Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

03 March 2006 | 9,200 views

Norton Internet Security ‘Keylogger’ IRC Bug

Check Your Web Security with Acunetix

It seems like script kiddies have been taking full advantage of the bug we talked about in the Symantec software. Do companies never learn?

Script kiddies have been taking advantage of intrusion prevention features of Symantec’s Norton Firewall and Norton Internet Security Suites to knock users offline in IRC channels, according to an amusing post at Washingtonpost.com. From the article: ‘Turns out that if someone types “startkeylogger” or “stopkeylogger” in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning.

These are commands typically issued by the Spybot worm, which spreads over IRC and peer-to-peer file-swapping networks, installing a program that records and transmits everything the victim types (known as a keylogger).’ Makes you wonder what other magic keywords produce unexpected results with Symantec’s software.

Reminds me somewhat of the whole ++ATH0 thing.

startkeylogger
phonex has quit (Read error: Connection reset by peer)
TomA has quit (Read error: Connection reset by peer)
something3280 has quit (Read error: Connection reset by peer

It’s kind of ironic, using the software that’s supposed to be protecting someone..to disrupt their Internet experience ;)

Now if only the script kiddies could put their group brain together and come up with something useful.



02 March 2006 | 12,223 views

Norton Antivirus Funny Bug

the following exploits (if we can call it this way) was published on securityfocus bugtraq mailinglist… it is entirely reproduced in the following lines:

Norton Internet monitoring tools issues
Versions Affected : *
Fix : No

What im writing about is how to stop the internet of some user that is
using the norton tools and IRC / any other chat at the same time.

By default norton monitor checks for words like “keylogger” , “start
keylogger” , “key logger” and etc.etc.

Example for irc :
Start a mIRC or any other IRC client that u like and connect to some
server.
Type down /ctcp yournick start keylogger . By default norton monitors
your mIRC Process and your logs of it so it sees “star keylogger” and
automaticly blocks mIRC.exe from starting and automaticly blocks port
6667 or whatever port ure using to connect to IRC. Nice eh ?

Aleksander Hristov

So you should be in a small manner paranoic when using Norton tools…


02 March 2006 | 4,940 views

The RSS Tools That Diggers Use

Interesting to see which RSS aggregators and readers Digg users are using.

As you can see after being ‘digged’ on Monday February 27th, the RSS subscriber base spiked from about 21 up to 182 at the highest point, after a day it receded back to around 150, and now it’s about 130.

Darknet RSS Spike

The biggest Agent in the graph by a large margin is Google Desktop.RSS Reader Distribution

Some of the figures are not so accurage as services like Kinjo don’t give the number of subscribers.

Firefox Livebookmarks is also high, which I was expecting.

3rd place goes to Bloglines, probably the most popular web-based blog/RSS aggregator.

The RSS subscription percentage is quite high aswell, as around 20,000 people came on that day, and around 160 subscribed.

The above pictures were taken from the shiny new updated Feedburner control panel.


02 March 2006 | 15,884 views

How Computers Work – Free E-book

This is a tutorial web book. All 152 pages of the large paperback book with 96 diagrams are on 38 web pages here.

Even if you know nothing about electronics, you have come to the right place.

If you are wondering how microprocessors work, you have come to the right place. A microprocessor is a small processor.

How Computers Work

If you already know something about electronics, don’t be put off by the fact that the book starts out very simple and uses relays instead of transistors. You will get through the first chapter quickly. See web page 24, below, for just how complex it gets.

If you have a very fast connection (DSL or cable modem), then you can click the following link to see an easier to read (PDF) version of the book. It is 783 kilobytes, so it will take a while.

PDF Version

Full information here:

How Computers Work


01 March 2006 | 17,241 views

Should Social Engineering be a part of Penetration Testing?

This is actually a very interesting debate.

Just to introduce if you don’t know..

What is Penetration Testing

A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious cracker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

Wikipedia

What is Social Engineering

It’s a bit cheesy, but we often call this hacking the wetware (hardware, software and wetware meaning people).

Social Engineering is a form of intrusion making use of weaknesses in the non-technical aspects of the system, the wetware also known as people. A common phrase would be ‘Con man’, the most well known form of social engineering. In the technological realm, social engineering relates to unauthorized access of computing resources or network by exploiting human weaknesses.

In the historical sense con men would engineer their way into certain resources, someone’s bank account, shoe box under the bed and so on. In this context the social engineer would target someone that is authorized to use the network, or resource they wish to access and attempt to leverage some confidential information out of them that would compromise the network security.

This is what Mitnick was famous for, and what his book The Art of Deception is about.

I’ll probably cover this more later.

Does Social Engineering have a place in Penetration Testing?

Some people say yes, it’s the most effective way..Actually I’ve found this true, the human element and the lack of education in the workplace is often the weakest link in the chain.

Does it have any place in security testing, I would say definately yes. Some people would say perhaps it should be a seperate project, not in the ‘technical’ assessment of a security perimeter.

Or course it depends on the scope given by the client, but it should be part of any good Penetration Test or Vulnerability Assessment.

Why Social Engineering Should be in a Pen Test

For me whatever you do to get into the network, or escalate your access is part of a pen-test. If you are able to get users to divulge some kind of information that assists you in compromising or gaining access to something, then you are doing exactly what a real attacker would have been able to do. You might be able to trick them into telling you something via phone or e-mail, get them to physically do something like open a door or unlock a machine, or get them to run an executable or disable a firewall. You might be able to get them to do under false pretenses, through their own ignorance or carelessness, or by other means. Whatever you do can be considered part of a pen-test.

Many recent studies have shown people are still incredibly gullible and especially when presented with a ‘Free CD‘ or something, they will happily put it in their drive and run it.

This mean in reality social engineering is an easy option to attack a network no problem of IDS, no fear of being tracked by log analysis while attacking. Some attackers try to take out the information of network and internal devices bycalling the IT staff and pretending like a sales guy who is trying to sell a log analyzer or IDS. They will often say “No we don’t need a new Firewall we already have a Cisco PIX”.

Why Social Engineering Shouldn’t be in a Pen Test

Some would say social engineering is a altogether a different game, the pen testing results could be used to socially engineer someone within the company, perhaps an extension of the pen-test rather than a part of it.

The target of the pen-test might be in a physically different location (Makes the SE more difficult) or the native language of the target may be different (Makes the SE pretty much impossible).

Some people say don’t bother, because you WILL suceed with social engineering.

The main problem being technical testing is fairly scientific, you can apply metrics to it, you can measure it and you can track its effectiveness.

With social engineering, it’s still pretty much an artform and totally differs from person to person, it’s very hard to be scientific when it comes to conning people. Social Engineering may well be left out by large corporations unless it can be scientifically defined and metrics applied to it.

Things to Keep in Mind

However, there are a few important things to keep in mind. You want to definitely lay down the ground rules with whomever it is you are pen-testing for. They might just want to see what machines an exploit can break into. You might really upset some people and get in trouble if you start trying to gain physical access or send trojans to executives. Make sure they are aware of what you are doing and that you have approval. Get everything in writing or in your agreement somewhere.

Also there are many questions to be answered before doing an SE test – questions of legality, ethics and possible personal consequences for the people who were “duped”. These have to be taken into consideration and could mean the social engineering part is not possible.

Please bear in mind the wellfare of the employees too, consider also adding a clause that protects the end-user from getting fired. Human nature is to be helpful, the problem is a lack of education, not a mistake from the user.

Summary

Social Engineering, you can include it or not based on the above information, if you don’t include it, you can always demonstrate it for information purposes to the management team or contact of the target organisation.

References: Discussion on SF Pen Test List


01 March 2006 | 8,427 views

Prostitutes want GTA (Grand Theft Auto) Banned

A little bit crazy eh?

Sex workers cry foul, say game “accrues points to players for the depiction of rape and murder of prostitutes.”

The Grand Theft Auto franchise is getting attacked from all angles. Joining the ranks of politicians, policemen, and attorneys in their crusade to see the game lifted from shelves are the nation’s sex workers. On its Web site, the Sex Workers Outreach Project USA is asking parents to assist them in calling for a ban of Take-Two Interactive’s controversial game.

Citing a 2001 document from the National Institute on Media and the Family’s David Walsh, SWOP is calling “on all parents and all gamers to boycott Grand Theft Auto.”

The organization quotes various points from Walsh’s paper, including, “Children are more likely to imitate a character with whom they identify with. In violent video games the player is often required to take the point of view of the shooter or perpetrator.”

Source: Gamespot

Apparently, the sex workers of the Sex Workers Outreach Project aren’t too happy about their ingame counterparts being treated violently in the GTA games. They note that the games are a bad influence on children, and might encourage rape and violent behavior towards prostitutes in real life.

SWOP Statement on Grand Theft Auto
The game Grand Theft Auto demonstrates attitudes and behaviors that reflect broader social attitudes toward prostitutes, who are made vulnerable because of their criminal status. Our outrage and disgust at the depictions of prostitutes in games such as GTA renew our call for absolute de-criminalization and repeal of all laws that outlaw the exchange of sex for money in order to end the violence directed at people believed to be prostitutes.

It’s a bit ridiculous if you ask me, are Soldiers going to start suing me because I enjoy blowing them up in Castle Wolfenstein?

Or Special Forces operatives…they will start suing Tom Clancy, omg Rainbow 6, YOU TRAUMATISED ME!?!


01 March 2006 | 7,164 views

Who is Navaho Gunleg?

Following the recent post by backbone, I decided to post a short introduction as well.

Background
I am from The Netherlands, Europe — a country most people probably have heard about. Either because of the legendary HackTic-foundation that later started the ISP XS4ALL and otherwise undoubtably because of our liberal stance towards soft-drugs and prostitution.

I have always been drawn to computers and remember tinkering with them ever since my parents bought one, a Commodore 64. At that time, we didn’t have that much money to spend so I was forced to write my own programs and games. This experience basically laid the basis for my profession as a programmer, later in life.

As time passed, other computers came into our house-hold, mainly because of my dad’s job. Things started getting really interesting on the PC. MSDOS, PCDOS, various programming languages such as BASIC and Pascal, applications suchs as DBASE.

In contrast to people who have only experience with graphical user interfaces such as Microsoft’s and Apple’s, because of the experience with the command-line, UNIX-flavoured operating systems don’t scare me.

In the Present
Currently, I am a programmer for a media company. The operating systems I work on are all UNIX-flavours. I can ‘speak’ most relevant (programming) languages available on those machines: C(++), Shell scripting, PHP, Javascript, SQL and HTML to name but a few. I have had the privilege to tinker with J2ME (that’s Java for mobile devices such as phones) as well.

I mainly implement the technology behind web-sites, such as content-management systems and various types of server-to-server communication. Additionally, I write plugins for interactive voice response systems such as Bayonne.

Additionally, I also do system administration on few of those servers so I have grown quite interested in server security as well.

In my spare time, because I’m cheap, I still write my own software. If I’m out of suggestion, my girlfriend sometimes has a request for something. For the last couple of years I love to make everything web-based. This fuelled my interest in web-based user-interfaces and the technology behind it, databases, scripting and secure communications.

Future
Being a coder, my articles will mainly focus on programming. How to, and how not to implement stuff safe and secure. Fact is, programs that rely on end-user input are by definition un-safe.

Knowing the business-side of the chain so to speak, I have come to discover that a lot of companies, simply because of the lack of knowledge, money or time, fail to implement online systems secure enough.

Technology is going faster than most people can keep track of it and this has implications that some people might ignore.


28 February 2006 | 44,923 views

US considers banning DRM rootkits – Sony BMG

Now after the huge Sony BMG Rootkit fiasco, this has become quite a hot topic, how far can vendors go to enforce their ‘Digital Rights Management’ (or Digital Restrictions Management as we like to call it), can they install a rootkit on your machine and hook into your OS? Can they take over your PC just so they can check you aren’t pirating their music?

Thankfully the US government has taken this matter into consideration and is considering banning DRM rootkits.

US government officials are considering introducing legislation if companies continue to distribute copy-protection measures that compromise computer security.

The Department of Homeland Security’s Border and Transportation Security Directorate warning followed the discovery last year that Sony BMG employed two different types of digital rights management (DRM) on music CDS sold in the US and both installed rootkit software on PCs that made them vulnerable.

The Sony Case did indeed cause a massive storm and raised quite a large anti-Sony sentiment.

Sony has begun compensating customers who inadvertently installed the rootkit by inserting the affected CDs into PCs. However the swathes of bad publicity that it received over the whole affair have not deterred others. F-Secure reports that German DVD of the Mr & Mrs Smith movie starring Brad Pitt and Angelina Jolie contains the Settec Alpha-DISC system that installs a user-mode rootkit.

I’m glad the government are taking this seriously.

It does show however how weak the security Architecture is on Windows by default..How many Linux users do you see inserting random CD’s as root?

Source: PC Pro

Digg this Post


27 February 2006 | 411,798 views

Password Cracking with Rainbowcrack and Rainbow Tables

What is RainbowCrack & Rainbow Tables?

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique.

In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since.

You can find the official Rainbowcrack project here, where you can download the latest version of Rainbowcrack.

In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.

Basically these types of password crackers are working with pre-calculated hashes of ALL passwords available within a certain character space, be that a-z or a-zA-z or a-zA-Z0-9 etc.

These files are called Rainbow Tables.

You are trading speed for memory and disk space, the Rainbow Tables can be VERY large.

Be warned though, Rainbow tables can be defeated by salted hashes, if the hashes are not salted however and you have the correct table, a complex password can be cracked in a few minutes rather than a few weeks or months with traditional brute forcing techniques.

So where do I get these Rainbow Tables?

You can generate them yourself with RainbowCrack, this will take a long time, and a lot of diskspace.

Project Shmoo is offering downloads of popular Rainbow Tables via BitTorrent.

http://rainbowtables.shmoo.com/

If you wanted to, you could even buy the tables from http://www.rainbowtables.net/.

Or these guys, not free but cheap http://www.rainbowcrack-online.com/

Some free tables here http://wired.s6n.com/files/jathias/index.html

What software is available for use with Rainbow Tables?

There is of course the original RainbowCrack as mentioned above.

Then there is:

Ophcrack

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance.

Cain and Abel (newly added support for Rainbow Tables)

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Cain and Abel is personally my favourite fully featured password whacking tool, it also has a good packet sniffer, which grabs and decodes passwords and many methods for password cracking. The interface is decent too. I’ll write more on how to get the most out of Cain later.

L0phtcrack or LC5

LC5 is the latest version of L0phtCrack, the award-winning password auditing and recovery application used by thousands of companies worldwide.

Please note this is a COMMERCIAL product.

LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003

Thankfully there is a freeware alternative to LC5 in the form of LCP.

Other Resources

http://www.tmto.org/
http://www.loginrecovery.com/

Digg This Post


27 February 2006 | 7,568 views

Malware Honeypot Projects Merge – mwcollect and nepenthes

Looking to streamline the collection of malware samples, two of the biggest honeypot projects mwcollect and nepenthes have merged operations.

The two projects, which passively trap viruses, spyware and other forms of malicious software by emulating known vulnerabilities, will combine operations to develop a single malware collection tool, according to an announcement my mwcollect head developer Georg Wicherski.

The merger comes after a year of concurrent development that caused a lot of overlap and shared work, Wicherski said.

“Mwcollect.org will become a top-level community covering malware collection efforts, [and] nepenthes will become the official software used for malware collection and be part of mwcollect.org,” he said.

A new mwcollect.org meta-portal will be created to host information related to malware collection.

Source: Eweek