Archive | July, 2006

IBM Accused of Hacking

Outsmart Malicious Hackers


This is actually a very important case depending on which way it goes.

It could become a landmark case in regards to liability for machines on your network, or actually any traffic originating from your IP range.

A boutique Washington, D.C.-based law firm is accusing IBM of hacking into its e-mail system and is seeking recourse.

The firm, Butera & Andrews, filed suit against IBM and is seeking unspecified damages and repayment of more than $61,000 that it paid to investigate the alleged break-in and repair its e-mail system, according to a copy of the suit, which was filed in April in U.S. District Court for the District of Columbia.

IBM of course wants to dismiss the case stating it’s not their liability.

IBM has since filed papers with the court seeking to dismiss the case, arguing that the law firm failed to state a legitimate claim. Butera & Andrews, meanwhile, have asked the court for limited discovery, allowing it to investigate the matter, which IBM opposes, according to recently filed court papers.

Butera & Andrews charge that an unnamed IBM employee at a Durham, N.C., hacked into its e-mail system. The individual allegedly broke into the system, gained full privileges and was able to download messages at will, according to the complaint.

The firm hired outside experts after it “became aware of facts which suggested that the e-mail server through which the firm operated had been compromised by unauthorized parties” in November 2005, according to the complaint.

It seems like an awful lot of attempts, but really can IBM be held liable? In a way I hope not as it could tide badly for everything if they are made responsible for the activity on all IP addresses registered to them.

The investigation turned up more than 42,000 attempts from over 80 different Internet protocol addresses owned by IBM to acces the Butera & Andrews e-mail system last year, the complaint said.

“Plaintiff cannot state a claim merely by alleging that certain events are ‘tied’ to IP addresses registered to IBM,” the Armonk, N.Y., IT giant said in a court filing on June 30. “Indeed, plaintiff’s argument would be akin to holding AOL liable for intentional misconduct any time an IP address registered to AOL.”

It’s an accurate comparison IMHO.

Source: News.com

Posted in: Legal Issues, Networking Hacking

Topic: Legal Issues, Networking Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Freeware MAC Address Changer – Technitium v3.1

Outsmart Malicious Hackers


I saw a Freeware MAC Address Changing tool today which I thought I’d share with you all, as I used to use SMAC, a nice tool, until the guy started charging for it!

Hopefully this one won’t go the same way.

Technitium MAC Address Changer, which allows you to change Machine Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver.

It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has an MAC address hard coded in its circuit by its manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Networks (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address.

Technitium MAC Address Changer v3.1 is a must tool in every security professionals tool box.

Technitium MAC Address Changer v3.1 is coded in Visual Basic 6.0.

There are some famous commercial tools available in the market for as much as US$19.99, but Technitium MAC Address Changer is available for FREE. (We don’t charge for just changing an registry value! Also knowing how this works doesn’t require extensive research as some commercial tool providers claim!)

You can download the MAC Address Changer here:

MAC Changer v3.1

Posted in: Hacking Tools, Networking Hacking

Topic: Hacking Tools, Networking Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Vista more insecure than XP

Outsmart Malicious Hackers


Symantec has made a research and affirming to there research Windows Vista will be more insecure than Windows XP, because most of the new code is fresh, and the old code isn’t used anymore…

Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner cases and defects,” the researchers wrote in the report, scheduled for publication Tuesday. “This may provide for a more stable networking stack in the long term, but stability will suffer in the short term.

Also by using new tehnologies, such as IPv6 and peer-to-peer protocol will be a part of the new insecurity thread:

“As these technologies see wider deployment, we expect IPv6 and the new peer-to-peer protocols to play an increasing role in the delivery of malicious payloads,” the Symantec paper said. “These features are critical to the success of Microsoft’s peer-to-peer initiative but are also the same features that attackers need to deliver malicious content.”

So it seems that besides the system requierments needed for Vista it’s even likely to be used because of the future insecurity issues…

Source: news.com.com

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


CAPTCHA – Safer and better looking

Outsmart Malicious Hackers


CAPTCHA, acronym for “completely automated public Turing test to tell computers and humans apart” is used, most of the times at least, as an authentication mechanism. Not to prove your identity, but to do a much simpler job than that; to prove your a human.

With the bad guys always a step ahead (which is cool by me), older forms of CAPTCHA have become unsafe and easy to hack – very easy actually.

A few months ago, we saw a new implementation of this method, using cats instead of numbers. That’s a great idea. It’s much difficult for a bot and/or crawler to detect in 9 figures which ones are cats and which ones are not. However, things have taken another step forward.

Introducing, HOTCAPTCHA – literally

Proving your a human has *never* been easier – there are some really ‘bad’, to be gentle, photos there – and fun.

If the author manages to add more pictures to the database, it will be pretty secure.

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Play v2.71 Games on your v1.5 PSP

Keep on Guard!


For those who haven’t noticed yet, today booster made a milestone in PSP history. Enabling firmware 2.71 emulation in DevHook 0.44.

Alot has been going on lately in the PSP scene and its great. With the release of the 2.5/.6 downgrader and full iso and game emulation in DevHook.

Download here. Credit goes to booster for this release !!…

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Linux Kernel 2.6.x PRCTL Core Dump Handling – Local r00t Exploit ( BID 18874 / CVE-2006-2451 )

Outsmart Malicious Hackers


A working version of the exploit used to escalate privileges to root in the recent Debian breakin, ah another root kernel exploit.

It’s to do with the way the kernel handles file permissions (or lack of) on core dumps.

Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker may gain elevated privileges by creating a coredump file in a directory that they do not have write access to.

A successful attack may result in a complete compromise.

Linux kernel versions prior to 2.6.17.4 are vulnerable.

/*****************************************************/
/* Local r00t Exploit for: */
/* Linux Kernel PRCTL Core Dump Handling */
/* ( BID 18874 / CVE-2006-2451 ) */
/* Kernel 2.6.x (>= 2.6.13 && < 2.6.17.4) */ /* By: */ /* - dreyer (main PoC code) */
/* - RoMaNSoFt (local root code) */
/* [ 10.Jul.2006 ] */
/*****************************************************/

#include stdio.h
#include sys/time.h
#include sys/resource.h
#include unistd.h
#include linux/prctl.h
#include stdlib.h
#include sys/types.h
#include signal.h

You can download it here:

Linux Kernel 2.6.x PRCTL Core Dump Handling Exploit

Posted in: Exploits/Vulnerabilities, Linux Hacking

Topic: Exploits/Vulnerabilities, Linux Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.