Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on RSS or Twitter for the latest updates.

30 October 2013 | 3,201 views

FoxOne Free OSINT Tool – Server Reconnaissance Scanner

Secure Your Website with Acunetix

FoxOne is a free OSINT tool, described by the author (th3j35t3r) as a Non-Invasive and Non-Detectable Server Reconnaissance Scanner.

Bypassing API limitations and currently detecting 6500+ vulnerable server paths/files – without ever touching the target server. Very good for getting hold of intel on a given domain (example.com). The intel gained serves both as actionable in the sense that it could be directly used to help root a box, while at the same time giving a good overview of stuff thats present on the box and where it is within the directory structure.

FoxOne Scanner creates a report and dumps it on your Desktop.

Features

  • Anti False-Positive Measures
  • Bot Stealth Measures
  • Modular Framework for easy importing of new modules.

Requirements

  • MySQL Server
  • PHP5
  • PHP-GD Library
  • PHP-MySQL
  • Festival (text to speech)

Installation

1). Create a MySQL database anywhere (localhost is fine).
2). Import ‘foxone.sql’ into the database you just created.
3). Edit ‘foxone’ adding the details of the database you just setup.

You can download FoxOne Scanner here:

foxone.zip



28 October 2013 | 1,460 views

Major Adobe Hack – Acrobat & ColdFusion Source Code Leaked

So earlier this month there was a major Adobe hack and the source code for a couple of it’s mainstream products (Acrobat Reader, ColdFusion and ColdFusion Builder) was leaked and downloaded, most likely in it’s entirety.

There was a bit of a panic surrounding this as the software is used by a lot of major governmental agencies (especially in the US), and it’s feared that when someone with malicious intent has access to your source code – they are more likely to be able to find previously undiscovered vulnerabilities.

The attack also leaked 2.9 million customer records including names and credit card numbers, so much for Adobe doing cloud right.

Adobe’s systems have been hit by numerous “sophisticated attacks” that have compromised the information of 2.9 million customers, and accessed the source code of Adobe products.

The company said on Thursday that it has been the victim of a major cyberattack and said hackers had accessed those millions of customer IDs and encrypted passwords.

“We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders,” the company said.

It does not believe decrypted credit or debit card numbers were accessed.

“As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password,” the company wrote.

The company says people should change their passwords on any other website where they have used the same user ID and password. But you’d do that anyway, wouldn’t you?

Now whilst that studying the source code may give you some advantages, Acrobat for example has over 13 million lines of code – so you’d basically looking for a needle in a haystack.

Also the fact the software has a bunch of security measures built in like address space layout randomization (ASLR), a sandbox (which logically separates any opened PDF file), and the broker process (basically a firewall between the process and system calls) – means even if you do find a vulnerabilty, crafting an exploit from it is going to be really hard.

We haven’t as yet seen any zero day exploits that could have come from the compromise, but it doesn’t mean they aren’t out there – or being used for targeted attacks/cyberterrorism.

It is “in the process” of notifying customers whose credit or debit data may have been stolen, and is offering them condolence in the form of a “one-year complimentary credit monitoring membership where available.”

Where we come from, that’s called offering free stable doors after the horses have bolted.

The company has also contacted federal law enforcement officials and notified banks that process customer payments for Adobe.

Hackers have also accessed the source code for the company’s Adobe Acrobat, ColdFusion, ColdFusion Builder, and other unnamed products, the company said in a separate blog post.

Security firm Hold Security claims to have found 40 gigabytes in encrypted archives on a hacker’s server, apparently containing source code on some of Adobe’s biggest products.

“This breach poses a serious concern to countless businesses and individuals,” Hold Security wrote. “Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits.”

You can see the original posts by Adobe here – Important Customer Security Announcement & Illegal Access to Adobe Source Code.

We’ll have to wait and see if anything actually comes from it. There were a few nasty compromised earlier this year that were ColdFusion based, such as Linode & NW3C.

Although I don’t really think they are related, it just happens that ColdFusion servers are very frequently setup without all the extra security controls that Adobe provides being enabled.

Source: The Register


16 October 2013 | 1,690 views

AxCrypt – Open Source Windows File Encryption Software

AxCrypt is the leading open source Windows file encryption software. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files.

Personal Privacy and Security with AES-128 File Encryption and Compression for Windows 2000/2003/XP/Vista/2008/7. Double-click to automatically decrypt and open documents. Store strong keys on removable USB-devices.

Features

  • Password Protect any number of files using strong encryption.
  • Right-click integration with Windows Explorer makes AxCrypt the easiest way to encrypt individual files in Windows.
  • Double-click integration makes it as easy to open, edit and save protected files as it is to work with unprotected files.
  • Many additional features, but no configuration required. Just install it and use it.
  • AxCrypt encrypts files that are safely and easily sent to other users via e-mail or any other means. Self-decrypting files are also supported, removing the need to install AxCrypt to decrypt.
  • AxCrypt is translated into English, Danish, Dutch, French, German, Hungarian, Italian, Norwegian, Russian, Polish, Spanish and Swedish so chances are it speaks your preferred language.

AxCrypt is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation.

You can download AxCrypt here:

AxCrypt-1.7.2976.0-Setup.exe

Or read more here.


10 October 2013 | 1,226 views

AVG, Avira and WhatsApp Websites DNS Jacked By Pro-Palestinian Hacktivists

There’s been a spate of these type of attacks this year, it seems like hackers are realizing the target servers and sites are pretty secure – so they are looking for other avenues to deface or spread their political messages.

DNS security has been overlooked for a long time, with most companies not using DNSSEC or any real protective measures. With DNS being such a critical service, this is rather worrying, as a tainted DNS record enables a hacker to take over an entire domain.

The websites of freebie antivirus vendors AVG and Avira as well as mobile messaging service WhatsApp appear to have been hit by a DNS redirection attack today which sent users to pro-Palestinian websites.

A team of hacktivists calling themselves KDMS have claimed credit for the hacks.

Visitors to avg.com were greeted by a rendition of the Palestinian national anthem (via an embedded YouTube video) and a message from a pro-Palestinian group calling itself the KDMS Team, instead of the usual security tips and links to anti-malware downloads.

“It’s clearly embarrassing for a security company to be hit in this fashion by hackers, but there is no indication that any customer information or sensitive data has been compromised,” writes Graham Cluley, a veteran of the antivirus industry turned independent security consultant. “It’s possible that the hackers managed to change the website’s DNS records, redirecting anyone who attempted to visit www.avg.com to a different IP address.”

It seems all 3 companies used Network Solutions as their DNS provider, so the flaw clearly lay there – what exactly happened hasn’t been disclosed (and honestly is unlikely to be disclosed).

The bad thing about DNS as well, is it takes time to change and propagate. So those people using ISPs that have aggressive DNS caching, might be seeing the hacked sites for quite some time.

Security experts were quick to discover that all three victims use hosting biz Network Solutions as their DNS provider. Hackers may have exploited security shortcomings at Network Solutions to alter DNS records and so gain control of their targets’ domains.

The KDMS team claims an affiliation with Anonymous Palestine. The same group pulled off a similar DNS hijack / redirection attack against the website of hosting firm leaseweb.com over the weekend.

LeaseWeb’s statement on the attack can be found here.

Leaseweb denied earlier reports that a vulnerability in its WHMCS billing and support system software might have been responsible for the hijack, but without naming a cause. The hosting firm is seeking to play down the significance of the attack, which it characterises as regrettable but superficial and quickly resolved.

You can also read more and see a screenshot of the hack at Graham Cluley’s blog here:

AVG and Avira anti-virus websites attacked by pro-Palestinian hackers

Let’s see if we see any more of these kind of attacks soon.

Source: The Register


07 October 2013 | 3,332 views

Mutillidae – Vulnerable Web-Application To Learn Web Hacking

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest to learn web hacking. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on pre-installed platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software.

Features

  • Has over 35 vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
  • Actually Vulnerable (User not asked to enter “magic” statement)
  • Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP. XAMPP is the “default” deployment.
  • Installs easily by dropping project files into the “htdocs” folder of XAMPP.
  • Will attempt to detect if the MySQL database is available for the user
  • Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
  • Contains 2 levels of hints to help users get started
  • Includes bubble-hints to help point out vulnerable locations
  • Bubble-hints automatically give more information as hint level incremented
  • System can be restored to default with single-click of “Setup” button
  • User can switch between secure and insecure modes
  • Secure and insecure source code for each page stored in the same PHP file for easy comparison
  • Provides data capture page and stores captured data in database and file
  • Allows SSL to be enforced in order to practice SSL stripping
  • Used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability software
  • Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools

There’s quite a choice of these apps out there now, so if you’re trying to learn web hacking, or just hone your penetration testing skills, check the list here:

Vulnerable Web Application

You can download Mutillidae here:

LATEST-mutillidae-2.6.4.zip

Or read more here.


10 September 2013 | 1,779 views

Google’s Chrome Apps – Are They Worth The Risk?

So there’s been a bit of debate lately about Google’s Chrome apps after the launch, most of you have probably heard of Chrome OS a while back with a few Chromebooks popping up here and there. Chrome Apps are the next generation of browser apps that can be run offline and eventually will be cross platform (only Windows for now).

The concern is, that Google is opening us up to a whole new era of cross platform exploits/vulnerabilities – the likes we have come to know from Java and Flash.

Google has had a fairly decent security record with Chrome browser and not too terrible with Android, but with a whole new eco-system of apps opening up – it might be out of their control.

Google’s launch of Chrome Apps, a new breed of browser-based software that will run on top of any operating system, has left sceptical security experts wondering whether Google is creating a needless opening for cybercriminals.

Launched late last week, Chrome Apps is Google’s latest step toward embedding its many services in the operating systems of rivals Microsoft and Apple. The goal is make apps running on Google’s platform appear to run natively on either Windows or Mac OS X, respectively.

Even though Chrome Apps require Google’s Chrome Web browser, the software can run outside the browser and offline. Documents, photos and video can be saved on a computer’s hard drive, as well as Google’s cloud storage service, called Google Drive. Updates, including security patches, occur automatically.

Initially, Chrome Apps will run only on Windows and the Google Chromebook, a high-end laptop powered by Google’s Chrome OS. In the near future, Chrome Apps will also run on Mac OS X and Linux.

The strategy behind Chrome Apps is to merge the technology with the host OS, so users do not notice a difference. This all-in-one approach toward the user experience increases the likelihood people will use Google services, which means the company can gather more data to sell to advertisers.

“We want Chrome Apps to be so good you don’t even realize it’s something different,” Rahul Roy-Chowdhury, project manager for Chrome Apps, told The Verge.

From a security aspect it’s a little worrying that they want to make it seamless to the user, so they don’t even realize if they are in the browser, in an app, or it’s just part of the OS.

Another thing to consider is how robust the auto-update/patching features are, and can they really keep users safe? The new auto-updating versions of flash for example, the mechanism just isn’t that effective.

And the Chrome browser, has a tiny little marker in the top right when it needs an update, and has to be restarted – not super obvious to the average user IMHO.

While the goal makes good business sense, security experts worry that Google is creating a layer of complexity that will introduce a new set of vulnerabilities that cybercriminals can exploit. Much of the concern is based on the huge security headache caused by other cross-platform technologies for running applications, such as Adobe Flash and Java, which was developed by Sun Microsystems. Sun was acquired by Oracle in 2009.

“Sun pioneered the write once, infect everywhere model that Oracle has perpetuated,” said Randy Abrams, research director for security adviser NSS Labs.

Because Google gathers enormous amounts of user data, Chrome Apps are unlikely to be welcomed by companies, Abrams said. “There are serious concerns as to privacy and data leakage when it comes to Google,” he said. “Chrome Apps will be a huge concern for enterprises trying to protect intellectual property and other sensitive data, as well as a new security headache.”

Vulnerabilities are a given in every software, so it is important to look at the vendor’s track record for getting out patches quickly. While often criticized for making security blunders in Android, Google’s mobile operating system, the company has incorporated strong security in the Chrome browser and in its Web services.

“They have been really impressive on the security side,” said Wolfgang Kandek, chief technology officer for vulnerability management company Qualys.

The plus side for those of us in the industry, is that enterprise/commercial take-up of this technology is likely to be very low – as most people already have concerns regarding privacy when it comes to Google.

It’ll be interesting to see which way this goes, and of course we’ll have to wait until it’s been around a while and has mainstream usage before we can really judge any security concerns that come to light.

If it’s built with an architecture as secure as the Chrome browser, we should be pretty safe – but as always – we shall wait and see.

Source: Network World


05 September 2013 | 3,768 views

Just Crypt It – How To Send A File Securely Without Additional Software

I’m pretty sure everyone has to send files to someone else online at some point, I’ve found myself having to do it quite often. And there’s always a quandary when it comes to sending something that is somewhat confidential. How do you secure it in transit?

We generally have a few options –

1) Passworded MS document (Excel/Word etc)
2) Passworded .zip file
3) Encrypt the file using something stronger (GPG/PGP or some kind of encrypted container)

As for 1) and 2) they aren’t really secure at all, and as for 3) whoever is receiving the file needs to have the same software installed and your key to decrypt it – which in the majority of cases isn’t going to work.

Then you need to find somewhere to upload it (Dropbox/FTP/Yousendit etc)

Pretty much everyone you know would look at you blankly if you asked them to install GnuPG.

So now a new tool is coming out called Just Crypt It which should solve all of our problems, if you are interested in finding out more you can check out the webinar here on Sept 7th at 1PM EST / 7PM CET (Saturday).

Just Crypt It

Sign-up For The Just Crypt It Webinar

See you there :)


10 July 2013 | 6,747 views

Smooth-Sec – IDS/IPS (Intrusion Detection/Prevention System) In A Box

We haven’t written about Smooth-Sec for a while since we first heard about it at v1 in March 2011.

For those who are not familiar, Smooth-Sec is a fully-ready IDS & IPS (Intrusion Detection & Prevention System) Linux distribution based on Debian 7 (wheezy), available for 32 and 64 bit architecture. The distribution includes the latest version of Snorby, Snort, Suricata, PulledPork and Pigsty. An easy setup process allows to deploy a complete IDS/IPS System within minutes, even for security beginners with minimal Linux experience.

  • Debian 7 Wheezy based
  • 32 and 64 bit iso available. Snorby V 2.6.2
  • Snort V 2.9.4.6
  • Suricata V 1.4.3
  • Pigsty V 0.1.0
  • PulledPork V 0.6.1

You can download Smooth Sec here –

32-Bit – smoothsec-3.0-i386.iso
64-Bit – smoothsec-3.0-amd64.iso

Or read more here.


18 June 2013 | 3,019 views

PRISM, Edward Snowden, Big Brother & More Stuff We Already Knew

So there’s been 100s of articles posted about PRISM, which also now has a lengthy Wikipedia article – PRISM (surveillance program). Apparently PRISM (2007-present) is the program that replaces the previous (2001-2007) NSA warrantless surveillance program.

So the US government has been watching everyone, no shit (Nineteen Eighty-Four?).

PRISM is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007. PRISM is a government codename for a data collection effort known officially as US-984XN. It is operated under the supervision of the United States Foreign Intelligence Surveillance Court pursuant to the Foreign Intelligence Surveillance Act (FISA).

The existence of the program was leaked by NSA contractor Edward Snowden and published by The Guardian and The Washington Post on June 6, 2013. A document included in the leak indicated that the PRISM SIGAD was “the number one source of raw intelligence used for NSA analytic reports.”The President’s Daily Brief, an all-source intelligence product, cited PRISM data as a source in 1,477 items in 2012. The leaked information came to light one day after the revelation that the United States Foreign Intelligence Surveillance Court had been requiring the telecommunications company Verizon to turn over to the NSA logs tracking all of its customers’ telephone calls on an ongoing daily basis.

It’s a revelation for a lot of people however, who are unaware of how easy it is to capture data online (that isn’t encrypted) – like e-mail for example. I’ve always told people don’t write anything in an e-mail that you wouldn’t write on a post-card – because reading them both is at about the same difficulty level.

Most people think because they are logged onto Gmail/Hotmail etc using https, that their transmissions are secure. But unfortunately the majority of the e-mail infrastructure is using zero encryption – so all your messages are floating around in plain text, unless of course you are using PGP/GPG – they you are pretty safe. But how many people do that, and it requires both sender and receiver to using the same system.

There are of course specialist e-mail services for the paranoid like Hushmail Tormail.

It’s a big kick in the face for the US Government though with their hyperbole about freedom, now it turns out they are invading the whole World’s privacy and ignoring human rights.

There have been statements from Microsoft, Yahoo!, Google, Facebook, Apple & Dropbox stating they do not take part in PRISM and that they do not give any direct server access to any agencies.

The guy that kicked this whole thing off was Edward Snowden, who intentionally revealed his identity and is ready to deal with the consequences. More here – Edward Snowden: the whistleblower behind the NSA surveillance revelations.

He was basically a sys admin for a government contractor called Booz Allen Hamilton, parked under the NSA in Hawaii. As we all known, sys admins typically have full access to EVERYTHING, ever server, every system – as they need it to do their job.

Very few companies implement silos, or transparent encyrption to protect themselves from sys admins. More on that discussion here – Prism doesn’t have CIOs in a panic — yet .

Either way, it’s a pretty interesting story and it’s getting spectacular global press coverage – there’s plenty more to read if you’re interested.


12 June 2013 | 2,900 views

OWASP Bricks – Modular Deliberately Vulnerable Web Application

Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to ‘break the bricks’.

Road Map

  1. Demonstrate maximum variations of most common vulnerabilities
  2. Help people to learn the need of secure codding practices and SSDLC
  3. Attract people to design more bricks
  4. Become a test bed for analyzing the performance of web application security scanners.
  5. Help people learn the manual method of testing the applications
  6. Demonstrate the possibilities of various security tools and techniques
  7. Become a platform to teach web application security in a class room/lab environment.

It’s a great way to learn the basics of web security, both from a developers perspective and from someone interesting in learning pen testing for web apps, if you want to check out more projects similar to Bricks, there a whole bunch here:

Vulnerable Web Application

You can download Bricks here:

OWASP Bricks – Torsa.zip

Or read more here.