Archive | July, 2010

Andiparos – Open Source Web Application Security Assessment Tool

Outsmart Malicious Hackers


Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc.

The author did ask for the original authors of Paros Proxy to integrate his changes but was rejected, hence the fork.

The advantage of Andiparos is mainly the support of Client Certificates on Smartcards. Moreover it has several small interface enhancements, making the life easier for penetration testers…

Features:

  • Smartcard support
  • History Filter (URLs)
  • Tag requests in history
  • other small enhancements…

You can download Andiparos here:

Andiparos-v1.0.tar.gz

Or read more here.

Posted in: Database Hacking, Hacking Tools, Web Hacking

Topic: Database Hacking, Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Australian Privacy Commissioner Rules Google Wifi Actions Illegal

Keep on Guard!


Oh dear, poor Google seem to be catching all kinds of flak over their Wifi Data Collection.

The UK Met are already investigating them and they are being pulled to pieces in Germany too with France also weighing in. The latest to jump on the bandwagon is Australia which is stating they have breached the Australian Privacy Act.

It seems they might have dropped the ball big time with this one, although with the amount of money they have I doubt whatever legal restitution is served it won’t dent the coffers severely.

The Australian Privacy Commissioner has ruled that Google ran afoul of the country’s privacy laws when its Street View cars collected personal data from open Wi-Fi networks.

“On the information available I am satisfied that any collection of personal information would have breached the Australian Privacy Act,” said Privacy Commission Karen Curtis in a statement.
Click here to find out more!

“Collecting personal information in these circumstances is a very serious matter. Australians should reasonably expect that private communications remain private.”

Under the Privacy Act, Curtis is unable to sanction a company when she initiates an investigation. But she ruled that Google must publicly apologize, conduct “privacy impact assessments” of any new Street View data collection in Australia that includes personal information, and regularly consult with her about “personal data collection activities arising from significant product launches” in Australia.

Google has already apologised on their Google Australia blog here, which is a step in the right direction. They stated:

We want to reiterate to Australians that this was a mistake for which we are sincerely sorry. Maintaining people’s trust is crucial to everything we do and we have to earn that trust every single day. We are acutely aware that we failed badly here.

Google themselves have stated they’ve collected this data in 30 different countries, so it’ll be interesting to see how many similar cases pop up.

The Australian Federal Police have launched a separate investigation into Google’s Wi-Fi data collection. And since this and other investigations may still be ongoing, Curtis said she would not comment in more detail.

In May, with a blog post, Google said that its world-roving Street View cars had been collecting payload data from unencrypted Wi-Fi network, contradicting previous assurances by the company. The post said that the data was collected by “mistake” and that the data has not been used in any Google products, and the company grounded its Street View fleet.

A month before, in response to a complaint from the German privacy commissioner, a Google blog post said that in scanning Wi-Fi networks its Street View cars were collecting only the SSIDs that identify the networks and MAC addresses that identify particular network hardware, including routers. Google uses this data in products that rely on location data, such as Google Maps.

Google has said it collected payload data in 30 separate countries, and though investigations are still underway in many, the company announced on Friday that after speaking to regulators, it is sending its Street View Cars back on the road in Ireland, Norway, South Africa, and Sweden. This cars will resume their 360 degree picture taking next week, but they will no longer collect any Wi-Fi information.

The Street View cars will be hitting the street again and collecting data (but no-more Wi-fi info). Personally I’d love the maps to contain Wi-fi data, free/open connections nearby your current location would be a great help for the urban warrior.

Best to rely on the old 3G or Wimax dongle then I guess.

Source: The Register

Posted in: Legal Issues, Privacy, Wireless Hacking

Topic: Legal Issues, Privacy, Wireless Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


REMnux: A Linux Distribution For Reverse-Engineering Malware

Keep on Guard!


REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.

REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that’s listening on the appropriate ports.

REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab.

You can learn about malware analysis techniques that make use of the tools installed and pre-configured on REMnux by taking the SANS Institute course on Reverse-Engineering Malware (REM).

What REMnux Is Not

REMnux does not aim to include all malware analysis tools in existence. Many of these tools are designed to work on Windows, and investigators prefer to use Windows systems for running such tools. If you are interested in running Windows analysis tools on a Linux platform, take a look at the Zero Wine project.


If you are looking for a more full-featured Linux distribution focused on forensic analysis, take a look at SANS Investigative Forensic Toolkit (SIFT) Workstation.

You can download REMnux here:

remnux-vm-public-1.0.zip

Or read more here.

Posted in: Forensics, Malware

Topic: Forensics, Malware


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Regional Trojan Threat Targeting Online Banks

Keep on Guard!


Well it was inevitable really, I’ve noticed in the last couple of years Phishing e-mails have started to use targeted lists especially for banking sites and the next up of course is trojans developed for specific regions.

A security company Trusteer (who makes Rapport) has done some research on this matter which has pin-pointed certain malware which is specifically targeted at UK banking sites and their users. And they actually appear to be using the rather successful Zeus trojan, with 2 botnets targeting the UK.

I would guess that targeting on a per-country basis increases the chances of success hugely as there only limited banks in each country and especially in the small countries like UK there aren’t that many popular ones, especially with all the mergers that took place.

Cybercrooks have developed regionally-targeted banking Trojans that are more likely to slip under the radar of anti-virus defences.

Detection rates for regional malware vary between zero and 20 per cent, according to a study by transaction security firm Trusteer. This company markets browser security add-ons to banks, which offer them to consumers as a way of reducing the risk of malware on PCs resulting in banking fraud.

Trusteer cites two pieces of regional malware targeted at UK banking consumers. Silon.var2, crops up on one in every 500 computers in the UK compared to one in 20,000 in the US. Another strain of malware, dubbed Agent-DBJP, was found on one in 5,000 computers in the UK compared to one in 60,000 in the US.

The Zeus Trojan is the most common agent of financial fraud worldwide. The cybercrime toolkit is highly customisable and widely available through underground carder and cybercrime forums. Trusteer has identified two UK-specific Zeus botnets, designed to infect only UK-based Windows and harvest login credentials of only British banks from these compromised systems.

It seems like a sensible shift in the paradigm for the bot-herders and malware pushers, rather than spraying their malware everywhere they can geolocate the IP addresses they are attacking and send out specific versions of their malware for clients from different countries.

Rather than in the early days when phishing and trojans only targeted the very largest US banking organizations (Citibank, Bank of America etc.).

Plus the fact more and more people are using online banking, micro-payment systems and sharing all kinds of sensitive data with the World online and stored on their computers. This makes it a much richer field for the would-be fraudster.

Trusteer reckons the crooks behind the attack are using UK-centric spam lists and compromised websites to spread the malware while staying under the radar of security firms. It compares this process to the shift from mass assaults to targeted strikes in corporate espionage-motivated attacks such as Operation Aurora, which struck Google and other hit-tech firms last year.

“Unlike known malware kits such as Zeus, Torpig, and Ambler which simultaneously target hundreds of banks and enterprises around the world and are on the radar of all security vendors, regional financial malware such as Silon.var2 and Agent.DBJP are highly targeted,” said Mickey Boodaei, Trusteer’s chief exec.

“In the UK, each campaign would usually focus on three to seven banks and target them for a period of six to nine months and then morph and change the list of targets, using a new more advanced version of the malware.”

Regionally-targeted malware has also cropped up in South Africa and Germany over recent months. A strain of malware called Yaludle, almost unseen outside Germany, has been used to target the online banking credentials of German surfers. Trusteer is urging banks to share information on targeted attacks locally as well as working with regulators and local law enforcement agencies to shut down command and control servers associated with regionally-targeted malware. The firm, naturally enough, also wants to persuade more banks to use its Rapport secure browsing software as a way of providing an extra defence against fraud.

As the report states, it’s started to appear in other countries too such as Germany and South Africa. If you live in a non-major country, I’d imagine it’ll be coming to your shores soon enough. I already started seeing regionally targeted phishing e-mails here last year, I’d expect the location aware trojans to hit soon too.

The trojans were actually identified by Trusteer’s Flashlight service, which is a kind of forensics software for banking. It allows banks to diagnose whether a client’s PC has been infected with malware following incidents of suspected fraud.

Anyway interesting stuff, if you work in the financial sector give those upstairs a heads-up about this, if you have a big user-base – please warn your users too.

Source: The Register

Posted in: Malware, Phishing, Social Engineering, Spammers & Scammers

Topic: Malware, Phishing, Social Engineering, Spammers & Scammers


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Safe3 SQL Injector – Automatic Detection & Exploitation Of SQL Injection Flaws

Outsmart Malicious Hackers


Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.

Features

  • Full support for GET/Post/Cookie Injection
  • Full support for HTTP Basic, Digest, NTLM and Certificate authentications
  • Full support for MySQL, Oracle, PostgreSQL, MSSQL, ACESS, DB2, Sybase & Sqlite
  • Full support for Error/Union/Blind/Force SQL injection
  • Support for file access, command execute, IP domain reverse, web path guess, md5 crack etc.
  • Super bypass WAF

You can download Safe3 SQL Injector here:

Safe3SI.6.2.rar

Or read more here.

Posted in: Database Hacking, Hacking Tools, Web Hacking

Topic: Database Hacking, Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Tabnapping Attack On The Increase

Keep on Guard!


This is an interesting new attack, I saw a live demo of it a while back here: Tabnabbing: A New Type of Phishing Attack. All you need to do is let the page load, then browse to another tab for 5 seconds or more and you’ll see the favicon change to Gmail and the page will load a Gmail image.

And apparently the use of this attack is on the rise in the wild according to Panda Labs. It’s a pretty interesting phishing attack and although it’s unable to change the URL in the address bar I believe a lot of people rely on visual cues and may not notice the URL doesn’t match the page content.

The use of Tabnapping, the recently-identified phishing technique, is on the rise, says Panda Labs.

Tabnabbing exploits tabbed browser system in modern web browsers such as Firefox and Internet Explorer, making users believe they are viewing a familiar web page such as Gmail, Hotmail or Facebook. Cybercriminals can then steal the logins and passwords when users enter them on the these hoax pages.

According to Panda’s latest Quarterly Report on IT Threats, the technique is likely to be employed by more and more cybercriminals and users should close all tabs they are not actively using.

I think this could be quite effective, especially for the less technical crown on Facebook and using services like Hotmail and Gmail. It could even extend into targeted localized attacks on online banking systems.

Apparently all browsers are susceptible to this including Chrome, Firefox, Internet Explorer and Opera (on Windows XP anyway). More details in a PC Advisor article here.


Panda also revealed the number of Trojans being used on the web has surged, and they now account for just under 52 percent of all malware. The number of viruses on the web has also increased. Viruses account for 24 percent of all malware on the web.

The security firm said Taiwan had the most number of infection, with just over 50 percent of all global malware infections happening in the country, while Russia and Turkey came close behind.

Panda also revealed attacks on social networks, fake antivirus software and poisoned links in search engines continued to be popular techniques used by cyber criminals.

Using the recent history disclosure bug in most browsers, sneaky attackers could actually scan a users browser to confirm which sites a user has visited then create the tabnapping site according to that – reinforcing its effectiveness.

Perhaps this is something that can be addressed in Firefox as the person who developed this technique is the Creative Lead for Firefox – Aza Raskin.

Source: Network World

Posted in: Exploits/Vulnerabilities, Phishing, Spammers & Scammers

Topic: Exploits/Vulnerabilities, Phishing, Spammers & Scammers


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.