BSQLinjector – Blind SQL Injection Tool Download in Ruby

Outsmart Malicious Hackers


BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below.

BSQLinjector - Blind SQL Injection Tool Download


The author recommends using the “--test” switch to clearly see how configured payload looks like before sending it to an application.

What is Blind SQL Injection?

Blind SQL Injection is a type of SQL Injection (SQLi) attack that asks the database true or false questions and determines the answer based on the application’s response. This attack is often used when the web application is configured to show generic error messages but has not mitigated the code that is vulnerable to SQL injection.

Using BSQLinjector for Blind SQL Injection


Example usage:

The most famous Blind SQL injection tool would definitely be sqlmap, which automates it.

You can download BSQLinjector here:

BSQLinjector.rb

Or read more here.


Topic: Database Hacking

CCleaner Hack – Spreading Malware To Specific Tech Companies

Outsmart Malicious Hackers


The CCleaner Hack is blowing up, with it initially estimated to be huge, it’s hit at least 700,000 computers and is specifically targeting 20 top tech organisations including Cisco, Intel, Microsoft, Akamai, Samsung and more for a second, more intrusive and pervasive layer of infection.

CCleaner Hack - Spreading Malware To Specific Tech Companies


This could be classified as slightly ironic too as CCleaner is extremely popular software for removing crapware from computers, it was a clever assumption that a corrupt version would find itself installed in some very high-value networks.

Hackers have successfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users. Security researchers at Cisco Talos discovered that download servers used by Avast (the company that owns CCleaner) were compromised to distribute malware inside CCleaner. “For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” says the Talos team.

CCleaner has been downloaded more than 2 billion times according to Avast, making it a popular target for hackers. Dubbed “crap cleaner,” it’s designed to wipe out cookies and offer some web privacy protections. 2.27 million users have been affected by the attack, and Avast Piriform believes it was able to prevent the breach harming customers. “Piriform believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm,” says an Avast spokesperson.

Source: The Verge


This CCleaner Hack is a fairly advanced attack with some people making links to the Chinese government, an attack of this scale and focus does feel like a nation-state attack. There is some code reuse from the Group 72 also known as Axiom who are linked to the Chinese Government.

Some of the configuration files are also set in China’s time zone, which whilst it does indicate it probably is from China – it doesn’t link it for certain to the government.

Earlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company’s security checks. It wound up installed on more than 700,000 computers. On Wednesday, researchers at Cisco’s Talos security division revealed that they’ve now analyzed the hackers’ “command-and-control” server to which those malicious versions of CCleaner connected.

On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 20 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they’d compromised within the company’s network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage.

Source: Wired

And as a user, it means you should be careful. It seems the malicious version in this CCleaner hacking seems to have dug in pretty deep, even more so if it was installed inside one of the ‘target’ networks as the second piece of more intrusive malware was pushed in.

Avast is recommended computers be restored from backups taken before to the compromise happened.

It doesn’t appear to be ransomware at this point, hopefully, some more details will emerge, but it’s most likely a more insidious attack like NotPetya.


Topic: Hacking News

AWSBucketDump – AWS S3 Security Scanning Tool

Outsmart Malicious Hackers


AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files. It’s similar to a subdomain brute-forcing tool but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you’re not afraid to quickly fill up your hard drive.

AWSBucketDump - AWS S3 Security Scanning Tool


Using the download feature might fill your hard drive up, you can provide a max file size for each download at the command line when you run the tool. Keep in mind that it is in bytes.

By default, there are two threads for checking buckets and two buckets for downloading.

AWSBucketDump Usage

Example:

AWSBucketDump S3 Security Tool Requirements

Non-Standard Python Libraries:

  • xmltodict
  • requests
  • argparse

A great accompaniment would be these DNS wordlists from the SecLists repository: Discovery >> DNS

You can download AWSBucketDump here:

AWSBucketDump-master.zip

Or read more here.


Topic: Hacking Tools

nbtscan Download – NetBIOS Scanner For Windows & Linux

Outsmart Malicious Hackers


nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network, and this is the first step in the finding of open shares.

nbtscan Download - NetBIOS Scanner For Windows & Linux


It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one.

What is nbtscan?

NETBIOS is commonly known as the Windows “Network Neighborhood” protocol, and (among other things), it provides a name service that listens on UDP port 137. When it receives a query on this port, it responds with a list of all services it offers. Windows ships with a standard tool nbtstat which queries a single IP address when given the -A parameter. When running against a machine on the local network (a development box), it shows:

The numeric code (in hexadecimal) and the type serve to identify the service being offered, and (for instance) a UNIQUE code of <20> indicates that the machine is running the file-sharing service. Unfortunately, nbtstat only reports the codes, and it requires looking up the meanings elsewhere. The References section at the end of this document lists some resources to learn what all the codes mean.

Machines participating in NetBIOS listen on UDP port 137 for these queries and respond accordingly. Simple configurations might only have a few resource records (as above), but an NT server supporting a large enterprise could easily have more than a dozen. Though it’s sometimes useful to examine the full set of resource records for a given machine, in practice it’s more useful to summarize them into the key “interesting” services.

Our tool has taken this approach. Not only does it scan ranges of addresses — instead of just one machine — but it can fully decode most of the resource record types and can summarize the interesting data on a one-line display.

On our network, we have quite a few machines, but it appears that only three respond to our queries:


Using nbtscan NetBIOS Scanner

When nbtscan is run without command-line arguments, it reports a short “help” listing that summarizes the options available, which are expanded on here.

If you want something to screw with a tool like nbtscan you can check out something like Fake NetBIOS Tool – Simulate Windows Hosts.


Download nbtscan

Windows – The Win32 version of the tool, which works well on Windows 9x, NT and 2000, is available below as nbtscan.exe. It’s written in portable C and is less than 40 kbytes, requires no special libraries or DLLs, and is run in a MS-DOS command window.

Linux – The code works fine on Linux, and a version built on Red Hat Linux 6.2 is available as well.

You can download nbtscan here:

nbtscan.exe (v1.0.35) – Windows binary (36 kbytes)
nbtscan-1.0.35-redhat-linux – Linux binary (44kbytes)
nbtscan-1.0.31-sco-5.0.6.bin – SCO Open Server 5.0.6
nbtscan-source-1.0.35.tgz (gzip’d tarball)
nbtscan-source-1.0.35.zip (ZIP)

Or read more here.


Topic: Networking Hacking
Equifax Data Breach - Hack Due To Missed Apache Patch

Equifax Data Breach – Hack Due To Missed Apache Patch

The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK. The original statement about the breach is as follows for those that weren’t up to date with it, which came out Sept 7th (4 months AFTER the breach […]

Topic: Hacking News
Seth - RDP Man In The Middle Attack Tool

Seth – RDP Man In The Middle Attack Tool

Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks. Usage […]

Topic: Hacking Tools