Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

29 December 2006 | 3,505 views

Some Relaxing on the DMCA Regulations

Cybertroopers storming your ship?

There seems to be have been some slight relaxation on the DMCA regulations lately, which is a good thing for the majority of people!

There have been many grey cases and sadly most have fallen on the side of the big corporations, finally something on our side!

The U.S. Copyright Office specified new rules Wednesday allowing cellphone owners to hack software designed to prevent them from using their phones on competing carriers. Retrogaming enthusiasts will also be permitted to crack copy protection on abandoned titles, albeit for “archival” purposes only.

I think it’s perfectly reasonable, if I buy a peice of hardware or whatever I should completely own it and be able to use it for whatever I want, I shouldn’t be limited by the company that sold it to me.

And Abandonware is ok!

And thankfully a thumbs up for educators too.

The rules also allow teachers to copy “snippets” from DVDs for educational compilations, and confer the right to have third-party software read copy-protected electronic books –if you’re blind.

The Digital Millenium Copyright Act (DMCA) has been held to crimizalize circumvention of any kind of software protection, even in the pursuit of applications that would have previously been considered fair use. There is at least one ongoing legal action concerning recycled cell phones based on this law, according to Librarian of Congress James H. Billington. But not after today.

You can see the full list of 6 exemptions here.

Source: Wired Blog

Advertisements



28 December 2006 | 7,193 views

TXDNS 2.0.0 Released – DNS Digger for Brute Force

TXDNS 2.0.0 has been released.

TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques:

  • Typos
  • TLD rotation
  • Dictionary attack
  • Brute force

This new version features a distributed model which further boosts TXDNS’s parallelism and performance. This model allows a TXDNS client to send jobs to a TXDNS server over a clear or encrypted TCP channel.

For example, to put a TXDNS host on listening mode:

By default TXDNS listens on port 5353. On the client side you may postany query jobs by appending ‘-c xx.xx.xx.xx’ to the regular query syntax (where xx.xx.xx.xx is the host’s IP running TXDNS on listening mode), for example:

Using -cr instead of -c will force the TXDNS server to redirect all output to the client, so basically you get the results from the server’s job right on the client console. Note that file system streams are not redirected, which means that any file switches (-f or -h) will still have the remote host as root reference.

To encrypt all the traffic between the client and the server just append ‘–key ‘ to the regular syntax on both the client and server.

A new –countdown option has been added as a very basic synchronization mechanism, and by default, any jobs, no matter remote or local will now delay for 5s before firing. If you want to bypass this countdown delay you’ll have to add ‘–countdown 0’.

You can read more and download at:

http://www.txdns.net


27 December 2006 | 3,029 views

Firefox Patches 8 Security Vulnerabilities with 2.0.0.1

Grab the new Firefox now, 2.0.0.1! 8 Security Vulnerabilities have been fixed in this last release of the year 2006.

I’m glad to see Firefox upholding their quick turnaround and rapid fixing of issues that spring up during development and improvement of their product.

Mozilla has released the first update for the Firefox 2.0 browser to fix eight security vulnerabilities.

According to the company, release 2.0.0.1 of Firefox fixes flaws in memory corruption as well as the way the browser executes RSS (really simple syndication), Javascript and CSS (cascading style sheets) code, among other vulnerabilities. Mozilla also patched similar flaws in its Firefox 1.5 browser.

Five of the eight flaws were rated as critical, according to Firefox. A critical rating means a Firefox user would be vulnerable to attack and remote software installation on their machines just from browsing the Web in the usual fashion. Two of the flaws were rated as high, while one received a low security-risk rating, Firefox said.

Mozilla’s advisory and information on the update can be found on the company’s Web site.

Danish security firm Secunia ApS also posted information about the patches on its Web site.

Source: Infoworld


26 December 2006 | 2,687 views

Awareness of Phishing is on the Up – But so are Monetary Losses

It seems like phishers are changing their tactics to those similar to spammers, rather than going for big targets and mass mails they are turning to more wealthy customers and fewer but larger bounties.

Imagine if they can nail a few big ones, they are set.

Online fraudsters are turning their attentions away from large banks and increasingly targeting wealthy consumers as phishing schemes continue to lure large numbers of people into unknowingly sharing their private information with criminals, reports Gartner.

Americans are losing fewer dollars to online phishing schemes as a whole, but Internet-savvy, affluent PC users are being hit up for more money than ever, according to the latest Gartner research.

Based on a survey of 5,000 consumers in the United States, Gartner said users are being assaulted with more phishing attacks than ever before and are falling for more of the gimmicks. Yet at the same time, customers are losing less money to the schemes, due to a growing awareness of the online fraud model, as banks and other businesses spoofed in the attacks have put more tools in place to help identify suspicious behavior.

So phishing is on the up…and so are monetary losses, people are generally losing less but more people are losing and wealthier people are being targeted so the average has gone up.

There really is an amazing amount of phishing going on

artner estimates that 109 million U.S. adults received phishing e-mails during the last 12 months, compared to only 57 million in 2004. An estimated 24.4 million Americans went on to click on phishing e-mails in 2006, up from approximately 11.9 million in 2005. The company said 3.5 million adults gave sensitive information to fraudsters in 2006, compared to only 1.9 million adults last year.

Based on the survey, the average loss per victim has grown from $257 to $1,244 per victim in 2006. Finding a refund for money lost to the schemes has also become harder: Consumers recovered approximately 80 percent of their cash in 2005, but are getting back an average of only 54 percent in 2006.

The moral of the story is…don’t fall for it, because it is your fault and it’ll be hard to get your money back.

Awareness generally is higher, but people are still getting conned left right and center.

As with any technology, it enables bad just as well as good.

Source: Eweek


25 December 2006 | 4,289 views

Merry Christmas to All

It’s been a good year for Darknet since the relaunch in February and I’d like to take this chance to thank you for your readership, with over 2300 RSS subscribers during the week the readership has grown into a solid base.

I’d like to thank you all for reading, commenting and linking to Darknet and supporting what we are doing, we hope to continue providing you with the latest, most important news, tutorials and articles about information security.

Geek Xmas

Merry Christmas to all of you and your families/loved ones.

Hack safe and I hope you got some great gadgets for xmas.


22 December 2006 | 22,259 views

projectBypass

Today while browsing I suddenly came across projectBypass, which is a very useful website which acts as a proxy, and assures us 100% anonymity:

Make ProjectByPass your homepage for 100% secure web surfing! Keep your online activity free from potential attackers.

…of course I have my doubts about this because…

ProjectByPass.com is a FREE Web Based CGI Proxy that allows users to have complete anonymity while browsing the internet. The ProjectByPass CGI Proxy can also be used to bypass school or business filters to play games or visit otherwise blocked websites. Remember, everything that is done with the CGI Proxy is logged to prevent from malicious activity. ProjectByPass.com did not publish any of the information seen within the CGI Proxy, we’re simply a portal to help get you there.

100% anonymity?…I posted it separately from the topic Browse Anonymously at Work or School – Bypass Firewall & Proxy because it has some useful extra options like: remove (cookies, scripts, ads) and hide referrer information.

It’s worth trying it out ;)

www.projectBypass.com


21 December 2006 | 11,327 views

Skype Worm in the Wild – W32.Chatosky

A new worm is spreading fast on the Skype network, it’s activated by a malicious Skype Chat link and it has been seen in the wild in numerous places.

Apparently the dangerous link starts with “Check this!” pointing to a .org/.biz address, if you click the link you’ll become infected.

There have been no reports of unpatched issues with Skype so the vector for the attack at present is unknown, after discussion with the Skype developers it’s found the Trojan is using features from the Skype API to propogate, so there is no flaw in Skype.

The end-user who is running Skype does get notified that a program is attempting to access it and must acknowledge it.

From Websense the details we have are:

  • The filename is sp.exe
  • Assuming the file is run it appears to drop and run a password stealing Trojan Horse
  • The file also appears to run another set of code that uses Skype to propagate the original file
  • The file is packed and has anti-debugging routines (NTKrnl Secure Suite packer)
  • The file connects to a remote server for additional code
  • The original site has been black holed and is not serving the code anymore
  • The original infections appear to be in APAC region (Korea in particular)

It appears that Symantec uses name W32.Chatosky when they released a description document about the worm.

The malware queries Skype for random users every three minutes and an error message is being displayed if there is no Skype installed to the system.

As always be wary :)


20 December 2006 | 38,498 views

XSS Shell v0.3.9 – Cross Site Scripting Backdoor Tool

XSS Shell is a powerful XSS backdoor which allows interactively getting control over a Cross-site Scripting (XSS) vulnerability in a web application. Demonstrates the real power and damage of Cross-site Scripting attacks.

WHAT IS XSS SHELL ?

XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by XSS-Proxy (http://xss-proxy.sourceforge.net/). Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim, you can backdoor the page.

You can steal basic auth, you can bypass IP restrictions in administration panels, you can DDoS some systems with a permanent XSS vulnerability etc. Attack possibilities are limited with ideas. Basically this tool demonstrates that you can do more with XSS.

FEATURES

XSS Shell has several features to gain whole access over victim. Also you can simply add your own commands.

Most of the features can enable or disabled from configuration or can be tweaked from source code.

Features:

  • Regenerating Pages
  • Keylogger
  • Mouse Logger (click points + current DOM)

Built-in Commands:

  • Get Keylogger Data
  • Get Current Page (Current rendered DOM / like screenshot)
  • Get Cookie
  • Execute supplied javaScript (eval)
  • Get Clipboard (IE only)
  • Get internal IP address (Firefox + JVM only)
  • Check victim’s visited URL history
  • DDoS
  • Force to Crash victim’s browser

Online URL (Download, Screenshots, demo etc.):

http://ferruh.mavituna.com/article/?1338

Download :

http://www.portcullis-security.com/tools/free/XSSShell039.zip
or
http://ferruh.mavituna.com/xssshell/download/xssshellv039.zip


19 December 2006 | 7,653 views

Save Your Reputation Online with ReputationDefender

This is a pretty interesting idea and for once it addresses a real requirement. A lot of stories have hit the press about people getting fired or ‘dooced’ because of stuff online or not even getting jobs because of something found on MySpace.

So up pops a company that is willing to protect your reputation online.

The mistakes you make on the internet can live forever — unless you hire somebody to clean up after you.

A new startup, ReputationDefender, will act on your behalf by contacting data hosting services and requesting the removal of any materials that threaten your good social standing. Any web citizen willing to pay ReputationDefender’s modest service fees can ask the company to seek and destroy embarrassing office party photos, blog posts detailing casual drug use or saucy comments on social networking profiles.

It’s pretty reasonable too and can work great for anyone wanting to clear up a messy online history after those wild college years.

The company produces monthly reports on its clients’ online identities for a cost of $10 to $16 per month, depending on the length of the contract. The client can request the removal of any material on the report for a charge of $30 per instance.

Michael Fertik and his partners originally conceived of ReputationDefender as a way for parents to protect their children from potentially damaging postings to social networking sites like MySpace or Facebook.

Of course Facebook and MySpace are the main culprits.

Using both site-scraping robots and good old-fashioned human detective skills, ReputationDefender promises to scour the internet — particularly social networking sites like MySpace, Facebook, Xanga and Flickr — for materials that could threaten the author’s employability once he reaches the professional world and its army of Google-savvy hiring managers.

According to CareerBuilder.com, 26 percent of hiring managers say they have used search engines to research potential employees, and one in 10 has looked on a social networking website.

As you can see it is important now to look after your reputation online.

Source: Wired


18 December 2006 | 12,571 views

SinFP 2.0.4 – OS Detection – Now Works On Windows

SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has.

Nmap approaches to fingerprinting as shown to be efficient for years. Nowadays, with the omni-presence of stateful filtering devices, PAT/NAT configurations and emerging packet normalization technologies, its approach to OS fingerprinting is becoming to be obsolete.

SinFP uses the aforementioned limitations as a basis for tests to be obsolutely avoided in used frames to identify accurately the remote operating system. That is, it only requires one open TCP port, sends only fully standard TCP packets, and limits the number of tests to 2 or 3 (with only 1 test giving the OS reliably in most cases).

SinFP 2.04 is now available, which for the first time, can now run under Windows ActivePerl.

More info here:

SinFP

SinFP has now more than 130 signatures in its database.

For Windows users, follow these instructions:

This was tested with ActivePerl 5.8.8.819, with PPM v4.0.

If you have error messages about failing to load some .dll, go to www.microsoft.com. Then, in the search field, type in vcredist_x86.exe, download it and install it.