the one submitted to Bugtraq can be found here.
Severity: … not really

Update: This attack does not allow remote code execution! It has been posted on the mailing lists and several news sites.
       



CAPTCHA – Safer and better looking
Tiago Faria — Mon, 17 Jul 2006 08:10:13 +0000

CAPTCHA, acronym for “completely automated public Turing test to tell computers and humans apart” is used, most of the times at least, as an authentication mechanism. Not to prove your identity, but to do a much simpler job than that; to prove your a human.
With the bad guys always a step ahead (which is cool by me), older forms of CAPTCHA have become unsafe and easy to hack – very easy actually.
A few months ago, we saw a new implementation of this method, using cats instead of numbers. That’s a great idea. It’s much difficult for a bot and/or crawler to detect in 9 figures which ones are cats and which ones are not. However, things have taken another step forward.
Introducing, HOTCAPTCHA – literally
Proving your a human has *never* been easier – there are some really ‘bad’, to be gentle,  photos there – and fun.

If the author manages to add more pictures to the database, it will be pretty secure.
       



Month of Browser Bugs (MoBB)
Tiago Faria — Tue, 04 Jul 2006 18:02:27 +0000

Get ready for a complete month of fun with H D Moore’s Month of Browser Bugs.
Quoting from Browser Fun blog:
This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure. To kick off this blog, we are announcing the Month of Browser Bugs (MoBB), where we will publish a new browser hack, every day, for the entire month of July. The hacks we publish are carefully chosen to demonstrate a concept without disclosing a direct path to remote code execution. Enjoy!
He say’s he has plenty of vulnerabilities to go around.

You can also read his post at Metasploit’s blog.
       



Data Mining MySpace Bulletins
Tiago Faria — Tue, 04 Jul 2006 01:58:43 +0000

An interesting find made by John Hackenger surfaced today. For those of you familiar with MySpace, you’ll know that it uses ‘Bulletins’ to send a single message to multiple friends in your list.
Because the message is sent only to the people you have authorized to be on your list, sometimes you get a feel of safety that will make you post information that otherwise you would not want available on the Internet.
What if this information wasn’t private and could be available to everyone?
Because the messages are numeric and sequential at the URL, you can easily get information out of those bulletins.
John Hackenger explains his finding with a complete post of the information. 

As you can see, he coded a little application in C to make the whole process simpler – needs some work with the syntax errors.
       



Microsoft got Defaced
Tiago Faria — Sun, 18 Jun 2006 19:22:51 +0000

No, it wasn’t Microsoft.com, still, a very cool hack. 
Microsoft France suffered an attack by a Turkish group, going by the handle of TiTHacK. You can check TiTHacK ‘profile’ over at Zone-H. By the looks of things, he has been really busy today.
At the time of this writing, the site still hasn’t been fixed. However, and just to be sure you’ll check it, you can use this mirror to see the defacement at Microsoft’s site.

Can we expect some new exploit to emerge?
       



Security Events Around the World
Tiago Faria — Wed, 14 Jun 2006 21:41:56 +0000

Following Darknet post regarding SyScan’06, I decided to make a little resume of the most important security events all around the world.
Unfortunately we won’t be able to go, so all the pictures are welcome. (-:
If there’s any missing do let us know.
Recon 2006 – WWW – 16 June to 18 June 2006 – Plaza Hotel Centre-Ville, Montreal, Canada
InfoSecurity Canada 2006 – WWW – 20 June to 21 June 2006 – Metro Toronto Convention Center, Toronto, Canada
HOPE Number Six – WWW – 21 July to 23 July 2006 – Hotel Pennsylvania, New York, USA
Secure Malaysia 2006 – WWW – 24 July to 26 July 2006 – Putra World Trade Centre, Kuala Lumpur, Malaysia
The Third Conference on e-Mail and Anti-Spam – WWW – 27 July to 28 July 2006 – Mountain View, California, USA
Defcon 14 – WWW – 4 August to 6 August 2006 –  Riviera Hotel & Casino, Las Vegas, USA
RuxCon 2006 – WWW – 30 September to 1 October 2006 –  University of Technology, Sydney, Australia
Mobile Security – WWW – 3 October to 5 October 2006 –  Crowne Plaza, St James, London, UK
Infosecurity New York 2006 – WWW – 23 October to 25 October 2006 –  Jacob K. Javits Convention Center, New York, USA

You can also visit SecurityPark for a complete list of Information Security events.