Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

15 April 2006 | 36,689 views

Some Good Tips to Secure Linux

Prevent Network Security Leaks with Acunetix

I came across this while browsing, has some pretty solid stuff, goes deeper than most basic Linux security guides.

It has some good sections like this on protection against fork bombs:

Fork bombs are programs that keep creating child processes until system resources are all used, they actually aren’t remote exploits because they require a local user to execute the bomb, however, users may be tricked into running a fork bomb, for example the following example may look innocent, but running it on an unprotected system may take the whole system down:

:( ){ : |:& }; :

WARNING: do NOT run the above code on an unprotected system!

The above shell script will actually keep forking at an exponential rate until system resources are exhausted.

To protect a system against such attacks, there is a file for limiting the number of processes for each user, it is /etc/security/limits.conf, add the following two lines to it:
@users soft nproc 100
@users hard nproc 150

The lines prevent anyone in the users group from having more than 150 processes, and issue a warning at 100 processes.

Your system may not have a users group, so you may need to edit the lines to suit your needs.

There are some other things you can do like using a file integrity checker, installing a log checker or centralising logs with something like syslog-ng, scanning for SU files on a regular basis, setup alerts if a new user is added and so on, but this gives you a start.

It has some security tips for OpenSSH, Samba and MySQL too.

I recommend taking a look anyway!

Tips to Secure Linux Workstation



14 April 2006 | 53,671 views

bsqlbf 1.1 – Blind SQL Injection Tool

bsqlbf is a tool for Blind SQL Injection attacks, a pretty nifty one too!

The author says there are similar tools about, but he’s tried to combine all the techniques into one compact but complete tool.

bsqlbf 1.1

# CHANGELOG:
# -get now support resume (with -start option)
# -get to fetch files (thank you ilo AGAIN)
# + -time option added (IDS bypass)
# + -rtime option added (IDS bypass)
# + -rproxy option added (IDS bypass)
# + -ruagent option added (IDS bypass)

There is a decent GUI front end in Perl-Tk made by Gandalfj, a Windows version is available for download too.

You can download bsqlbf 1.1 here (Original page in Spanish).


13 April 2006 | 12,720 views

British Hacker Gary McKinnon Fears Guantanamo

I don’t know what he was thinking really, tampering with US military or governmental systems without some SERIOUS protection.

A British man accused of being behind the largest ever hack of US government computer networks could end up at Guantanamo Bay, his lawyer has claimed.

Gary McKinnon, from London, denies causing $700,000 (£400,000) damage to military and Nasa systems in 2001-2.

Bow Street Magistrates’ Court was told the 40-year-old feared a prosecution might take place under US anti-terror laws if it agreed to his extradition.

Jailed under the anti-terror laws, a little extreme for hacking no?

It’s not like he’s the member of an opposing countries cyber attack squad.

What’s worse is if he’s subjected to Military Order Number One – a legal procedure which enables the president to specify that suspects can be detained indefinitely..

If he gets that, well he’s basically screwed.

Mr McKinnon is accused of hacking into computers in 14 states, including at the Pentagon and naval weapon station Earle.

At an earlier hearing his lawyers suggested his actions were not malicious – he had been trying to expose lax computer security and access what he believed was withheld information about UFOs.

It seems to be pretty sensationalist though, from what I know he used some pretty standard out of the box tools to hack into some poorly secured peripheral systems. He was trying to expose the flaws rather than use them for some malicious purpose.

But well, the lesson is there, don’t mess with things you shouldn’t..and if you HAVE to, cover your tracks ;)

Source: BBC UK and more at Yahoo!

I also found a VERY interesting interview with McKinnon over here.


13 April 2006 | 4,699 views

New Critical MEGApatch fixes 10 Vulnerabilities in Internet Explorer

Well how many does that leave unpatched? 30+ if I remember correctly from the PivX page that got taken down mysteriously.

Microsoft on Tuesday released a “critical” Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks.

The Redmond, Wash., software giant sent out the IE megafix as part of its monthly Patch Tuesday cycle of bulletins. In addition, Microsoft delivered two bulletins for “critical” Windows flaws, one for an “important” vulnerability in Outlook Express and one for a “moderate” bug in a component of FrontPage and SharePoint.

I think this whole Patch Tuesday is a stupid idea in itself, why can’t they release patches for critical vulnerabilities ASAP?

Some pretty scary news though eh? For normal users anyway.

Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer running vulnerable versions of the Web browser.

Apparently they say, only one has been used…the one we talked about previously (The CreateTextRange Exploit).

According to Microsoft’s bulletin, three of the 10 vulnerabilities fixed by the update had been publicly disclosed. Only the CreateTextRange flaw was being exploited in attacks, the software maker said.

Basically you can get complete control of the machine just by getting a user to visit a maliciously built web page, good stuff!

Source: News.com


12 April 2006 | 45,993 views

Download Youtube.com & Google Videos With 1 Click

With one easy click! We talked about Downloading Youtube.com Videos before, but now it’s even easier.

Found a new site that does this seamlessy, all you have to do is drag the bookmarklet to your toolbar, then when you see a video you want on Google or Youtube, just hit the button on your bookmark toolbar and it will be downloaded.

Check it out at:

http://keepvid.com/lite/

It doesn’t only work with Google and Youtube though, Keepvid also supports:

Angry Alien, ArtistDirect, Blastro, Blennus, Blip.tv, Bofunk, Bolt, Break.com, Castpost, Current TV, Dailymotion, DevilDucky, FindVideos, Free Video Blog, Grinvi, Grouper, iFilm, LuluTV, Metacafe, Midis.biz, Music.com, MusicVideoCodes.info, MySpace, MySpace Video Code, Newgrounds, PcPlanets, Pixparty, Putfile, REVVER, Sharkle, StreetFire, That Video Site, The One Network, VideoCodes4U, VideoCodesWorld, VideoCodeZone, vidiLife, VIDNET.com, Vimeo, vSocial, Web62.com, and ZippyVideos.

To play the videos just grab the VideoLAN Player, it’s a great piece of software and enables you to play pretty much any video format you want.


12 April 2006 | 21,686 views

Paros Proxy 3.2.10 Released – MITM HTTP and HTTPS Proxy

One of my favourite proxy options, along side the Burp Proxy (evolved into Burp Suite).

I’ll definately talk more about the Burp Suite later as it’s excellent for testing anything web-based.

Paros labels itself as MITM Proxy + Spider + Scanner plus anything else you want it to be, it is a pretty neat piece of software.

It’s particularly useful for testing web applications and things such as insecure sessions.

Paros is free of charge and completely written in Java. Through Paros’s proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

These proxies have a different purpose than those personal type proxies like Proxomitron which are intended to protect you, clean adverts, block spyware and so on. Proxies like Paros and Burp are meant for examining the security of applications and web application auditing.

You do need Java Run Time Enviroment (JRE) 1.4 (or above) to install Paros.

You can download the latest version of Paros Here.

Digg This Article


11 April 2006 | 3,966 views

Oracle on the Quest for ‘Secure Search’ – Rival for Google Desktop?

A competitor for our buddy Google Desktop perhaps?

ORACLE, the world’s third- biggest software maker, has begun selling software that allows users to search only personal data on their work computers such as email, word documents and calendar appointments.

Chief executive Larry Ellison says the California company’s new search program “is one of the biggest products in years,” and may help draw users away from Google, which also offers software for searching content on computers and operates the world’s most-used internet search site.

“Google has always had a good search, but it was the security side that it’s not good at,” Ellison told reporters at the annual Oracle OpenWorld Tokyo 2006 conference in Japan.

“We have the security problem solved. That’s what we’re good at, and that’s the hard part of the problem.”

Sounds like a pretty cocky stance to me, “That’s what we’re good at” eh?

Oh well, with that kind of attitude I guess they are destined to fail.

Let’s see what flaws and privacy issues this one has..

Source: Australian IT


10 April 2006 | 4,254 views

Homeland Security Scores an F for Internal Security AGAIN

Well I would have thought these guys should have had a little better security..

The Department of Homeland Security received an F (Failing) grade in cybersecurity from the House Government Reform Committee for the third year in a row. The Committee will likely give the Fed a D+ overall for its cybersecurity efforts. The grades will be unveiled today during a Committee oversight hearing, “Is the Government Ready for a Digital Pearl Harbor?” The grades are based on how well the comply with standards defined by the Federal Information Security Management Act (FISMA)

Homeland Scores an F

Better hope the cyber warfare cells from ‘enemy countries’ don’t notice this eh?

Source: Zdnet BlogsFull Chart


08 April 2006 | 8,103 views

CIA Employees Identified Online

Pretty Scary eh?

Although some people do call them the Central Lack-of Intelligence Agency.

Privacy is a major issue and well people should be a little more careful about what they reveal online, perhaps I’ll rehash my old Google Hacking Presentation and write it up as a post for Darknet. I guess it would be interesting reading for many people.

Remember the Internet has memory now with Google Cache, MSN and Yahoo! are starting to Cache too and there are other services like http://web.archive.org that show the history of a site. So if you slip up and make something public on your domain, it may well come back to haunt you.

The identities of 2,600 Central Intelligence Agency (CIA) employees and the locations of two dozen of the agency’s covert workplaces in the United States can be found easily through Internet searches, according to an investigation by the Chicago Tribune.

The newspaper obtained the information from data providers who charge fees for access to public records and reported on its findings in Sunday editions. It did not publish the identities or other details on its searches, citing concern it could endanger the CIA employees.

I’ll talk about this kind of thing more in depth later as it is one of my areas of expertise, passive information gathering, the things people expose on the net, it’s pretty amazing really..and scary at times as this CIA example shows.

One of the facilities, a CIA training area dubbed “The Farm” at Camp Peary, Virginia, was a well-kept secret for decades. The agency refused to publicly acknowledge its existence, even after former CIA personnel confirmed its presence in the 1980s.

But the Tribune said an Internet search for the term “Camp Peary” produced data identifying the names and other details of 26 people who apparently work there.

Additionally, a review of aviation databases for flights at Camp Peary’s airstrip revealed 17 aircraft whose ownership and flight histories also could be traced.

Really, I think they should at least try and be a little more careful.

Source: Zdnet


07 April 2006 | 3,629 views

Serious Vulnerability/Flaw Found in GPG – GnuPG

Just in case you didn’t read it, found this one in the archives.

A serious problem in the use of GPG to verify digital signatures has been discovered, which also affects the use of gpg in email. It is possible for an attacker to take any signed message and inject extra arbitrary data without affecting the signed status of the message. Depending on how gpg is invoked, it may be possible to output just faked data as several variants of this attack have been discovered. All versions of gnupg prior to 1.4.2.2 are affected, and it is thus recommended to update GnuPG as soon as possible to version 1.4.2.2

The problem is discussed in full here.

This new problem affects the use of *gpg* for verification of signatures which are _not_ detached signatures. The problem also affects verification of signatures embedded in encrypted messages; i.e. standard use of gpg for mails.

Keep it updated.