Archive | December, 2006

wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download

Keep on Guard!


WWWhack is a brute force utility that will try to crack web sites guarded by a web access password, here you can find the wwwhack hacking software free download.

This utility can use a word file or try all possible combinations, and by trial-and-error, will attempt to find a combination of username/password that is accepted by the web server.

This shows the weakness in securing sensitive areas of your web site by the web authentication method alone.

wwwhack 1.9 - wwwhack19.zip Web Hacking Software Free Download


To use wwwhack 1.9 you need to set your system clock to the year 2000 or before as it expires in ‘2001’.

Once again this is an oldskool tool but a lot of people are still seeking it, for learning purposes I presume as there are better alternatives now like THC-hydra.

wwwhack Hacking Software Free Download

You can download wwwhack 1.9 here.

To avoid any network issues the zip file is passworded, the password is darknet123.

Your anti-virus software may find a Win32.Hacktool or similar in this file, that’s normal for most hacking software. Darknet in no way implies that this software is safe and free of malware, use at your own risk.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


IE & Firefox Both Effected by Fake Login Flaw

Outsmart Malicious Hackers


It seems the recent fake login flaw effects both Internet Exploder and Firefox.

Good to keep alert and with the new update mechanism it’s very simple to update your Firefox installation.

The latest versions of both Firefox and Internet Explorer are vulnerable to an unpatched flaw that allows hackers to snaffle users’ login credentials via automated phishing attacks.

The information disclosure bug affects the password manager in Firefox 2.0 and its equivalent in IE7. Firefox’s Password Manager, for example, fails to properly check URLs before filling in saved user credentials into web forms. As a result, hackers might be able to swipe users credentials via malicious forms in the same domain, providing users have already filled out forms on this domain.

Basically you just need to disable the feature that rememebrs the passwords, and it seems for once the vector is slightly more serious for Firefox users than for IE users.

Samples of attacks utilising the flaw have already been reported on MySpace. Firefox 2.0 users might be more at risk from the flaw because IE7 does not automatically fill in saved information. Security notification firm Secunia advises users to disable the “remember passwords for sites” option in their browsers pending the delivery of patches.

This so-called reverse cross-site request flaw was discovered by security researcher Robert Chapin, who explains the issue in greater depth in an advisory here.

Reverse cross site scripting? The names are getting more and more complicated.

Source: The Register

Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


GoldenEye (GoldEye) Password Cracker – Download goldeye.zip or goldeneye.zip

Outsmart Malicious Hackers


GoldenEye is a brute-force hacking program and was written for web-masters to test the security of their own sites. This is an oldskool file, a lot of people are still looking for this.

It should not be use by others to hack sites – this would be illegal! Under no circumstances should the author or any other persons involved in its development or distribution be held liable for the misuse of the program.

Once again these old files and tutorials are meant for the purpose of learning, test them in your own lab, see how they work, see what they do then try and write something similar yourself.

Notes

GoldenEye works with different types of wordlists:

GoldenEye executes its attempts simultaneously. The number of simultaneous attempts can be adjusted with the speed slider on the “access” tab. You can also adjust the speed limit. On the Options|Connections tab you’ll find a box to set the “top-speed”; select an apropiate value. Use lower values for slow internet connection!

If you get to much timed-out connections, lower the crack speed or increase the TTL (time to life). Timed-out connections will be automatically resumed if you check ‘Resume time-out connections automatically’ on the same tab.

Note: The program is tested with 70 simultaneous request. If you choose a higher value, do it on your own risk! If GoldenEye tells you something about buffer problems, lower the speed next time. I’ve encountered that other running programs may cause buffer problems.

GoldenEye logs the cracked sites. They are listed on the History|Access History tab. You can select and delete single entries or the whole list. Expired combinations will be automatically removed when you click the check for expired passwords button. Click on the ‘visit button’ or double click on the selected url to launch it in your browser.

Access tab

The url box: if you don’t remember the members url you can

  • search through the list
  • or you type in a part off the url or a defined site name (see History|URL History) and click on the small button at the right end of the url-box.

Options|Advanced tab:

  • Change proxy after x attempts: GoldenEye changes the proxy automatically after x attempts if this options is checked.You have to use several proxies to use this feature. Add proxies on the Options|connections tab.GoldenEye changes the proxy randomly or in the order which is given by the proxy-list.
  • Server Response: the standard values are ‘200’ for ok and ‘401’ for access denied (unauthorized). If the server you’re attacking gives other reply numbers you can change them. Note: You can’t use 404 or 500!
  • Cookie: If the attacked server needs a cookie, check this option and enter the cookie string.
  • Referer: If the attacked server needs the url of the refering site, enter it here.

Wordlist tools tab

  • Remove dupes: New: If you’re using single lists for userID and password GoldenEye removes the dupes simultaneous.
  • General wordlist options:
    • Define a mininum and maximum length for the userID and password (standard settings 1-32)
    • Convert the list: All passes will be converted ‘on-the-fly’.
    • Wordlist style: If you want to use single lists: check this option.
  • Wordlist manipulations: this tab appears after you’ve loaded a list and checked the ‘Extend list’ on “General wordlist”
    “Common manipulations” are predefined manipulations.
    On the “Advanced” tab you can choose your own prefixes, suffixes, etc. If you miss something, tell me!

Security check

  • Server security test: It tests the attacked server for other security holes.
  • Proxy test: tests the proxy-speed. The values are in milliseconds.

Your anti-virus software may find a Win32.Gen.Trojan or similar in this file, that’s normal for most hacking software. Darknet in no way implies that this software is safe and free of malware, use at your own risk.

You can download GoldenEye 1.0 here.

To avoid any network issues the zip file is passworded, the password is darknet123.

Posted in: Hacking Tools, Password Cracking, Web Hacking

Topic: Hacking Tools, Password Cracking, Web Hacking


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


Some Relaxing on the DMCA Regulations

Outsmart Malicious Hackers


There seems to be have been some slight relaxation on the DMCA regulations lately, which is a good thing for the majority of people!

There have been many grey cases and sadly most have fallen on the side of the big corporations, finally something on our side!

The U.S. Copyright Office specified new rules Wednesday allowing cellphone owners to hack software designed to prevent them from using their phones on competing carriers. Retrogaming enthusiasts will also be permitted to crack copy protection on abandoned titles, albeit for “archival” purposes only.

I think it’s perfectly reasonable, if I buy a peice of hardware or whatever I should completely own it and be able to use it for whatever I want, I shouldn’t be limited by the company that sold it to me.

And Abandonware is ok!

And thankfully a thumbs up for educators too.

The rules also allow teachers to copy “snippets” from DVDs for educational compilations, and confer the right to have third-party software read copy-protected electronic books –if you’re blind.

The Digital Millenium Copyright Act (DMCA) has been held to crimizalize circumvention of any kind of software protection, even in the pursuit of applications that would have previously been considered fair use. There is at least one ongoing legal action concerning recycled cell phones based on this law, according to Librarian of Congress James H. Billington. But not after today.

You can see the full list of 6 exemptions here.

Source: Wired Blog

Posted in: Legal Issues

Topic: Legal Issues


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


TXDNS 2.0.0 Released – DNS Digger for Brute Force

Keep on Guard!


TXDNS 2.0.0 has been released.

TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques:

  • Typos
  • TLD rotation
  • Dictionary attack
  • Brute force

This new version features a distributed model which further boosts TXDNS’s parallelism and performance. This model allows a TXDNS client to send jobs to a TXDNS server over a clear or encrypted TCP channel.

For example, to put a TXDNS host on listening mode:

By default TXDNS listens on port 5353. On the client side you may postany query jobs by appending ‘-c xx.xx.xx.xx’ to the regular query syntax (where xx.xx.xx.xx is the host’s IP running TXDNS on listening mode), for example:

Using -cr instead of -c will force the TXDNS server to redirect all output to the client, so basically you get the results from the server’s job right on the client console. Note that file system streams are not redirected, which means that any file switches (-f or -h) will still have the remote host as root reference.

To encrypt all the traffic between the client and the server just append ‘–key ‘ to the regular syntax on both the client and server.

A new –countdown option has been added as a very basic synchronization mechanism, and by default, any jobs, no matter remote or local will now delay for 5s before firing. If you want to bypass this countdown delay you’ll have to add ‘–countdown 0’.

You can read more and download at:

http://www.txdns.net

Posted in: Hacking Tools, Networking Hacking

Topic: Hacking Tools, Networking Hacking


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


Firefox Patches 8 Security Vulnerabilities with 2.0.0.1

Outsmart Malicious Hackers


Grab the new Firefox now, 2.0.0.1! 8 Security Vulnerabilities have been fixed in this last release of the year 2006.

I’m glad to see Firefox upholding their quick turnaround and rapid fixing of issues that spring up during development and improvement of their product.

Mozilla has released the first update for the Firefox 2.0 browser to fix eight security vulnerabilities.

According to the company, release 2.0.0.1 of Firefox fixes flaws in memory corruption as well as the way the browser executes RSS (really simple syndication), Javascript and CSS (cascading style sheets) code, among other vulnerabilities. Mozilla also patched similar flaws in its Firefox 1.5 browser.

Five of the eight flaws were rated as critical, according to Firefox. A critical rating means a Firefox user would be vulnerable to attack and remote software installation on their machines just from browsing the Web in the usual fashion. Two of the flaws were rated as high, while one received a low security-risk rating, Firefox said.

Mozilla’s advisory and information on the update can be found on the company’s Web site.

Danish security firm Secunia ApS also posted information about the patches on its Web site.

Source: Infoworld

Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.