Archive | September, 2007

Major Web Vulnerability Effects Yahoo, MSN, Google and More

Outsmart Malicious Hackers


I’ve seen this from quite a few sources so it seems it’s fairly legitimate, it seems all major websites have some flaws in the way they implement cookies meaning they are vulnerable to certain types of attack.

The only current solution seems to be using full time SSL or https connections full-time, if any of you use gmail you’ve probably noticed it forces all logins through https now, but reverts back to http after it’s done logging you in.

The change is due to this problem.

If you use Gmail, eBay, MySpace, or any one of dozens of other web-based services, the United States Computer Emergency Readiness Team wants you to know you’re vulnerable to a simple attack that could give an attacker complete control over your account.

Five weeks after we reported this sad reality, US CERT on Friday warned that the problem still festers. It said the world’s biggest websites have yet to fix the gaping security bug, which can bite even careful users who only log in using the secure sockets layer protocol, which is denoted by an HTTPS in the beginning of browser address window.

US CERT warned that Google, eBay, MySpace, Yahoo, and Microsoft were vulnerable, but that list is nowhere near exhaustive. Just about any banking website, online social network or other electronic forum that transmits certain types of security cookies is also susceptible.

It seems pretty serious eh? And it’s definitely related to cookies. It seems there are some workarounds which can alleviate the majority of risk but only Google has implemented them.

Not surprising eh?

The vulnerability stems from websites’ use of authentication cookies, which work much the way an ink-based hand stamp does at your favorite night club. Like the stamp, the cookie acts as assurance to sensitive web servers that the user has already been vetted by security and is authorized to tread beyond the velvet rope.

The thing is just about every website transmits these digital hand stamps in the clear, which leaves them wide open to snoops monitoring public Wi-Fi traffic or some other type of network. Once attackers have the cookie, they gain complete access to the victim’s account, and depending on the way many cookies are crafted, those privileges may continue in perpetuity – even if the victim changes the account password.

So just be careful what you are doing online and where you are storing your important data, because things might not be as secure as you assume.

If you are using Google Apps (Gmail) and Firefox you can use the CustomizeGoogle Add-on to force full-time SSL connections, I’ve done this for a long time anyway.

Source: The Register

Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


IPAudit – Network Activity Monitor with Web Interface

Keep on Guard!


IPAudit monitors network activity on a network by host, protocol and port. It listens to a network device in promiscuous mode, and records every connection between two ip addresses. A unique connection is determined by the ip addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating via udp or tcp).

IPAudit can be used to monitor network activity for a variety of purposes. It has proved useful for monitoring intrusion detection, bandwith consumption and denial of service attacks. It can be used with IPAudit-Web to provide web based network reports.

IPAudit is a free network monitoring program available and extensible under the GNU GPL.

IPAudit is a command line tool that uses the libpcap library to listen to traffic and generate data. The IPAudit-Web package includes the IPAudit binary in addition to the web interface that creates reports based on the collected data. Using the Web package is recommended, as it gives you a slick graphical interface complete with traffic charts and a search feature.

You can download IPAudit here:

IPAudit 0.95 – Latest stable version of IPAudit

Or read more here.

You can also find a very good introduction to IPAudit by SecurityFocus here.

Posted in: Hacking Tools, Networking Hacking

Topic: Hacking Tools, Networking Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Im In Your Leenucks Box Changing Your Password

Keep on Guard!


More hacker humour – this is a good one!

So I’ve been a professor at this ‘little school’ for a while now. I love my job. My classes contain students from all age groups. I have a few 17 year old high schoolers that are here because they are bored during the summer. I have a few seasoned folks that have IT experience. I also have a few people that are clearly here just for the three credit hours.

The classroom is set up in a ‘lab’ environment. Each student has a PC in front of them that netboots linux from a central box located near my desk at the front of the classroom. This setup works great because the students come into the classroom every day, power on their PC, and they get the exact OS load and lesson they need for our session. Not to gloat, but I designed it this way and I’m the envy of a few other professors *cough* windows instructors *cough*.

I have this one student that I’ll call “Pima”. Yes, that’s an acronym.

Pima is one of the 17 year olds in the class and considers himself an uber-hax0r. He constantly interrupts me during my lessons trying to make valid points that are somewhere between “WTF?” and “OMG YOU ARE NOT USING TEH DEBIAN!”. For those of you that listen to the podcasts and remember my story about training some folks over in another country and some dude put my kevlar vest over top his… well let’s say if we were in combat and this kid dropped his kevlar I think I’d dig a hole and bury it so he couldn’t find it.

This kid has the attention span of me at a Hooters restaurant. He’s always doing “something” on his PC during class. Most of the time he’s constructing poorly written bash scripts and trying to download stuff from an internet connection that really doesn’t exist. I didn’t say he was bright did I? Right.

One day recently we had a special saturday class that was very lab intensive. Right before the lunch break I informed everyone that I’d be going around to each PC and “breaking” something that they’d have to fix when they got back. Usually I do something silly like screw with their /etc/resolv.conf file, comment out some things in a service’s configuration file, or some other type of fun.

During the lunch hour I wander around and start breaking stuff. I get to Pima’s machine and I can’t login to the machine as root. My little uber-hax0r had changed the root password.

[Note from Scrap: All students have the root password to their workstations as part of their lesson]

Let’s keep in mind that this kid is NOT the ripest banana in the bunch by a long shot. Let’s think about this, shall we?

1) The PC neboots to an image. Changing the root password is effective for the current ’session’ only. I reboot the machine, I get a fresh load. Kapisch?

2) SSH is running on all of these boxes. Did I mention that I authenticate using a certificate to all of these machines? I don’t NEED the password.

3) In /etc/passwd, there’s this really cool user called (and I kid you not) “backdoor”. Backdoor is authorized for ’su’.

Curiosity was killing me. I tried to login as “backdoor” and sure enough it worked and I could issue commands as root. Duh.

I wandered back to my instructor workstation and ssh’d to his box as root with no problems.

I had a decision to make. Do I just reboot the machine and carry on? Or do I teach this kid a lesson?

Oh yeah, he’s getting a lesson.

I whipped out my microphone from my laptop bag and plugged it into my workstation. I recorded a few choice sound files and scp’d them to his workstation in a directory I made called “/tmp/…/lmao”.

I then made sure that ’sox’ was installed on the workstation. It was. I ran back over to Pima’s workstation and made sure that the speaker volume was turned to 75% on his speakers. Just to be a jerk I used my trusty pocketknife to pry the volume knob off of the speakers. There will be no adjusting these bad boys!

The clock said that I had half an hour left before the students returned, so I quickly returned to breaking the rest of the students’ workstations.

A half hour later it was show time.

The students filed back into the classroom. Pima was five minutes late as usual.

I instructed the class not to touch their keyboards until I gave them their instructions.

After I prattled on for five minutes with the assignment I sat back down at my workstation and acted like I was busy. I noticed that Pima had a big grin on his face after he logged into his machine with his root password. The grin said “haha you didn’t break MY stuff!”.

I brought up the xterm that was ssh’d into Pima’s workstation and issued the following commands:

$ cd /tmp/…/lmao
$ play haha1.wav

At that moment a loud booming voice commanded its way from Pima’s speakers:

YOU SHOULDNT HAVE CHANGED MY ROOT PASSWORD BOY!

There was dead silence in the room. Pima jumped back about half a foot from his PC.

Laughter ensued.

I glanced up from my screen and glared at Pima.

“Is there a problem? You should be working on your assignment and not goofing around.”

Pima squeaked out a “It wasn’t MEEEEE!”

I glanced back down at my screen and waited another few minutes.

I then issued this:
$ play haha2.wav

The class was treated to a very high-pitched chimpmunk version of “MY HUMPS! MY HUMPS! MY ITTY BITTY HUMPS!”

At this point the class was dying in laughter.

I continued with my straight man act.

“Pima, if you interrupt this class one more time I’m walking you out. Have some respect.”

He sat there and didn’t say A WORD.

A few more minutes go by and Pima is typing like a mad man on his keyboard trying to figure out what the heck is going on.

It was now time for “Le Finale Grande”.

$ play haha3.wav

Pima’s speakers blared the following in my own God-like voice:

“ATTENTION CLASS. THIS IS WHAT HAPPENS WHEN YOU DONT PAY ATTENTION TO THE INSTRUCTOR, CHANGE YOUR ROOT PASSWORD AND COMPLETELY DISREGARD YOUR ASSIGNED WORK. THAT IS ALL.”

At that moment Pima figured it out and was treated to his classmates (and me) laughing hysterically at him. He stood up, put his arms up in the air and proclaimed “YOU GOT ME. YOU GOT ME. OKAY.”

Pima has been a perfect gentleman since.

He even shows up to class five minutes early every day.

From: IT Tool Box

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Foremost – Recover Files From Drive or Drive Image AKA Carving

Keep on Guard!


Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive.

The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.

Originally developed by the United States Air Force Office of Special Investigations and The Center for Information Systems Security Studies and Research , foremost has been opened to the general public.

You can download the latest version here:

foremost-1.5.tar.gz

Or read more here.

Posted in: Forensics

Topic: Forensics


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


PSP All Version Firmware Homebrew Hack Surfaces

Outsmart Malicious Hackers


Seen as though we get a lot of searches for PSP firmware updates and information about homebrew, I thought I’d post about this which popped up a few months ago.

In what undoubtedly will be remembered as a historic and life-changing event for PSP enthusiasts everywhere, a group of coders (Noobz and Archaemic, to be exact) have exploited a loophole in the Ubisoft game Lumines which enables homebrew-ing on all PSP firmware versions, from 1.00 to 3.50. This first ever all-firmware hack is a significant development, as homebrewing up until now has required specific versions (and usually the use of downgraders). No word yet on how Ubisoft feels about being party to this party, but something tells us Sony isn’t going to be real stoked.

I wonder how the game companies feel when its their software being used to hack something.

This made me chuckle though…

Update: On a completely unrelated note, Lumines has moved from a rank of 797 on Amazon’s movers & shakers, to the number 1 slot with a sales gain of something like + 13,166%.

Why doesn’t that surprise me :D

Source: Engadget

Posted in: Hacking News, Hardware Hacking

Topic: Hacking News, Hardware Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


FLARE – Flash Decompiler to Extract ActionScript

Outsmart Malicious Hackers


Flare processes an SWF and extracts all scripts from it. The output is written to a single text file. Only ActionScript is extracted, no text or images. Flare is freeware. Windows, Mac OS X and Linux versions are available.

The main purpose of decompiler is to help you recover your own lost source code. However, there are other uses, like finding out how a component works, or trying to understand poorly documented interface. Depending on where you live, some of them may be forbidden by law. It’s your responsibility to make sure you don’t break the law using Flare.

If you develop Flash applications for living, you probably know that your code is not secure in SWF. It’s not the existence of decompiler that makes your code insecure though, it’s design of SWF format. Although no ActionScipt is stored there, most of it can be recovered from bytecodes.

Most recent Flare version is 0.6.

Windows Explorer Shell Extension

Download flare06setup.exe. After installation right-click on any SWF file in Windows Explorer and choose Decompile from context menu. Flare will decompile somename.swf and store decomiled code in somename.flr in the same folder. somename.flr is a simple text file, you can open it with your favorite text editor. If Flare encounters problems during decompilation, it will display some warnings. If everything goes well, it will quit silently. That’s all, Flare has no other GUI. To unistall, execute Start>Programs>Flare>Uninstall.

Mac OS X Droplet


Get flare06.dmg. After mounting the disc image drop an SWF file onto the Flare icon in Finder. The decompiled ActionScript will be stored in SWF’s folder with FLR extension. Open it with your text editor. You can decompile multiple SWF files at once. The droplet is compiled on OS X 10.3. It should work on 10.2 and 10.4. There is no Flare for OS 9.

Command Line Versions

DOS/Windows binary: flare06doswin.zip
Mac OS X binary: flare06mac.tgz
Linux x86 binary: flare06linux.tgz
Linux x86 64-bit binary: flare06linux64.tgz
Solaris x86 binary: flare06solaris.tgz

There is no installation procedure for command line versions. Just create a folder named flare somewhere and unpack the archive there. To uninstall, delete the folder and you’re done.

Or read more here.

Posted in: Hacking Tools, Secure Coding, Web Hacking

Topic: Hacking Tools, Secure Coding, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.