Archive | April, 2007

Google’s Blogger Platform Used to Aid Phishing Attacks

Outsmart Malicious Hackers


I’ve known for a while you can buy software for spamming and MFA (Made for Adsense) site generation for a few hundred USD which utilises Google’s Blogger platform (blogspot.com sites).

You will have seen all the splogs as they are called (spam blogs) hosted on Blogger, a lot of them scrape Darknet articles and repost them there with a hope of getting a few hits and some Adsense clicks.

That’s why we limit RSS feeds to only a few hundred characters, so they can’t syndicate our whole content. Anyway that’s beside the point, the point is now people are using Blogger sites for phishing aswell.

Surfing Google’s Blogger Web site is dangerous, warns Fortinet. Several of the blogs on the site have been taken over by miscreants and redirect to phishing Web sites or try to load malicious software onto PCs, the security firm said in an alert Wednesday.

In one example a Blogger blog redirects to what appears to be an online pharmacy, but is in fact a site hosted in China that’s part of a scam to trick people into giving up personal details and financial information, Fortinet said.

In another example, a blog site that appears to belong to a Honda CR450 enthusiast actually tries to install a Trojan horse, Fortinet said. The blog likely was hacked, Fortinet said.

Launching some malware from over there too, seems like people are getting more into online fraud as more and more less savvy users join the Internet masses and are easily conned out of their bank details or Paypal accounts or similar.

“These are not legitimate blogs that were compromised. They appear to be deliberately set up to promote phishing, which is against our terms of service,” a Google representative said in an e-mailed statement. “We are investigating, and blogs found to include malicious code or promote phishing will be deleted.”

Safe surfing tools such as Exploit Prevention Labs’ LinkScanner and McAfee’s SiteAdvisor could help protect against such malicious sites. Additionally, staying up-to-date on security patches, as well as turning off scripting in a Web browser and using common sense and caution help people to stay safe when traversing the Web.

Most of them are made for the purpose of conning people, I guess Google should be pretty strict with these and make sure they are closed down fast.

Source: Cnet

Posted in: Phishing, Spammers & Scammers

Topic: Phishing, Spammers & Scammers


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


IE 7 Flaw Could Help Phishers – Error Message Processing

Keep on Guard!


Ah another way for phishers and people wanting to steal login credentials to con IE7 users.

Yet another reason to use Firefox or Opera?

Not saying these browsers are perfect…but look at the amount of problems Internet Exploder Explorer has had.

The flaw lies in the way IE7 processes a locally stored HTML error message page that is typically shown when the user cancels the loading of a Web page, said Aviv Raff, a security researcher based in Israel.

The error message tells the user that “navigation to the Web page was canceled,” and offers the user the opportunity to “refresh the page.” If the refresh link is clicked, IE can be tricked into displaying the wrong Web address for a page. Raff has published proof of concept code that shows how IE can be made to display a Web page on his Web site as if it is from the cnn.com domain.

I’m not sure if any phishers would go to this length to try and con people into visiting their sites, but with some of the creative things they’ve been coming up with lately, it wouldn’t surprise me!

This flaw could be exploited by phishers who want to make their spoofed Web sites appear legitimate, Raff said.

“I can inject a script that will display anything I want in the page when the user clicks the ‘refresh’ link,” he said via instant message. “Combining this with the design flaw, an attacker can render in the browser whatever he wants with whatever URL he wants in the address bar.”

This type of bug is known as a cross-site scripting vulnerability. It affects IE 7 on Vista and Windows XP, Raff added.

Vista is vulnerable too, so be careful. And don’t use IE!

Yes this article was originally published about a month ago, we know that….thanks.

Source: Network World

Posted in: Exploits/Vulnerabilities, Phishing, Windows Hacking

Topic: Exploits/Vulnerabilities, Phishing, Windows Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Damn Vulnerable Linux – DVL – IT-Security Attack and Defense

Outsmart Malicious Hackers


Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti-Security and Attack & Defense. It was initiated for training tasks during university lessons by the IITAC (International Institute for Training, Assessment, and Certification) and S²e – Secure Software Engineering in cooperation with the French Reverse Engineering Team.

Damn Vulnerable Linux

Damn Vulnerable Linux (DVL) is provided without any fee or charge!

Actually, it is a perverted Linux distribution made to be as insecure as possible. It is collection of IT-Security and IT-Anti-Security tools. Additional it includes a fullscaled lesson based environment for Attack & Defense on/for IT systems for self-study or teaching activities during university lectures.

It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. As well it can be run within virtual machine environments, such as qemu or vmware. There is no need to install a virtual machine if you use the embedded option. Its sole purpose in life is to put as many security tools at your disposal with as much training options as it can.

It contains a huge amount of lessons including lesson description – and solutions if the level has been solved.

Damn Vulnerable Linux (DVL) is meant to be used by both novice and professional security personnel but is not ideal for the Linux uninitiated. Damn Vulnerable Linux (DVL) assumes you know the basics of Linux as most of your work will be done from the command line. If you are completely new to Linux, it’s best you stop playing with this system.

You can find more at the DVL website:

http://www.damnvulnerablelinux.org.

You can download it here:

Damn Vulnerable Linux

Damn Vulnerable Linux (DVL) is for educational purposes only!

Posted in: Hacking Tools, Linux Hacking

Topic: Hacking Tools, Linux Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Microsoft Loves you to Pirate Their Software

Outsmart Malicious Hackers


I’ve heard this ‘rumour’ plenty of times, I always suspected it was true and Adobe have said similar things about their software.

If you are going to pirate, Microsoft wants you to pirate their software as when you go legit you are already locked in to their proprietary system.

All the more grounds for OSS if you ask me.

A senior Microsoft exec has admitted that some software piracy actually ends up benefiting the technology giant because it leads to purchases of other software packages.

In this way, some software pirates who might otherwise never try Microsoft products become paying customers, according to Microsoft business group president Jeff Raikes.

“If they’re going to pirate somebody, we want it to be us rather than somebody else,” Raikes told delegates at last week’s Morgan Stanley Technology conference in San Francisco, Information Week reports.

A pay as you go model for lower income countries? Sounds interesting.

Rather than saying that piracy isn’t a problem per-se, Raikes reckons that between 20 and 25 per cent of US software is pirated, he argues pragmatically that it can have benefits over the long-run. “We understand that in the long run the fundamental asset is the installed base of people who are using our products,” Raikes said. “What you hope to do over time is convert them to licensing the software,” he said.

Although Microsoft has no intentions of scaling down (much less abandoning) its effort to chase software counterfeiters, Raikes argues that it’s against its interests to push illegitimate users so hard that they wind up using alternative products. “You want to push towards getting legal licensing, but you don’t want to push so hard that you lose the asset that’s most fundamental in the business,” Raikes said, adding that Microsoft is developing “pay-as-you-go” software pricing models in a bid to encourage low-income people in emerging countries to use its technology.

So basically go ahead, pirate MS. Not so say we support Piracy as we don’t we support Open Source and the freedom to modify and control your own software infrastructure (especially useful when it comes to security).

Security through obscurity and patches with a 1 month lead time is never good.

Come let’s pirate Ubuntu instead.

Source: The Register

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


BackTrack v2.0 – Hackers LiveCD Finally Released

Outsmart Malicious Hackers


BackTrack is the result of the merging of the two innovative penetration testing live linux distributions Auditor security collection and Whax. By combining the best features from both distributions and putting continous development energy, the most complete and finest security testing live distro was born: BackTrack

BackTrack

BackTrack v.2.0 is finally released, it’s been a long wait that’s for sure, it does look good though so perhaps it was worth waiting.

You can find some screenshots here.

BackTrack ranked number one in Darknet’s well regarded list 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery).

It’s taken BackTrack almost 5 months to pull themselves out of the beta stage. Many features have been added and many of the persistent bugs have been fixed.

New exciting features in BackTrack 2, to mention a few:

  • Updated Kernel-Running 2.6.20, with several patches.
  • Broadcom based wireless card support
  • Most wireless drivers are built to support raw packet injection
  • Metasploit2 and Metasploit3 framework integration
  • Alignment to open standards and frameworks like ISSAF and OSSTMM
  • Redesigned menu structure to assist the novice as well as the pro
  • Japanese input support-reading and writing in Hiragana / Katakana / Kanji.

As usual, Nessus is not included into BackTrack as Tenable forbid redistribution.

The public wiki project is available at http://backtrack.offensive-security.com. Please help us by providing entries in HCL (Hardware compatibility list).

Read more about BackTrack here.

You can download BackTrack here:

BackTrack 2 Stable release Mar 06 2007

Posted in: Hacking Tools, Linux Hacking

Topic: Hacking Tools, Linux Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Slavasoft FSUM and Hashcalc md5 & File Integrity for Windows

Keep on Guard!


FSUM is a fast and handy command line utility for file integrity verification. It offers a choice of 13 of the most popular hash and checksum functions for file message digest and checksum calculation.

You can easily use FSUM with a batch wrapper to do automated file integrity monitoring, and use something like blat to email you any differences.

The most common use for FSUM is checking data files for corruption. A message digest or checksum calculation might be performed on data before transferring it from one location to another. Making the same calculation after the transfer and comparing the before and after results, you can determine if the received data is corrupted or not. If the results match, then the received data is likely accurate.

You can download FSUM here:

FSUM 2.52

Or read more here.

Hashcalc is a GUI version basically, a fast and easy-to-use calculator that allows to compute message digests, checksums and HMACs for files, as well as for text and hex strings. It offers a choice of 13 of the most popular hash and checksum algorithms for calculations such as:

MD2, MD4, MD5, SHA-1, SHA-2( 256, 384, 512), RIPEMD-160, PANAMA, TIGER, ADLER32 and CRC32.

You can download it here:

HashCalc 2.02

And read more here.

Darknet was informed about these tools via e-mail by Bogwitch!

Posted in: Countermeasures, Forensics, Security Software

Topic: Countermeasures, Forensics, Security Software


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.