sheep-wolf – Exploit MD5 Collisions For Malware Detection

Keep on Guard!


sheep-wolf is a tool to help you Exploit MD5 Collisions in software, specially malware samples which are commonly detected using MD5 hash signatures.

sheep-wolf - Exploit MD5 Collisions For Malware Detectionand then a malicious one (Wolf) that have the same MD5 hash. Please use this code to test if the security products in your reach use MD5 internally to fingerprint binaries and share your results by issuing a pull request updating the contents of results/!

Dependencies

  • 32-bit Windows (virtual) machine (64-bit breaks stuff)
  • Visual Studio 2012 to compile the projects (Express will do)
  • Fastcoll for collisions
  • Optional: Cygwin+MinGW to compile Evilize

How does it work?

  • shepherd.bat executes shepherd.exe with the user supplied command line arguments
    • shepher.exe generates a header file (sc.h) that contains the encrypted shellcode, the password and the CRC of the plain shellcode
  • shepherd.bat executes the build process of sheep.exe
    • sheep.exe is built with sc.hincluded by Visual Studio
  • shepherd.bat executes evilize.exe
    • evilize.exe calculates a special IV for the chunk of sheep.exe right before the block where the collision will happen
    • evilize.exe executes fastcoll.exe with the IV as a parameter
      • fastcoll.exe generates two 128 byte colliding blocks: a and b
    • evilize.exe replaces the original string buffers of sheep.exe so that they contain combinations a and b
    • The resulting files (evilize/wolf.exe and evilize/sheep.exe ) have the same MD5 hashes but behave differently. The real code to be executed only appears in the memory of evilize/wolf.exe.

You can download sheep-wolf here:

sheep-wolf-master.zip

Or read more here.


Tags: , , , , , , ,

Posted in: Cryptography, Forensics, Malware | Add a Comment

Massive Acunetix Online Update Brings New Features & UI

Outsmart Malicious Hackers


So there’s been a massive Acunetix Online update that has pushed out a brand new UI plus a whole bunch of new features and capabilities, including really powerful stuff for security professionals and organisations who take their security seriously

Massive Acunetix Online Update Brings New Features & UI

The update has focused a lot on Usability of the UI and features for infosec pros with more powerful filtering, ability to mark things as resolved or as a false positive.

Plus some really powerful stuff like being able to assign targets scores based on their business criticality.

Updates

  • New web-based user interface
  • Targets and Vulnerabilities configured by business criticality
  • Integration with popular WAFs and Issue Tracking Systems
  • Mark Vulnerabilities as Fixed or False Positives
  • Custom Scan Types
  • Enhanced Reporting
  • Network Security Scanning
  • Added functionality for Acunetix Integrators

The reporting function is also much more powerful now with reports available in PDF and HTML plus the functionality to run a comparison to highlight differences between 2 reports.

You can read the full details of the update here:

Major Update of Acunetix Online out now!


Tags: , , , , , ,

Posted in: Advertorial, Countermeasures, Security Software | Add a Comment

Sn1per – Penetration Testing Automation Scanner

Outsmart Malicious Hackers


Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

Sn1per - Penetration Testing Automation Scanner

Features

  • Automatically collects basic recon (ie. whois, ping, DNS, etc.)
  • Automatically launches Google hacking queries against a target domain
  • Automatically enumerates open ports via NMap port scanning
  • Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
  • Automatically checks for sub-domain hijacking
  • Automatically runs targeted NMap scripts against open ports
  • Automatically runs targeted Metasploit scan and exploit modules
  • Automatically scans all web applications for common vulnerabilities
  • Automatically brute forces ALL open services
  • Automatically test for anonymous FTP access
  • Automatically runs WPScan, Arachni and Nikto for all web services
  • Automatically enumerates NFS shares
  • Automatically test for anonymous LDAP access
  • Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
  • Automatically enumerate SNMP community strings, services and users
  • Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
  • Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
  • Automatically tests for open X11 servers
  • Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
  • Performs high level enumeration of multiple hosts and subnets
  • Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
  • Automatically gathers screenshots of all web sites
  • Create individual workspaces to store all scan output

Modes

  • REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append ‘report’ to any sniper mode or command.
  • STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
  • DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
  • PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
  • FULLPORTONLY: Performs a full detailed port scan and saves results to XML.
  • WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
  • NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.
  • AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP’s that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
  • NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
  • LOOT: Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type ‘sniper loot’.

There’s a sample report availabe here.

You can download Sn1per here:

Sn1per-v2.4.zip

Or read more here.


Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking, Web Hacking | Add a Comment

Pybelt – The Hackers Tool Belt

Keep on Guard!


Pybelt is a Python-based hackers tool belt capable of cracking hashes without prior knowledge of the algorithm, scanning ports on a given host, searching for SQLi vulnerabilities in a given URL, verifying that your Google dorks work like they should, verifying the algorithm of a given hash, scanning a URL for XSS vulnerability, and finding usable HTTP proxies.

Pybelt - The Hackers Tool Belt

Features

Pybelt is an open source python hacking kit that comes with:

  • Port Scanner
  • SQL Injection scanner
  • Dork Checker
  • Hash Cracker
  • Hash Type Verification
  • Proxy Finder
  • XSS Scanner

Installation

Clone the repository:

Or download the latest release.

Once you have the program installed cd into the directory and run the following command:

This will install all of the programs needed libraries and should be able to be run from there.

You can download Pybelt here:

Pybelt-1,0.zip

Or read more here.


Tags: , , , , , , ,

Posted in: Cryptography, Hacking Tools, Network Hacking | Add a Comment
UK Schedule 7 - Man Charged For Not Sharing Password

UK Schedule 7 – Man Charged For Not Sharing Password

Finally UK Schedule 7 of the Terrorism Act 2000 is finally being enacted and is no longer an idle threat, so be aware it’s not only the USA that has these kind of draconian laws. A man who refused to share his phone and laptop passwords has been charged under Schedule 7, which is pretty […]

Tags: , , , , , ,

Posted in: Legal Issues, Privacy | Add a Comment
Github Dorks - Github Security Scanning Tool

Github Dorks – Github Security Scanning Tool

Github search is quite a powerful and useful feature and can be used to search for sensitive data in repositories, this Github security scanning tool comes with a collection of Github dorks that can reveal sensitive personal and/or other proprietary organisational information such as private keys, credentials, authentication tokens and so on. github-dork.py is a […]

Tags: , , , , , , , ,

Posted in: Hacking Tools, Privacy, Programming | Add a Comment
WannaCry Ransomware Foiled By Domain Killswitch

WannaCry Ransomware Foiled By Domain Killswitch

Whilst I was away on a tropical island enjoying myself the Infosec Internet was on fire with news of the global WannaCry ransomware threat which showed up in the UK NHS and was spreading across 74 different countries. The Ransomware seems to be the first that is P2P using an SMB exploit from the NSA […]

Tags: , , , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities, Malware | Add a Comment
scanless - A Public Port Scan Scraper

scanless – A Public Port Scan Scraper

scanless is a Python-based command-line utility that functions as a public port scan scraper, it can use websites that can perform port scans on your behalf. This is useful for early stages of penetration tests when you’d like to run a port scan on a host without having it originate from your IP address. Public […]

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
PwnBin - Python Pastebin Search Tool

PwnBin – Python Pastebin Search Tool

PwnBin is a webcrawler or Pastebin search tool which searches public pastebins for specified keywords. All pastes are then returned after sending completion signal CTRL+C. Apart from being a great tool for developers, Pastebins are often used by hackers to leak stolen credentials or d0x people. This tool can help you search pastebins for your […]

Tags: , , , , , , ,

Posted in: Countermeasures, Privacy | Add a Comment
Intel Finally Patches Critical AMT Bug (Kinda)

Intel Finally Patches Critical AMT Bug (Kinda)

Intel finally patches the critical AMT bug discovered in March by security researcher Maksim Malyutin at Embedi, I say ‘kinda’ because it’s not really up to Intel to deploy the fix to the problem. They can’t really push out updates to CPUs, but at least they have fixed it in the firmware and now the […]

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hardware Hacking | Add a Comment