Archive | September, 2008

Pro ATM Hacker ‘Chao’ Gives Out ATM Hacking Tips

September 30, 2008 | 37,502 views

It seems like ATM hacking is still the way to go for those into a bit of hardware hacking. One of the most notorious and well known ATM hackers was recently arrest in Turkey and a list of his tips discovered online where he also sold the ATM skimming equipment.

Well his tips can’t be THAT good if he got caught can they?

A bank-machine hacker who reportedly was arrested earlier this month in Turkey gave would-be fraudsters tips on how to install rogue card-reading devices, including advising them to target drive-through ATMs (automated teller machines) and avoid towns with fewer than 15,000 residents.

The hacker, who went by the handle “Chao,” reportedly was arrested earlier this month in Turkey. He was one of the most well-known ATM hackers in the world, according to Uri Rivner, head of new technologies for RSA Consumer Solutions.

Chao sold fake faceplates that fraudsters could attach to the card slots in ATMs. These “skimmer” devices can read the magnetic stripe of every customer’s ATM or credit card, and are often used in conjunction with a hidden camera that watches people enter their PINs (personal identification numbers), Rivner said. Alternatively, criminals can attach an extra keypad on top of the one in the machine and capture the PIN that way, he added.

It seems like the old methods are still prevailing but the kit used is probably lot smaller, neater and unobtrusive. They skim your card, record your pin on the number pad with a micro dot camera and usually beam it all to a wifi PC nearby which will pipe it back to the owner over the net with a 3G phone or similar.

Just be careful where you use the ATM machine and cover the numberpad with your other hand when you are typing to the PIN to be extra vigilant.

don’t install a skimmer in the morning, because people are more vigilant then;

determine where a person would have to stand to keep an eye on everything happening on that block;

avoid blocks where more than 250 people per day walk through, because of the danger of detection;

don’t install skimmers in towns with fewer than 15,000 people, because people in those towns know what their ATMs look like;

avoid areas with small shops open 24 hours a day, because there may be surveillance cameras and vigilant shopkeepers;

don’t set up in areas where a lot of illegal immigrants live;

places with a lot of tourist traffic are good;

look for affluent neighborhoods and drive-through ATMs;

ATMs near cash-only bars are a good bet for lots of customer activity.

The tips are really nothing ground-breaking, but interesting to read nevertheless. Most of them could be considered common sense, but some like not targeting really small towns are quite interesting.

I would have thought busy times would have been the best time to go in as long as there is no-one else queuing at the ATM machine.

Source: NetworkWorld

Posted in: Hardware Hacking, Spammers & Scammers

Tags: arrested, atm fraud, atm hacker chao, atm hacking, chao, cloning atm cards, credit-card-fraud, turkey

Posted in: Hardware Hacking, Spammers & Scammers | Add a Comment

Recent in Hardware Hacking:
- Intel Finally Patches Critical AMT Bug (Kinda)
- Hajime Botnet Reaches 300,000 Hosts With No Malicious Functions
- Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version

Related Posts:

Most Read in Hardware Hacking:
- Elevator/Lift Hacking !!!!! - 80,412 views
- Military Communications Hacking – Script Kiddy Style - 49,927 views
- Hackers Crack London Tube Oyster Card - 45,995 views

dnsscan – DNS Open Recursive Resolver Scanner/Scanning Tool

September 29, 2008 | 9,889 views

Dnsscan is a tool for finger printing open recursive resolvers. It runs in conjuction with a small server that knows how to reply to queries forwarded from probed resolvers. For example, assume that you have delegated osd.example.org:

osd.example.org.         900     IN      NS      ns1.example.org.
ns1.example.org.         900     IN      A       10.0.0.1

1 2	osd.example.org. 900 IN NS ns1.example.org. ns1.example.org. 900 IN A 10.0.0.1

On 10.0.0.1, you would run:

# ./dnsresponder -Q .osd.example.org

1	# ./dnsresponder -Q .osd.example.org

On the client that initiates the DNS probes, you would run

$ ./dnsscan -Q .osd.example.org 10.0.0.0/8

1	$ ./dnsscan -Q .osd.example.org 10.0.0.0/8

Progress of the dnsscan tool can be monitored via a web browser on port 8080. If the tool crashes or gets terminated, it can be restarted from the checkpoint file.

Both of the tools log their output into files, the output can be inspected with the dnsreader tool.

If this does not mean anything to you, you should probably not use this tool. This tool has been released to support repeatable research, some of the results obtained with tools such as these have been published at NDSS’08.

Notice

Use of dnsscan across a large network block requires coordination with your network provider. In all likelihood, you will receive (and must manage) abuse complaints due to the volume of DNS queries. You should consult RFC 1262 for suggestions on how to conduct such Internet-wide studies.

You can download dnsscan v1.0 here:

dnsscan-1.0.tar.gz

Or read more here.

Posted in: Hacking Tools, Network Hacking

Tags: dns scanner, dns scanning, dns-hacking, dnsscan, hacking dns, Hacking Tools, Network Hacking, recursive dns resolver, recursive dns server

Posted in: Hacking Tools, Network Hacking | Add a Comment

Recent in Hacking Tools:
- Bluto – DNS Recon, Zone Transfer & Brute Forcer
- dork-cli – Command-line Google Dork Tool
- T50 – The Fastest Mixed Packet Injector Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,024,827 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,611,531 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 707,986 views

Brits Give Up Passwords For a £5 Gift Voucher

September 26, 2008 | 7,999 views

So it turns out you don’t need any fancy password cracking software like John the Ripper or Cain and Abel you just need a handful of £5 gift vouchers for Marks and Spencers!

But we had discussed this in part before, some people will give out their passwords if you just ask, some if you offer chocolate and this time in the guise of a ‘survey’ for a gift voucher.

Although the majority (60 percent) of 207 London residents were happy to hand over computer password data which might be useful to potential ID thieves in exchange for a £5 M&S gift voucher, the public at large take a hard line on firms who fail to keep tight hold of customer data.

In exchange for the voucher, a number of those quizzed during a street survey in Covent Garden earlier this week went on to explain how they remember their password and which online websites (from a range of email, shopping, banking and social networking sites) they most frequently use. A sizeable chunk of those surveyed (45 per cent) said they used either their birthday, their mother’s maiden name or a pet’s name as a password.

Perhaps it’s just as well that stolen identities are worth a lot less than £5, fetching as little as 50p on the underground black market, according to Symantec.

It seems like rather than giving out the actual password they answered questions put together in such a way that a profiler could easily work out what their password was and which sites they used it on.

Pretty sneaky methinks, it’s a good way to test how paranoid people are about their data security…it’s ironic really seeing how much they complain but at the end of it they are their own worst danger.

ine in ten (89 per cent) of 1,000 Brits quizzed during a wider survey, commissioned by Symantec and price comparison site moneysupermarket.com, expressed the opinion that “reckless and repeated” data breaches ought to be punished by criminal prosecutions. Sanctions should include the ability to incarcerate directors of negligent firms in jail. Eight out of ten of those quizzed agreed there should be a “one strike and you’re out” rule for data loss.

Almost four in five of those polled reckon their personal data is not secure in the hands of companies that hold it, a finding that probably stems from the steady drip of data breach stories that have followed from the massive HMRC child benefit lost disc bungle last year. Three in four consumers are concerned about the amount of information organisation hold on them, regardless of whether or not this information is held online or offline. Online payments were perceived as the single greatest risk for losing data.

The general public are pretty harsh too when it comes to dishing out punishment, but then again that is human nature and that is why there’s jury service.

It’s not surprising either that people have very little faith in data stored by the government and their greatest fear is carrying out online transactions.

I think we all know well enough to keep ourselves safe…but sadly as always it seems the rest of the world don’t.

Source: The Register

Posted in: Password Cracking, Social Engineering

Tags: Password Cracking, password-hacking, password-security, passwords, Social Engineering

Posted in: Password Cracking, Social Engineering | Add a Comment

Recent in Password Cracking:
- pemcracker – Tool For Cracking PEM Files
- PowerMemory – Exploit Windows Credentials In Memory
- HashData – A Command-line Hash Identifying Tool

Related Posts:

Most Read in Password Cracking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,611,531 views
- Password Cracking Wordlists and Tools for Brute Forcing - 634,264 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 444,632 views

BSQL Hacker – Automated SQL Injection Framework

September 25, 2008 | 40,249 views

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database.

It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS:

MS-SQL Server
ORACLE
MySQL (experimental)

Attack Templates for:

MS Access
MySQL
ORACLE
PostgreSQL
MS-SQL Server

Also you can write your own attack template for any other database as well (see the manual for details). New attack templates and exploits for specific web application can be shared via Exploit Repository.

BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

It supports :

Blind SQL Injection (Boolean Injection)
Full Blind SQL Injection (Time Based)
Deep Blind SQL Injection (a new way to exploit BSQLIs, explained here)
Error Based SQL Injection

It allows metasploit alike exploit repository to share and update exploits and attack temlpates.

You can download BSQL Hacker here:

BSQLHackerSetup-0907.exe

Or read more here.

Posted in: Database Hacking, Hacking Tools, Web Hacking

Tags: bsql, bsql hacker, database-security, hacking-database, hacking-web-applications, sql injection framework, sql-injection-tool, Web Hacking, web-application-security, windows

Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment

Recent in Database Hacking:
- Another MongoDB Hack Leaks Two Million Recordings Of Kids
- MongoDB Ransack – Over 33,000 Databases Hacked
- DBShield – Go Based Database Firewall

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 79,172 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,888 views
- SQLBrute – SQL Injection Brute Force Tool - 42,939 views

Intercage – Spam/Malware Friendly ISP Back Online

September 24, 2008 | 3,229 views

There has been a big hoo-haa recently about a US ISP called Intercage who have said to have been harbouring spammers and scammers via their largest client an Eastern European webhost called Esthost.

Their plug got pulled 2 days ago by the upstream provider IP transit provider UnitedLayer after weeks of criticism from the community showing IP addresses under the management of Intercage were hosting a number of sites engaged in phishing, malware propagation, and other illegal activities.

It’s a pretty bold move by UnitedLayer..but Intercage and their website is back online now.

A day after security experts celebrated the death of a network provider accused of hosting a large concentration of the world’s cybercrime, California-based Intercage appeared to be among the living again.

IP transit provider UnitedLayer agreed to provide upstream service to Intercage about 36 hours after its last transit provider pulled the plug. UnitedLayer’s move, which is sure to prove unpopular in some circles, came after Intercage agreed to completely sever ties with Esthost, the Eastern European web host believed by many to be responsible for the lion’s share of abusive traffic carried by Intercage.

The dumping of Esthost, if true, would mark a major turning point for Intercage. Esthost, which according to many researchers hosts a large number of sites engaged in phishing, malware propagation, and other illegal activities, has relied on Intercage since 2004 and is responsible for 25 percent to 50 percent of its revenue, according to Intercage president and owner Emil Kacperski.

It looks like it’s going to hurt them with between a quarter and a half of their revenue coming from this one customer! They shouldn’t have put all their eggs in one basket, especially a malware ridden Eastern European basket.

I think Internet Exchanges and upstream providers need to be more vigilant about spam and malware propagation sites, if hosts refuse to sort the problem out – pull the plug!

For its part, UnitedLayer officials said they thought long and hard about the decision to take on Intercage as a customer, and based on the promises they got, they decided it made sense.

“We have been assured by Emil and Intercage that the customer in question that caused this firestorm has been removed,” said UnitedLayer COO Richard Donaldson. “And we have said very unequivocally to Emil that when and if factual evidence is provided to us that puts him in violation of our AUP (acceptable use policy)…then we will terminate them like we would any other client.”

Over the past few weeks, the Intercage saga has at times resembled the wild west, where justice is meted out by an informal network of power brokers rather than duly appointed officials. Given the frequent inability of today’s law enforcement in overcoming a rat’s nest of extra-territorial and technical issues, this form of frontier justice is probably unavoidable. And in any case, the vast majority of the white hats manning the system are honest and have netizens’ best interests at heart.

There is definitely a potential for abuse here and it’s something that needs to be watched. More people need to take time to submit abuse reports, headers and IP addresses to the upstream providers, data centers and hosts involved.

Some may not know what the sites on their network are doing, some may actually be hacked, and some may be complicit with the spammers – but either way people need to report!

It’s an interesting story and definitely one to watch, let’s just hope no-one starts to abuse this with RIAA take-down notices etc.

Source: The Register

Posted in: Legal Issues, Malware, Spammers & Scammers

Tags: blackhat, esthost, intercage, isp, malware, malware friendly, Phishing, scammers, spam, spam isp, spammers, unitedlayer

Posted in: Legal Issues, Malware, Spammers & Scammers | Add a Comment

Recent in Legal Issues:
- Fake News As A Service (FNaaS?) – $400k To Rig An Election
- UK Schedule 7 – Man Charged For Not Sharing Password
- Shadow Brokers Release Dangerous NSA Hacking Tools

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,826 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,775 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,664 views

ohrwurm – RTP Fuzzing Tool (SIP Phones)

September 23, 2008 | 8,563 views

ohrwurm is a small and simple RTP fuzzer, it has been tested it on a small number of SIP phones, none of them withstood the fuzzing.

Features:

reads SIP messages to get information of the RTP port numbers
reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can be fuzzed
RTCP traffic can be suppressed to avoid that codecs learn about the “noisy line”
special care is taken to break RTP handling itself
the RTP payload is fuzzed with a constant BER
the BER is configurable
requires arpspoof from dsniff to do the MITM attack
requires both phones to be in a switched LAN (GW operation only works partially)

You can download ohrwurm 0.1 here:

ohrwurm-0.1.tar.bz2

Or read more here.

Posted in: Hacking Tools, Network Hacking, Programming

Tags: fuzzer, fuzzing, fuzzing-tool, Hacking Tools, Network Hacking, ohrwurm, rtp, rtp fuzzing, sip fuzzing, sip phones, voip, voip-hacking

Posted in: Hacking Tools, Network Hacking, Programming | Add a Comment

Recent in Hacking Tools:
- Bluto – DNS Recon, Zone Transfer & Brute Forcer
- dork-cli – Command-line Google Dork Tool
- T50 – The Fastest Mixed Packet Injector Tool

Related Posts:

Modern Exploits – Do You Still Need To Learn Assembly Language (ASM)

September 22, 2008 | 30,428 views

This is a fairly interesting subject I think as a lot of people still ask me if they are entering the security field if they still need to learn Assembly Language or not?

Assembly Language

For those that aren’t what it is, it’s pretty much the lowest level programming languages computers understand without resorting to simply 1’s and 0’s.

An assembly language is a low-level language for programming computers. It implements a symbolic representation of the numeric machine codes and other constants needed to program a particular CPU architecture. This representation is usually defined by the hardware manufacturer, and is based on abbreviations (called mnemonics) that help the programmer remember individual instructions, registers, etc. An assembly language is thus specific to a certain physical or virtual computer architecture (as opposed to most high-level languages, which are usually portable).

The mnemonics looks like MOV JMP and PSH.

In straight forward terms the answer is yes, especially if you want to operate on a more advanced level. If you wish to write exploits you need assembly knowledge, there is plenty of great shellcode around but to get your exploit to the point where you can execute the shellcode you need assembly knowledge. Metasploit is a great resource for the shellcode and to shovel in your exploit, but to understand the inner executions and workings of any binary you need to understand assembly.

You might be able to fuzz out an overflow in some software using a pre-written python fuzzer, but what are you going to do then – you need to at least understand the stack/heap and EIP/ESP etc.

Even if you don’t plan to be that hardcore learning Assembly really won’t hurt at all, a great place to start is the PC Assembly Language book by Paul Carter.

The tutorial has extensive coverage of interfacing assembly and C code and so might be of interest to C programmers who want to learn about how C works under the hood. All the examples use the free NASM (Netwide) assembler. The tutorial only covers programming under 32-bit protected mode and requires a 32-bit protected mode compiler.

If you are specialising though you’ll be looking more into the realm of debuggers, disassemblers and reverse engineering – SoftICE was king back in the day.

Another great resource is Iczelion’s Win32 Assembly Homepage which has a bunch of tutorials, source code examples and links.

As many say Assembly is easy to learn but hard to MASTER.

I started out with The Art of Assembly – and I suggest you do too.

Some other resources:

Posted in: Exploits/Vulnerabilities, Programming

Tags: asm, assembly language, developing exploit, exploit coding, exploit-development, exploits, hacking, hacking code, learn assembly, learn assembly language, pc assembly language, pen-testing, shellode, vulnerabilities, writing shellcode, x86

Posted in: Exploits/Vulnerabilities, Programming | Add a Comment

Recent in Exploits/Vulnerabilities:
- DJI Firmware Hacking Removes Drone Flight Restrictions
- GnuPG Crypto Library libgcrypt Cracked Via Side-Channel
- NotPetya Ransomeware Wreaking Havoc

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 238,549 views
- AJAX: Is your application secure enough? - 120,734 views
- eEye Launches 0-Day Exploit Tracker - 86,322 views

Surf Jack – Cookie Session Stealing Tool

September 19, 2008 | 9,823 views

A tool which allows one to hijack HTTP connections to steal cookies – even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.

Features:

Does Wireless injection when the NIC is in monitor mode
Supports Ethernet
Support for WEP (when the NIC is in monitor mode)

Known issues:

Sometimes the victim is not redirected correctly (particularly seen when targeting Gmail)
Cannot stop the tool via a simple Control^C. This is a problem with the proxy

Requires:

Python 2.4
Scapy

You can download Surf Jack here:

surfjack-0.2b.zip

Or read more here.

Posted in: Hacking Tools, Web Hacking

Tags: cookie stealing, Hacking Tools, hacking-web-sites, hijacking cookies, Python, scapy, stealing cookies, Web Hacking, web-application-hacking, web-application-security

Posted in: Hacking Tools, Web Hacking | Add a Comment

Recent in Hacking Tools:
- Bluto – DNS Recon, Zone Transfer & Brute Forcer
- dork-cli – Command-line Google Dork Tool
- T50 – The Fastest Mixed Packet Injector Tool

Related Posts:

Web Application Security Statistics for 2008

September 18, 2008 | 5,038 views

Purpose

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent regardless of the methodology used to identify them. Industry statistics such as those compiled by Mitre CVE project provide valuable insight into the types of vulnerabilities discovered in open source and commercial applications, this project tries to be the equivalent for custom web applications

Goals

Identify the prevalence and probability of different vulnerability classes
Compare testing methodologies against what types of vulnerabilities they are likely to identify.

Methodology

The statistics was compiled from web application security assessment projects which were made by the following companies in 2007 (in alphabetic order):

Booz Allen Hamilton
BT
Cenzic with Hailstorm and ClickToSecure
dblogic.it
HP Application Security Center with WebInspect
Positive Technologies with MaxPatrol
Veracode with Veracode Security Review
WhiteHat Security with WhiteHat Sentinel

There’s some pretty interestesting statistics there.

Read the full report here:

http://www.webappsec.org/projects/statistics/

Posted in: Web Hacking

Tags: hacking-websites, statistics, web app stats, Web Hacking, web security statistics, web-application-security, web-security

Posted in: Web Hacking | Add a Comment

Recent in Web Hacking:
- dork-cli – Command-line Google Dork Tool
- snitch – Information Gathering Tool Via Dorks
- OneLogin Hack – Encrypted Data Compromised

Related Posts:

Most Read in Web Hacking:
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 707,986 views
- Web Based E-mail (Hotmail Yahoo Gmail) Hack/Hacking with JavaScript - 313,258 views
- Download youtube.com videos? - 156,805 views

psad – Intrusion Detection and Log Analysis with iptables

September 17, 2008 | 5,256 views

psad is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it has the fastest access to log data.

psad incorporates many signatures from the Snort intrusion detection system to detect probes for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (FIN, NULL, XMAS) which are easily leveraged against a machine via nmap.

When combined with fwsnort and the Netfilter string match extension, psad is capable of detecting many attacks described in the Snort rule set that involve application layer data. In addition, psad makes use of various packet header fields associated with TCP SYN packets to passively fingerprint remote operating systems (in a manner similar to p0f) from which scans originate.

For more information, see the complete list of features offered by psad.

psad is developed around three main principles:

Good network security starts with a properly configured firewall.
A significant amount of intrusion detection data can be gleaned from firewalls logs, especially if the logs provide information on nearly every field of the network and transport headers (and even application layer signature matches as in Netfilter’s case).
Suspicious traffic should not be detected at the expense of trying to also block such traffic.

You can download psad v2.1.4 here:

psad-2.1.4.tar.gz (Source tar)
psad-2.1.4-1.i386.rpm (i386 binary RPM).

Or read more here.