Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

18 September 2006 | 3,856 views

Former Hacker Irks Microsoft in EU Dispute

Check For Vulnerabilities with Acunetix

Ah the anti-trust battle continues, good to see someone with technical skills involved, I wonder how the case is coming along, I haven’t heard about it for a while.

Again this is quite an old story.

As an expert witness on digital crime, British computer consultant Neil Barrett has helped prosecutors in the United Kingdom convict murderers and pedophiles.

Now Mr. Barrett is finding out what it’s like to be on trial, as the independent trustee and chief technical expert in the European Union’s mammoth antitrust battle with Microsoft Corp.

European Commission regulators in Brussels chose Mr. Barrett from among Microsoft’s own nominees for the job of judging whether the company is complying with a 2004 EU ruling that it help its competitors design software to mesh with its nearly ubiquitous Windows operating system. Following Mr. Barrett’s scathing assessments of Microsoft’s efforts, the European Commission threatened the company with fines that could exceed €100 million, or $120 million — prompting Microsoft to attack Mr. Barrett’s competence and to accuse him of colluding with its rivals. Regulators last week rose to Mr. Barrett’s defense.

Microsoft accusing someone else of dirty tactics and colluding with competitors? That’s a new one..

In February, Microsoft responded that Mr. Barrett was operating with a “set of basic misunderstandings” about Microsoft programming terms. In another filing to the EU this month, Microsoft accused Mr. Barrett and the regulators of “actively and secretly working with Microsoft’s adversaries.”

Emails the commission gave Microsoft show Mr. Barrett in frequent contact with regulators and Microsoft competitors, which led the company to call Mr. Barrett the “commission’s co-prosecutor.” The growing brouhaha led the normally secretive commission to release the terms of Mr. Barrett’s mandate, which says he should “play a proactive role” in monitoring Microsoft — a clause the commission says gives him freedom to confer with Microsoft rivals. Even Sun Microsystems, which usually declines to comment on the case, made an exception, calling Microsoft’s criticism of him “misplaced.”

I’ll have a Google and see what’s happening nowadays with Mr Barrett.

Source: WSJ

Advertisements



14 September 2006 | 16,598 views

Impressive Open Source Intrusion Prevention – HLBR

It’s good to see work on open source tools in the countermeasure department aswell as the attack and penetration arena.

It’s a shame since Snort and Nessus have gone semi-commercial.

I hope more people invest their time in good IDS, Firewall and IPS systems, I love things like IPCop and hope to see more products like HLBR.

HLBR is a brazilian project, started in november 2005, as a fork of the Hogwash project (started by Jason Larsen in 1996)

HLBR is an IPS (Intrusion Prevention System) that can filter packets directly in the layer 2 of the OSI model (so the machine doesn’t need even an IP address). Detection of malicious/anomalous traffic is done by rules based in signatures, and the user can add more rules. It is an efficient and versatile IPS, and it can even be used as bridge to honeypots and honeynets. Since it doesn’t make use of the operating system’s TCP/IP stack, it can be “invisible” to network access and attackers.

Since version 1.0, released in march 5th 2006, HLBR can use regular expressions to detect intrusion attempts, virus, worms, and phishing.

You can view the entire HLBR README file here.

Go to the HLBR Homepage for more information and downloads.


13 September 2006 | 19,576 views

Using the capture command in a Cisco Systems PIX firewall.

This is an excellent article you might find useful covering the use of the capture command in Cisco PIX firewalls.

A vital tool to use when troubleshooting computer networking problems and monitoring computer networks is a packet sniffer. That being said, one of the best methods to use when troubleshooting connection problems or monitoring suspicious network activity in a Cisco Systems PIX firewall is by using the capture command. Many times Cisco TAC will request captures from a PIX in PCAP format for open problem tickets associated with unusual problems or activity associated with the PIX and the network.

Cisco kit can be a bit daunting for a newcomer, but very well featured, it’s important to learn what your PIX can do!

The capture command was first introduced to the PIX OS in version 6.2 and has the ability to capture all data that passes through the PIX device. You can use access-lists to specify the type of traffic that you wish to capture, along with the source and destination addresses and ports. Multiple capture statements can be used to attach the capture command to multiple interfaces. You can even copy the raw header and hexadecimal data in PCAP format to a tftp server and open it with TCPDUMP or Ethereal.

NOTE: You must be in privileged mode to invoke the capture command.

Full article here.


12 September 2006 | 13,397 views

Moving Ahead in the War Against Botnets

This effort started quite a long time ago, I was just checking up to see how they were getting on, but there’s not much news of their progress.

perating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and disable the command-and-control infrastructure that powers millions of zombie drone machines, or bots, hijacked by malicious hackers.

The idea is to open up a new reporting mechanism for ISPs and IT administrators to report botnet activity, especially the C&C (command-and-control) system that remotely sends instructions to botnets.

A botnet, which is short for “robot network,” is a collection of broadband-enabled computers that have been commandeered by hackers for use in spam runs, distributed denial-of-service attacks or malware installation.

Botnets are often used in script kiddy DDoS wars or more commonly nowadays for Eastern block extortion scandals. “Pay us $xxxx or we will take down your site” this of course is especially effective against sites such as online Casinos which do their business solely through their websites.

Evron, who serves as the Israeli CERT manager and is a leader in many global Internet security efforts, said the group includes representatives from anti-virus vendors, ISPs, law enforcement, educational institutions and dynamic DNS providers internationally.

Over the last year, the group has done its work quietly on closed, invite-only mailing lists. Now, Evron has launched a public, open mailing list to enlist the general public to help report botnet C&C servers.

The new mailing list will serve as a place to discuss detection techniques, report botnets, pass information to the relevant private groups and automatically notify the relevant ISPs of command-and-control sightings.

It is true hackers code for cash nowdays, not for anarchy or chaos, money can be made being an online hitman and extortion has moved from physical beatings to online terrorism.

Websense’s Hubbard agrees there’s no silver bullet to solve the problem. “We’re seeing a major crossover,” he said. “Bots are now coming with keyloggers. We’re seeing botnets being used in conjunction with phishing attacks. The effort has to get buy-in from everyone, including law enforcement authorities, ISPs, dynamic DNS providers and the general public.

“I don’t think we’ll ever shut down botnets. The problem is just going to change with time,” Hubbard added. “The techniques are becoming better and more sophisticated as we come out with new defense techniques. We’re just trying to slow them down, really.”

I do agree, but it’s good to see efforts being made, the main counter of course is always education, remove the ignorance of PC owners and OS developers and there will be no botnets any more..but well that would be an ideal world wouldn’t it?

Botnets mailing list

Darknet also reported on Shadowserver Battling the Botnets.

Source: Eweek


11 September 2006 | 70,194 views

LCP – A Good FREE Alternative to L0phtcrack (LC5)

Since Symantec stopped development of L0phtcrack many people have been looking for alternatives.

So don’t forget..

Jack the Ripper is still king
Medusa is good
Ophcrack for Rainbow Tables

And now one more, introducting LCP, which we have talked about before in the article Password Cracking with Rainbowcrack and Rainbow Tables.

LCP is freeware!

The main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. General features of this product:

Accounts information import:

  • import from local computer;
  • import from remote computer;
  • import from SAM file;
  • import from .LC file;
  • import from .LCS file;
  • import from PwDump file;
  • import from Sniff file;

Passwords recovery:

  • dictionary attack;
  • hybrid of dictionary and brute force attacks;
  • brute force attack;

Brute force session distribution:

  • sessions distribution;
  • sessions combining;

Hashes computing:

  • LM and NT hashes computing by password;
  • LM and NT response computing by password and server challenge.

You can download LCP here.


10 September 2006 | 4,825 views

What Responsibility do Anti-Spyware Researchers Have?

Ethical debates are always interesting, and people have gotten in trouble lately for reverse engineering and various other branches of research.

This is a fairly old topic, but as I’m clearing out some old drafts, I still find it an interesting one.

There’s been an ongoing debate in security circles concerning how security researchers should disclose vulnerabilities for a long time, Darknet is of course in the Full Disclosure school of thinking. The common viewpoint is that the researchers should disclose the vulnerabilities to the company, giving them some time to fix the problem.

Typically, however, if nothing is done to fix the vulnerability, then researchers eventually will disclose it publicly. That’s where a lot of the conflict occurs, and there are even some questionable laws that might get you in trouble for publicly discussing a vulnerability. However, does this apply to spyware research as well?

The main question is, should the vulnerabilities ever be posted publically? I of course say yes, as if I’m using that software, I have the right to know there’s something wrong with it and take remedial measures, even if there’s no patch (that’s the beauty of open source, you can patch it yourself!).

There was a lot of conversation during the 180solution period about responsible disclosure and disclosing the affiliates used to install spyware, someone 180 always manage to spin it into a self-serving press release about how they triumphed over evil.

Ah ethics, always an interesting topic.

The whole thing became a virtual war between a high profile security researcher and the spammy 180solution folks.

The sniping between a controversial adware company and a prominent anti-spyware researcher continued Thursday as 180solutions defended its practices and called critic Ben Edelman “irresponsible.”

Earlier this week, Bellevue, Wash.-based 180 solutions, which distributes software that delivers ads to users’ computers, blasted Edelman, a Harvard researcher, for improperly disclosing a hack into the company’s installation software. Last week, Edelman had posted an analysis of an illegal download of 180’s Zango software by an affiliate Web site of 180’s advertising network.

You can read more here.


07 September 2006 | 125,215 views

Hacking Still Can’t Outdo Stupidity for Data Leaks

Can you believe this the provincial government in British Columbia has managed to auction off a set of data tapes containing people’s social insurance numbers, dates of birth and medical records among other information.

The provincial government has auctioned off computer tapes containing thousands of highly sensitive records, including information about people’s medical conditions, their social insurance numbers and their dates of birth.

Sold for $300 along with various other pieces of equipment, the 41 high-capacity data tapes were auctioned in mid-2005 at a site in Surrey that routinely sells government surplus items to the public.

Included among the files were records showing certain people’s medical status — including whether they have a mental illness, HIV or a substance-abuse problem — details of applications for social assistance, and whether or not people are fit to work.

Stupidity knows no bounds really. Do people not understand SENSITIVE, or CONFIDENTIAL or PRIVATE?

In an interview Friday afternoon, Labour Minister Mike de Jong, whose ministry oversees the auction process, said he has ordered an immediate investigation to determine how the breach took place.

“It is completely unacceptable for information like this to be unsecured in the way this clearly is,” he said.

“People deserve to know [this] type of information . . . is secure and kept private,” he added, offering an apology. “I can think of no excuse for information of this sort finding its way into the public domain.”

Well yes I totally agree. And well..this is not the first time is it? And I’m damn sure it wont be the last.

Source: Canada.com

*Clearing out some old articles*


06 September 2006 | 1,172,544 views

Brutus Password Cracker – Download brutus-aet2.zip AET2

If you don’t know, Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new releases will be available in the near future.

Download brutus-aet2.zip

Brutus was written originally to help me check routers etc. for default and common passwords.

Features

Brutus version AET2 is the current release and includes the following authentication types :

  • HTTP (Basic Authentication)
  • HTTP (HTML Form/CGI)
  • POP3
  • FTP
  • SMB
  • Telnet

Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.

The current release includes the following functionality :

  • Multi-stage authentication engine
  • 60 simultaneous target connections
  • No username, single username and multiple username modes
  • Password list, combo (user/password) list and configurable brute force modes
  • Highly customisable authentication sequences
  • Load and resume position
  • Import and Export custom authentication types as BAD files seamlessly
  • SOCKS proxy support for all authentication types
  • User and password list generation and manipulation functionality
  • HTML Form interpretation for HTML Form/CGI authentication types
  • Error handling and recovery capability inc. resume after crash/failure.

You can download brutus-aet2.zip here (the password is darknet123):

Brutus AET2


06 September 2006 | 5,879 views

Charity Computers May Fuel Malware Wars

Sometimes doing good can help bad things propagate, sometimes it’s good to consider the big picture and the repercussions of your charitable actions.

This is a case where such logic rings true.

Programs to send PCs to third world countries might inadvertently fuel the development of malware for hire scams, an anti-virus guru warns.

Eugene Kaspersky, head of anti-virus research at Kaspersky Labs, cautions that developing nations have become leading centres for virus development. Sending cheap PCs to countries with active virus writing cliques might therefore have unintended negative consequences, he suggests.

“A particular cause for concern is programs which advocate ‘cheap computers for poor third world countries’,” Kaspersky writes. “These further encourage criminal activity on the internet. Statistics on the number of malicious programs originating from specific countries confirm this: the world leader in virus writing is China, followed by Latin America, with Russia and Eastern European countries not far behind.”

It has to be considered I guess, but this shouldn’t be a reason to NOT give them computers, IMHO anyway.

But what about all the positive uses in education, for example, possible through the use of second-hand PCs in developing nations? We reckon these more than outweigh the possible misuse of some computers at the fringes of such programs.

We wanted to quiz Kaspersky more closely on his comments but he wasn’t available to speak to us at the time of going to press.

I say let’s do the best we can, and take the bad guys out as we go along.

Source: The Register


05 September 2006 | 32,378 views

The Top 10 PHP Security Vulnerabilities from OWASP

This is a useful article that has basically taken the OWASP Top 10 Vulnerabilities and remapped them to PHP with actual examples.

The Open Web Application Security Project released a helpful document that lists what they think are the top ten security vulnerabilities in web applications.

These vulnerabilities can, of course, exist in PHP applications. Here are some tips on how to avoid them. I’ve included related links and references where relevant.

You can download the detailed OWASP Top 10 Vulnerabilities here.

You can find PHP and the OWASP Top Ten Security Vulnerabilities here.