Archive | October, 2008

Swiss Researchers Sniff Password from Wired Keyboard

Outsmart Malicious Hackers


Now this is an interesting twist on an oldschool method of hacking, the monitoring of electromagnetic radiation.

You’d think it’d be easier to sniff the traffic from a wireless keyboard, but generally it’s not as they tend to be encrypted. Where as the electromagnetic radiation given off by a wired keyboard is not shielded or protected it any way.

All you need to do is have the equipment and the know-how to decipher it.

Swiss researchers have demonstrated a variety of ways to eavesdrop on the sensitive messages computer users type by monitoring their wired keyboards. At least 11 models using a wide range of connection types are vulnerable.

The researchers from the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne are able to capture keystrokes by monitoring the electromagnetic radiation of PS/2, universal serial bus, or laptop keyboards. They’ve outline four separate attack methods, some that work at a distance of as much as 65 feet from the target.

In one video demonstration, researchers Martin Vuagnoux and Sylvain Pasini sniff out the the keystrokes typed into a standard keyboard using a large antenna that’s about 20 to 30 feet away in an adjacent room.

It appears to work on both the older PS/2 keyboards and new USB keyboards and even laptop keyboard from a distance of up to 65 feet! That’s easily far enough to jack the data from a carpark, adjacent office or nearby hotel room.

I’d imagine the equipment required is quite bulky though.

“We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design),” they write here. “Hence they are not safe to transmit sensitive information.”

No doubt, electromagnetic eavesdropping dates back to the mid 1980s, if not earlier. But Vuagnoux says many of today’s keyboards have been adapted to prevent those attacks from working. The research shows that even these keyboards are vulnerable to electromagnetic sniffing.

The video demonstrations show a computer that reads input from antennas that monitor a specified frequency. In both cases, the computer was able to determine the keystrokes typed on keyboards connected to a laptop and power supply and LCD monitors were disconnected to prevent potential power transmissions or wireless communications. Vuagnous said in an email that the attacks would still work even if the power supplies and monitors were plugged in.

It seems the modifications made to keyboards to prevent this kind of sniffing has either been removed to save cost or was never tested properly in the first place.

So be careful! If what you are doing is super sensitive you might be better off using an on-screen keyboard.

Source: The Register

Posted in: Hardware Hacking, Password Cracking

Topic: Hardware Hacking, Password Cracking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


lm2ntcrack – Microsoft Windows NT Hash Cracker (MD4 -LM)

Outsmart Malicious Hackers


We have covered quite a lot of Password Cracking tools and it’s not often a new one comes out, this one is for quite a specialised purpose (not a general all-purpose password cracker like John the Ripper or Cain & Abel), although you do need to use it alongside JTR.

This tool is for instantly cracking the Microsoft Windows NT Hash (MD4) when the LM Password is already known, you might be familiar with LM Cracking tools such as LCP.

The main problem is you’ve got the LM password, but it’s in UPPERCASE because LM hashes are not case sensitive, so you need to find the actual password for the account.

Example : Password cracker output for “Administrator” account

  • LM password is ADMINISTRAT0R.
  • NT password is ?????????????.

We aren’t lucky because the case-sensitive password isn’t “administrat0r” or “Administrat0r”. So you cannot use this to connect to the audited Windows system.

This password contains 13 characters but launching my password cracker on the NT hash is a waste of time and there is a poor chance of success.


Note :

  • Password length : 13 characters.
  • Details : 1 number + 12 case-sensitives letters.
  • Possibilities : 2^12 = 4096 choices.

In this example, lm2ntcrack will generate the 4096 possibilities for the password ADMINISTRAT0R and, for each one, the associated NT MD4 hash. Then, search for matching with the dumped hash.

Execution time : < 2 seconds to crack more than 1200 NT Hashes. You can download lm2ntcrack here: lm2ntcrack-current.tgz

Or read more here.

Posted in: Password Cracking

Topic: Password Cracking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


DarkMarket Carding (Credit Card Fraud) Site Part of FBI Sting

Keep on Guard!


You may remember the story about the Pro ATM Hacker ‘Chao’ and his Tips a while back, apparently that was the start of a big global sting operation on credit card fraud.

Chao was admin/moderator on a community of carders (where they bought/sold stolen credit card info) called DarkMarket and the first to be busted, it turns out the site was actually ran by an FBI agent (J. Keith Mularski AKA Master Splynter) and operated by the National Cyber Forensics Training Alliance (NCFTA)

There have been many reports this week that fraud website DarkMarket, which closed earlier this month, was shut down because of an international intelligence operation, which has lead to up to 60 people being arrested.

All is not as it seems, however, as CNET is stating that the website was all part of an FBI sting operation. It all stems from an article in Wired, where they uncovered that the webmaster of the site was non other than J. Keith Mularski, a senior FBI agent, going under the guise of Master Splynter.

Splynter wrote on the site, just before its demise: “I guess it was only time before this would happen. It is very unfortunate that we have come to this situation, because … we have established DM as the premier English speaking forum for conducting business. Such is life. When you are on top, people try to bring you down.”

There have been multiple arrests in UK following the sting, it seems like this was a very long and rather successful operation taking down a number of key players.

60 arrests is a pretty decent number, each of them must have perpetrated quite a lot of fraud so you can imagine the money being saved with these guys behind bars.

The elaborate ruse is backed up by information uncovered by Südwestrundfunk, a German radio network, who found out the site was being operated by the National Cyber Forensics Training Alliance (NCFTA).

Sting or not, the closing down of the website has lead to 60 arrests, with one person charged with purchasing £250,000 pounds’ worth of stolen data in under two months.

Recent arrests in the UK have so far been made in Leicester, Manchester, Humberside, South Yorkshire and London. DarkMarket administrator Cagatay Evyapan, aka Cha0, was arrested by Turkish police at the beginning of September.

That’s a lot of stolen cards, I wonder how they even get all this information? I guess they have multiple ways with online info being exposed…a lot of the hacks don’t even get published, just covered up.

Then oldskool physical methods like tagging/cloning in petrol stations and restaurants, rigging ATM machines and just plain stealing the cards from the mail.

Source: Techradar (Thanks Navin!)

Posted in: Legal Issues, Privacy, Spammers & Scammers

Topic: Legal Issues, Privacy, Spammers & Scammers


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Web-Harvest – Web Data Extraction Tool

Keep on Guard!


Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. In order to do that, it leverages well established techniques and technologies for text/xml manipulation such as XSLT, XQuery and Regular Expressions. Web-Harvest mainly focuses on HTML/XML based web sites which still make vast majority of the Web content. On the other hand, it could be easily supplemented by custom Java libraries in order to augment its extraction capabilities.

Process of extracting data from Web pages is also referred as Web Scraping or Web Data Mining. World Wide Web, as the largest database, often contains various data that we would like to consume for our needs. The problem is that this data is in most cases mixed together with formatting code – that way making human-friendly, but not machine-friendly content. Doing manual copy-paste is error prone, tedious and sometimes even impossible. Web software designers usually discuss how to make clean separation between content and style, using various frameworks and design patterns in order to achieve that. Anyway, some kind of merge occurs usually at the server side, so that the bunch of HTML is delivered to the web client.


Every Web site and every Web page is composed using some logic. It is therefore needed to describe reverse process – how to fetch desired data from the mixed content. Every extraction procedure in Web-Harvest is user-defined through XML-based configuration files. Each configuration file describes sequence of processors executing some common task in order to accomplish the final goal. Processors execute in the form of pipeline. Thus, the output of one processor execution is input to another one. This can be best explained using the simple configuration fragment:

When Web-Harvest executes this part of configuration, the following steps occur:

  1. http processor downloads content from the specified URL.
  2. html-to-xml processor cleans up that HTML producing XHTML content.
  3. xpath processor searches specific links in XHTML from previous step giving URL sequence as a result.

Web-Harvest supports a set of useful processors for variable manipulation, conditional branching, looping, functions, file operations, HTML and XML processing, exception handling. See User manual for technical description of provided processors.

You can download Web-Harvest 1.0 here:

webharvest1-exe.zip

Or read more here.

Posted in: Hacking News, Hacking Tools, Web Hacking

Topic: Hacking News, Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


E-mail Scammers Target Microsoft Users

Outsmart Malicious Hackers


Microsoft users are being targeted again by malware via e-mail, scammers/spammers never give up and for once the e-mail looks fairly legitimate.

Usually this kind of ‘baitware’ is riddled with terrible grammar and horrible spellings, do make sure you brief the less security aware friends you have about this though just in case.

Email scams are a common way to spread malware and/or steal personal information. Some great guidelines to help you protect yourself from such scams are outlined here.

We have recently found out about the latest in an ongoing string of email scams that target Microsoft customers. This particular scam contains the Backdoor:Win32/Haxdoor trojan as an attachment. We have seen a few emails targeting Microsoft customers that look like the email below:

It’s not the first time we’ve seen this attack vector used in this way, but most AV software with a recent signature file should catch this e-mail as it comes in.

It shouldn’t be a big problem for corporates.

The email is as follows:

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update
for OS Microsoft Windows. The update applies to the following OS versions:
Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium,
Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates
category. In order to help protect your computer against security
threats and performance problems, we strongly recommend you to
install this update.

Since public distribution of this Update through the official website
http://www.microsoft.com would have result in efficient creation of a
malicious software, we made a decision to issue an experimental private
version of an updatefor all Microsoft Windows OS users.


As your computer is set to receive notifications when new updates are
available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings
of your OS you have an indication to run all the updates at a background
routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,

Steve Lipner
Director of Security Assurance
Microsoft Corp.

Once again be aware, perhaps stick a rule in your IDS at the mail gateway so you know if this one comes in.

And do tell people about it!

Source: Microsoft Technet (Thanks Navin)

Posted in: Malware, Spammers & Scammers

Topic: Malware, Spammers & Scammers


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Firewalk – Firewall Ruleset Testing Tool

Outsmart Malicious Hackers


This is another oldskool tool, but still relevant! TCP and UDP still work in the same way and firewalls/edge devices are still often configured wrongly.

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway hostdoes not allow the traffic, it will likely drop the packets on the floor and we will see no response.

To get the correct IP TTL that will result in expired packets one beyond the gateway we need to ramp up hop-counts. We do this in the same manner that traceroute works. Once we have the gateway hopcount (at that point the scan is said to be bound) we can begin our scan.

It is significant to note the fact that the ultimate destination host does not have to be reached. It just needs to be somewhere downstream, on the other side of the gateway, from the scanning host.

Read the original 1998 whitepaper here.

You can download Firewalk here:

firewalk.tar.gz

Or read more here.

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.