It’s been almost 2 years since the last update on Nikto, which was version 2.

For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan possible, and it’s fairly obvious in log files. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).

Changes

This version has gone through significant rewrites under the hood to how Nikto works, to make it more expandable and usable.

• Rewrite to the plugin engine allowing more control of the plugin structure and making it easier to add plugins
• Rewrite to the reporting engine allowing reporting plugins to cover more and also ensuring that output is written if Nikto is quit before finishing
• Large overhaul of documentation to document built-in methods and variables
• Addition of caching to reduce amount of calls made to the web servers, as well as a facility to disable smart 404 guessing.
• Addition of simple guessing for whether a system is an embedded device and to report what it is
• Plugin to use OWASPs dictionary lists to attempt to brute force directories on the remote web server (as mutate 6)
• Plugin to attempt to brute force domains (as mutate 5)
• Allow username guessing (mutate 3 and 4) to use a dictionary file as well as brute forcing
• Support for NTLM authentication
• Lots of bug fixes and new security checks

You can download Nikon 2.1.0 here:

nikto-current.tar.gz

Plugins and DB can be found here.

Or read more here.

Tags:  gpl,  hacking web apps,  hacking-websites,  libwhisker,  nikto,  nikto 2,  nikto 2.1,  Web Hacking,  web scanner,  web server scanning,  web-application-hacking,  web-application-security,  web-server-security

Ah it’s that time of the year again when all the back to skoolers have some mad l33t knowledge and wanna h4×0r the planet or something.

Hmmm website hacking, sounds simple eh?

thriller wrote:
hai i would like to know website hacking how?……… sedn to my mail

Ok I’m following up up to the exploding part? Not quite sure about that one.

kesarjahs wrote:
hi 2 all, i just want to ask if you have program for hacking of yahoomail /gmail account? If you don’t mind can you send it to my gmail account coz i want to hack and try to explode. I’m looking forward to the end such a long time.

sincerely,
Kesar Jahs

Ok this one is really bizarre, what kind of question does he expect actually?

Jason Davis wrote:
What is this site. I’m a lil lost
J

WTF, does this look like Security Focus? Oh right copy and paste, at least have the decency to change the e-mail you lazy fuck.

Rudra wrote:
Hello,
I’m the senior product manager and a founder employee of Wank Security – the industry’s leading on demand penetration testing company. Previously I’ve written articles in Hakin9, infosec magazine and CISSP training materials for renowned authors. I would also like to contribute to Security focus on a wide variety of topics including penetration testing. Please let me know if you are accepting articles at this point. Offline, I’ve been working on a article on security threats for online gaming. I can contribute this one if it fits your requirement to start with.

Hope to hear from you soon!

Thanks!
Rudra

Ah back to the normal cheating spouse/erase my debt thing going on.

Aliana wrote:
Quick background – I would like to start a new life, my x husband ran my credit to the ground. I am a 28 year old mother and am seeking someone who can help me erase my debt. If you know of anyone please pass on my email address, if not I am sorry to have wasted your time. Thank you!

What’s the bet this guy is Indian, all their e-mails start with ‘Sir’. BTW if you find the magic undetectable hacking tool Fadi, I want a copy too – thanks.

Fadi wrote:
Dear Sir,
i m looking for undetectable hacking tool to purchase is there any so please tell mei didn’t found any yet please sir i shall be highly thankfull to u .

I’m not exactly sure what kind of site people think this is, but since when did we do identity searches? She didn’t even mention what country she’s in or how I’m supposed to locate this mysterious person.

Nia wrote:
Do u need the permission of the individual to be able to give me their location?
And how much will it cost for one search?

Website: Hotmail

Credit cards? I have plenty, you can have them all if you want..I keep buying stuff I don’t really need.

noname wrote:
I want to buy credit card what to do to buy?

mig22 or mig33? Make up your mind..

ahmad wrote:
dear friend,
i just wanted to request you something. there is a software used for chating via mobile. its name is mig22. i want to request you to find some way or make some software for that , for hacking or cracking mig33 password. i will be very thankful to you.
waiting for your reply

Oh wow, poor you Louis. I swear people seem to think every ‘hacker’ runs some kind of hack on demand password recovery scheme.

Louis wrote:
Hi,

My ex stole my email accounts and changed all the details so I cant access them or recover them, can you please help me get the passwords so I can recover the email accounts?

Thanks in advance,

Louis

This one sounds like a 419er.

collins masango wrote:
i would need a good creditcard dealer to be suppling me with numbers,this for long time deal,preferably russian,german,canadian,uk or american

This one is a little bit scary..and disjointed, coins and bombs? What a combination.

Alana wrote:
I looking for imfo on atm and coin machines and how to crack into them and on bombs

Keep an eye on the retards here:

http://www.darknet.org.uk/category/retards/

Tags:  brute-force,  carding,  cracking,  credit card numbers,  hack facebook,  hack hotmail,  hacking,  hacking yahoo,  hacking yahoo mail,  hacking-gmail,  idiots,  Phishing,  Retards,  spam,  spammers

origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.

Features

• Create PDF documents from scratch.
• Parse existing documents, modify them and recompile them.
• Explore documents at the object level, going deep into the document structure, uncompressing PDF object streams and desobfuscating names and strings.
• High-level operations, such as encryption/decryption, signature, file attachments…
• A GTK interface to quickly browse into the document contents.

Full Scripts

Some scripts are provided to help in performing common actions on PDF files. You can contribute more by sending your own scripts to origami(at)security-labs.org.

• detectjs.rb: search for all JavaScript objects.
• embed.rb: add an attachment to a PDF file.
• create-jspdf.rb: add a JavaScript to a PDF file, executed when the document is opened.
• moebius.rb: transform a PDF to a moebius strip.
• encrypt.rb: encrypt a PDF file.

You can download Origami here:

origami-1.0.0-beta1.tar.gz

Or read more here.

Tags:  analyze pdf,  document forensics,  forging pdf,  hacking pdf,  information gathering,  information-leak,  origami,  parse pdf,  pdf forensics,  pdf security

This is an interesting development, I noticed the pop-up on my Firefox yesterday. The reason however wasn’t security it was ‘instability’.

It’s a fair move by Mozilla though as the add-on can cause security vulnerabilities in Firefox outside of their control. They can’t fix the software, so the best thing they can do to ensure user safety is to block it.

Compounded with the fact it’s extremely hard for users to remove the add-on themselves the block is a good idea.

Mozilla late Friday blocked the Microsoft-made software that had put Firefox users at risk from attack.

The two-part Microsoft component — an add-on dubbed “.NET Framework Assistant” and a plug-in named “Windows Presentation Foundation” — have been blocked by Mozilla as a precautionary measure, said Mike Shaver, the company’s head of engineering.

“Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism,” Shaver said in an announcement posted Friday night to the company’s security blog .

The annoying thing is these add-ons are installed in Firefox without any kind of prompt or permission given by the user.

Microsoft pushed them out with the .NET Framework 3.5 Service Pack 1 (SP1) update in February this year, so our browsers have been vulnerable since then.

The software was almost impossible to remove without some registry hacking, Microsoft did remedy this later – but still how many people would know?

Mozilla maintains an add-on/plug-in blocking list that automatically bars risky software from being used by Firefox. The open-source company first used the blocker in 2007. Mozilla has used the tool only nine times, including Friday’s blocking of the Microsoft add-on and plug-in. In May 2008, for example, Mozilla added a Vietnamese language pack for Firefox to the blocking list when the pack was found to contain a worm.

According to Shaver, Microsoft gave Mozilla the go-ahead to block the .Net Framework Assistant and the Windows Presentation Foundation.

Last week, Microsoft’s security team acknowledged that its software — which had been silently installed in Firefox as far back as February 2009 — contained a critical vulnerability that could be used by hackers to hijack Windows PCs. The same vulnerability also affected all versions of Internet Explorer (IE), including the newest version, IE8.

Thankfully Firefox has the blocklist functionality and they have been aggressively moving towards ensuring 3rd party additions are also secure and don’t comprise the integrity of the platform.

Last month they warned users with out of date Flash plugins to update.

Firefox 3.6 will be even more aggressive in this aspect warning users when they visit a site that relies on one or more outdated add-ons.

Source: Network World

Tags:  .NET,  .net framework assistant,  .net security,  blocklist,  firefox,  firefox .net add-on,  firefox add-on security,  firefox blocklist,  firefox plug-in blocklist,  firefox-security,  firefox-vulnerability,  hacking-firefox,  ie8 vulnerability,  windows presentation foundation

The Naptha vulnerabilities are a type of denial-of-service vulnerabilities researched and documented by Bob Keyes of BindView’s RAZOR Security Team in 2000. The vulnerabilities exist in some implementations of the TCP protocol, specifically in the way some TCP implementations keep track of the state of TCP connections, and allow an attacker to exhaust the resources of a system under attack without utilizing much resources on the system used to launch the attack.

The following links provide more information about the Naptha denial-of-service vulnerabilities:

• The original BindView advisory is archived here.
• The advisory that CERT/CC published for the Naptha vulnerabilities is here.

The Tool

To study and show the Naptha vulnerabilities, Bob Keyes wrote the Naptha tool. The tool was written in C and used libpcap to read packets from the network and libdnet to craft packets.

The Naptha tool actually consists of two programs: a program called synsend whose only function is to send TCP SYN packets to the target system, and a program called srvr whose function is to respond to specific traffic received from the target system with TCP packets with specific TCP flags set. Both what traffic to respond to and how to respond to it are specified by the user via command-line arguments.

You can download Naptha here:

naptha-1.1.tgz

Or read more here.

Tags:  bindview,  bob keyes,  hacking tcp,  naptha,  razor,  razor security,  razor security team,  tcp connection attack,  tcp exhaustion,  tcp exploit,  tcp security

This is great news, especially for open source tool developers. Deep packet inspection is an extremely niche area and requires great expertise (and a lot of R&D of course).

I hope a new project can spawn from this, it has many interesting applications. I think it’d be a good addition to Wireshark and IDS projects like Snort.

http://opendpi.org/

Deep packet inspection (DPI) hardware can identify an astonishing array of protocols passing across the Internet—up to and including protocols that are rare even to us in the Orbiting HQ (Gadu-Gadu? Manolito? Feidian?). But if you’ve ever wondered just how this can be done, and done at wire speed, wonder no more: Europe’s leading DPI vendor has open-sourced a version of its traffic detection engine.

OpenDPI.org is the new home for ipoque’s open source project; anyone interested can take a look at the code or contribute patches. The goal in this case, though, isn’t so much about crowdsourcing product development but about easing consumer fears about DPI technology.

Klaus Mochalski, CEO of ipoque, explains that “transparency was important for us from the beginning. The lack of transparency from the vendors’ side is widespread in the DPI business. Our thoughts are a bit different and that is why we decided to push this project.”

It can identify a whole range of weird and wonderful protocols including those you’ve never heard of.

The free version is basically a watered down of the commercial product, it’s slow, doesn’t come bundled with some fancy supercomputer grade hardware and can’t handle encrypted transmissions.

I think it will be useful too for people building open source router systems to manage traffic, do traffic shaping and general QoS with much more accuracy (rather than relying on port classification).

The OpenDPI engine, released under the LGPL license, differs from ipoque’s commercial scanning engine in its high-priced DPI hardware. The open-source version is much slower and (more importantly) doesn’t reveal ipoque’s methods for identifying encrypted transmissions. DPI vendors all claim high levels of success at identifying such traffic based on the flow patterns and handshake signatures common to protocols like BitTorrent and Skype, even if they cannot crack the encryption and examine the content of those transmissions.

ipoque apparently wants to convince people that its detection code doesn’t store or examine the actual content being transmitted. The company made the same point in a white paper released last week. “DPI as such has no negative impact on online privacy,” it says. “It is, again, only the applications that may have this impact. Prohibiting DPI as a technology would be just as naive as prohibiting automatic speech recognition because it can be used to eavesdrop on conversations based on content.

Although DPI can be used as a base technology to look at and evaluate the actual content of a network communication, this goes beyond what we understand as DPI as it is used by Internet bandwidth management—the classification of network protocols and applications.”

I hope they keep developing the project, or some other folks in the Open Source community step up and turn it into a full blown development fork.

That would be great, harness the existing technology and improve on it.

Because let’s face it, any commercial company releasing an Open Source branch of their software has no incentive to make it that great lest it get better than the stuff they are selling.

Source: Ars Technica

Tags:  deep packet inspection,  dpi,  ipoque,  open source deep packet inspection,  open source packet inspection,  open-source,  opendpi,  packet inspection

VAST is a VIPER Lab live distribution that contains VIPER developed tools such as UCsniff, VoipHopper, Videojak, videosnarf, ACE, Warvox, and more. Along with VIPER tools and other essential VoIP security tools, it also contains tools penetration testers utilize such as Metasploit, Nmap, Netcat, Hydra, Hping2 etc.

This distribution is a work in progress. If you would like to see a tool or package included please feel free to suggest them to the author.

VAST also has built into synaptic package manager a third party repository link for the VIPER tools, so when you update a tool it’s as easy as “apt-get”.

Specs

• Size 900MB
• Built on Ubuntu 9.04
• Full language pack
• git,apt-get,svn
• Includes custom repository for VIPER tools

Tool List

• UCsniff
• VideoSnarf
• Videojak
• Metasploit
• SecurLogix Tools
• Hydra
• Nmap
• tshark
• Sipvicious
• SIPp
• Netcat
• Warvox
• Hping2

You can download VAST here:

VIPER_VASTbetav2.71.iso

Or read more here.

Tags:  Hacking Tools,  hacking-networks,  livecd,  Network Hacking,  security-livecd,  vast,  vast live distro,  vast livecd,  viper lab,  viper vast,  voip security livecd,  voip-hacking,  voip-security,  voip-security-testing

Now this should be interesting, perhaps they should turn it into a hacking based reality TV show? From the description though it looks more centered around defense than offense and perhaps should be called ‘System Administrator Idol’.

Not quite so catchy though is it.

Well at least they doing something to try and nurture talent in the security arena, even if it is a little misguided.

The UK government has launched plans to find the best young hackers through a talent competition.

Would-be cyberdefenders will be rated on their abilities to thwart attacks and hack into websites. Winners will be offered courses by the respected SANS Institute and assigned mentors.

University course and work placements also form part of the putative programme, due to take its first intake late next year, The Times reports.

Hack Idol may be a catchy concept, and it’s easy to see how eccentric security minister Lord West – who famously reckons reformed naughty-boy hackers might play an important role in Britain’s cyber-defence – might get sold on the idea.

The prizes are pretty good for anyone into infosec, courses from SANS, uni courses and possible work placement.

It would be a great start to a security career for the average hacker nerd currently doing his A-Levels at college.

I guess as well as building the security industry, they are also trying to entice the more blackhat students to defect to the white side – or at least be a little more grey than black.

In addition, there’s a precedent from across the Atlantic. The UK scheme resembles the much larger US Cyber Challenge programme which is “looking for 10,000 young Americans with the skills to fill the ranks of cyber security practitioners, researchers, and warriors”.

The winner of the first US Cyber Challenge was Michael Coppola, 17, of Connecticut, who gained plaudits for breaking into the scoring system and awarding himself extra points – a move straight out of cult haxploitation flick WarGames.

Sounds like good fun, but the idea of taking the now-ubiquitous TV talent show/glorified karaoke concept and applying it to computer security to find the next Neo sounds more than a little wrong-headed.

It definitely does have some similarities to the US program, which as new as it is hasn’t really proved anything yet either.

It’s something to watch out for, we’ll have to see where it goes.

Source: The Register

Tags:  cyberdefenders,  hack idol,  hacking,  hacking idol,  hacking talent,  hacking talent contest,  hacking-news,  mentoring,  sans,  uk hacking contest

This little, but very useful program, try to sends ICMP packet out the LAN, and detect all the host that allow it. Whit this you can find bugs in your (company?) network ( or others), for example hosts that allow p2p connections.

Explanation

When we use a Gateway, we send the packets with IP destination of the target, but the destination MAC on the ethernet is the MAC at the Gateway. If we send a packet to the different MACs in the LAN, we can know who is the gateway when we receive an response from this MAC.

Some times we can discover more than one box configured to be an gateway, generally, this is an wrong configuration, and the box will response with an ICMP-Redirect. This is the same, because the script only verify if the mac response.

NatProbe is develop in Python with the Scapy library.

You can download Nat Probe here:

natprobe.1.0.tar.gz

Or read more here.

Tags:  hacking-networks,  icmp redirect,  nat detection,  nat detection tool,  nat discovery tool,  nat probe,  natprobe,  Network Hacking,  p2p,  p2p detection

AVG used to be THE anti-virus software a few years ago, especially with it being the first major vendor offering a free solution for home users.

If you asked any techie back in 2002 which AV should you use, the answer would invariably be AVG free (or perhaps Panda).

After that AVG just got bloated, slow and their signature files became very weak missing a lot of nasty infections, I had to fix so many PCs running AVG that were infected up the ass with all kind of malware.

People starting recommending other like Avast!, Avira and BitDefender which also offer free use versions for home use.

AVG is putting an emphasis on increased speed with a revamp of its free and paid for security suites.

The latest revamp – AVG 9.0 – boasts 50 per cent faster speed and increased ease of use. Improvements in speed have been achieved by skipping the scan of files already marked as safe in future scans unless the file structure changes. The approach also offers claimed improvements of ten to 15 per cent for boot times and memory usage, respectively.

The firewall module in AVG 9.0 has also been redesigned to be less intrusive (ie fewer ‘Do you want to allow this application online’ questions) alongside tighter integration with the anti-malware scanner that forms the core of the product. This anti-malware scanner makes greater use of behaviour-based, cloud-based and white-listing technologies.

I haven’t tested AVG 9.0 yet as the free version isn’t being released until later this month, but if it stands up to their claims it could be a good product.

Speed and bloat is definitely something they need to work on along with a more accurate scanning engine and complete signature files.

Let’s hope it’s not all just hype.

AVG Free 9.0 will be available mid-October. Details of the features are being held back until then, but expect to see a cut-down product based on the same engine but without a firewall and other bells and whistles. Based on past form, AVG free will offer an anti-malware scanner alongside LinkScanner safe search technology.

AVG’s business model relies on selling into small business and getting a percentage of consumer users of its free product (perhaps around two per cent) to upgrade. The consumer end of this equation is severely threatened by Microsoft Security Essentials launch.

Recommendations from tech savvy friends were one of the main reasons consumers latched onto AVG in the first place. AVG lost a lot of goodwill in this area with the traffic-spewing fiasco that attached to version 8.0 of its security scanner.

Secondly, irrespective of the technical merits of its product, AVG is facing off against Redmond’s marketing muscle while at the same time hunting for a new chief executive.

Microsoft Security Essentials is definitely a huge entry barrier for them and they will need to push hard to gain back a decent market share. There are some extremely good AV products out there now and a lot more choice for consumers.

Plus of course the big fat behemoths are still out there bundling their software with OEMs (Symantec, McAfee etc).

We shall see if it stands up to the tests of real world use.

Source: The Register

Tags:  anti-virus,  antivirus,  avast,  avg,  avg 9,  avg antivirus,  avg free,  avira,  bitdefender,  Countermeasures,  free antivirus software,  free antivrus,  free av,  malware,  Security Software