Archive | January, 2007

Data Recovery – A Decent Article

Outsmart Malicious Hackers


Data recovery is an important subject and it’s definitely a good thing to have a positive understanding of data recovery and how it could effort you personally or your business.

So someone told me about this Data recovery article which is a decent original reference to data recovery which contains some good original information, links to other similar resources, free data recovery downloads and an explanation of the main parts involved.

Definition: Data recovery is the salvaging of data originally stored on media such as magnetic disks and tapes and which has become corrupt or inaccessible.

The sidebar is pretty useful on the Data recovery article so do check it out, it has software, services and links to more information on industry standard sites like Wikipedia.

It also has related articles and related companies like OnTrack.

The article also covers some basic parts of forensics, like how when an item is deleted it’s not actually gone, just the marker in the file allocation table is removed.

Can erased data be recovered?

Yes, usually. When you delete a file the file is not actually deleted. It’s just the entry in the index pointing to the file’s actual location that is deleted. The file itself is left untouched but subsequent work you do on the PC could overwrite the location where the file was so it’s important to minimise any amateur attempts at data recovery.

This is something we’ve stressed many times at Darknet as any old $29.95 undelete tool can recover these files easily.

The important part of the article is the part about what mistakes you can make, this is crucial if you wish to save your data integrity in case of a failure.

I do find the design of the page a little plain (it looks like something designed in 1997) and the pink and light blue colour scheme jars my eyes a little.

The info is laid out clearly though and the site is easy to navigate, which is a good thing.

You can read more about Data Recovery at Wiki here.

Learn about Forensics



Posted in: Forensics, Hacking News

Topic: Forensics, Hacking News

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


WordPress 2.0.7 Follows Hot on the Tail of WordPress 2.0.6

Outsmart Malicious Hackers


Recently a bug in certain versions of PHP came to the attention of the WordPress developers, this bug could cause a security vulnerability in your any blogs running version 2.0.6 or below blog. It was fairly easy to work around, so they decided to release 2.0.7, just 10 days after the release of 2.0.6, to fix the PHP security problem and the Feedburner issue that was in 2.0.6. It is recommended that everyone running WordPress 2.0.6 or lower upgrade to this new version.

Because this is a much smaller update than previous versions, you do not have to update all of the WordPress files if you’re upgrading from version 2.0.6. Here is the list of files that have changed since 2.0.6:

  • wp-admin/inline-uploading.php
  • wp-admin/post.php
  • wp-includes/classes.php
  • wp-includes/functions.php
  • wp-includes/version.php
  • wp-settings.php

Download WordPress 2.0.7 here

And just as a reminder, the next major version of WordPress (2.1) is due out by the end of the month, but the 2.0 branch of WordPress will continue to be maintained for several years.

Learn about Exploits/Vulnerabilities



Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


Pentagon Hacker Gary McKinnon Appeals against US Extradition

Keep on Guard!


It seems like it’s getting really serious in the Gary McKinnon case, he’s facing what looks like his last appeal against the US anti-terror law case against him for hacking some NASA systems by guessing the weak passwords.

Not like he’s really a terrorist, or did any damage…he did something very stupid though, bruised the ego of the US..not a good idea.

Gary McKinnon, the Pentagon hacker, faces what might be his last appeal hearing against extradition on 13 February 2007 at London’s Court of Appeal.

McKinnon, 40, faces possible trial under US anti-terror laws over alleged attacks on military and NASA systems between 2001 and 2002. The Scot lost his first appeal against extradition in an High Court hearing last July but the unemployed sysadmin was given leave to take his case to a higher court. Failure this time around will mean that the only possible avenue left to him would be an appeal to the House of Lords, to avoid charges which might land him in prison for up to 70 years.

Come on, how is he a terrorist..he’s just another geek who believes in the cover ups about UFOs and extra terrestrial life forms. He was just digging around to get some info that he believes should be free, he had no nefarious intentions.

McKinnon has had these charges over his head since March 2002, when he was arrested by officers from the UK’s National High Tech Crime Unit. The case against him lay dormant until July 2005 – he’s been unable to find work since then. His lawyers say he should be tried in the UK over his offences, rather than the US.

McKinnon (AKA Solo) admits he looked at computer systems without permission, but claims he did no harm. He got involved in hacking after reading Disclosure by Stephen Grea, which convinced him that the US had harvested advanced technology from UFOs and kept this knowledge secret, to the detriment of the public.

He better be careful anyway, it’s really looking rather serious for our friend Gary.

Source: The Register

Learn about Legal Issues



Posted in: Legal Issues

Topic: Legal Issues

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


SPIKE Proxy – Application Level Security Assessment

Keep on Guard!


SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include:

  • Automated SQL Injection Detection
  • Web Site Crawling (guaranteed not to crawl sites other than the one being tested)
  • Login form brute forcing
  • Automated overflow detection
  • Automated directory traversal detection

Not all web applications are built in the same ways, and hence, many must be analyzed individually. SPIKE Proxy is a professional-grade tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting, but it’s completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on. SPIKE Proxy is available for Linux and Windows.

Note: that SPIKE Proxy requires a working install of Python and pyOpenSSL on Linux. This is included in the Windows distribution.

SPIKE is a fairly mature tool having been around since about 2003, we at Darknet use Spike Proxy along with the Burp Suite for web application security analysis.

You can download SPIKE here:

Download for Linux | Download for Windows

Limited information can be found here:

Immunity Free Software

Learn about Hacking Tools



Posted in: Hacking Tools, Networking Hacking, Web Hacking

Topic: Hacking Tools, Networking Hacking, Web Hacking

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


Rock Phish Group Accounts for 50% of Online Scams?

Outsmart Malicious Hackers


It seems common in most things, and it’s the same in infosec and especially malware, phishing and spam.

The majority of malware, phishing attacks and spam mails are coming from the same few sources, I’d say it’s a case of 80/20.

20% of the people are sending 80% of the messages, one of the big groups is Rock Phish.

The first thing you need to know about Rock Phish is that nobody knows exactly who, or what, they are.

Wikipedia defines the Rock Phish Kit as “a popular tool designed to help nontechnical people create and carry out phishing attacks,” but according to security experts, that definition is not correct. They say that Rock Phish is actually a person, or perhaps a group of people, who are behind as much as one-half of the phishing attacks being carried out these days.

No one can say for sure where Rock Phish is based, or if the group operates out of a single country.

It would surprise me very much if they operated from a single country or were limited to just 1-2 locations.

“They are sort of the Keyser Söze of phishing,” said Zulfikar Ramzan, senior principal researcher with Symantec’s Security Response group, referring to the secretive criminal kingpin in the 1995 film The Usual Suspects.

“They’re doing some pretty scary things out there,” he added.

This criminal organization first appeared in late 2004 and was given the name “Rock Phish” because the URLs (Uniform Resource Locators) on the group’s fake sites included a distinctive subdirectory named “rock,” a technique the group abandoned once phishing filters began looking for the word.

They seem to generally go after Ebay and PayPal the two most lucurative accounts online I would say as they both store real live credit card details.

Apparently they are responsible for more than 50% of the phishing attacks we see.

Source: Computer World

Learn about Phishing



Posted in: Phishing, Spammers & Scammers

Topic: Phishing, Spammers & Scammers

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


Nmapview – Graphical Interface (GUI) for Nmap on Windows

Outsmart Malicious Hackers


Finally a replacement for the way outdated and rather crappy NmapFE!

Unfortunately sometimes we do have to actually use Windows, and Nmap cleverly overcame the problems with raw sockets on Windows SP2 by using ATM frames instead, so it’s cool.

Now we just need a decent GUI so it fits into the whole scheme of things, and here we have it, Nmapview! NmapFE was ancient, outdated and no longer had all the options.

Also bear in mind NmapView required the Microsoft .NET Framework 2.0 to work and obviously you need a working Nmap which means having Winpcap.

Features of NmapView:

  • Automatic composition of the string of command based on selection of checkbox, textbox, ecc
  • Automatic selection of checkbox and textbox, etc. based on tightens of insert comand string.
  • In the composition commands, the options of version 4.20 of Nmap are previewed all.
  • Supported version NSE (Nmap Scripting Engine) by Diman Todorov.
  • Of every option or parameter one detailed description through ToolTipHelp is supplied.
  • The configuration parameters that preview text are history between the various sessions. (The story memory use Windows user login section)
  • The option and the parameters are distributed in logical section (Target specification, Host Discover, Scan Techniques, etc.) based on the documentation of Fyodor.

You can Download NmapView v0.4 here.

You can find full info on NmapView here.

Learn about Hacking Tools



Posted in: Hacking Tools, Networking Hacking

Topic: Hacking Tools, Networking Hacking

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.