Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on RSS or Twitter for the latest updates.

06 November 2013 | 1,824 views

aidSQL – PHP Application For SQL Injection Detection & Exploitation

Acunetix Web Application Security

aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation.

The tool provides pen-testing capabilities for MS-SQL 2000, MySQL 5 and the author promises to add Oracle 10g support – but that doesn’t seem to be happening.

You can view a demo of the app here:

The output from Wavsep for aidSQL can also be seen here:

aidSQL vs Wavsep

You can download aidSQL here:

aidsql-devel-20130527.tgz

Or read more here.



04 November 2013 | 825 views

Anonymous Targets Singapore For Proposed Internet Licensing Rules

So the latest news in South East Asia is that someone claiming to be affiliated with Anonymous is waging a digital war against Singapore due to their proposed Internet licensing rules, which are akin to backdoor censorship.

You can see the Youtube video here:

The Anonymous Legion Threatens Singapore Government

They already started by attacking one of the major Singaporean newspapers, the Straits Times – which was successfully defaced.

Straits Times Hacked by Anonymous

The full protest and expected action by Anonymous should take place tomorrow, November 5th – the day synonymous with Guy Fawkes.

A hacktivist claiming to be part of Anonymous has backed a call by Google, Facebook and others to scrap proposed internet licensing rules in Singapore which have been described as state censorship by the back door.

In a YouTube video, the figure argues that “no government has the right to deprive their citizens the freedom of information”, and calls on “fellow Singaporean brothers and sisters” to protest on 5 November if the licensing proposals aren’t binned.

The hacktivist, who goes by the name ‘The Messiah’, has already been at work, defacing a web page of Singaporean newspaper The Straits Times with the message: “Dear ST: You just got hacked for misleading the people!”

It seems The Messiah wasn’t happy with the way the paper reported the video, after it “chose to conveniently modify the sentence ‘war against the Singapore Government’ into ‘war against Singapore’.”

The new Licensing Regime, which was revealed earlier this year by the Singaporean government, will require online news sites reporting on the city state to put up a “performance bond” of S$50,000 and “comply within 24 hours to MDA’s directions to remove content that is found to be in breach of content standards”.

It’ll be interesting to see if they target more corporations or governmental organizations, the media in Singapore lies somewhere between the two – with the majority of the mainstream media being owned in part or somehow controlled by the government.

The licensing scheme seems to be some kind of effort to control the smaller or so called ‘independent’ or ‘alternative’ news outlets online, which do cause a lot of problems in oppressive countries.

Singapore’s government, which has been formed by the same party for over 50 years, either directly or indirectly owns traditional media. The new rules have therefore been seen as an attempt to bring to heel foreign owned and independent sites which locals read for less-likely-to-be-sanitised news.

The licensing proposals have already garnered strong opposition. Over 130 Singaporean web sites blacked out their home pages in June and activists attended a #FreeMyInternet rally in the city state’s Hong Lim park.

The Asia Internet Coalition, which lists Google, Facebook, Yahoo and others among its members, has also been highly critical.

The coalition wrote in an open letter to communications minister Yaacob Ibrahim in July that the proposed rules “could unintentionally hamper Singapore’s ability to continue to drive innovation, develop key industries in the technology space and attract investment”.

Despite its façade as a shiny, modern Asian nation, Singapore ranks a lowly 149th on Reporters Without Borders’ Press Freedom Index 2013, sandwiched by Iraq and Russia.

Singapore already ranks extremely lowly in the press freedom index, and this move, if successful, is likely to push it even lower. Singapore as a whole is known as being a pretty tech-forward and Internet savvy nation, so it’ll be interesting to see how tight their cyber-security is and if Anonymous can make any serious in-roads.

As always we shall wait and see.

Source: The Register


30 October 2013 | 3,213 views

FoxOne Free OSINT Tool – Server Reconnaissance Scanner

FoxOne is a free OSINT tool, described by the author (th3j35t3r) as a Non-Invasive and Non-Detectable Server Reconnaissance Scanner.

Bypassing API limitations and currently detecting 6500+ vulnerable server paths/files – without ever touching the target server. Very good for getting hold of intel on a given domain (example.com). The intel gained serves both as actionable in the sense that it could be directly used to help root a box, while at the same time giving a good overview of stuff thats present on the box and where it is within the directory structure.

FoxOne Scanner creates a report and dumps it on your Desktop.

Features

  • Anti False-Positive Measures
  • Bot Stealth Measures
  • Modular Framework for easy importing of new modules.

Requirements

  • MySQL Server
  • PHP5
  • PHP-GD Library
  • PHP-MySQL
  • Festival (text to speech)

Installation

1). Create a MySQL database anywhere (localhost is fine).
2). Import ‘foxone.sql’ into the database you just created.
3). Edit ‘foxone’ adding the details of the database you just setup.

You can download FoxOne Scanner here:

foxone.zip


28 October 2013 | 1,463 views

Major Adobe Hack – Acrobat & ColdFusion Source Code Leaked

So earlier this month there was a major Adobe hack and the source code for a couple of it’s mainstream products (Acrobat Reader, ColdFusion and ColdFusion Builder) was leaked and downloaded, most likely in it’s entirety.

There was a bit of a panic surrounding this as the software is used by a lot of major governmental agencies (especially in the US), and it’s feared that when someone with malicious intent has access to your source code – they are more likely to be able to find previously undiscovered vulnerabilities.

The attack also leaked 2.9 million customer records including names and credit card numbers, so much for Adobe doing cloud right.

Adobe’s systems have been hit by numerous “sophisticated attacks” that have compromised the information of 2.9 million customers, and accessed the source code of Adobe products.

The company said on Thursday that it has been the victim of a major cyberattack and said hackers had accessed those millions of customer IDs and encrypted passwords.

“We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders,” the company said.

It does not believe decrypted credit or debit card numbers were accessed.

“As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password,” the company wrote.

The company says people should change their passwords on any other website where they have used the same user ID and password. But you’d do that anyway, wouldn’t you?

Now whilst that studying the source code may give you some advantages, Acrobat for example has over 13 million lines of code – so you’d basically looking for a needle in a haystack.

Also the fact the software has a bunch of security measures built in like address space layout randomization (ASLR), a sandbox (which logically separates any opened PDF file), and the broker process (basically a firewall between the process and system calls) – means even if you do find a vulnerabilty, crafting an exploit from it is going to be really hard.

We haven’t as yet seen any zero day exploits that could have come from the compromise, but it doesn’t mean they aren’t out there – or being used for targeted attacks/cyberterrorism.

It is “in the process” of notifying customers whose credit or debit data may have been stolen, and is offering them condolence in the form of a “one-year complimentary credit monitoring membership where available.”

Where we come from, that’s called offering free stable doors after the horses have bolted.

The company has also contacted federal law enforcement officials and notified banks that process customer payments for Adobe.

Hackers have also accessed the source code for the company’s Adobe Acrobat, ColdFusion, ColdFusion Builder, and other unnamed products, the company said in a separate blog post.

Security firm Hold Security claims to have found 40 gigabytes in encrypted archives on a hacker’s server, apparently containing source code on some of Adobe’s biggest products.

“This breach poses a serious concern to countless businesses and individuals,” Hold Security wrote. “Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits.”

You can see the original posts by Adobe here – Important Customer Security Announcement & Illegal Access to Adobe Source Code.

We’ll have to wait and see if anything actually comes from it. There were a few nasty compromised earlier this year that were ColdFusion based, such as Linode & NW3C.

Although I don’t really think they are related, it just happens that ColdFusion servers are very frequently setup without all the extra security controls that Adobe provides being enabled.

Source: The Register


16 October 2013 | 1,702 views

AxCrypt – Open Source Windows File Encryption Software

AxCrypt is the leading open source Windows file encryption software. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files.

Personal Privacy and Security with AES-128 File Encryption and Compression for Windows 2000/2003/XP/Vista/2008/7. Double-click to automatically decrypt and open documents. Store strong keys on removable USB-devices.

Features

  • Password Protect any number of files using strong encryption.
  • Right-click integration with Windows Explorer makes AxCrypt the easiest way to encrypt individual files in Windows.
  • Double-click integration makes it as easy to open, edit and save protected files as it is to work with unprotected files.
  • Many additional features, but no configuration required. Just install it and use it.
  • AxCrypt encrypts files that are safely and easily sent to other users via e-mail or any other means. Self-decrypting files are also supported, removing the need to install AxCrypt to decrypt.
  • AxCrypt is translated into English, Danish, Dutch, French, German, Hungarian, Italian, Norwegian, Russian, Polish, Spanish and Swedish so chances are it speaks your preferred language.

AxCrypt is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation.

You can download AxCrypt here:

AxCrypt-1.7.2976.0-Setup.exe

Or read more here.


10 October 2013 | 1,226 views

AVG, Avira and WhatsApp Websites DNS Jacked By Pro-Palestinian Hacktivists

There’s been a spate of these type of attacks this year, it seems like hackers are realizing the target servers and sites are pretty secure – so they are looking for other avenues to deface or spread their political messages.

DNS security has been overlooked for a long time, with most companies not using DNSSEC or any real protective measures. With DNS being such a critical service, this is rather worrying, as a tainted DNS record enables a hacker to take over an entire domain.

The websites of freebie antivirus vendors AVG and Avira as well as mobile messaging service WhatsApp appear to have been hit by a DNS redirection attack today which sent users to pro-Palestinian websites.

A team of hacktivists calling themselves KDMS have claimed credit for the hacks.

Visitors to avg.com were greeted by a rendition of the Palestinian national anthem (via an embedded YouTube video) and a message from a pro-Palestinian group calling itself the KDMS Team, instead of the usual security tips and links to anti-malware downloads.

“It’s clearly embarrassing for a security company to be hit in this fashion by hackers, but there is no indication that any customer information or sensitive data has been compromised,” writes Graham Cluley, a veteran of the antivirus industry turned independent security consultant. “It’s possible that the hackers managed to change the website’s DNS records, redirecting anyone who attempted to visit www.avg.com to a different IP address.”

It seems all 3 companies used Network Solutions as their DNS provider, so the flaw clearly lay there – what exactly happened hasn’t been disclosed (and honestly is unlikely to be disclosed).

The bad thing about DNS as well, is it takes time to change and propagate. So those people using ISPs that have aggressive DNS caching, might be seeing the hacked sites for quite some time.

Security experts were quick to discover that all three victims use hosting biz Network Solutions as their DNS provider. Hackers may have exploited security shortcomings at Network Solutions to alter DNS records and so gain control of their targets’ domains.

The KDMS team claims an affiliation with Anonymous Palestine. The same group pulled off a similar DNS hijack / redirection attack against the website of hosting firm leaseweb.com over the weekend.

LeaseWeb’s statement on the attack can be found here.

Leaseweb denied earlier reports that a vulnerability in its WHMCS billing and support system software might have been responsible for the hijack, but without naming a cause. The hosting firm is seeking to play down the significance of the attack, which it characterises as regrettable but superficial and quickly resolved.

You can also read more and see a screenshot of the hack at Graham Cluley’s blog here:

AVG and Avira anti-virus websites attacked by pro-Palestinian hackers

Let’s see if we see any more of these kind of attacks soon.

Source: The Register


07 October 2013 | 3,354 views

Mutillidae – Vulnerable Web-Application To Learn Web Hacking

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest to learn web hacking. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on pre-installed platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software.

Features

  • Has over 35 vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
  • Actually Vulnerable (User not asked to enter “magic” statement)
  • Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP. XAMPP is the “default” deployment.
  • Installs easily by dropping project files into the “htdocs” folder of XAMPP.
  • Will attempt to detect if the MySQL database is available for the user
  • Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
  • Contains 2 levels of hints to help users get started
  • Includes bubble-hints to help point out vulnerable locations
  • Bubble-hints automatically give more information as hint level incremented
  • System can be restored to default with single-click of “Setup” button
  • User can switch between secure and insecure modes
  • Secure and insecure source code for each page stored in the same PHP file for easy comparison
  • Provides data capture page and stores captured data in database and file
  • Allows SSL to be enforced in order to practice SSL stripping
  • Used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability software
  • Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools

There’s quite a choice of these apps out there now, so if you’re trying to learn web hacking, or just hone your penetration testing skills, check the list here:

Vulnerable Web Application

You can download Mutillidae here:

LATEST-mutillidae-2.6.4.zip

Or read more here.


10 September 2013 | 1,785 views

Google’s Chrome Apps – Are They Worth The Risk?

So there’s been a bit of debate lately about Google’s Chrome apps after the launch, most of you have probably heard of Chrome OS a while back with a few Chromebooks popping up here and there. Chrome Apps are the next generation of browser apps that can be run offline and eventually will be cross platform (only Windows for now).

The concern is, that Google is opening us up to a whole new era of cross platform exploits/vulnerabilities – the likes we have come to know from Java and Flash.

Google has had a fairly decent security record with Chrome browser and not too terrible with Android, but with a whole new eco-system of apps opening up – it might be out of their control.

Google’s launch of Chrome Apps, a new breed of browser-based software that will run on top of any operating system, has left sceptical security experts wondering whether Google is creating a needless opening for cybercriminals.

Launched late last week, Chrome Apps is Google’s latest step toward embedding its many services in the operating systems of rivals Microsoft and Apple. The goal is make apps running on Google’s platform appear to run natively on either Windows or Mac OS X, respectively.

Even though Chrome Apps require Google’s Chrome Web browser, the software can run outside the browser and offline. Documents, photos and video can be saved on a computer’s hard drive, as well as Google’s cloud storage service, called Google Drive. Updates, including security patches, occur automatically.

Initially, Chrome Apps will run only on Windows and the Google Chromebook, a high-end laptop powered by Google’s Chrome OS. In the near future, Chrome Apps will also run on Mac OS X and Linux.

The strategy behind Chrome Apps is to merge the technology with the host OS, so users do not notice a difference. This all-in-one approach toward the user experience increases the likelihood people will use Google services, which means the company can gather more data to sell to advertisers.

“We want Chrome Apps to be so good you don’t even realize it’s something different,” Rahul Roy-Chowdhury, project manager for Chrome Apps, told The Verge.

From a security aspect it’s a little worrying that they want to make it seamless to the user, so they don’t even realize if they are in the browser, in an app, or it’s just part of the OS.

Another thing to consider is how robust the auto-update/patching features are, and can they really keep users safe? The new auto-updating versions of flash for example, the mechanism just isn’t that effective.

And the Chrome browser, has a tiny little marker in the top right when it needs an update, and has to be restarted – not super obvious to the average user IMHO.

While the goal makes good business sense, security experts worry that Google is creating a layer of complexity that will introduce a new set of vulnerabilities that cybercriminals can exploit. Much of the concern is based on the huge security headache caused by other cross-platform technologies for running applications, such as Adobe Flash and Java, which was developed by Sun Microsystems. Sun was acquired by Oracle in 2009.

“Sun pioneered the write once, infect everywhere model that Oracle has perpetuated,” said Randy Abrams, research director for security adviser NSS Labs.

Because Google gathers enormous amounts of user data, Chrome Apps are unlikely to be welcomed by companies, Abrams said. “There are serious concerns as to privacy and data leakage when it comes to Google,” he said. “Chrome Apps will be a huge concern for enterprises trying to protect intellectual property and other sensitive data, as well as a new security headache.”

Vulnerabilities are a given in every software, so it is important to look at the vendor’s track record for getting out patches quickly. While often criticized for making security blunders in Android, Google’s mobile operating system, the company has incorporated strong security in the Chrome browser and in its Web services.

“They have been really impressive on the security side,” said Wolfgang Kandek, chief technology officer for vulnerability management company Qualys.

The plus side for those of us in the industry, is that enterprise/commercial take-up of this technology is likely to be very low – as most people already have concerns regarding privacy when it comes to Google.

It’ll be interesting to see which way this goes, and of course we’ll have to wait until it’s been around a while and has mainstream usage before we can really judge any security concerns that come to light.

If it’s built with an architecture as secure as the Chrome browser, we should be pretty safe – but as always – we shall wait and see.

Source: Network World


05 September 2013 | 3,771 views

Just Crypt It – How To Send A File Securely Without Additional Software

I’m pretty sure everyone has to send files to someone else online at some point, I’ve found myself having to do it quite often. And there’s always a quandary when it comes to sending something that is somewhat confidential. How do you secure it in transit?

We generally have a few options –

1) Passworded MS document (Excel/Word etc)
2) Passworded .zip file
3) Encrypt the file using something stronger (GPG/PGP or some kind of encrypted container)

As for 1) and 2) they aren’t really secure at all, and as for 3) whoever is receiving the file needs to have the same software installed and your key to decrypt it – which in the majority of cases isn’t going to work.

Then you need to find somewhere to upload it (Dropbox/FTP/Yousendit etc)

Pretty much everyone you know would look at you blankly if you asked them to install GnuPG.

So now a new tool is coming out called Just Crypt It which should solve all of our problems, if you are interested in finding out more you can check out the webinar here on Sept 7th at 1PM EST / 7PM CET (Saturday).

Just Crypt It

Sign-up For The Just Crypt It Webinar

See you there :)


10 July 2013 | 6,761 views

Smooth-Sec – IDS/IPS (Intrusion Detection/Prevention System) In A Box

We haven’t written about Smooth-Sec for a while since we first heard about it at v1 in March 2011.

For those who are not familiar, Smooth-Sec is a fully-ready IDS & IPS (Intrusion Detection & Prevention System) Linux distribution based on Debian 7 (wheezy), available for 32 and 64 bit architecture. The distribution includes the latest version of Snorby, Snort, Suricata, PulledPork and Pigsty. An easy setup process allows to deploy a complete IDS/IPS System within minutes, even for security beginners with minimal Linux experience.

  • Debian 7 Wheezy based
  • 32 and 64 bit iso available. Snorby V 2.6.2
  • Snort V 2.9.4.6
  • Suricata V 1.4.3
  • Pigsty V 0.1.0
  • PulledPork V 0.6.1

You can download Smooth Sec here –

32-Bit – smoothsec-3.0-i386.iso
64-Bit – smoothsec-3.0-amd64.iso

Or read more here.