Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

05 October 2006 | 11,450 views

California Passes Wi-Fi Security Guidance Law – War-Driving going down?

Check For Vulnerabilities with Acunetix

It seems like war-driving may become a thing of the past, legislation is starting to happen.

It’s a good start though, you have to target the manufacturers to educate their users, not target the users as they don’t care, sometimes ease of use has to be traded a bit with security.

California legislators have passed a law which will force makers of wireless internet equipment to include guidance on keeping data secure on wireless connections. The law now awaits signature by Governor Arnold Schwarzenegger.

From 1 October 2007, manufacturers must place warning labels on all equipment capable of receiving Wi-Fi signals, according to the new state law. These can take the form of box stickers, special notification in setup software, notification during the router setup, or through automatic securing of the connection. One warning sticker must be positioned so that it must be removed by a consumer before the product can be used.

The warnings would have to contain information on how to secure files, folders, and connections. Wireless internet connections can be used by anyone with Wi-Fi capability within the range of the transmitter unless they are secured.

Makes sense really right? The current law in a way can be seen to cover unauthorised wireless use.

The legislation acknowledges disagreement in the US as to whether it is legal for someone to use another person’s unprotected Wi-Fi connection. “While Section 502 of the Penal Code prohibits the unauthorized access to computers, computer systems, and computer data, authorized use is determined by the specific circumstances of the access,” it states. “There are also federal laws, including the Computer Fraud and Abuse Act […]that prohibit the intentional access to a computer without authorisation.”

In UK such warnings are not required but the position of using someone elses wi-fi connection is much clearer.

“The Communications Act includes an offence of dishonestly obtaining an electronic communications service ‘with intent to avoid payment of a charge applicable to the provision of that service’,” said Robertson. “We’ve already seen a conviction in the UK for using someone else’s Wi-Fi connection without authority.”

In July 2005, Gregory Straszkiewicz became the first person to be convicted under this provision. He was fined £500 at London’s Islewoth Crown Court. The Act provides for a maximum sentence of five years in prison and a fine.

So, is this the end of war driving?

Source: The Register


04 October 2006 | 12,391 views

Echo Mirage – A Generic Network Proxy

Echo Mirage is a generic network proxy. It uses DLL injection and function hooking to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.

Think of it as Odysseus (or Burp, if you prefer) that will proxy (almost) anything…

Windows encryption and OpenSSL functions are also hooked so that the plain text of data being sent and received over an encrypted session is also available.

Echo Mirage tries to be smart with the OpenSSL calls by monitoring ssl_set_fd() and ssl_connect() to determine when SSL is in use on a particular socket. When SSL is in use the encrypted stream is ignored and only the unencrypted data is processed. This doesn’t work for the windows SSL stuff because that functions in an entirely different way…

Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts.

Changes Since 1.0

  • Hooked RecvFrom, SendTo, WSAConnect, WSASend, WSASendTo and WSARecvFrom.
  • Fixed intermittent crash on uninject.
  • Fixed intermittent crash in thread termination.

You can download Echo Mirage here:


03 October 2006 | 7,641 views

Browzar is Bullshit

Not sure if any of you heard of this new super secure ultra cool web browser called Browzar?

There was a bit of a backlash as it turned out Browzar was just another custom wrapper for Internet Exploder.

Security experts are crying foul over a new supposedly secure browser application.

Browzar is promoted as an easy way for users to surf the web without leaving traces of sensitive information behind on their PCs. Critics say it fails to do what it says on the tin and, worse still, the software manipulates search results to push ads at users.

Browzar, according to its developers, is designed not to retain information. Browzar automatically deletes internet caches, histories, cookies. It doesn’t use auto-complete forms, a feature that anticipates the search term or web address a user might enter.

Ah wow sounds amazing eh….but?

Although positioned as a fully fledged browser application, Browzar is a simple “custom wrapper” and user interface for IE that inherits any problems an installed version of Internet Explorer might have, while adding some all of its own. The software is supposed to get rid of all records of sites surfers may have visited, along with cookies and history files relating to a Browzar session from users’ PCs.

But Browzar does not clean up all traces of surfing as promised. Deleted files are not wiped and would be easy to recover – allowing anyone with a basic data recovery tool to access history, cookies or any other media downloaded using Browzar. Furthermore, because Browzar uses IE’s ActiveX control, a list of browsed websites stills appear in the index.dat file. Browzar therefore, according to critics, offers a false sense of privacy protection.

What’s worse than no security? Yes…a false sense of security, the same goes for privacy.

Plus what’s worse…it seems to actually be along the lines of ad-ware spyware..

As if that wasn’t enough reason to be wary of the software, Browzar steers users towards the firm’s own search page which allows the browser’s developers to insert sponsored links intermixed with regular search results. Much of the criticism of Browzar has focused on its skewed search engine and the use of Browzar’s website as the default (unchangeable) home page for surfers.

The Register

02 October 2006 | 22,197 views

arp-sk – ARP Swiss Army Knife Tool

arp-sk is basically an ARP Traffic Generation Tool. It’s quite old but still very useful!

There are 2 basics mode:
– who-has: build a request ARP message.
– reply: build a reply ARP message (default)

Other advanced modes should come very soon
– arping: send a who-has to every host on the LAN to see who is here
– promisc: detection of boxes that are sniffing on the network using promiscuous mode of their network interface
– arpmim: perform Man in the Middle attack

Link level options

-s: set the source address of the packet.
Default : MAC address of the interface used to send the packets.

-d: set the destination address of the packet
Default: broadcast

These 2 options have a strong influence on the ARP message itself.
Here are the default according to these options:

– request

– reply

The only difference comes from the destiantion mac address from ARP message, since it has to be 00:00:00:00:00:00. For the reply mode, consistency is preserved and the destination MAC address used for the link layer is copied in the ARP message.

You can download arp-sk here:


01 October 2006 | 11,622 views

Security Boom Post 9/11

It makes sense really, the paranoia that quickly infected every corner of the ‘Western’ world had to be cashed in on by somebody, tada! The security industry of course.

During the Cold War, Canada’s National Optics Institute developed a system to detect which type of enemy tank or fighter jet was approaching. After the Soviet Union’s demise, such threats were deemed less likely, and the technology sat on the shelf.

Until 2003, when entrepreneur Eric Bergeron toured the institute with Sept. 11 on his mind.

“The flash I had was that we no longer look for Russian planes in the sky, but we do look for bad things in luggage,” Bergeron said.

The X-ray analysis company that emerged, Quebec-based Optosecurity, is only on the verge of putting its devices in real-life checkpoints. But its hopes are emblematic of the massive homeland security technology industry spawned by Sept. 11.

At least some interesting new technological solutions and ideas have popped up, not just the stupid crap that the George Bush administration usually comes up with..

Spending on domestic security across all U.S. federal agencies is expected to reach $58 billion in fiscal 2007 — up from $16.8 billion in 2001, according to the Office of Management and Budget. States and cities are annually contributing $20 billion to $30 billion more, Gartner Vice President T. Jeff Vining estimates.

Much of it lands with large defense contractors and systems integrators with long government ties and the heft to tackle huge projects. For example, Unisys got a $1 billion contract to set up computers, cell phones, websites and other network technology for airport security staff. BearingPoint won a $104 million deal in August to provide secure identification cards to federal employees and contractors.

Still, a lot of no-names are angling for a piece. Even a tiny slice could be revolutionary for them.

Ah hyper-vigilance, that’s a good term.

Brian Ruttenbur, homeland security analyst for Morgan Keegan & Co., is also watching companies that help analyze intercepted communications and those that manage video surveillance.

Of course, even as technologies improve, none is likely to end the post-Sept. 11 era of hyper vigilance. “We can’t catch everything,” Ruttenbur said. “I don’t know of any single technology that can be right 100 percent of the time.”

Let’s hope things can relax again with some of the good new technological controls in place rather than all of us who travel frequently being controlled by the fear or terrorism.

Source: Wired

01 October 2006 | 16,495 views

BeEF – Browser Exploitation Framework

There’s been a lot of nice Web relevant testing and hacking tools coming out lately, I’ve gotten quite a collection to post about, so do try them out and let me know what you think.

BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF.

The current version is 0.2.1 and is still a work in progress.

Modules Loaded

The ‘Load Modules’ area shows what modules are available. Clicking on them will load the module into the module console area. The modules are the parts of the application that provide code to be sent to the controlled browser. One of the main strengths of BeEF is the ease in with modules can be written. The require minimal effort to incorporate into the framework.

The module console area shows the modules input and configuration details. The following screenshot show the input options for the Port Scanning Module.


The ‘Zombies’ section of the sidebar displays basic details of the browser(s) under control of BeEF. All modules will execute within the zombies listed here.


You can download BeEF here:

beef-v0.3.1.tgz (md5sum: 8e160e72c7b9f1c292b5894d6b8d672c)

29 September 2006 | 8,654 views

Google Eavesdropping Software

This is a little scary, intensely personal ads which to be frank are getting a little invasive as it is..It’s like the part in minority report where the billboards scan your eyes and talk to you using your name and history of purchases.

It looks like it might be happening sooner than we think.

The first thing that came out of our mouths when we heard that Google is working on a system that listens to what’s on your TV playing in the background, and then serves you relevant adverts, was “that’s cool, but dangerous”.

The idea appeared in Technology Review citing Peter Norvig, director of research at Google, who says these ideas will show up eventually in real Google products – sooner rather than later.

The idea is to use the existing PC microphone to listen to whatever is heard in the background, be it music, your phone going off or the TV turned down. The PC then identifies it, using fingerprinting, and then shows you relevant content, whether that’s adverts or search results, or a chat room on the subject.

Being a hacker at heart..I don’t trust ANYONE or ANYTHING when they say it’s secure, it can’t be broken, it’ll be kept away from prying eyes, as well…we all know whatever can be made can be broken one way or another right?

Pretty soon the security industry is going to find a way to hijack the Google feed and use it for full on espionage.

Google says that its fingerprinting technology makes it impossible for the company (or anyone else) to eavesdrop on other sounds in the room, such as personal conversations, because the conversion to a fingerprint is made on the PC, and a fingerprint can’t be reversed, as it’s only an identity.

But we should think that “spyware” might take on an extra meaning if someone less scrupulous decided on a similar piece of software.

Anyone else thinking “Yah right?”.

Source: The Register

28 September 2006 | 9,692 views

Security Compass Web Application Analysis Tool – SWAAT

Announcing a new web application source code analysis tool called the Securitycompass Web Application Analysis Tool or SWAAT.

You may know it as a static analysis tool.

Currently in its beta release, this .Net command-line tool searches through source code for potential vulnerabilities in the following languages:

  • Java and JSP
  • ASP.Net
  • PHP

Using xml-based signature files, it searches for common functions and expression which may lead to exploits. We believe that this tool will help you in your ongoing source code analysis efforts.

Please visit Security Compass to download SWAAT. Future releases of SWAAT would include plugins into popular IDEs such as Visual Studio .NET and Eclipse.

As the tool is still new, Security Compass appreciates any comments you have in functionality and desired features. Please send any feedback to swaat -at securitycompass.com.

The direct link to download SWAAT is HERE.

27 September 2006 | 29,935 views

Super Mega Wi-Fi Hacking Machine – Janus Project

Apart from the fact Janus is almost like Anus this is a very cool project.

Seriously this is really geeky stuff, but super cool.

If you think seeing a dozen wireless networks makes your computer the ultimate scanning box, think again. A small security firm has made a portable computer that is capable of scanning 300 networks simultaneously. Dubbed the “Janus Project”, the computer also has a unique “Instant Off” switch that renders the captured data inaccessible.

The computer is the brain-child of Kyle Williams from the Janus Wireless Security Research Group in Portland, Oregon. We first spotted Williams sitting quietly and sipping Mountain Dew at the recently held Defcon security convention at the Riviera Casino in Las Vegas, Nevada. While it appeared as if Williams wasn’t ver busy, the bright yellow Janus computer in front of him was scanning and capturing data from hundreds of wireless networks in range.

Sounds cool eh!

Janus Project

In addition to scanning for wireless traffic, Williams says the computer can break most WEP keys very quickly by focusing all eight wireless cards on the access point. Using a combination of common utilities like airreplay, airdump and aircrack, Willams said, “When I use all 8 radios to focus in on a single access point, [the WEP key] lasts less than five minutes.” However, he added that some retail wireless access points will “just die” after being hit with so much traffic.

In addition to the capturing process, the hard drive and memory contents are continuously encrypted with AES 256-bit keys. There is also an “Instant Off” switch that, according to Williams, renders the captured data inaccessible to anyone but him.

Source: TG Daily

26 September 2006 | 9,371 views

Nerdcore Hits the Streets – Geek Music for the Masses

Something a little off-topic for once, nerdcore is getting big!

Geek music is hitting the streets.

Gangsta is dead. Grime is a bore. There’s a new beat on the street and it’s called Nerdcore. This geeky hip hop subgenre, also dubbed CS rap (that’s computer science, yo!), is finally booting up with the release of Rhyme Torrents, a compilation featuring the work of more than 50 men and even a few ladies who bust rhymes (and C++ code). The collection is free online, so none of the artists make bank.

Check it out yo!

Like all true playa MCs, they did it for the street cred. Of course, in the CS rap arena that means a Wikipedia entry, and you can’t get one of those without an official album release. Here are a few of the overclocked hustlas you can find at nerdcorehiphop.org.

What are you waiting for, head to http://www.bedoper.com/nerdcore/ and grab some geeksta rap tunes now!

Source: Wired