Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

24 April 2006 | 6,529 views

DIY Spyware – Get Into it for just $15

Check For Vulnerabilities with Acunetix

I remember some time ago there was a VB virus creation kit, there’s actually quite a few. Yah I know, it’s extremely lame.

But what to do, it seems less and less people can actually think nowdays, let along think of something original, or wow…even DO SOMETHING ORIGINAL? So what’s the big money maker now? Spyware…

So what is the natural progressions, yeah a Spyware creation kit which costs about $15.

A Russian website is selling a DIY spyware kit, called WebAttacker, for around $15 a throw. The site, which proudly boasts of its creator’s credentials in the scumware industry, also offer technical supporter to potential buyers.

The kits come in a script kiddie friendly form with code designed to make the task of infecting computers a breeze. All the buyers need do is send spam messages inviting potential marks to visit a compromised website.

Worrying eh?

A new generation of spamming Spyware bosses, all running Spyware creation kits they bought off some website with a stolen credit card number.

“This type of behaviour is inviting the return of script-kiddies,” said Carole Theriault, senior security consultant at Sophos. “By simplifying the task of the potential hacker for a mere tenner, sites like this one will attract opportunists who aren’t necessarily very skilled and turn them into cyber-criminals.”

Source: The Reg



21 April 2006 | 5,474 views

Kids Learn About Cyber Security – About Time Too!

I have always said no matter what it be, you need to start ‘em young!

Same for open source, don’t lock kid into Microsoft operating systems in the schools, give dual boot machines, let them use Ubuntu or Debian or something else. Let them explore free software, let the smart ones see the source, fix the bugs and get involved in development.

The same goes for security, educate them young, make them aware of the concerns young, then as they grow up, they will grow up understand the issues involved.

New York — A group of students at Rome Catholic School are learning how to become the future defenders of cyberspace through a pilot program that officials say is the first of its kind in the country.

The program teaches students about data protection, computer network protocols and vulnerabilities, security, firewalls and forensics, data hiding, and infrastructure and wireless security.

Most importantly, officials said, teachers discuss ethical and legal considerations in cyber security.

Perhaps it might also cut down on the amount of script kiddies in the world if they understand the ethics involved a little better.

Cybersecurity is massively important now, even that donkey George Bush appreciates it, especially with the war against terror and cyber terrorism becoming popular around the globe.

President Bush made cyber security a focal point in February 2003 in his National Strategy to Secure Cyberspace, citing the importance of safeguarding America from crippling internet-based attacks by terrorists against U.S. power grids, airports and other targets.

I think it’s a good effort, more countries should take up compulsory cyber security education.

Wired.com


20 April 2006 | 22,593 views

Symantec Dumps L0phtcrack Password Cracker

Man this blows.

It seems it happened quite a while ago, I only just found out about it recently though when I was checking to see if L0phtcrack had been updated past version 5.

Symantec has quietly pulled the plug on sales of L0phtCrack, the venerable password auditing and recovery application.

The decision to discontinue support for L0phtCrack, also known as LC5, comes just months after Symantec stopped selling the application to customers outside the United States and Canada out of concerns that it violated cryptography export controls.

It is a shame as this was without doubt the best password cracker around, fastest for LM hashes by quite a long way.

Luckily there are some good alternatives, even a free alternative for L0phtcrack itself called LCP which we mentioned in our Rainbow Crack and Rainbow Tables article.

There are other good alternative too, my favourite being Cain and Abel then probably John the Ripper. I’ll do an article about Password Crackers soon, a run down of the options.

“There was always going to be a double-edged sword for Symantec. L0phtCraft is valuable as a good password-strength auditing tool but it’s also popular with [malicious] hackers who used it to break passwords and attack networks,” Fleming said in an interview with eWEEK.

He said Digital Defense used L0phtCraft in its penetrating testing products to identify and remediate security vulnerabilities that result from the use of weak or easily guessed passwords.

L0phtCraft can also be used to recover Windows and Unix account passwords to access user and administrator accounts whose passwords are lost or to streamline migration of users to newer authentication systems.

It is a tough call for a ‘security company’ especially such a large one that has to take a lot of care about reputation and corporate image.

I’m sad to see it go however.

Source: Eweek


19 April 2006 | 38,984 views

Good Password Guidelines – How to Make a Strong/Secure Password

It’s common sense for most people on the hacking side of computer security as we know how easy it is to break a password when it’s only a few characters long or it uses a dictionary word (even if it is postfixed with a couple of digits, a hybrid dictionary attack breaks it pretty fast).

Even more so if you are utilising some decent Rainbow Tables and the RainbowCrack method (time/memory trade-off).

The basics of creating a secure password:

  • Include punctuation marks (,.;), special characters (!#$%^) and numbers.
  • Mix capital (uppercase), lowercase and space characters.
  • Create a unique acronym.
  • Short passwords should be 8 chars at least.

Some potential weaknesses to avoid:

  • Don’t use a password that is listed as an example or public.
  • Don’t use the same password you have been using for years.
  • Don’t use a password someone else has seen you type.
  • Don’t use a password that contains personal information (names, birthdays or dates that are easily related to you)
  • Don’t use words or acronyms that can be found in a dictionary.
  • Don’t use keyboard patterns (qwerty) or sequential numbers (12345).

Once you have a good password it’s equally important to keep your password secure:

  • Never tell anyone your password or use it where someone can observe it.
  • Never send your password by email or say it where others may hear.
  • Occasionally verify your current password and change it to a new one.
  • Avoid writing your password down. (Keep it with you in a purse or wallet if you have to write down the password until you remember it.)

And never label that scrap of paper in any way, write it down on an the back of an old businesscard or something that doesn’t indicate it’s a password.

Don’t give anyone who finds (or gains access to) your purse/wallet any clue of what the password means or what it is related to.

128 bit entropy in a password requires a long randomized passphrase, which wouldn’t be very usable, there has to be a trade somewhere between security and usability.

You can also use online password generators such as http://makemeapassword.com/, the problem with these however, is that they do create strong passwords but they aren’t easy to remember, which kind of defeats the purpose.

Another thing you can do is use something like a password safe to keep all the hard to remember passwords in one place, the one I would recommend is from Bruce Schneier and is actually called “Password Safe”.

Password Safe is an Open Source (free) tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs under Windows (95/98/NT/2000/XP).

You can find it here:

http://passwordsafe.sourceforge.net/

Any other inputs?

Digg This Article


18 April 2006 | 235,355 views

Photos as Visual Passwords Could Foil Hackers?

I’ve tried out a few of these visual recognition password technique things, and to tell you the truth they didn’t work for me, not at all.

I clicked the requisite 3-4 spots on the image, and remembered them, but when I tried to login it wouldn’t accept it.

A password that uses images instead of numbers could give some people access to secure information on personal electronic devices or at ATMs within the next year.

The image authentication system uses a pair of digital images instead of a string of numbers to make logging in simple for the legitimate user, but difficult for impersonators.

“It is expected that many of the conventional user authentication systems would be able to be replaced with our scheme, since recognition of images is significantly easier for human beings than precise recall of passwords,” said team leader Masakatsu Nishigaki, a professor of informatics at Shizuoka University in Japan, where the system is being developed.

Source: Discovery Channel

There is a simple implementation of it I saw called Passclicks over at mininova

http://labs.mininova.org/passclicks/

Passclicks is a new way to login to websites without users having to remember thir old style textual password. Studies have revealed that humans are way better in remembering visual things than textual things. With passclicks your normal textual passwords are replaced with a sequence of clicks on an image.

It is true most people remember things a lot better visually.

I think the Japanese 4 ‘digit’ icon type password might be pretty good though, as a different form of pin number.


17 April 2006 | 1,870,795 views

Top 15 Security/Hacking Tools & Utilities

1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.

Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.

Get Nmap Here

2. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework.

Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Get Nessus Here

[...]


15 April 2006 | 36,694 views

Some Good Tips to Secure Linux

I came across this while browsing, has some pretty solid stuff, goes deeper than most basic Linux security guides.

It has some good sections like this on protection against fork bombs:

Fork bombs are programs that keep creating child processes until system resources are all used, they actually aren’t remote exploits because they require a local user to execute the bomb, however, users may be tricked into running a fork bomb, for example the following example may look innocent, but running it on an unprotected system may take the whole system down:

:( ){ : |:& }; :

WARNING: do NOT run the above code on an unprotected system!

The above shell script will actually keep forking at an exponential rate until system resources are exhausted.

To protect a system against such attacks, there is a file for limiting the number of processes for each user, it is /etc/security/limits.conf, add the following two lines to it:
@users soft nproc 100
@users hard nproc 150

The lines prevent anyone in the users group from having more than 150 processes, and issue a warning at 100 processes.

Your system may not have a users group, so you may need to edit the lines to suit your needs.

There are some other things you can do like using a file integrity checker, installing a log checker or centralising logs with something like syslog-ng, scanning for SU files on a regular basis, setup alerts if a new user is added and so on, but this gives you a start.

It has some security tips for OpenSSH, Samba and MySQL too.

I recommend taking a look anyway!

Tips to Secure Linux Workstation


14 April 2006 | 53,737 views

bsqlbf 1.1 – Blind SQL Injection Tool

bsqlbf is a tool for Blind SQL Injection attacks, a pretty nifty one too!

The author says there are similar tools about, but he’s tried to combine all the techniques into one compact but complete tool.

bsqlbf 1.1

# CHANGELOG:
# -get now support resume (with -start option)
# -get to fetch files (thank you ilo AGAIN)
# + -time option added (IDS bypass)
# + -rtime option added (IDS bypass)
# + -rproxy option added (IDS bypass)
# + -ruagent option added (IDS bypass)

There is a decent GUI front end in Perl-Tk made by Gandalfj, a Windows version is available for download too.

You can download bsqlbf 1.1 here (Original page in Spanish).


13 April 2006 | 12,721 views

British Hacker Gary McKinnon Fears Guantanamo

I don’t know what he was thinking really, tampering with US military or governmental systems without some SERIOUS protection.

A British man accused of being behind the largest ever hack of US government computer networks could end up at Guantanamo Bay, his lawyer has claimed.

Gary McKinnon, from London, denies causing $700,000 (£400,000) damage to military and Nasa systems in 2001-2.

Bow Street Magistrates’ Court was told the 40-year-old feared a prosecution might take place under US anti-terror laws if it agreed to his extradition.

Jailed under the anti-terror laws, a little extreme for hacking no?

It’s not like he’s the member of an opposing countries cyber attack squad.

What’s worse is if he’s subjected to Military Order Number One – a legal procedure which enables the president to specify that suspects can be detained indefinitely..

If he gets that, well he’s basically screwed.

Mr McKinnon is accused of hacking into computers in 14 states, including at the Pentagon and naval weapon station Earle.

At an earlier hearing his lawyers suggested his actions were not malicious – he had been trying to expose lax computer security and access what he believed was withheld information about UFOs.

It seems to be pretty sensationalist though, from what I know he used some pretty standard out of the box tools to hack into some poorly secured peripheral systems. He was trying to expose the flaws rather than use them for some malicious purpose.

But well, the lesson is there, don’t mess with things you shouldn’t..and if you HAVE to, cover your tracks ;)

Source: BBC UK and more at Yahoo!

I also found a VERY interesting interview with McKinnon over here.


13 April 2006 | 4,701 views

New Critical MEGApatch fixes 10 Vulnerabilities in Internet Explorer

Well how many does that leave unpatched? 30+ if I remember correctly from the PivX page that got taken down mysteriously.

Microsoft on Tuesday released a “critical” Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks.

The Redmond, Wash., software giant sent out the IE megafix as part of its monthly Patch Tuesday cycle of bulletins. In addition, Microsoft delivered two bulletins for “critical” Windows flaws, one for an “important” vulnerability in Outlook Express and one for a “moderate” bug in a component of FrontPage and SharePoint.

I think this whole Patch Tuesday is a stupid idea in itself, why can’t they release patches for critical vulnerabilities ASAP?

Some pretty scary news though eh? For normal users anyway.

Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer running vulnerable versions of the Web browser.

Apparently they say, only one has been used…the one we talked about previously (The CreateTextRange Exploit).

According to Microsoft’s bulletin, three of the 10 vulnerabilities fixed by the update had been publicly disclosed. Only the CreateTextRange flaw was being exploited in attacks, the software maker said.

Basically you can get complete control of the machine just by getting a user to visit a maliciously built web page, good stuff!

Source: News.com