Archive | October, 2007

Posts Restored & Business (almost) Back to Usual

Outsmart Malicious Hackers

Ok I’ve just painstakingly restored all the posts I could find since September 10th until now from Google Cache.

I’ve worked out the maximum posts missing would be 1 as I could get the cache back to September 12th and the latest post before that is September 10th, or I might not have posted on September 11th anyway.

Anyhow things should all be restored now – and it was incredibly boring…so it shows the power of taking regular backups. I’m incredibly thankful I took my own backup on September 10th…I can’t imagine what it would be like if I hadn’t backed up or it was 2-3 months out of date.

I made a few upgrades as well seen as though I was re-installing the whole site..I’ve upgraded to the latest branch of Wordress – 2.3 and I’ve internalized the tags so they no longer point to Technorati. I’ve also upgraded all plugins and mods so we should be stable and secure now.

You can now click the tags on the index or inside posts and they will take you to the tag archive page for that tag.

The sites feels a bit faster and more responsive to me after I’ve upgraded to 2.3, but that might just be me.

Do let me know what the performance is like from your side.

I’m most likely going to get a VPS to run Darknet on, so there might be a very minor down-time shortly when I shift over to that, but after that it should be rock steady and fast.

If you spot anything funky or something going wrong/error/weird behaviour/files missing just drop me a comment or use the contact form and let me know.

Regular posting will resume in the next 1-2 days after I get some sleep.

Thanks for the kind words, e-mails and comments – I appreciate it!

Posted in: Site News

Tags: , , , , , , , , , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- Darknet Moving Servers & Upgrades Etc
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,680 views
- Get the ball rollin’ - 19,016 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,278 views

bookmark me

Keep on Guard!

Heard about the recent server crash, and I also fell a bit alerted by this incident, because I as the web hosting providers don’t do regular backup…. anyway what am I going to talk about now? Bookmarklets, we all know them, there new, hip, and full of color ….

What are bookmarklets? Little javascript snippets that you bookmark and use them on any website… sounds fun? Check out wikipedia for more info about them….

Why? Because they are useful, free, and sexy… (Sounds like cheap porn to me)

An example bookmarklets: cookie

The example above doesn’t work because I used an encoded javascript, and not the clear text javascript in the url because wordpress filters it out…. but you can bookmart it and remove the out of it…

short article on short scripts… a list of websites that contain bookmarklets:

p.s. thinking to develop a bookmarklet? Keep it under 500 characters…

Posted in: Web Hacking

Tags: , , ,

Posted in: Web Hacking | Add a Comment
Recent in Web Hacking:
- dork-cli – Command-line Google Dork Tool
- snitch – Information Gathering Tool Via Dorks
- OneLogin Hack – Encrypted Data Compromised

Related Posts:

Most Read in Web Hacking:
- wwwhack 1.9 – Download Web Hacking Tool - 707,843 views
- Web Based E-mail (Hotmail Yahoo Gmail) Hack/Hacking with JavaScript - 313,243 views
- Download videos? - 156,804 views

Server Crash

Keep on Guard!

There was a massive failure on our web-host resulting in almost 100% data loss, our own back-up was from September 10th so we are trying to restore the site to full capacity as we speak.

It’s in a bit of a mess at the moment, but we’ll get it back up to speed at latest by Monday.

We have to manually reinstall everything including the theme and all the functionality from customisations and plugins, we will manually restore all the posts since Sept 10th if they really can’t be recovered from the crashed server.

But all comments from Sept 10th will be lost.

We are currently using a temporary hosting solution, does anyone have a good suggestion for a webhost that accepts Paypal, does PROPER back-ups which can’t be b0rked by a ‘cascade’ failure and has good uptime & network speed.

If you know of one either drop us a mail or comment below.

Thanks for bearing with us.

Posted in: Site News

Posted in: Site News | Add a Comment
Recent in Site News:
- Darknet Moving Servers & Upgrades Etc
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,680 views
- Get the ball rollin’ - 19,016 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,278 views

SSA Version 1.5.2 – OVAL Vulnerability Assessment Software

Keep on Guard!

SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.

Features :

  • OVAL-compatible product
  • SCAP (Security Content Automation Protocol)
  • Perform a deep inventory audit on installed softwares and applications
  • Scan and map vulnerabilities using non-intrusive techniques based on schemas
  • Detect and identify missed patches and hotfixes
  • Define a patch management deployment strategy using CVSS scores

Changelog for v.1.5.2

  • Based on OVAL 5.3 build 20 (see OVAL project for more information)
  • SSA now supports SCAP (Security Content Automation Protocol)
  • SSA now supports scan for missed patches (using SCAP format)
  • Updated OVAL XML Viewer Plugin
  • Updated database to 2039 definitions

Download it here:

SSA Version 1.5.2

Or read more here.

Posted in: Exploits/Vulnerabilities, Security Software

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Security Software | Add a Comment
Recent in Exploits/Vulnerabilities:
- DJI Firmware Hacking Removes Drone Flight Restrictions
- GnuPG Crypto Library libgcrypt Cracked Via Side-Channel
- NotPetya Ransomeware Wreaking Havoc

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 238,530 views
- AJAX: Is your application secure enough? - 120,733 views
- eEye Launches 0-Day Exploit Tracker - 86,319 views

Storm Worm Descends on Blogspot

Outsmart Malicious Hackers

It seems like spammers, scammers, phishers and now malware authors are starting to leverage blogs more and more, especially Blogger/Blogspot as Google tend to be quite slow in responding and sometimes don’t respond at all.

This makes it an ideal platform for dodgy behaviour as the crooks have adequate lead time to con/infect people before they get shut down.

In this case Blogspot was used as the platform to propagate malcious messages by the Storm worm, people clicking these messages were liable to infection.

Miscreants behind the Storm Worm have begun attacking Blogger, littering hundreds of pages with titillating messages designed to trick visitors into clicking on poisonous links.

By now, anyone who doesn’t live under a rock is familiar with the spam messages bearing subjects such as “Dude what if your wife finds this” and “Sheesh man what are you thinkin” and including a link to a supposed YouTube video. Recipients foolish enough to click on the link are taken to an infected computer that tries to make their machine part of a botnet.

Now Storm Worm, the malware responsible for those messages, has overrun Google-owned Blogger. According to one search, some 424 Blogger sites have been infected. The actual number is probably higher because our search contained only a small fraction of the teasers used by Storm.

The search result only returns 29 now as things have been cleaned up a bit.

It just shows, whatever vectors reach popular culture, the bad guys will be there leveraging them before anyone else.

“What it really shows to me is how pernicious these guys are and they’re indefatigable in trying to get into every place,” said Alex Eckelberry, president of Sunbelt Software who blogged about the Blogger assault earlier. “This is a voracious, voracious worm. I don’t think anybody in malware research has seen anything like Storm.”

Storm has already gone through more lives than a pack of feral cats. It started out in January as an email promising information about a winter storm that was sacking Northern Europe. Since then it’s offered sexy photos, electronic greeting cards and login credentials for various online memberships. According to researchers, Storm has infected more than 1.7 million hosts.

Storm’s ability to crack Google’s defenses is yet another testament to the resiliency of the malware. Google tends to outshine competitors in blocking spam and sniffing out sites that serve up Trojans.

Storm has also shown a pretty strong evolution pattern, it’s been linked to some of the biggest spam groups around…so expect it to keep coming, keep mutating and keep infecting.

The more zombies they have the more effectively they can spam and DDoS people that give them problems (Black list services and so on).

Source: The Register

Posted in: Malware

Tags: , , , , , , , , , , , ,

Posted in: Malware | Add a Comment
Recent in Malware:
- South Korean Webhost Nayana Pays USD1 Million Ransom
- maltrail – Malicious Traffic Detection System
- Windows XP Too Unstable To Spread WannaCry

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,629 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,775 views
- US considers banning DRM rootkits – Sony BMG - 45,014 views

Official release of SQL Power Injector 1.2 – Download Now!

Outsmart Malicious Hackers

SQL Power Injector is a graphical application created in .NET 1.1 that helps the penetrating tester to inject SQL commands on a web page.

For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode).

Moreover this application will get all the parameters you need to test the SQL injection, either by GET or POST method, avoiding thus the need to use several applications or a proxy to intercept the data.

The emphasis for this release is maturity, stability and reliability with secondary goals of usability, documentation and innovation.

There’s also a nifty Firefox Extension now.

One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%.

Added to this it’s now possible to define a range list that will replace a variable (<<@>>) inside a blind SQL injection string and automatically play them for you. That means you can get all the database names from the sysdatabases table in MS SQL without having to input the dbid each time for example.

Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. No more time wasted to copy paste the session cookies after you logged… And of course you can make the easy SQL tests in your browser and you use the plugin once you want to search more thoroughly.

To make your life easier there is now a new feature that will search the diff between a positive condition (1=1) response with a negative condition (1=2) and display the list for you.

Last major addition is the extensive databases Help file (chm) that contains most of the information you need when you SQL inject. It covers the 5 DBMS supported by SQL Power Injector. You can find in it the system tables and views with their columns, environment variables, the useful functions and stored procedures. All this with some notes to how to use them and why it’s useful for SQL injection.

You can download the latest version here:

SQL Power Injector 1.2

Or read more here.

Posted in: Database Hacking, Hacking Tools, Web Hacking

Tags: , , , , , ,

Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment
Recent in Database Hacking:
- Another MongoDB Hack Leaks Two Million Recordings Of Kids
- MongoDB Ransack – Over 33,000 Databases Hacked
- DBShield – Go Based Database Firewall

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 79,161 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,882 views
- SQLBrute – SQL Injection Brute Force Tool - 42,927 views

New German Hacking Law 202(c) – Sites Close & Possible Backfire

Outsmart Malicious Hackers

This has been floating around for a while and you might have noticed a warning on some German based security sites that they’ve had to move their tools due to this new legislation known as 202(c) – a couple of examples are KisMAC and Phenoelit.

Basically the new law prohibits manufacturing, programming, installing, or spreading software that has the primary goal of circumventing security measures is, which means that some security scanning & hacking tools might become illegal.

Security researchers in Germany continued to pull down exploit code from their sites last week, scrambling to comply with a German law that makes illegal the distribution of software that could be used to break into computers.

The German law — referred to as 202(c) — went into effect on Sunday. Many experts have complained that the language of the law is very unclear, but a strict reading appears to make illegal the distribution, sale and possession of security tools which could be used to commit a crime.

In the latest move, PHP security professional Stefan Esser removed on Friday all exploit code from his Web site dedicated to the Month of PHP Bugs. While reasonable prosecutors would not likely pursue security researchers, the risk is too great, Esser stated.

Source: Security Focus

It’s a pretty worrying state of affairs. It means under strict enformencent the majority of Linux distributions are now illegal in Germany as they tend to include nmap by default!

I also believe it could back-fire causing more problems that solutions.

Germany’s new antihacker law could open the door to more cybercrime and not less, security experts warn.

The legal uncertainty created by the new law will make the work of security experts in Germany more difficult, according to Müller-Maguhn.

“The law is counterproductive,” said Marcus Rapp, product specialist at the German subsidiary of Finnish security vendor F-Secure. “It will make the security situation worse, not better.”

Rapp is concerned about what he calls the law’s “broad interpretation” of hacking and the legal uncertainty it creates.

Interesting stuff…and I really doubt they are going to reverse it.

Let’s just hope no other countries follow suit with such retarded laws.

Source: Infoworld

There’s also a very interesting article on the whole matter by Dark Reading here:

Hacking Germany’s New Computer Crime Law

You can read what Computer Chaos Club says about it (CCC) here [German].

Posted in: General Hacking, Legal Issues

Tags: , , , , , , ,

Posted in: General Hacking, Legal Issues | Add a Comment
Recent in General Hacking:
- Why Are Hackers Winning The Security Game?
- The Dyn DNS DDoS That Killed Half The Internet
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,178,845 views
- Hack Tools/Exploits - 644,951 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 444,560 views – Statistical E-mail & Blog Profiling

Keep on Guard!

This is a cool tool I found recently amongst all the flame wars in the security mailing lists, someone developed this tool to profile the semantics of text.

Basically you pump in a load of e-mails from a known source, then compare it to the anonymous socks and see what probability it is that they are the same person based on the text. You can do the same thing with blogs, not just e-mail!

This is version 1.0 of Unmask – a python script that attempts to unmask anonymous text by matching its statistical properties against someone else’s text with a known identity.

Other uses include determining “area of origin”,gender,age, occupation, sexual orientation, etc from text’s statistical properties. Any decision YOU can make against an unknown author, Unmask will also make. Of course, it may be less or more accurate than your determination.

You should probably fiddle with it as you go, to make it work on whatever sample set you have, before using it in the wild.

To use it, simple “store” text (with -s bob -f file.txt). Then just compare your unknown file to that particular store, or use -i to compare it to all stores. Make up a store of all male and all female text and then compare some random weblog, just for kicks.

You can download unmask here:


Posted in: General News

Tags: , , , , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Security Vendor Trustwave Bought By Singtel For $810M
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,543 views
- eEye Launches 0-Day Exploit Tracker - 86,319 views
- Seattle Computer Security Expert Turns Tables On The Police - 45,326 views

September Commenter of the Month Competition Winner!

Keep on Guard!

ompetition time again! It wasn’t that close this month, activity seems to have dropped off a bit, but we had a wider variety of comments and some good quality – which is important!

As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. We have just finished the fourth month of the competition in September and are now in the fifth, starting starting a few days ago on October 1st – Sponsored by GFI.

We are offering some pretty cool prizes like iPods and PSPs, along with cool GFI merchandise like shirts, keyrings and mugs.

GFI Goodies

Keep up the great comments and high quality interaction, we really enjoy reading your discussions and feedback.

Just to remind you of the added perks, by being one of the top 5 commenter’s you also have your name and chosen link displayed on the sidebar of every page of Darknet, with a high PR5 (close to 6) on most pages (4000+ spidered by Google).

So announcing the winner for September…it’s Sandeep Nain! With TheRealDonQuixote second again!

Commenter September

Thanks to everyone else who commented and thanks for your links and mentions around the blogosphere!

Feel free to share Darknet with everyone you know :)

Keep commenting guys, and stand to win a prize for the month of October.

We are still waiting for pictures from backbone and TRDQ of themselves with their prizes.

Winner of the month for June was Daniel with 35 comments.
Winner of the month for July was backbone with 46 comments.
Winner of the month for August was TheRealDonQuixote with 53 comments.

Posted in: Site News

Tags: , , , , , , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- Darknet Moving Servers & Upgrades Etc
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,680 views
- Get the ball rollin’ - 19,016 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,278 views

Common Criteria Web Application Security Scoring (CCWAPSS) Released

Outsmart Malicious Hackers

The purpose of the scoring scale CCWAPSS is to share a common evaluation method for web application security assessments/pentests between security auditors and final customers.

This scale does not aim at replacing other evaluation standards but suggests a simple way of evaluating the security level of a web application.

CCWAPSS is focused on rating the security level of a distinct web application, web services or e-business platform. CCWAPSS does not aim at scoring a whole heterogenic perimeter.

Key benefits of CCWAPSS

  • Fighting against the inclination of using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice).
  • Offering a solution to interpretation problems between different auditors by providing clear and 11 well documented criteria.
  • The maximum score (10/10) means “compliant with Best Practices”. This score could be exceeded in case of excellence (like a medical vision evaluation such as 12/10).
  • Each criteria is relative to section of the OWASP Guide 3.0.

The 11 scoring criteria

1. Authentication
2. Authorization
3. User’s Input Sanitization
4. Error Handling and Information leakage
5. Passwords/PIN Complexity
6. User’s data confidentiality
7. Session mechanism
8. Patch management
9. Administration interfaces
10. Communication security
11. Third-Party services exposure

You can get the CCWAPSS whitepaper here:

CCWAPSS release 1.0 [PDF]

Or read more here.

Posted in: Countermeasures, Web Hacking

Tags: , , , , , , ,

Posted in: Countermeasures, Web Hacking | Add a Comment
Recent in Countermeasures:
- maltrail – Malicious Traffic Detection System
- Massive Acunetix Online Update Brings New Features & UI
- PwnBin – Python Pastebin Search Tool

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,733 views
- Password Hasher Firefox Extension - 118,207 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,831 views