Archive | September, 2010

inspathx – Tool For Finding Path Disclosure Vulnerabilities

Keep on Guard!


inspathx is a tool that uses local source tree to make requests to the URL and searches for path inclusion (Full Path Disclosure) error messages. It’s a very common problem in PHP web applications that crops up a lot.

PHP Web application developers sometimes fail to add safety checks against authentications, file inclusion etc and are prone to reveal possible sensitive information when those applications URLs are directly requested. Sometimes, it’s a clue to Local File Inclusion (LFI) vulnerability. For open-source applications, source code can be downloaded and checked to find such information.

This script will do this job.

  1. First you have to download source archived file of your desired OSS.
  2. Second, extract it.
  3. Third, feed its path to inspath

inspathx accepts the following arguments:

  • -d or –dir argument as source directory (of application)
  • -u or –url arguement as the target base URL (like http://victim.com)
  • -t or –threads argument as the number of threads concurrently to run (default is 10)

You can download inspathx via SVN here:

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


JailBreaking AppleTV Running on iOS 4.1 – iPad/iPhone 4 Jailbreak Soon?

Keep on Guard!


Posts about the latest Jailbreak exploit/software for the new Apple devices are always pretty popular and this looks like it might turn out to be pretty interesting.

It seems like at the moment the latest iOS update has been cracked for iPod Touch and earlier iPhones (3GS) but there’s no working Jailbreak at the moment for the newly released iPhone 4 – something to do with the baseband I think. I’m not super familiar with Apple stuff though so do correct me if I’m wrong.

The note about this exploit comes at the bottom of this post:

SHAttered iPod touch 4G

The latest Apple TV isn’t even in people’s hands and its already close to being jailbroken, according to members of a hacker group that has a track record of successfully freeing iDevices from the artificial shackles of Steve Jobs & Co.

According to a post on Monday on the iPhone Dev Team Blog, members were able to crack the customized iOS firmware shortly after its release on Monday on an Apple download site. The release came the same day Apple began shipping the $99 device.

The download, which allows users to restore Apple TVs to their original factory settings, confirms rumors that Jobs’s “hobby” does in fact run iOS. More importantly, it gave iPhone Dev Team members an opportunity to run it through an in-development iOS 4.1 hacking tool they developed called SHAtter. They quickly extracted the cryptographic key used to lock down the Apple TV firmware, which is the first step in finding a reliable jailbreak.

The funny thing is AppleTV device hasn’t even shipped out yet and it’s already been jailbroken, they have also confirmed that it’s running on a version of iOS. This might be interesting for development of an iPhone 4 jailbreak.

Jailbreaks are a pretty hot topic at the moment with the iPhone 4 slowly releasing around the World after having been out commercially in the US for a couple of months now. It could set things up for a whole new slew of applications to come out too, imagine a hacked AppleTV with a custom iOS firmware or something else running on it (Android/MeeGo) hooked up via HDMI to your LCD/Plasma TV – now that’d be sweet!

It’s unclear exactly what could be done with a jailbroken Apple TV. Compared with other iDevices, it has a paltry amount of storage space. And, of course, there’s still the prospect that Apple will make last-minute changes to Apple TVs that patch the vulnerability SHatter exploits.

But as we’ve reckoned before, the mini USB port included with the Apple TV opens the door to running unauthorized code loaded on a patchstick. That in turn might allow users to run iPhone and iPad apps or add amenities such as SSH access, a USB-supported hard drive or even the ability to stream shows from Hulu.

All of that is in the future. With Monday’s commencement of Apple TV shipments, it won’t take long for us to find out.

The shipping starts next week and I’m pretty sure Apple is going to be doing something about this, so we’ll find out about the future of this neat hack pretty soon. We’ll also see if a spin-off iPhone 4 jailbreak comes out of this.

You can find direct download links for the AppleTV firmware files here:

AppleTV Firmware Download Locations

Source: The Register

Posted in: Apple, Exploits/Vulnerabilities, Hardware Hacking

Topic: Apple, Exploits/Vulnerabilities, Hardware Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


TA-Mapper v1.1 – Time and Attack Mapper – Effort Estimator For Pen-Testing

Keep on Guard!


We wrote about this tool back in January 2009 when it was first released, recently v1.1 has become available for download.

Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications. This tool provides more accurate estimation when compared to rough estimation. Penetration testers who always have hard time explaining/justifying the efforts charged (or quoted) to their customers can find this tool handy by able to calculate efforts with greater accuracy required for application penetration testing.

What’s new in v1.1?

  1. The “Optimise Effort” options is provided for advance correction/optimisation of effort. It allows users to further optimise the efforts by considering automation component as a part of test approach.
  2. Report can be generated both in HTML and MS Excel format (More report options may come up in the later release)

Bug Fixes

  • Few cosmetic bug fixes including few functional issues
  • Fixed the _silly_ custom values settings followed by auto-update of total efforts

You can download TA-Mapper v1.1 here:

TA-Mapper%20v1.1.zip

Or read more here.

Posted in: Hacking News, Security Software

Topic: Hacking News, Security Software


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Microsoft Warns Of ASP.Net Vulnerability In The Wild – Cryptographic Padding Attack

Keep on Guard!


There seems to be a fairly serious attack being exploited in the wild that targets vulnerable ASP.Net web applications, so far there is a temporary fix but no official announcement on when a patch will be issued. The next scheduled patches should be pushed out on October 12th.

If you had set up your server to the ‘best standards’ you shouldn’t be vulnerable to this anyway as the data in your config files should be encrypted, but honestly..how many people really take such precautions?

As the exploit is being used in the wild, I’d say not many.

Attackers have begun exploiting a recently disclosed vulnerability in Microsoft web-development applications that opens password files and other sensitive data to interception and tampering.

The vulnerability in the way ASP.Net apps encrypt data was disclosed last week at the Ekoparty Conference in Argentina. Microsoft on Friday issued a temporary fix for the so-called “cryptographic padding attack,” which allows attackers to decrypt protected files by sending vulnerable systems large numbers of corrupted requests.

Now, Microsoft security pros say they are seeing “limited attacks” in the wild and warned that they can be used to read and tamper with a system’s most sensitive configuration files.

“There is a combination of attacks that was publicly demonstrated that can leak the contents of your web.config file, including any sensitive, unencrypted, information in the file,” Microsoft’s Scott Guthrie wrote on Monday night. “You should apply the workaround to block the padding oracle attack in its initial stage of the attack.” (He went on to say sensitive data within web.config files should also be encrypted.)

It’s actually another fairly complex and interesting example of a side channel attack. The last time we reported on this kind of attack was when Website Auto-complete Leaked Data Even Over Encrypted Link.

This is certainly not a straight forward attack and I wouldn’t expect to be seeing widespread hacks using this technique, but skilled attackers could leverage this when doing focused attacks on certain organisations or web properties.

Microsoft personnel also warned about ASP.Net applications that store passwords, database connection strings or other sensitive data in the ViewState object. Because such objects are accessible to the outside, the Microsoft apps automatically encrypt its contents.

But by bombarding a vulnerable server with large amounts of corrupted data and then carefully analyzing the error messages that result, attackers can deduce the key used to encrypt the files. The side-channel attack can be used to convert virtually any file of the attacker’s choosing.

The temporary fix involves reconfiguring applications so that all error messages are mapped to a single error page that prevents the attacker from distinguishing among different types of errors A script to identify the oracles that needlessly reveal important cryptographic clues is here.

Thai Duong, one of the researchers who disclosed the vulnerability last week, said here that simply turning off custom error messages was not enough to ward off exploits because attackers can still measure the different amounts of time required for certain errors to be returned.

Details from the ASP.Net Blog including the workaround are available here:

Important: ASP.NET Security Vulnerability

There’s also a FAQ for the vulnerability here:

Frequently Asked Questions about the ASP.NET Security Vulnerability

More technical details about the nature of the attack are on the technet blog here:

Understanding the ASP.NET Vulnerability

Source: The Register

Posted in: Exploits/Vulnerabilities, Web Hacking, Windows Hacking

Topic: Exploits/Vulnerabilities, Web Hacking, Windows Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


wifite – Mass Wifi WEP / WPA Key Cracking Tool

Outsmart Malicious Hackers


wifite is created to attack multiple WEP and WPA encrypted networks at the same time. This tool is customizable to be automated with only a few arguments and can be trusted to run without supervision.

wifite - Mass Wifi WEP/WPA Key Cracking Tool


It’s a great tool to script into part of a toolkit for Wifi security assessments and is a handy wifi wep key cracker.

The biggest change from version 1 is support for “reaver”, a Wifi-Protected Setup (WPS) attack tool. Reaver can compromise the PIN and PSK for many routers that have WPS enabled, usually within hours.

Features of wifite

  • sorts targets by power (in dB); cracks closest access points first
  • all WPA handshakes are backed up (to the working directory)
  • mid-attack options: stop during attack with Ctrl+C to use (continue, move onto next target, skip to cracking, exit)
  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • very customizable settings (timeouts, packets/sec, etc)
  • SKA support (untested)
  • finds devices in monitor mode; if none are found, prompts for selection
  • all passwords saved to log.txt
  • switching WEP attacks does not reset IVS
  • displays session summary at exit; shows any cracked keys

Similar WiFi cracking tools would be:

Infernal Twin – Automated Wireless Hacking Suite
FruityWifi – Wireless Network Auditing Tool
wifite – Mass Wifi WEP/WPA Key Cracking Tool
Kismet – Wireless Network Hacking, Sniffing & Monitoring

You can download wifite automated wireless attack tool here:

wifite.py

Or read more here.

Posted in: Hacking Tools, Wireless Hacking

Topic: Hacking Tools, Wireless Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Twitter onMouseOver XSS Exploit Causes Chaos

Outsmart Malicious Hackers


The big news yesterday was an epic XSS flaw on Twitter that sent the micro-blogging service into chaos. They actually made an announcement during the hack that users should stay off the web-site and use 3rd party services through the API (Software such as Tweetdeck, Seesmic, Gravity etc).

They posted an update on the status blog pretty fast that the XSS had been identified and they were in the midst of patching it.

Hackers have exploited a flaw in Twitter, which results in pop-ups and third-party websites being opened despite users simply hovering over links with their mouse.

Hundred of Twitter users, including Sarah Brown – wife of the former Labour Prime Minister Gordon Brown – have fallen victim to the attack. In some cases the third-party websites that are open are pornographic. The malicious links contain Javascript code, called onMouseOver, which allows users to redirected, even if they haven’t clicked on the link.

Graham Cluely from security firm Sophos said in a blog that at present the flaw is being exploited for “fun and games” although “there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed”.

Cluley advised Twitter users to avoid using the Twitter website and instead rely on a third-party client such as Tweetdeck to access the service.

Most ‘attacks’ were pretty harmless with users just having fun with the bug, there were some pretty dodgy incidents though involving shocks sites (goatse or tubgirl anyone?) and hardcore porn sites.

There’s also a good write-up on the Sophos blog here with screen-shots:

Twitter ‘onmouseover’ security flaw widely exploited

A full post on the issue from Twitter is available here:

All about the “onMouseOver” incident

I like how they are responsible about such things and don’t try to hide them. If you are on Twitter and you want the latest updates about such matters you should follow the @safety account.

Source: Network World

Posted in: Exploits/Vulnerabilities, Malware, Web Hacking

Topic: Exploits/Vulnerabilities, Malware, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.