Archive | July, 2007

Trojan Mimicks Windows Activation Interface – KardPhisher

Keep on Guard!

Recently a new Trojan popped up that mimics the Windows activation interface, phishing for credit card details and even the PIN number.

The Trojan itself isn’t particularly advanced technically, it’s mostly just a social engineering attack.


Symantec is reporting on a Trojan horse that mimics the Windows activation interface.

What they are calling Trojan.Kardphisher doesn’t do most of the technical things that Trojan horses usually do; it’s a pure social engineering attack, aimed at stealing credit card information. In a sense, it’s a standalone phishing program.

Once you reboot your PC after running the program, the program asks you to activate your copy of Windows and, while it assures you that you will not be charged, it asks for credit card information. If you don’t enter the credit card information it shuts down the PC. The Trojan also disables Task Manager, making it more difficult to shut down..

It’s a pretty interesting attack and it shows malware creators are getting more innovative, rather than looking for technical solutions and how to hide their key-loggers etc. they are just looking at ways to make the interface look more legitimate so unwary users give their information away themselves.

Running on the first reboot is clever. It inherently makes the process look more like it’s coming from Windows itself, and it removes the temporal connection to running the Trojan horse. The program even runs on versions of Windows prior to XP, which did not require activation.

This is not an attack that will sneak by you. The executable is nearly 1MB large. But if you find yourself in this situation you should be able to disable it in Windows Safe mode by removing the registry keys described in the Symantec writeup and deleting the program it points to. Updated antivirus software should also be able to remove it.

You can also read more about the Trojan on the Symantec page:

Symantec – Trojan.Kardphisher

Source: PCMag

Posted in: Malware, Social Engineering, Windows Hacking

Tags: , , , , , , ,

Posted in: Malware, Social Engineering, Windows Hacking | Add a Comment
Recent in Malware:
- South Korean Webhost Nayana Pays USD1 Million Ransom
- maltrail – Malicious Traffic Detection System
- Windows XP Too Unstable To Spread WannaCry

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,630 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,775 views
- US considers banning DRM rootkits – Sony BMG - 45,014 views

Selenium – JavaScript Web Application Security Testing Tool

Keep on Guard!

Selenium is a test tool for web applications. Selenium tests run directly in a browser, just as real users do. And they run in Internet Explorer, Mozilla and Firefox on Windows, Linux, and Macintosh. No other test tool covers such a wide array of platforms.

  • Browser compatibility testing. Test your application to see if it works correctly on different browsers and operating systems. The same script can run on any Selenium platform.
  • System functional testing. Create regression tests to verify application functionality and user acceptance.

Try it out! Get started with Selenium IDE for your first taste of Selenium’s power. You can run Selenium IDE tests in any supported browser using Selenium Core.

Any Language! Want to write tests in your favorite programming language? Try Selenium Remote Control; it currently supports writing tests in Java, .NET, Perl, Python and Ruby.

Supported Platforms:


  • Internet Explorer 6.0
  • Firefox 0.8 to 1.5
  • Mozilla Suite 1.6+, 1.7+
  • Seamonkey 1.0
  • Opera 8

Mac OS X:

  • Safari 1.3+
  • Firefox 0.8 to 1.5
  • Camino 1.0a1
  • Mozilla Suite 1.6+, 1.7+
  • Seamonkey 1.0


  • Firefox 0.8 to 1.5
  • Mozilla Suite 1.6+, 1.7+
  • Konqueror

Selenium uses JavaScript and Iframes to embed a test automation engine in your browser. This technique should work with any JavaScript-enabled browser. Because different browsers handle JavaScript somewhat differently, usually they have to tweak the engine to support a wide range of browsers on Windows, Mac OS X and Linux.

You can read more here.

Posted in: Hacking Tools, Programming, Web Hacking

Tags: , , , , ,

Posted in: Hacking Tools, Programming, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Bluto – DNS Recon, Zone Transfer & Brute Forcer
- dork-cli – Command-line Google Dork Tool
- T50 – The Fastest Mixed Packet Injector Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,024,693 views
- Brutus Password Cracker – Download AET2 - 1,610,975 views
- wwwhack 1.9 – Download Web Hacking Tool - 707,896 views

Piping Data in DOS on Windows – Video

Keep on Guard!

Well this is my last week of exams, and today I got a free day, tomorrow it will be maths… Anyway while waiting for somebody I got bored and decided to make a small (tiny) video about piping data under windows, you know | …

In Unix-like computer operating systems, a pipeline is the original software pipeline: a set of processes chained by their standard streams, so that the output of each process (stdout) feeds directly as input (stdin) of the next one.

More at Wikipedia – Pipeline (UNIX)

As always a link on youtube (better quality than the last 2 videos): Tips&Tricks About Piping Data
A download link: Piping_data.wmv
My youtube channel =)

Posted in: Windows Hacking

Tags: , , , , , , , ,

Posted in: Windows Hacking | Add a Comment
Recent in Windows Hacking:
- Windows XP Too Unstable To Spread WannaCry
- PowerMemory – Exploit Windows Credentials In Memory
- SessionGopher – Session Extraction Tool

Related Posts:

Most Read in Windows Hacking:
- Brutus Password Cracker – Download AET2 - 1,610,975 views
- Download pwdump 1.4.2 and fgdump 1.3.4 – Windows Password Dumping - 253,097 views
- Remote Network Penetration via NetBios Hack/Hacking - 244,956 views

tcpxtract – Extract Files from Network Traffic AKA Carving

Outsmart Malicious Hackers

tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called “carving”) is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. tcpxtract uses this technique specifically for the application of intercepting files transmitted across a network.

Other tools that fill a similar need are driftnet and EtherPEG. driftnet and EtherPEG are tools for monitoring and extracting graphic files on a network and is commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG is that they only support three filetypes with no easy way of adding more. The search technique they use is also not scalable and does not search across packet boundries.

tcpxtract features the following:

  • Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file.
  • With a quick conversion, you can use your old Foremost config file with tcpxtract.
  • Custom written search algorithm is lightning fast and very scalable.
  • Search algorithm searches across packet boundries for total coverage and forensic quality.
  • Uses libpcap, a popular, portable and stable library for network data capture.
  • Can be used against a live network or a tcpdump formatted capture file.

You can download tcpxtract here:

tcpxtract Version 1.0.1 source

Or read more here.

Posted in: Forensics, Hacking Tools, Network Hacking

Tags: , , , , , ,

Posted in: Forensics, Hacking Tools, Network Hacking | Add a Comment
Recent in Forensics:
- PowerShellArsenal – PowerShell For Reverse Engineering
- Androguard – Reverse Engineering & Malware Analysis For Android
- Volatility Framework – Advanced Memory Forensics Framework

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,821 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 35,701 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 35,010 views

June 2007 Commenter of the Month Competition Winner!

Keep on Guard!

Ah so this is what you’ve been waiting for!

As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June, we are now in the second month of the competition with new runnings starting yesterday, July 1st – Sponsored by GFI.

We are offering some pretty cool prizes like iPods and PSPs, along with cool GFI merchandise like shirts, keyrings and mugs.

GFI Goodies

So keep up the comments, and let’s keep the quality up!

By being one of the top 5 commenter’s you also have your name and chosen link displayed on the sidebar of every page of Darknet, with a high PR5 (close to 6) on most pages (3000+ spidered by Google).

So announcing the winner for June…it’s Daniel!


With an honourable mention to therealdonquixote for his top quality comments.

Keep up the quality comments and stand a chance to win more cool prizes in July!

Posted in: Site News

Tags: , , , , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- Darknet Moving Servers & Upgrades Etc
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,680 views
- Get the ball rollin’ - 19,016 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,278 views