Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

17 June 2006 | 8,466 views

New MSN Worm Hitting Users – BlackAngel.B

Prevent Network Security Leaks with Acunetix

Well this week there was a Yahoo! Email worm, now also follows a vindictive new worm targetting MSN called BlackAngel.B. The reports come from the anti-virus software company Panda Software.

When activated the worm delivers a fateful terror message and then attempts to disable any protection software such as anti-virus, firewall or Windows system applications like Task Manager and Regedit.

It distributes itself to your whole contact list by trying to send them a video called Fantasma, so be wary.

A new worm that carries a message reminiscent of movies such as “The Ring” or “FearDotCom” is currently making rounds in the MSN Messenger community according to antivirus specialist Panda Security.

Once it has infected a computer BlackAngel.B uses the instant messenger to send messages to all the contacts in a user’s list, disguising itself as a video called “Fantasma” (Ghost). If opened, an image carrying the caption “En el 1er día te espantas, en el 2° te desesperas, en el 3° buscas ayuda y en el 4° mueres” – “on the 1st day you get scared, on the 2nd you get desperate, on the 3rd you look for help and on the 4th you die” appears on the screen, Panda said.

So just be careful on MSN and Yahoo!

Source: TG Daily



16 June 2006 | 4,178 views

Trojan Compromises 2,200 Oregon Tax Payers

Aha! Trojans strike again. Really, I still think it all comes down to education, it doesn’t seem to be a targeted attack though.

Just a random infection from your average porn site Trojan.

Electronic files containing personal data of up to 2,200 Oregon taxpayers may have been compromised by an ex-employee’s unauthorized use of a computer, the Oregon Department of Revenue said Tuesday.

Amy McLaughlin, an information technology security officer with the state, said the incident apparently occurred when an employee downloaded a contaminated file from a porn site.

There was no apparent pattern on the data taken.

Hardin said the released data likely involved names or addresses or Social Security numbers, or possibly in some cases all three.

It’s unclear if it was damaging but said some of the data may have gotten back to the porn site.

Ed O’Meara, head of the department’s information processing division, said about 1,600 files had been identified so far and that the total likely will not surpass 2,200.

He said 1,300 letters were sent out to the affected taxpayers as of Monday night and the rest are being contacted as they are identified.

Source: Katu News


16 June 2006 | 4,484 views

CLR and SQL Server 2005

Microsoft has taken a bit of a leap with the integration of .net into SQL Server, and a lot of developers(Myself included) are worrying about what security implications this could have. DevX.com have taken an in-depth look into the guts of it, and spilled them onto a page for us all to look at.

CAS provides a code-based rather than user-based authorization scheme to prevent various kinds of luring and other code attacks. But how does that security scheme coexist with SQL Server 2005′s own, newly enhanced security features? By default your .NET code is reasonably secure, but it’s all too easy for the two security schemes to butt heads and cause you grief. In this article I’ll look briefly at the concept behind CAS and a few new security features in SQL Server 2005, then explore how to make the two systems work for you instead of against you as you take advantage of these advanced programming features in SQL Server.

They seem suitably impressed, but sensibly wary at the same time.

The good news is that Microsoft did a great job bringing together the security systems of SQL Server and the Common Language Runtime, with tools to control code. But there are some interesting features’ both to watch for and to take advantage of!


15 June 2006 | 20,467 views

SQL Power Injector v1.1 Released

SQL Power Injector is a graphical application created in .Net 1.1 that helps the penetrating tester to inject SQL commands on a web page.

For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal Mode).

Moreover this application will get all the parameters you need to test the SQL injection, either by GET or POST method, avoiding thus the need to use several applications or a proxy to intercept the data.

Features

  • Supported on Windows, Unix and Linux operating systems
  • SQL Server, Oracle, MySQL and Sybase/Adaptive Server compliant
  • SSL support
  • Load automatically the parameters from a form or a IFrame on a web
    page (GET or POST)
  • Detect and browse the framesets
  • Option that auto detects the language of the web site
  • Find automatically the submit page(s) with its method (GET or POST)
    displayed in a different color
  • Single SQL injection
  • Blind SQL injection
  • Comparison of true and false response of the page or results in
    the cookie
  • Time delay
  • Response of the SQL injection in a customized browser
  • Fine tuning parameters injection
  • Can parameterize the size of the length and count of the expected
    result to optimize the time taken by the application to execute the SQL
    injection
  • Multithreading
  • Option to replace space by empty comments /**/ against IDS or filter
    detection
  • Automatically encode special characters before sending them
  • Automatically detect predefined SQL errors in the response page
  • Automatically detect a predefined word or sentence in the response page
  • Real time result
  • Possibility to inject an authentication cookie
  • Can view the HTML code source of the returned page
  • Save and load sessions in a XML file

You can find out more here:

SQL Power Injector

Download the latest version now.


14 June 2006 | 3,735 views

Security Events Around the World

Following Darknet post regarding SyScan’06, I decided to make a little resume of the most important security events all around the world.

Unfortunately we won’t be able to go, so all the pictures are welcome. (-:

If there’s any missing do let us know.

Recon 2006WWW16 June to 18 June 2006 – Plaza Hotel Centre-Ville, Montreal, Canada

InfoSecurity Canada 2006WWW20 June to 21 June 2006 – Metro Toronto Convention Center, Toronto, Canada

HOPE Number SixWWW21 July to 23 July 2006 – Hotel Pennsylvania, New York, USA

Secure Malaysia 2006WWW24 July to 26 July 2006 – Putra World Trade Centre, Kuala Lumpur, Malaysia

The Third Conference on e-Mail and Anti-SpamWWW27 July to 28 July 2006 – Mountain View, California, USA

Defcon 14WWW4 August to 6 August 2006 – Riviera Hotel & Casino, Las Vegas, USA

RuxCon 2006WWW30 September to 1 October 2006 – University of Technology, Sydney, Australia

Mobile SecurityWWW3 October to 5 October 2006 – Crowne Plaza, St James, London, UK

Infosecurity New York 2006WWW23 October to 25 October 2006 – Jacob K. Javits Convention Center, New York, USA

You can also visit SecurityPark for a complete list of Information Security events.


14 June 2006 | 7,911 views

Spam – A Simple Guide To Keeping Your Inbox Clean

In my opinion, the best way to keep clean of spam is simple:

The first rule is NEVER reply to spam, NEVER click the unsubscribe link and NEVER e-mail to the unsubscribe address.

These are simply underhand tactics to get ‘active’ e-mail addresses.

Some other tips to avoid getting spammed in the first place:

1) Never use your real e-mail address in newsgroups, this is the best place to get picked up by a spam bot. Use something like l33t-no-spam-at-i.hate.spam-darknet.org.uk

Then in your signature put remove -no-spam and i.hate.spam- to reply.

2) Never put your e-mail address on a publically viewable web page as it will be spidered by Google and grabbed by spammers.

If you do need to put an e-mail address use the simple JavaScript below to protect it:

<!-- Begin Darknet E-mail Saver
<SCRIPT language="JavaScript">
randomword = "l33t";
randomword2 = "darknet.org.uk";
append = "?Subject=Enquiry&Body=Please%20Insert%20Your%20Message%20Here.";
document.write('<a href=\"mailto:' + randomword + '@' + randomword2 + append + '\">');
document.write(randomword + '@' + randomword2 + '</a>');
// End -->
</SCRIPT>

3) If you do put your e-mail address anywhere try and obscure it in some way.

4) Create a disposable e-mail address (hotmail or yahoo) that you rarely check for signing up to Web-sites. Most commercial sites will bombard you with spam after you’ve signed up for whatever services they are offering. Some also sell your address to list makers or other spammer so never give your *real* e-mail address to anyone except people you want to e-mail you.

5) Don’t share your e-Mail address & Skip Compulsive Registration* This goes along with number 4, if possible don’t register, and if you do make sure you untick the ‘spam me with a newsletter’ box.

Well 5) maybe a problem. Most of the times, a search on Google shows us a site with the answer to our problem, still, a big part of them requires registration (like Expertexchange)

That’s where BugMeNot comes into play.

BugMeNot is database of login information (usernames and passwords) that you can use to access a site that requires registration. The site has a voting mechanism that enables you to vote for the Username/Password that worked for you, making the login combination with most votes, the first on the list for a specific site.

You can also add new login information to the database for the sites you can’t find a login.

There is also a BugMeNot plugin for Firefox, that enables you to automatically enter the login information for a site, with a single click of the mouse.
The plugin was made for older versions of Firefox, and it has been reported not to work with most recent versions.

BugMeNot is not the solution for everything, and sometimes you need to ‘share’ your e-Mail with others.

DEA – Disposable e-Mail Address – Allows you to share an e-Mail address on doubtful sites without the concern of that information being used to spam.

There are various sites providing DEA’s. Top 10 sites.

In my personal, and humble opinion, I suggest Mailinator and Wuzup Mail. Both of them supporting RSS.

Mailinator will create a random e-Mail address every time you refresh the site, which you can then use to register on the more doubtful sites.

WuzupMail let’s you choose your username and will save the e-Mail’s you receive for 7 day’s.

Using both BugMeNot for compulsive registration and DEA to prevent your personal information from being used to spam, you will reduce the amount of spam you get on your Inbox everyday (if you get any).

Also remember Thunderbird has some pretty good bayesian spam filtering built in, once it’s learn your e-mail pattern it’s very effective, if you are still getting spam you can try that.

* If you need to share your personal e-Mail address, do it in a creative way. Most web spiders – crawlers – are able to spot e-Mail’s like jon at doe dot com.

Be creative, jon at |NO_SPAM_PLEASE| dot com, etc, etc.

Digg This Article


13 June 2006 | 16,175 views

Windows Vista Preview Release Download & Torrent

You can get your hands on the windows vista preview release beta2. This is for those of you who are wondering how the interface of the new windows vista will look like and the new feel of the new operating system. You can find the minimum system requirements here.

You can download vista here. It’s free so try it out and see if you can find any security flaws on the new operating system before it hits final version. It’s 3GB in size so i suggest using your favorite download manager to download the .iso file.

Better still just download it using the torrent.

You can find the latest visa torrent information here:

http://www.vistatorrent.com/


13 June 2006 | 12,382 views

Oedipus – Open Source Web Application Security Analysis

Oedipus is an open source web application security analysis and testing suite written in Ruby by Penetration Testers for Penetration Testers. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities.

Oedipus can be broken down into 4 main components:

1. Analyzer

Capable of parsing several different types of log files, such as Burp, Paros, etc, identifying potential security vulnerabilities using pattern matching – An Oedipus input file is also produced.

2. Scanner

Parsers the Oedipus or IEnterceptor file, feeding each request to a dynamically loaded predefined security plug-in on the fly.

3. Reporter

Using the results from the Analyzer and the Scanner, Oedipus produces several well formatted reports designed for the Penetration Tester. The Scanner report can be interactively used to verify the results of the potential vulnerabilities discovered.

4. Tools

Using the above identified security vulnerabilities, a number of tools are provided to analyze and potentially exploit the vulnerability.

You can read more at:

Oedipus or Download Oedipus Now

Digg This Article


13 June 2006 | 3,678 views

Taiwan Kings of Spam from CipherTrust

Hmm Taiwan are really way ahead of everyone when it comes to being a spam hub, sadly that’s nothing to be proud of and generally it’s due to a large amount of poorly configured/unsecured servers.

Taiwan needs to start doing some vulnerability assessment! Taiwan and Korea have always had loads of open proxies/exploitable machines in my experience and when reporting such problems language is always an issue.

Almost two thirds (64 per cent) of servers controlling spam traffic are located in Taiwan, according to a survey by email security firm CipherTrust.

Such servers, used by internet low lives to relay spam and phishing emails through zombie, compromised PCs, are also commonly located in the US. The US accounts for 23 per cent of the machines identified on CipherTrust’s spam server blacklist with China in a fairly distant third place (three per cent).

Sounds like a pretty neat method they employed to get the figures.

CipherTrust obtained its figures after deploying a network of zombie-like machines across the world to gather intelligence on spamming operations. While machines in this “zombie honey pot” avoid relaying spam or phishing attacks to end-users, they collect messages from spammers trying to control them. By capturing these messages, CipherTrust is able to determine the location of the spam servers. Spammers themselves, of course, may be located somewhere completely different, such as Boca Raton, USA (for example).

Source: The Register


12 June 2006 | 5,432 views

Academic Papers on Web Application Security

I found a useful resource containing a whole list of academic papers on web-application security.

This list represents an attempt to collect academic papers on the subject of Web application security sorted by the year of publication.

Hacking web applications has become a big thing in the last 5 years, just look at the number of holes found in common PHP applications.

It has papers from 2004-2006.

Subjects cover a good range including:

  • SQLrand: Preventing SQL Injection Attacks
  • Bypass Testing of Web Applications
  • Defining a Set of Common Benchmarks for Web Application Security
  • The Essence of Command Injection Attacks in Web Applications
  • A Practical Approach for Defeating a Wide Range of Attacks

You can find the resource here:

Academic Papers in Web Application Security

Vulnerabilities in custom web applications are the most common flaws I find during penetration testing nowadays. It is a very important area and these papers should help your knowledge on both sides of the fence.