Archive | February, 2009

Fast-Track 4.0 – Automated Penetration Testing Suite

Outsmart Malicious Hackers


The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers.

For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when David Kennedy was on a penetration test and found that there was generally a lack of tools or automation in certain attacks that were normally extremely advanced and time consuming.

In an effort to reproduce some of David’s advanced attacks and propagate it down to the team at SecureState, David ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us.

Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride.

It’s something a lot of people will enjoy as many parts of a pen-test are very monotonous and don’t really take your full concentration, a semi-automated approach with a skillful eye watching for false-positives and false-negatives is always more effective and efficient than fully manual or fully automated testing.

DependenciesMetasploit 3, SQLite, PYMSSQL, FreeTDS, Pexpect, ClientForms, Beautiful Soup, and Psycho.

Installation – When extracting the tarball, run the setup.py file by executing python setup.py install, this will install the needed dependencies MINUS SQLite and Metasploit 3, you should specify the metasploit path or it will default to the BackTrack 3 installation menu. Once the installation is completed, Fast-Track should be fully functional.

You can download Fast-Track 4.0 here:

fasttrack.tgz

Or read more here.

Posted in: Exploits/Vulnerabilities, Hacking News, Hacking Tools

Topic: Exploits/Vulnerabilities, Hacking News, Hacking Tools


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


NSA Together With Mitre CWE and SANS Identifies Top 25 Programming Errors

Keep on Guard!


Secure programming is a huge issue and it’s the lack of it that causes all the problems we have with vulnerabilities and the exploits associated with them. If everywhere developers followed secure programming practices we wouldn’t have buffer overflow issues or unsanitized parameters leading to SQL Injection.

The NSA (National Security Agency), working with MITRE, SANS, and dozens of industry experts from many other organizations, has published a valuable list of the top 25 most dangerous programming errors.

I hope more companies take notice of this and train their developers properly, rather than squeezing maximum efficiency and LOC out of them – teach them to code properly and securely too!

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

The list is the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe. It leverages experiences in the development of the SANS Top 20 attack vectors (http://www.sans.org/top20/) and MITRE’s Common Weakness Enumeration (CWE) (http://cwe.mitre.org/). MITRE maintains the CWE web site, with the support of the US Department of Homeland Security’s National Cyber Security Division, presenting detailed descriptions of the top 25 programming errors along with authoritative guidance for mitigating and avoiding them. The CWE site also contains data on more than 700 additional programming errors, design errors, and architecture errors that can lead to exploitable vulnerabilities.

The main goal for the Top 25 list is to stop vulnerabilities at the source by educating programmers on how to eliminate all-too-common mistakes before software is even shipped. The list will be a tool for education and awareness that will help programmers to prevent the kinds of vulnerabilities that plague the software industry. Software consumers could use the same list to help them to ask for more secure software. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.

It’s good to see such a comprehensive project being published on the Internet for free, the aim behind this is just to make more secure code. There’s no hidden commercial agenda or aim to sell services or software packages on the back of this.

If you know anyone in the development field I suggest you forward the list to them and tell them to send it to anyone involved in software development (same goes for commercial and non-commercial projects).

There’s no excuse for insecure code!

The Top 25 list was developed at the end of 2008. Approximately 40 software security experts provided feedback, including software developers, scanning tool vendors, security consultants, government representatives, and university professors. Representation was international. Several intermediate versions were created and resubmitted to the reviewers before the list was finalized. More details are provided in the Top 25 Process page

To help characterize and prioritize entries on the Top 25, a threat model was developed that identifies an attacker who has solid technical skills and is determined enough to invest some time into attacking an organization. More details are provided in Appendix B.

Weaknesses in the Top 25 were selected using two primary criteria:

  • Weakness Prevalence: how often the weakness appears in software that was not developed with security integrated into the software development life cycle (SDLC).
  • Consequences: the typical consequences of exploiting a weakness if it is present, such as unexpected code execution, data loss, or denial of service.

Prevalence was determined based on estimates from multiple contributors to the Top 25 list, since appropriate statistics are not readily available.

It’s assumed the attacker has some strong technical skills, is intent on data theft or theft of resources and is willing to spend an estimate 20 hours per software module. This is not realistic and in a blackhat situation you could bet they would be willing to spend much more than 20 hours.

Even if you aren’t directly involved in software development, it’s an interesting study and for people doing pen-tests/code audits and web application assessments it’s a goldmine of information to research further on.

If you get your techniques down on each of these 25 vulnerabilities you should be able to pretty much break anything open.

Source: CWE

Posted in: Exploits/Vulnerabilities, Secure Coding

Topic: Exploits/Vulnerabilities, Secure Coding


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


BackTrack BETA 4 Released for Public Download

Outsmart Malicious Hackers


The Remote Exploit Development Team is happy to announce the release of BackTrack 4 Beta. In this latest version of BackTrack 4 there have been some conceptual changed and some new and exciting features. The most significant of these changes is the expansion from the realm of a Pentesting LiveCD towards a full blown “Distribution”.

Now based on Debian core packages and utilizing the Ubuntu software repositories, BackTrack 4 can be upgraded in case of update. When syncing with the BackTrack repositories, you will regularly get security tool updates soon after they are released.

If you don’t know what BackTrack is – it’s the result of merging the two innovative penetration testing live linux distributions Auditor and Whax. Backtrack provides a thorough pentesting environment which is bootable via CD, USB or the network (PXE). The tools are arranged in an intuitive manner, and cover most of the attack vectors. Complex environments are simplified, such as automatic Kismet configuration, one click Snort setup, precompiled Metasploit lorcon modules, etc. BackTrack has been dubbed the #1 Security Live CD by Insecure.org, and #36 overall.

New Features

  • Kernel 2.6.28.1 with better hardware support.
  • Native support for Pico e12 and e16 cards is now fully functional, making BackTrack the first pentesting distro to fully utilize these awesome tiny machines.
  • Support for PXE Boot – Boot BackTrack over the network with PXE supported cards!
  • SAINT EXPLOIT – kindly provided by SAINT corporation for our users with a limited number of free IPs.
  • MALTEGO – The guys over at Paterva did outstanding work with Maltego 2.0.2 – which is featured in BackTrack as a community edition.
  • The latest mac80211 wireless injection patches are applied, with several custom patches for rtl8187 injection speed enhancements. Wireless injection support has never been so broad and functional.
  • Unicornscan – Fully functional with postgress logging support and a web front end.
  • RFID support
  • Pyrit CUDA support…
  • New and updated tools – the list is endless!

This BETA release is considered stable and usable. Some tools were kept back from this version, and will be soon added to the repositories. Some minor bugs have been discovered and will be fixed with updated packaged.

It would also be appreciated if you could use this latest release and give some feedback to the development team to improve it and ensure it works with your specific hardware config (especially the wireless features).

You can download BackTrack BETA 4 here:

DVD ISO Image – bt4-beta.iso
VMware Image – bt4-beta-vm-6.5.1.rar

Or read more here.

Posted in: Hacking Tools, Linux Hacking, Networking Hacking

Topic: Hacking Tools, Linux Hacking, Networking Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Microsoft Offers $250K Bounty for Conficker Author

Keep on Guard!


We did mention Conficker when it broke out back in January causing one of the largest scale infections ever seen (an estimated 9 million machines in just a few months).

The latest news is that Microsoft are offering a bounty to catch the author of the malware, we have seen this back in 2003/4 (The Anti-virus Reward Program) but it’s been pretty dormant since then. An interesting move some might say, but really, will it work?

Microsoft is offering a $250,000 reward for information that leads to the arrest and conviction of the virus writers behind the infamous Conficker (Downadup) worm.

The bounty, announced Thursday, represents a revival of Microsoft’s mothballed Anti-virus Reward Program, launched in 2003 and virtually moribund since 2004.

In 2003, Redmond put up a $250,000 reward for tips leading to the arrest and conviction of the virus writers behind the infamous SoBig and Blaster worms. It extend this offer to other examples of malware, but there’s only ever been one payout.

Erstwhile college friends of German VXer Sven Jaschan, who was convicted of writing the Sasser worm, picked up a $250,000 payout for their efforts.

So it shows in some circumstances it can work, some ‘friends’ of the Sasser author grassed him up and earnt themselves a tidy pay packet.

It just shows, you can’t really trust anyone nowdays. They haven’t been running this program on any of the interim malware explosions however, so it’ll be interested to see if times have changed and any results will be yielded.

Conficker has infected 10 million computers, going by recent estimates, so it’s no great surprise to find that Microsoft has reactivated the program. Even if it doesn’t lead to any arrests, the possibility of betrayal will give the authors of the worm pause for thought before they activate the monster botnet their malware has established.

In related news, Microsoft is partnering with security researchers, the Internet Corporation for Assigned Names and Numbers (ICANN), and operators within the domain name system to disable domains used by Conficker. Infected machines are programmed to dial into a constantly varying pre-programmed range of servers every day in order to obtain instructions.

Seperately OpenDNS rolled out a Conficker tracking and blocking scheme earlier this week.

It looks like a lot of measures are going into place to limit the damage Conficker can cause and attempting of course to stop it spreading far and wide.

With 10 million infections already, I think they have a lot of catching up to do and a lot of work ahead of them.
Source: The Register

Posted in: Legal Issues, Malware, Windows Hacking

Topic: Legal Issues, Malware, Windows Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Webtunnel 0.0.2 – HTTP Encapsulation and Tunnel Tool

Outsmart Malicious Hackers


Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server. In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does not need its own port, and supports most things that the web server supports, such as authentication, HTTP 1.1, HTTPS, and client certificates; it uses simple requests and responses so it works seamlessly through forward and reverse proxies; it is multi-threaded (actually multi-process using sockets for inter-process communication) to allow multiple parallel connections to multiple destinations simultaneously.

It’s written in Perl and currently supports the tunneling of TCP connections. Future plans include implementations in different languages, mixed tunneling of UDP and pipes (so you can tunnel directly to a shell etc.), configuration features such as access control lists, and transmission options like compression and encryption.

You can download Webtunnel 0.0.2 here:

webtunnel-0.0.2.tgz

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Web Hacking

Topic: Hacking Tools, Networking Hacking, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Kaspersky Lab Alleged Customer Database Hack From SQL Injection Flaw

Outsmart Malicious Hackers


The latest big news is that on February 6th the Kaspersky Customer Records database was hacked through a simple SQL injection flaw on the website. The hacker claimed it was possible to expose all customer data including users, activation codes, lists of bugs, admins, shot and so on. The anonymous hacker hasn’t actually posted any of the data, but has listed the database tables exposed here.

Later Kaspersky has stated that no data was actually exposed, apparently there was a flaw to do with data validation and perhaps only the database table names were exposed – not the data within.

So far though it’s all speculation unless the hacker releases the actual data and Kaspersky comfirms it there’s no way we can know what has actually transpired.

Anti-virus vendor Kaspersky Lab denies any data was stolen during a SQL injection attack launched Feb. 6. Well-known database security expert David Litchfield of NGSSoftware is doing a third-party review for Kaspersky.

Officials at anti-virus vendor Kaspersky Lab are adamant that no data was stolen during a hack of its U.S. support site over the weekend.

According to Kaspersky Lab, on Feb. 6, a hacker exploited a flaw on the Web site to launch a SQL injection attack. After Kaspersky officials received word of the breach Feb. 7, they took down the vulnerable site and replaced it.

The security company maintained in a press conference Feb. 9 that no data had been leaked. However, the anonymous hacker behind the attack publicized table names purportedly taken from a Kaspersky database the hacker accessed.

Kaspersky has already commissioned a 3rd party audit from well-known specialist in Database Security, David Litchfield the principal consultant with NGS Software.

I wonder if Mr. Litchfield will publish his findings publicly or they will be vetted through Kaspersky first, I’d imagine the latter – which again means we might never know the true extent of the vulnerability.

According to the company, the problem was due to the site not properly validating user input. Roel Schouwenberg, senior anti-virus researcher at Kaspersky, confirmed that the names of the tables are accurate. However, having the names of the tables does not mean the hacker actually accessed them, he noted.

Schouwenberg added that no credit card data was stored on the server targeted by the hacker, though there were product activation codes and 2,500 e-mail addresses for people who signed up for a product trial.

“This shouldn’t have happened,” Schouwenberg said, adding he was worried about the impact the hack would have on Kaspersky’s reputation.

The vulnerable code the hacker took advantage of to launch the attack was developed externally and did not go through Kaspersky’s normal code review process, Schouwenberg said.

It shouldn’t have happened? What insight these people have!

They are blaming the vulnerability on code developed externally, and it seems that from the story it’s limited data to do with some kind of software trial. It’s not the full customer records database.

Still I think we need to wait a little longer to get a clearer picture of what is going on, either way it looks like this might be an interesting story for us to follow.

Source: eWeek

Posted in: Database Hacking, Exploits/Vulnerabilities, Hacking News, Legal Issues, Web Hacking

Topic: Database Hacking, Exploits/Vulnerabilities, Hacking News, Legal Issues, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.