Archive | November, 2006

MySpace Paedo Caught by PERL Script


Now for once, this is a really neat use of technology, someone using their brains and a suitable tech to solve a problem that is very apparent.

PERL may be frowned upon by some as being old or outdated, but seriously for parsing data, pattern matching and trawling, it’s still excellent and you can get a program up and running very fast, especially with the CPAN module system.

he computer crimes unit of New York’s Suffolk County Police Department sits in a gloomy government office canopied by water-stained ceiling tiles and stuffed with battered Dell desktops. A mix of file folders, notes, mug shots and printouts form a loose topsoil on the desks, which jostle shoulder-to-shoulder for space on the scuffed and dented floor.

I’ve been invited here to witness the endgame of a police investigation that grew from 1,000 lines of computer code I wrote and executed some five months earlier. The automated script searched MySpace’s 100 million-plus profiles for registered sex offenders — and soon found one that was back on the prowl for seriously underage boys.

Of course some manual monkey work still needed to be done to verify any profiles, but still from 100 million down to a handful, pretty neat eh?

The code swept in a vast number of false or unverifiable matches. Working part time for several months, I sifted the data and manually compared photographs, ages and other data, until enhanced privacy features MySpace launched in June began frustrating the analysis.

Excluding a handful of obvious fakes, I confirmed 744 sex offenders with MySpace profiles, after an examination of about a third of the data. Of those, 497 are registered for sex crimes against children. In this group, six of them are listed as repeat offenders, though Lubrano’s previous convictions were not in the registry, so this number may be low. At least 243 of the 497 have convictions in 2000 or later.

I for one am impressed.

Source: Wired

Posted in: Secure Coding, Web Hacking

Topic: Secure Coding, Web Hacking


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


Medusa Fast Parallel Password Cracker 1.3 Released


Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:

  • Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
  • Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
  • Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

Version 1.3 of Medusa is now available for public download.

Medusa currently has modules supporting: CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC, and a generic wrapper module.

While Medusa was designed to serve the same purpose as THC-Hydra, there are several significant differences. For a brief comparison you can see here.

This release fixes several autoconf issues and a number of minor bugs.

You can find the Medusa homepage here and download Medusa here:

Medusa 1.3

Medusa was developed on Gentoo Linux and FreeBSD. Some limited testing has been done on other platforms/distributions (OpenBSD, Debian, Ubuntu, Darwin, Solaris).

Posted in: Hacking Tools, Networking Hacking Tools, Password Cracking Tools

Topic: Hacking Tools, Networking Hacking Tools, Password Cracking Tools


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


the Art of Virology 00h


This is the first part (of many others to come) consisting of basic a introduction to different viruses, some terminology and other aspects required before starting to understand or write viruses.

Definition

A virus is (taken from Windows XP’s Help And Support Center):

A program that attempts to spread from computer to computer and either cause damage (by erasing or corrupting data) or annoy users (by printing messages or altering what is displayed on the screen).

But wait a second… to this definition is not correct from some points of view; for example we could place in this category also programs that only reproduce, parasite different files, and do not do damage to users data, or annoy them, except maybe for the disk usage…
But you should not confuse viruses with John von Neumann’s self-reproducing mathematical automata. Google for more information about it because it’s not part of our subject, or maybe I don’t want to get scientific and speak about it

What programs are connected to virology?

The abstract definition of viruses has become more abstract with the help of know-it-all antivirus programmers, which for some money integrated in there software Trojan / hoaxes / malware / backdoor removers, so anytime a antivirus product pops up with a notification of such a program being found on a computer, a normal user doesn’t get interested in this aspect and it’s concerned of being infected with a virus (disinterest, what else)!
But what is the difference between these programs? I’ll make for you a little list with some personal definitions ok so let’s start:

adware – belong to the malware category, besides spyware; it’s not a virus, it’s and application normally shifted alongside with other programs, it’s main role being to pop up, while your connected to the web, some ads. most of the time they get installed because you do not read the files accompanying different software which are free or get free doing some ads for big/medium/small companies.

spyware – these are the fierce animals of malware, they spy on you, but not the subtle way James Bond does, they get installed through different exploits and surveillance the websites you visit, personal information, etc. and send them to different firms (or government, NSA, FBI, CIA ?)

Trojan – Trojans are programs written for specific tasks, in this list we could include flooders (DoS), hidden proxy server, virus droppers, also for different purposes that antivirus vendors think that could do harm to other people’s data.

backdoor – a backdoor is a program which if it’s not released by an underground website could be called “˜Remote Administration Tool’, so it’s a tool that let’s you control, or do specific tasks on other computers; famous backdoor/Trojan backdoor clients (and server) are: BO2K, SubSeven, R3C, Insane Network.

virus – this one belongs to our subject, of course could it is well divided in more types of viruses, classified by language used to create them, how they infect, and what they infect.

worm – these programs/scripts also belong to virology (think so?!) because they also have the basic concept of viruses (parasites, worms. ring a bell?) to spread, beautifully, widely, and all other fancy adjectives you can find.

Viral History

The “first” virus
Sometime in the early 1970s, the Creeper virus was detected on ARPANET a US military computer network which was the forerunner of the modern Internet. Written for the then-popular Tenex operating system, this program was able to gain access independently through a modem and copy itself to the remote system. Infected systems displayed the message, ‘I’M THE CREEPER : CATCH ME IF YOU CAN.’
Shortly thereafter, the Reaper program was anonymously created to delete Creeper. Reaper was a virus: it spread to networked machines and if it located a Creeper virus, Reaper would delete it. Even the participants are unable to say whether Reaper was a response to Creeper, or if it was created by the same person or persons who created Creeper in order to correct their mistake.
And now a list of the first viruses “to be the first”:
1981 :: Elk Cloner – Boot sector virus

1986 :: Brain – Stealth file virus
1986 :: Virdem – DOS COM file infector

1987 :: Suriv-1 – DOS COM real time file infector
1987 :: Suriv-2 – DOS EXE file infector
1987 :: Suriv-3 – DOS COM & EXE file infector
1987 :: Cascade – Encrypted Virus
1987 :: Christmas Tree Worm – Worm (Internet Virus)

1988 :: Morris Worm – Worm which used exploits against Unix system to spread

1990 :: the Chameleon family – A polymorphic virus family

1991 :: Tequila – A polymorphic boot virus
1991 :: Dir II – The one and only virus to use link-technology

1992 :: Win.Vir_1_4 -Windows virus

1994 :: Shifter -OBJ file infector
1994 :: ScrVir-a – C and Pascal source code files infector

1995 :: Winstart -BAT file virus

1996 :: Boza – Windows 95 virus
1996 :: OS2.AEP – OS/2 EXE file infector
1996 :: Laroux – Excel virus

1997 :: Linux Bliss – Linux virus
1997 :: ShareFun – Macro virus spreading through mail, with MS Mail
1997 :: Homer – Worm that used FTP to propagate
1997 :: Win95.Mad – Self-encrypting Windows 95 virus

1998 :: Win95.HPS and Win95.Marburg – Windows polymorphic viruses
1998 :: Cross – Multi-platform virus, infected MS Access and Word files
1998 :: Triplicate (Tristate) – MS Word, Excel and PowerPoint file infector
1998 :: Red Team – EXE infector virus, spreading through Eudora
1998 :: Java.StrangeBrew – Java web application virus

1999 :: Happy99 (Ska) – Modern-Day Worm
1999 :: SK; – HLP file infector virus
1999 :: Melissa – Word Macro virus incorporating Internet Worm functionality
1999 :: Gala – Corel Draw, Photo-Paint, Ventura file infector
1999 :: Bubbleboy and KakWorm – Worms spreading through IE vulnerabilities
1999 :: Babylonia – Worm with remote self-rejuvenation (don’t get scared by the term, it means that it automatically downloaded new versions of it)

2000 :: Inta – Windows 2000 file infector
2000 :: LoveLetter – Script Virus to break Guiness Book record
2000 :: Star – AutoCAD package virus
2000 :: Jer – Internet Worm using social engineering and mass marketing to get user to let them be infected
2000 :: Liberty – PalmOS virus
2000 :: Stream – ADS and NTFS filesystem viruses
2000 :: Fable – PIF file infector
2000 :: Pirus – PHP Script virus
2000 :: Hybris – Worm with self-rejuvenating based on a 128-bit RSA key

2001 :: Mandragore – Gnutella file-sharing Internet Worm

2002 :: LFM and Donut – .NET Framework viruses
2002 :: Spida – SQL Server worm
2002 :: Benjamin – Kazza file-sharing network worm

2003 :: Slammer – Fileless Worm with flash-worm capabilities

Wow. that’s quite a long list, don’t you think? And it isn’t all; if you want to see it all, then go to viruslist and read all the history of malware, and then surely you can say that this list is even to small = )

Classification

I think that we should classify viruses so we will now better about which kind of viruses we speak. you’d probably seen in the list different classifications, but it’s time we clearly point them out (of course this is my personal classification, agree with it or not, it’s your choice):

By what they infect

  • Binary File Infector
    In this category we will include the classic ones: exe, com, obj file infectors; plus the CAD, Corel and any other weird (?_?) extension virus we can find.
  • SourceCode File Infectors
    As you would imagine, in this category will be included viruses that infect source code files Pascal, C, etc. Think that I know a couple or two of this type.(?)
  • BOOT Sector Infectors
    Simple, complex, tiny and all other boot sector viruses will be part of this category. P.S. I hate doggie-B
  • MS Office Infectors
    We all have heard of them, laught about them, though they were dead, but we all know that they are extremely dangerous viruses. yes I’m talking about macro viruses, that populate Word, Excel, PowerPoint, Access.
  • Script Infectors
    And finally our last category dedicated for the viruses which infect script files like js, vbs, mrc and inject themselves into html files including a


    Latest Posts:


    Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
    socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
    CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
    CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
    CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
    CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
    assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
    assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
    Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
    Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
    Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
    Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


    Taof 0.1 Network Protocol Fuzzer Released


    Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

    Taof aids the researcher during the data retrieval process by providing a transparent proxy functionality that forwards and logs requests from a client to a server. After the data retrieval phase, Taof presents the logged requests and allows the user to specify the fuzzing points within the requests.

    This is the first public release, and as it is in beta state, every comment/suggestion/request is more than welcome. Contact regarding the project can be made by posting to the web forums or directly mailing the project’s administrator.

    Source code, windows binaries and guide are now available for download. Screenshots are also provided.

    http://sourceforge.net/projects/taof

    Happy vulnerability hunting! Taof 0.1 fuzzer released.

    Posted in: Hacking Tools, Networking Hacking Tools, Security Software

    Topic: Hacking Tools, Networking Hacking Tools, Security Software


    Latest Posts:


    Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
    socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
    CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
    CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
    CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
    CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
    assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
    assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
    Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
    Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
    Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
    Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


    Spamhaus & e360 Battle is Heating Up


    The battle is heating up between the spammers e360 and the anti-spam warlords Spamhaus, some say the Internet may meltdown if Spamhaus stops its service..

    Some estimates say 80% of spam is stopped by Spamhaus and e-mail could suddenly shoot to a server melting rate if their service is pulled.

    The legal battle between antispam organisation Spamhaus and David Linhard, of e360 Insight, is heating up, with a court order that could cause a temporary ten-fold surge in spam.

    Spamhaus has a user base of around 650 million, and its lists block some fifty billion spams per day, according to the project’s chief executive, Steve Linford.

    Linhardt sued the UK-based anti-spammers in an Illinois district court after being listed in Spamhaus Register of Known Spam Operations (ROKSO).

    Although Spamhaus maintains the Illinois court has no jurisdiction over an organisation based in the UK, district court judge Charles Kocoras awarded a total of US$11.71 million (NZ$17.7 million) in damages to Linhardt.

    I hope they can escape from this whole mess as although Spamhaus are known for being harsh, they do a good job.

    It seems unlikely that ICANN or Spamhaus will accept an order to suspend spamhaus.org without a fight, Cox says. Linhardt may try to have the proposed order changed before issuance, Cox says, to include in it other parties. Should Linhardt be successful, Cox says it means a US District Court will have dictated to a non-US organisation what domain name it can use. This, he adds, is likely to cause great concern to internet users worldwide who resent the imposition of US-based ICANN as the sole governing body in these matters. ICANN is therefore likely to want to stay out of the dispute as much as possible.

    I don’t think ICANN should or will intervene, let’s just wait and see as this battle reaches critical mass.

    Source: Computerworld

    Posted in: Legal Issues, Spammers & Scammers

    Topic: Legal Issues, Spammers & Scammers


    Latest Posts:


    Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
    socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
    CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
    CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
    CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
    CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
    assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
    assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
    Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
    Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
    Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
    Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


    McDonalds Japan Spreads Malware on MP3 Player


    This is pretty funny, but frankly typical of McDonalds..act before they think, it’s cheap, it’ll get more customers, whack it out!

    They gave out a bunch of flash drive mp3 players as a promotion, it turns out every single one was loaded with a fairly nasty piece of spyware!

    McDonalds Japan has launched a recall after discovering that MP3 players it offered as a prize were loaded with a particularly nasty strain of malware. Up to 10,000 people might have been exposed to the problem after claiming a Flash MP3 player pre-loaded with ten tunes and a variant of the QQpass spyware Trojan.

    Not nice eh? Pretty bad too as it doesn’t just track your surfing habits, it actually sends out your passwords over the web.

    Punters received the contaminated gift after purchasing a large drink form the fast-food chain in Japan and submitting a serial number contained on the beverage holder as part of a competition, sponsored by McDonalds and Coca-cola. Users who connected the McDonalds-branded MP3 player to their Windows PC were exposed to spyware code programmed to transmit their web passwords and other sensitive information to hackers. The cause of the accidental infection is unclear but past experience suggests a contaminated machine involved in loading content onto the players is the likely culprit.

    They are really sorry, honestly..

    McDonalds Japan has apologized for the cock-up and established a helpline designed to handle the recall of the infected MP3 players and send out uncontaminated music gizmos. A Japanese-language statement also explains how punters can cleanse potentially infected PCs

    Apologised, meh! Any thoughts?

    Source: The Register

    Posted in: Malware, Privacy

    Topic: Malware, Privacy


    Latest Posts:


    Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
    socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
    CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
    CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
    CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
    CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
    assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
    assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
    Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
    Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
    Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
    Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.