Archive | March, 2008

New Windows XP & Vista Full Take-over Hack with Firewire

Outsmart Malicious Hackers


This Firewire hack seems to be creating a big buzz, from what I’ve read it also works on Vista as for some odd reason the Firewire port gets access to the whole memory space in DMA mode – not just what it needs to function – so you can read from anything stored in memory with the right tools.

Pretty worrying eh? There is a few ways to secure yourself if you feel this is a threat (Disable the 1394 bus or disable DMA).

A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.

Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix.

Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could “unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command”.

If you are interested in the details and want to read about the Windows Vista Firewire hack you can do so here [PDF].

As I’ve always said though, if you have physical access you basically own the machine. Physical security of servers is a lot more important than many people think.

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

With full access to the memory, the tool can then modify Windows’ password protection code, which is stored there, and render it ineffective.

Older desktop computers do not come equipped with Firewire ports, which are needed for the hack to work, but many recent models do. Most laptops made in the last few years include Firewire ports.

Microsoft has been unavailable for comment about this issue of course. The FD thread is extremely long, if you are interested in reading it you can do so here.

Source: Sydney Morning Herald

Learn about Exploits/Vulnerabilities



Posted in: Exploits/Vulnerabilities, Windows Hacking

Topic: Exploits/Vulnerabilities, Windows Hacking

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


.NETIDS – .NET Intrusion Detection System

Outsmart Malicious Hackers


This tool is another one on the side of protection, again for web-based applications but this time for .NET applications it’s called .NETIDS (.NET Intrusion detection System). This tool is capable of detecting on attacks on web applications and gives the developer the possibility to react. The project files include filter rules and function stubs to react on possible intrusions which may vary from logging to warning or redirecting the user.

The goal of this project is to provide am additional layer of protection to any .NET application this project is used with. This also includes the detection of XSS, directory traversal, SQL injections, protection against overwriting JS objects and methods, advanced logging functions, categorization and tagging of the single filter rules and interfaces for reacting on possible intrusions.

.NET IDS is a actually a port of PHPIDS, which we’ve mentioned before, to the .NET Framework. The library is fully CLS compliant and implements exactly the same filtering sets as the PHP version.

.NETIDS can be used in three ways.

The first method is by inheriting your ASP.NET pages from the SecurePage class. This offers an easy and customizable way to scan page input. If you are relatively new to the .NET Framework this is the simplest way to secure your applications.

The second method is more customizable but harder to implement for novice programmers and involves working directly with the IDS objects.

The third method (available in the upcoming release) is by using the supplied HttpModule.

You can find the documentation here:

http://www.the-mice.co.uk/dotnetids/docs/

You can download .NET IDS v.0.1.3.0 here:

dotnetids-bin-0_1_3_0.zip

Or you can read more here.

Learn about Countermeasures



Posted in: Countermeasures, Secure Coding, Security Software

Topic: Countermeasures, Secure Coding, Security Software

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


Core Security to Expand Market with Mark Hatton

Keep on Guard!


It seems like security/pen-testing software can be quite lucrative – especially with the prices Core Security charge for their flagship tool Core Impact (Around $25,000 per seat?).

They have offices in two countries and are now looking to expand into new markets, anyway this is a bit of corporate security news for a change. They have hired a new CEO – ex Sophos executive Mark Hatton.

Less than a year after an executive reshuffle prompted questions about its direction and viability, Core Security Technologies has hired a new chief executive to pilot its push beyond the niche penetration-testing market.

Core Security, which employs about 130 people in offices in Boston, Mass., and Buenos Aires, Argentina, has tapped former Sophos executive Mark Hatton as its new CEO amidst strong hints that new technology pieces could be added to position the company as more than a specialized vulnerability scanning outfit.

“We have a really good opportunity to rise above the niche pen-test market,” Hatton said in an interview with eWEEK. “We already provide very valuable insight as to where vulnerabilities lie and show [an enterprise] the extent of damage that can occur. We can add a few pieces and provide a much more unified view of how well the security infrastructure is working.”

Their product is very good and the reporting capabilities are way better than the free software out there (that matters a lot when turn-around time is short in a commercial pen-test or VA).

I wonder what markets they are going to move into? Perhaps log aggregation or system architecture security management (more like GFI Languard?).

Hatton declined to discuss future strategic moves, but a quick glance at his track record at Sophos, an enterprise-facing anti-virus vendor that successfully repositioned itself as a full-fledged endpoint security player, suggests that Core Security could be moving in that direction.

“We are in a position today where [Core’s] technology is good and the marketplace is generally opening up,” Hatton said. “If you look at the evolution of Sophos, it was a specialized anti-virus company in the beginning and then it redefined endpoint security and NAC-type offerings. I see Core taking a similar path. We’ll define and evolve this market beyond pen-testing.”

Metasploit Framework has definitely raised some doubts for them though and put them under the spotlight, especially after last year when two of their top honchos left the company. And other much cheaper alternatives like Immunity Canvas.

This is one of the few times you’ll see me talk about commercial software – I tend to stick to the free stuff. Would any one be interested in some info about commercial tools too?

Source: eWeek

Learn about Security Software



Posted in: Security Software

Topic: Security Software

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


Inguma 0.0.7.2 Released for Download – Penetration Testing Toolkit

Outsmart Malicious Hackers


For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems.

It’s becoming a mature and useful package! I’m glad to see continued developing and especially that they are concentrating on fixing bugs and improving the modules rather than adding loads of new features and just making it worse.

In this version there is new modules added, new exploits, many many bug fixes and the enhancing of existing modules, such as the Oracle related stuff.

PyShellcodelib has been enhanced as well and now supports Mac OS X. But, for the moment, just BSD syscalls. Mac syscalls implementation is on the way. You will also notice that it is now object oriented as opposed to the previous versions.

Among with the aforementioned changes, there are 5 new Oracle modules: 4 modules for bugs fixed in the Critical Patch Update of
January 2008 and one skr1pT k1|>i3 like module for the Oracle PL/SQL gateway flaw. Give to the module the target’s address and port and run “oragateway”. The module will automagically guess the correct DAD and bypass technique. After it an SQL terminal will be opened.

The new modules added to the framework are the following:

  • nikto: A plugin that uses Nikto based databases (Thanks you Sullo!).
  • archanix: As you may imagine, it gathers information from archaic Unix services.
  • brutesmtp: A brute forcer for SMTP servers.
  • anticrypt: A tool to guess the encryption algorithm of a password’s hash. It saves a lot of time when auditing passwords.

They are also getting the documentation together (this is the first release) on the Wiki here:

http://inguma.wiki.sourceforge.net

You can download Inguma 0.0.7.2 here:

Inguma 0.0.7.2

Or read more here.

Learn about Database Hacking



Posted in: Database Hacking, Exploits/Vulnerabilities, Hacking Tools

Topic: Database Hacking, Exploits/Vulnerabilities, Hacking Tools

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


Nipper Tools Download – Network Configuration Auditing Tool

Keep on Guard!


Get your Nipper tools download here, this tool performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices.

Nipper Tools Download - Network Configuration Auditing Tool


Nipper has a large number of configuration options which are described in the lists below.

Devices Supported by Nipper Tools

Nipper currently supports the following device types:

  • Cisco Switches (IOS)
  • Cisco Routers (IOS)
  • Cisco Firewalls (PIX, ASA, FWSM)
  • Cisco Catalysts (NMP, CatOS, IOS)
  • Cisco Content Service Switches (CSS)
  • Juniper NetScreen Firewalls (ScreenOS)
  • CheckPoint Firewall-1 (FW1)
  • Nokia IP Firewalls (FW1)
  • Nortel Passport Devices
  • SonicWALL SonicOS Firewalls (SonicOS)

The security audit includes details of the findings, together with detailed recommendations. The security audit can be modified using command line parameters or an external configuration file.

Further Nipper Tools Features

Network filtering audits include the following, all of which can be modified:

  • Rule lists end with a deny all and log
  • Rules allowing access from any source
  • Rules allowing access from network sources
  • Rules allowing access from any source port
  • Rules allowing access to any destination
  • Rules allowing access to destination networks
  • Rules allowing access to any destination service
  • Rules that do not log
  • Deny rules that do not log
  • Rules that are disabled
  • Rules that reject rather than drop
  • No bypass rules exist
  • Default rules

This update (0.11.5) includes improvements to support for Cisco PIX / ASA / FWSM firewalls, SonicWALL SonicOS firewalls, CheckPoint Firewall-1 and Nokia IP firewalls. It also includes a host of other updates.

The output from Nipper can be in HTML, Latex, XML or Text formats. Furthermore, Nipper will reverse any Cisco type-7 passwords identified, all other encrypted passwords can be output to a John-the-Ripper file for further strength testing. By default, input is retrieved from stdin and is output (in HTML format) to stdout.

Nipper is available for Linux, Windows and other platforms. You can download Nipper Tools here:

Nipper 0.11.5

Or read more here.

Learn about Security Software



Posted in: Security Software

Topic: Security Software

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


Goolag – GUI Tool for Google Hacking

Keep on Guard!


cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.

Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.

If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – offering certain “scanning” possibilities.

Nevertheless, gS is different from other applications released to date for the following reasons:

  • There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
  • Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command line options and no knowledge of Google hacking are required to test one’s host.
  • Goolag Scanner comes with its own dorks-database, but it is not limited to such.
  • gS uses a very simple xml-document, which is readable and part of the distribution.

This software requires Microsoft .NET Framework Version 2.0.

You can download Goolag here:

Goolag (1.0.0.40)

Or read more here.

Learn about Hacking Tools



Posted in: Hacking Tools, Privacy, Web Hacking

Topic: Hacking Tools, Privacy, Web Hacking

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.