Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

08 July 2006 | 14,118 views

WebScarab – Web Application Analysis – New Version

Check For Vulnerabilities with Acunetix

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins.

In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser.

WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.

As WebScarab is a framework more than an actual tool it’s very extensible. Each feature above is implemented as a plugin, and can be removed or replaced. New features can be easily implemented as well.

There is a long list of current features.

The new version has a couple of bug fixes, a logo finally!

And a new memory utilisation widget that runs across the bottom (it does have some memory leaks).

Read more about WebScarab here.

You can download the new version here:



07 July 2006 | 8,681 views

‘Free’ USB Drives Defeat Company Security

This is an excellent case of Social Engineering, you could also consider it playing on human greed/ignorance/stupidity.

Whatever you want to label it really ;)

USB drives are a real security risk..

We recently got hired by a credit union to assess the security of its network. The client asked that we really push hard on the social engineering button. In the past, they’d had problems with employees sharing passwords and giving up information easily. Leveraging our effort in the report was a way to drive the message home to the employees.

The client also indicated that USB drives were a concern, since they were an easy way for employees to steal information, as well as bring in potential vulnerabilities such as viruses and Trojans. Several other clients have raised the same concern, yet few have done much to protect themselves from a rogue USB drive plugging into their network.

They had to think up something a little different though as they had to bait employees that were already on high alert as they knew they were being audited.

I made my way to the credit union at about 6 a.m. to make sure no employees saw us. I then proceeded to scatter the drives in the parking lot, smoking areas, and other areas employees frequented.

Once I seeded the USB drives, I decided to grab some coffee and watch the employees show up for work. Surveillance of the facility was worth the time involved. It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desks.

The stats are amazing, out of 20 drives, 15 were found…out of the 15 found ALL FIFTEEN were plugged into company computers.

A neat way to get in eh, next time you are asked to push the social engineering buttons during a penetration test or vulnerability assessment perhaps you can do this.

All you need is a few cheap USB drives and a custom trojan.

Source: Dark Reading

06 July 2006 | 7,173 views

A Forensic Analysis of the Lost Veteran’s Administration Laptop

An interesting speculative post on the forensics techniques that would most likely be used by the FBI during the investigation of the recovered Veteran’s Administration laptop.

Most of them are pretty straight forwards if you have any kind of experience with digital forensics and data recovery (disaster recovery, incident response etc.)

As a former Computer Forensic Specialist, I wanted to explain what’s probably going on with this laptop now that the FBI has the system and is forensically examining it. This explanation assumes the data was present on the hard drive (not a CD-Rom or other storage medium).

The two main areas cover physical examination and digital examination, physical would be looking for fingerprints and looking for evidence of tampering (screw heads, case scratches etc.).

A little discussion on MAC times and so on, if anyone is interested in this area, I might elaborate later.

As I said in the previous article, there isn’t much they can do if someone knew what they were doing.

The laptop thieves really know what they are doing. They remove the hard drive from the laptop, and mount it read-only (no modifications to the file system) on another computer, access the sensitive data and re-insert the hard drive into the stolen laptop. This is the same process the forensic examiner would use to prevent the examination from modifying the data contained on the laptop — and this is why I mentioned what the FBI might look for during the physical examination — marks on the screws or finger prints on the internal hard drive casing.


Source: Zonelabs

06 July 2006 | 3,116 views

Darknet – Subscribe by E-mail

If you aren’t using RSS you can now subscribe to Darknet via e-mail, you will receive a daily update of the posts published in the last 24 hours.

Enter your Email

Powered by FeedBlitz

Might be useful if you don’t have frequent access to check the site too.


05 July 2006 | 3,438 views

Veterans Administration Chief Says Laptop Recovered

Ah, so finally they got it back, from a street corner of all places.

Let’s hope they shall be a little more careful in the future yah?

The missing laptop and hard drive that contained veterans’ personal information has been found, Veterans Administration Chief Jim Nicholson announced Thursday.

The announcement came at the beginning of a hearing before the House Veterans’ Affairs Committee hearing.

“It was confirmed to me by the deputy attorney general that law enforcement has in their possession the … laptop and hard drive,” Nicholson said in a statement at the hearing. “The serial numbers match.”

Of course the FBI will roll out it’s forensics experts to testify the data has not been accessed, but let’s face it, how hard is it to mount the drive read only and clone it?

Not very right..

Experts were conducting forensic tests on the laptop and hard drive, Nicholson said. It was not immediately clear if the data on the equipment had been copied or compromised, but Nicholson said “there is reason to be optimistic.”

He did not say how the equipment was recovered, on where it’s been during the past two months. The equipment was found Wednesday; Nicholson said he wasn’t aware of any arrests made in connection with the incident.

An FBI spokesman said the laptop computer was recovered “in the area,” but could not provide more specific information. Forensics tests showed “the sensitive files were not accessed,” according to special agent in charge Bill Chase.

We’ll look at the forensics techniques in more depth later.

Source: MSNBC

04 July 2006 | 8,097 views

Month of Browser Bugs (MoBB)

Get ready for a complete month of fun with H D Moore’s Month of Browser Bugs.

Quoting from Browser Fun blog:

This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure. To kick off this blog, we are announcing the Month of Browser Bugs (MoBB), where we will publish a new browser hack, every day, for the entire month of July. The hacks we publish are carefully chosen to demonstrate a concept without disclosing a direct path to remote code execution. Enjoy!

He say’s he has plenty of vulnerabilities to go around.

You can also read his post at Metasploit’s blog.

04 July 2006 | 39,265 views

Absinthe Blind SQL Injection Tool/Software

Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.

Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery.


  • Automated SQL Injection
  • Supports MS SQL Server, MSDE, Oracle, Postgres
  • Cookies / Additional HTTP Headers
  • Query Termination
  • Additional text appended to queries
  • Supports Use of Proxies / Proxy Rotation
  • Multiple filters for page profiling
  • Custom Delimiters

More Information here:

Absinthe (Documentation)

04 July 2006 | 29,478 views

Data Mining MySpace Bulletins

An interesting find made by John Hackenger surfaced today. For those of you familiar with MySpace, you’ll know that it uses ‘Bulletins’ to send a single message to multiple friends in your list.

Because the message is sent only to the people you have authorized to be on your list, sometimes you get a feel of safety that will make you post information that otherwise you would not want available on the Internet.

What if this information wasn’t private and could be available to everyone?

Because the messages are numeric and sequential at the URL, you can easily get information out of those bulletins.

John Hackenger explains his finding with a complete post of the information.

As you can see, he coded a little application in C to make the whole process simpler – needs some work with the syntax errors.

03 July 2006 | 11,112 views

Universal Hooker – An Ollydbg Plugin

The Universal Hooker is a tool to intercept execution of programs. It enables the
user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory.

Why is it ‘Universal’? There are different ways of hooking functions in a program, for example, it can be done by setting software breakpoints (int 3h), hardware breakpoints (cpu regs), or overwriting the prologue of a function to jump to a ‘stub’, etc. All the methods mentioned above, specially the latter, usually require the programmer of the code creating the hook to have certain knowledge of the function it is intercepting. If the code is written in a programming language like C/C++, the code will normally need to be recompiled for every function one wants to intercept, etc.

The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.

The Universal Hooker builds on the idea that the function handling the hook is the one with the knowledge about the parameters type of the function it is handling. The Universal Hooker only knows the number of parameters of the function, and obtains them from the stack (all DWORDS). The hook handler is the one that will interpret those DWORDS as the types received by the function.

The hook handlers are written in python, what eliminates the need for recompiling the handlers when a modification is required. And also, the hook handlers (executed by the server) are reloaded from disk every time a hook handler is called, this means that one can change the behavior of the hook handler without the need to recompile the code, or having to restart the application being analyzed.

What can you do with it?

  • Fuzz in runtime without implementing protocol, just modify the packets
  • Interactive fuzzing using an hex editor
  • Poor’s man http/https proxy
  • Many things, check out the documentation

You can download it here:

Universal Hooker (Documentation)

02 July 2006 | 98,241 views

Downgrade PSP v2.6 to v1.5 to play homebrew & ISO games

Dark_AleX has now shared Downgrader Test v0.5 For PSP 2.50/2.60 Firmware which, according to MANY users (including TGMG, LalaMan, Firey, and LAXitives), works 100% with PSP consoles that were upgraded to v2.50 or v2.60 Firmware. However, it will NOT work with TA-082 versions and it’s NOT recommended for users whose FACTORY/STOCK Firmware was 2.50 or 2.60.

Check out the video in action here. Unfortunately the video quality is crap but its proof that it works. This hack was just released yesterday. So to those who have upgaded their PSP to v2.6, you still can downgrade to v1.5 to be able to play homebrew games and also ISO games.

Use this to check if you have TA-082 before you continue.

Tags: ,