Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

11 July 2006 | 4,815 views

Ticketcharge.com.my website hacked

Prevent Network Security Leaks with Acunetix

Ticketcharge.com.my, a Malaysian website that sells event tickets online appears to have been hacked. Forgot to take a screenshot of it but this screenshot from google cache taken today can be seen below. This happened over the weekend or perhaps earlier.

ticketcharge.com.my

Google cache here . This will be gone when google re-cache the site again.

Original Site:

ticket.com.my original site



11 July 2006 | 15,894 views

HoneyBot – A Windows Based Honeypot

HoneyBOT

HoneyBOT is a Windows based medium interaction honeypot solution.

What is a Honeypot?

A honeypot is a device placed on a computer network specifically designed to capture malicious network traffic. The logging capability of a honeypot is far greater than any other network security tool and captures raw packet level data even including the keystrokes and mistakes made by hackers. The captured information is highly valuable as it contains only malicious traffic with little to no false positives.

Honeypots are becoming one of the leading security tools used to monitor the latest tricks and exploits of hackers by recording their every move so that the security community can more quickly respond to new exploits.

How it Works

HoneyBOT works by opening over 1000 udp and tcp listening sockets on your computer and these sockets are designed to mimic vulnerable services. When an attacker connects to these services they are fooled into thinking they are attacking a real server. The honeypot safely captures all communications with the attacker and logs these results for future analysis. Should an attacker attempt an exploit or upload a rootkit or trojan to the server the honeypot environment will safely store these files on your computer for analysis and submission to antivirus vendors. Our test server has captured several thousand trojans and rootkits from these simulated services including:

  • Dabber
  • Devil
  • Kuang
  • MyDoom
  • Netbus
  • Sasser
  • LSASS
  • DCOM (msblast, etc)
  • Lithium
  • Sub7

HoneyBOT Installation

We suggest that you install HoneyBOT on a dedicated computer with no valuable information or resources required of it. In fact, you want your honeypot to be as free as possible from any legitimate traffic so in broad terms we can consider any traffic to the honeypot to be malicious in nature.

HoneyBOT requires minimum operating system of Windows 2000 and at least 128MB RAM is recommended.

You can read more here:

Honeybot


10 July 2006 | 4,563 views

Next Up – Hacking Nuclear Powerstations!

Now this is a scary though, with the digitisation of the old analogue power stations and the accidental cross-over of networks (as we’ve seen before) people could soon be hacking nuclear power station control systems..

he nuclear power industry is going digital — replacing mechanical systems with more efficient, networked computer-controls.

If that makes you nervous in a season-four-of-24 kinda way, you’re not alone. Last week, the US Nuclear Regulatory Commission voted unanimously to add cyber security requirements to federal regulations governing nuclear power plant security.

Scary eh? Something straight out of a sci-fi movie.

The main concern is that the next generation of digital “instrumentation and control”, or I&C, systems could all-too-easily wind up linked to company business networks, and, through them, the internet — all but guaranteeing they’d be hacked.

The risk was illustrated in 2003, when the Slammer worm penetrated a network at the idled Davis-Besse nuclear plant in Ohio, disabling a safety monitoring computer for nearly five hours. The worm snuck in through the energy company’s corporate network, over an unmonitored connection from a contractor’s private LAN.

I think the whole world should be pretty nervous, don’t you?

At an NRC security briefing last March, commissioner (and Los Alamos veteran) Peter Lyons commented he was “very, very nervous” about such interconnections. The exchange that follows shows how nervous nuclear-types are about sounding nervous. From the transcript [PDF]

Oh dear..

Source: Wired Blog


10 July 2006 | 4,683 views

A Day in the Life of a Spyware Company – DirectRevenue

Spyware companies are apparently netting HUGE profits, it doesn’t surprise me though with the amount of people that actually install the crap on their machines..

Let’s say we don’t like companies like Direct Revenue very much though.

Consumers have strong opinions about Direct Revenue’s software. “If I ever meet anyone from your company, I will kill you,” a person who identified himself as James Chang said in an e-mail to Direct Revenue last summer. “I will f—— kill you and your families.” Such sentiments aren’t unusual. “You people are EVIL personified,” Kevin Horton wrote around the same time. “I would like the four hours of my life back I have wasted trying to get your stupid uninvited software off my now crippled system.”

Direct Revenue makes spyware…and they make money too.

Although it is small by some corporate standards, having generated sales of about $100 million since its start in 2002, its programs have burrowed into nearly 100 million computers and produced billions of pop-up ads.

That’s a hell of a lot.

The industry in general is making a hell of a lot, can you believe it, 11% of total Internet money made is from spyware/adware.

Spyware rakes in an estimated $2 billion a year in revenue, or about 11percent of all Internet ad business, says the research firm IT-Harvest. Direct Revenue’s direct customers have included such giants as Delta Air Lines and Cingular Wireless. It has sold millions of dollars of advertising passed along by Yahoo. And Direct Revenue has received venture capital from the likes of Insight Venture Partners, a respected New York investment firm.

Somehow..the figures disturb me.

Source: MSNBC


08 July 2006 | 13,941 views

WebScarab – Web Application Analysis – New Version

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins.

In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser.

WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.

As WebScarab is a framework more than an actual tool it’s very extensible. Each feature above is implemented as a plugin, and can be removed or replaced. New features can be easily implemented as well.

There is a long list of current features.

The new version has a couple of bug fixes, a logo finally!

And a new memory utilisation widget that runs across the bottom (it does have some memory leaks).

Read more about WebScarab here.

You can download the new version here:

WebScarab


07 July 2006 | 8,667 views

‘Free’ USB Drives Defeat Company Security

This is an excellent case of Social Engineering, you could also consider it playing on human greed/ignorance/stupidity.

Whatever you want to label it really ;)

USB drives are a real security risk..

We recently got hired by a credit union to assess the security of its network. The client asked that we really push hard on the social engineering button. In the past, they’d had problems with employees sharing passwords and giving up information easily. Leveraging our effort in the report was a way to drive the message home to the employees.

The client also indicated that USB drives were a concern, since they were an easy way for employees to steal information, as well as bring in potential vulnerabilities such as viruses and Trojans. Several other clients have raised the same concern, yet few have done much to protect themselves from a rogue USB drive plugging into their network.

They had to think up something a little different though as they had to bait employees that were already on high alert as they knew they were being audited.

I made my way to the credit union at about 6 a.m. to make sure no employees saw us. I then proceeded to scatter the drives in the parking lot, smoking areas, and other areas employees frequented.

Once I seeded the USB drives, I decided to grab some coffee and watch the employees show up for work. Surveillance of the facility was worth the time involved. It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desks.

The stats are amazing, out of 20 drives, 15 were found…out of the 15 found ALL FIFTEEN were plugged into company computers.

A neat way to get in eh, next time you are asked to push the social engineering buttons during a penetration test or vulnerability assessment perhaps you can do this.

All you need is a few cheap USB drives and a custom trojan.

Source: Dark Reading


06 July 2006 | 7,156 views

A Forensic Analysis of the Lost Veteran’s Administration Laptop

An interesting speculative post on the forensics techniques that would most likely be used by the FBI during the investigation of the recovered Veteran’s Administration laptop.

Most of them are pretty straight forwards if you have any kind of experience with digital forensics and data recovery (disaster recovery, incident response etc.)

As a former Computer Forensic Specialist, I wanted to explain what’s probably going on with this laptop now that the FBI has the system and is forensically examining it. This explanation assumes the data was present on the hard drive (not a CD-Rom or other storage medium).

The two main areas cover physical examination and digital examination, physical would be looking for fingerprints and looking for evidence of tampering (screw heads, case scratches etc.).

A little discussion on MAC times and so on, if anyone is interested in this area, I might elaborate later.

As I said in the previous article, there isn’t much they can do if someone knew what they were doing.

The laptop thieves really know what they are doing. They remove the hard drive from the laptop, and mount it read-only (no modifications to the file system) on another computer, access the sensitive data and re-insert the hard drive into the stolen laptop. This is the same process the forensic examiner would use to prevent the examination from modifying the data contained on the laptop — and this is why I mentioned what the FBI might look for during the physical examination — marks on the screws or finger prints on the internal hard drive casing.

Indeed.

Source: Zonelabs


06 July 2006 | 3,109 views

Darknet – Subscribe by E-mail

If you aren’t using RSS you can now subscribe to Darknet via e-mail, you will receive a daily update of the posts published in the last 24 hours.

Enter your Email




Powered by FeedBlitz

Might be useful if you don’t have frequent access to check the site too.

Cheers!


05 July 2006 | 3,432 views

Veterans Administration Chief Says Laptop Recovered

Ah, so finally they got it back, from a street corner of all places.

Let’s hope they shall be a little more careful in the future yah?

The missing laptop and hard drive that contained veterans’ personal information has been found, Veterans Administration Chief Jim Nicholson announced Thursday.

The announcement came at the beginning of a hearing before the House Veterans’ Affairs Committee hearing.

“It was confirmed to me by the deputy attorney general that law enforcement has in their possession the … laptop and hard drive,” Nicholson said in a statement at the hearing. “The serial numbers match.”

Of course the FBI will roll out it’s forensics experts to testify the data has not been accessed, but let’s face it, how hard is it to mount the drive read only and clone it?

Not very right..

Experts were conducting forensic tests on the laptop and hard drive, Nicholson said. It was not immediately clear if the data on the equipment had been copied or compromised, but Nicholson said “there is reason to be optimistic.”

He did not say how the equipment was recovered, on where it’s been during the past two months. The equipment was found Wednesday; Nicholson said he wasn’t aware of any arrests made in connection with the incident.

An FBI spokesman said the laptop computer was recovered “in the area,” but could not provide more specific information. Forensics tests showed “the sensitive files were not accessed,” according to special agent in charge Bill Chase.

We’ll look at the forensics techniques in more depth later.

Source: MSNBC


04 July 2006 | 8,091 views

Month of Browser Bugs (MoBB)

Get ready for a complete month of fun with H D Moore’s Month of Browser Bugs.

Quoting from Browser Fun blog:

This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure. To kick off this blog, we are announcing the Month of Browser Bugs (MoBB), where we will publish a new browser hack, every day, for the entire month of July. The hacks we publish are carefully chosen to demonstrate a concept without disclosing a direct path to remote code execution. Enjoy!

He say’s he has plenty of vulnerabilities to go around.

You can also read his post at Metasploit’s blog.