Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

30 January 2007 | 43,231 views

Burp Proxy & Burp Suite – Attacking Web Applications

Cybertroopers storming your ship?

I love the Burp Suite, I really do. It’s pretty much my favourite local proxy program and my favourite suite of tools for security testing web applications (especially the session investigation and manipulation parts).

Another great thing is it’s cross platform, so you don’t have to learn different tools for Windows and Linux.

Burp Proxy

Basically Burp suite is an integrated platform for attacking web applications. It contains all of the burp tools (proxy, spider, intruder and repeater) with numerous interfaces between them designed to facilitate and speed up the process of attacking a web application. All plugins share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

Burp suite allows an attacker to combine manual and automated techniques to enumerate, analyse, attack and exploit web applications. The various burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

Key features unique to burp suite include:

  • Ability to “passively” spider an application in a non-intrusive manner, with all requests originating from the user’s browser.
  • One-click transfer of interesting requests between plugins, e.g. from the proxy request history, or a web page form enumerated with burp spider.
  • Extensibility via the IBurpExtender interface, which allows third-party code to extend the functionality of burp suite. Data processed by one plugin can be used in arbitrary ways to affect the behaviour and results of other plugins.
  • Centrally configured settings for downstream proxies, web and proxy authentication, and logging.
  • Plugins can run in a single tabbed window, or be detached in individual windows.
  • All plugin and suite configuration is optionally persistent across program loads.
  • Runs in both Linux and Windows.

I’ll try and do some tutorials for Burp later on and perhaps I’ll focus a bit more on Burp Proxy alone, as it’s an extremely powerful tool.

Burp suite is a Java application, and runs on any platform for which a Java Runtime Environment is available. It requires version 1.4 or later. The JRE can be obtained for free from Sun.

You can download Burp Suite below, both archives contain the same files, which will run under both Windows and Linux.

burpsuite_v1.01.zip
burpsuite_v1.01.tar.gz

Advertisements



29 January 2007 | 15,909 views

Hacking your $60 Router into a $600 Router

This is a bit of hacking in the original sense of the word, taking a $60 router and giving it the capabilities of something costing in the hundreds or thousands (enterprise level).

Of all the great DIY projects at this year’s Maker Faire, the one project that really caught my eye involved converting a regular old $60 router into a powerful, highly configurable $600 router. The router has an interesting history, but all you really need to know is that the special sauce lies in embedding Linux in your router. I found this project especially attractive because: 1) It’s easy, and 2) it’s totally free.

I’ve done something similar before with the same series of Linksys router, it’s pretty cool!

What you’ll need:

  1. One of the supported routers. I used a Linksys WRT54GL Wireless router that I picked up from Newegg, and the instructions that follow detail the upgrade process specifically for that router and its close siblings. If you’re upgrading one of the other supported routers, you might want to look into instructions specific to your router. These instructions may generally work for other supported routers, but I’m not making any promises.
  2. The generic DD-WRT v23 SP1 mini firmware version.
  3. The generic DD-WRT v23 SP1 standard firmware version.

You’ll be upgrading twice.

Pretty neat stuff, check it out and more at the DD-WRT Wiki.

Source: LifeHacker


27 January 2007 | 17,087 views

Introducing WHCC – Web Hack Control Center

Web Hack Control Center is a GUI based web server vulnerability scanner or assessment tool. This application gives you the means to identify which security vulnerabilities exist on your web servers by scanning them for the most popular server exploits. WHCC contains a database of thousands of exploits for a variety of web servers. This release has 600+ more exploits than the last.

This tool can also act as your primary web browser, so basically it’s a scanner and browser packaged up into one (even though it’s just a wrapper for the rendering DLL’s from IE).

You might need some updates to run WHCC, the links are here:

MDAC_TYP.EXE 7,673 KB Microsoft Data Access Components (MDAC)
dcom95.exe 1,201KB (DCOM) for Windows 95
dcom98.exe 1,201 KB (DCOM) for Windows 98

You can find the latest version of WHCC and some info here.

It’s a pretty decent tool, a bit bloated though..due to all the Wincrap it uses. Still worth a look though, might give you a few ideas and lead you on the way to some cool ideas.

The direct download is here:

Web Hack Control Center 0.6.71


26 January 2007 | 45,099 views

Router/Switch Default Password List Updated

The famous Phenoelit Default Password List has been updated, it’s been quite some time since an update.

DPL

http://www.phenoelit.org/dpl/dpl.html

This is a must have resource on your pen-drive and backed up offline somewhere for those important times when you need to know the login for a router/switch :)


25 January 2007 | 5,706 views

Technitium MAC Address Changer v4 (TMACv4) Released

Technitium MAC Address Changer v4 (TMACv4 C4) has been officially released.

Technitium MAC Address Changer allows you to change Machine Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample of information regarding each NIC in the machine. This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box.
Technitium MAC Address Changer v4.0 is coded in Visual Basic 6.0.

Features

  • Changes MAC address of Network Interface Card (NIC) including Wireless LAN Cards, irrespective of its manufacturer or its drivers.
  • Has list of all known manufacturers (with corporate addresses) to choose from. You can also enter any MAC address and know which manufacturer it belongs to.
  • Allows you to select random MAC address from the list of manufacturers by just clicking a button.
  • Restarts your NIC automatically to apply MAC address changes instantaneously.
  • Allows you to create Configuration Presets, which saves all your NIC settings and makes it very simple to switch between many settings in just a click and hence saves lot of time.
  • Has command line interface which allows you to perform all the tasks from the command prompt or you can even create a DOS batch program to carry out regular tasks.
  • Allows you to export a detailed text report for all the network connections.
  • Displays all information you would ever need about your NIC in one view like Device Name, Configuration ID, Hardware ID, Connection Status, Link Speed, DHCP details, TCP/IP details etc.
  • Displays total bytes sent and received through the NIC.
  • Displays current data transfer speed per second.
  • Allows you to configure IP Address, Gateway and DNS Server for your NIC quickly and instantaneously.

Visit http://tmac.technitium.com for more information and download links.


24 January 2007 | 4,181 views

Phishing Fraud Cases Growing in the UK

Now this is a massive growth, 8000% percent..woah!

Thankfully losses are still ‘modest’ whatever that means, I guess although the attacks grow in
number, awareness an education also increases (in places like UK anyway) so the risk is fairly well mitigated.

UK incidents of phishing scams have grown 8,000 per cent over the last two years, according to the government’s financial watchdog authority. Although losses remain modest compared to other forms of financial fraud, banking security experts speaking before the House of Lords science and technology committee are concerned about the growing prevalence of scams designed to trick consumers into handing over online banking credentials.

The numbers are massively higher as recorded in the UK, and as they say detection quality has also gone up, so that would lead to higher figures. That means as always, the statistics could be in reality rather inflated.

Between January and June 2005, 312 phishing incidents were recorded, a figure that shot up to 5,059 for the first half of 2006, according to figures from UK banking payment organisation Apacs. Improved detection rates are partly behind the increase but even so the growing sophistication of scammers is leading to heavy losses from UK banks.

Apacs security chief Philip Whitaker told peers that scammers had transformed phishing scams from a cottage industry into an industrial process.

As always phishing is on the up, so be wary!

Source: The Register


23 January 2007 | 16,658 views

SIP Proxy – VoIP Security Testing Tool

SIP Proxy is an Open Source VoIP security test tool which has been developed by the students Philipp Haupt and Matthias Halimann during their diploma thesis and second student research project at the University of Applied Sciences Rapperswil.

With SIP Proxy you will have the opportunity to eavesdrop and manipulate SIP traffic. Furthermore, predefined security test cases can be executed to find weak spots in VoIP devices. Security analysts can add and execute custom test cases.

In the so called “Proxy Mode”, the application acts as a proxy between a VoIP PBX (e.g. Asterisk) and a UA (VoIP hard- or softphone). SIP traffic can be sniffed and dynamically manipulated with the help of regular expressions. Logged SIP messages can be modified and resent. In the “Test Case Mode” predefined security tests which are specified as XML files can be run against a specific target.

Fuzzing technology, which is a kind of black-box testing, can be applied to find weak spots in VoIP devices. There are many more specific modules which can be used within such a test case. For example Wordlist- or Bruteforce attacks. While running a test case, feedback is given by displaying a grahical report which can be exported in a printable PDF document afterwards.

With the help of SIP Proxy, several software bugs and configuration faults in specific VoIP devices have already been discovered.

You can find out more and download SIP Proxy at the SourceForge page here:

http://sourceforge.net/projects/sipproxy


22 January 2007 | 9,152 views

Logic Bomb Backfires on Hacker Employee

Ah the logic bomb, a source of humour for many due to it’s frequent showing up in ‘hacking’ movies, and it’s complete mis-use.

ZOMG THE LOGIC BOMB IT’S GONNA PWN US ALL!

A former UBS PaineWebber employee was sentenced to eight years in prison on Wednesday for planting a computer “logic bomb” on company networks and betting its stock would go down.

The investment scheme backfired when UBS stock remained stable after the computer attack and Roger Duronio lost more than $23,000.

8 years, pretty harsh eh?

You better be careful if you are planning on pwning your ex-company with some lame script.

Duronio quit his job as a systems administrator in February 2002 after repeatedly expressing dissatisfaction about his salary and bonuses, the statement said.

He then planted malicious computer code known as a “logic bomb” in about 1,000 of PaineWebber’s approximately 1,500 networked computers in branch offices. On March 4, 2002, the “bomb” detonated and began deleting files.

Duronio attempted to profit from the attack, the statement said. He bought more than $23,000 in put option contracts for UBS AG stock, betting the stock’s price would go down after his “logic bomb” went off.

His big mistake was the attempt at insider trading based on his attack on the company, seems like he screwed up loyally.

Losing $23,000 and spending 8 years in a cosy cell with Bubba, nice one!

Source: Reuters UK


20 January 2007 | 80,655 views

Class President Hacks School Grades

Ah the old mythical tale of hacking your school to change your grades to straight A’s, well I know people do it, I’ve seen it in the past…but now someone has actually gotten caught for it.

And what’s more..he’s the senior class president!

Cooper City High School’s senior class president was arrested Tuesday and charged in a grade-tampering scandal that has rocked the campus.

Ryan C. Shrouder, 18, of Cooper City, was taken to jail from school and charged with two counts of computer crime with intent to defraud, a second-degree felony, according to a Broward Sheriff’s Office report. He was released from jail on bail, has been suspended from school and will be recommended for expulsion, said Joe Melita, head of the Broward County School District’s investigative unit.

That’s a pretty serious list of charges.

On Nov. 2, an assistant principal told authorities that the school had begun investigating unauthorized grade changes. Course grades from previous years for 19 students, mostly seniors, had been altered.

Cooper City High’s bookkeeper told investigators that in the week before the grades were changed she witnessed Shrouder in the office of the computer technology specialist looking for a “sign-on” password to the district network. The technology specialist had left his passwords on a notepad in his desk, according to the report.

Investigators later determined that the employee’s sign-on account was the same one used to access the grades program and modify the marks.

I quite often get e-mails here at Darknet with people asking me how to hack their school servers..Sadly the majority don’t want to change the grades however they just want to access MySpace.

Source: Sun Sentinel


19 January 2007 | 513,883 views

Wep0ff – Wireless WEP Key Cracker Tool

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.

It uses combination of fragmentation and evil twin attacks to generate
traffic which can be used for KoreK-style WEP-key recovery.

This tool can be used to mount fake access point attack against WEP-based wireless clients.

This code tested patched madwifi-old drivers with athraw support, but also works with madwifi-ng. With madwifi-ng you need to create two virtual interfaces: one in master mode (for fake AP) and second in monitor mode (to listen on).

How to Use:
1. Setup fake AP with KARMA tools or iwconfig

2. Start this program (./wep0ff ath0raw 00:01:02:03:04:05)
3. Wait until client connect to fake access point
4. Launch airodump-ng to collect packets
5. Launch aircrack-ng to recover WEP key

You can download it here:

Wep0ff