Archive | November, 2010

Researcher Releases Android Exploit In Webkit Browser Engine


And Android security hits the news once again, it’s not a vulnerability in the OS per-say but rather in the browser based on the Webkit engine. It does highlight the inherent fragmentation problems with the Android platform and the security concerns that come with running old OS and software versions.

It’s a problem that is plaguing Android right now with different phones running different core OS versions (from 1.5 to 2.2) – on top of that 3rd party skins for the OS from Samsung, Motorola and more. This makes updating the OS slow and many users are stuck with old versions and no news regarding updates.

A security researcher has released proof-of-concept code that exploits a vulnerability in most versions of Google’s Android operating system for smartphones.

M.J. Keith of Alert Logic said he released the attack code to expose what he characterized as inadequate patching practices for the open-source mobile platform. Rather than find the underlying bug himself, he searched through a list of documented security flaws for Apple’s Safari, which relies on the same Webkit browser engine used in Android. In short order, he had an attack that exploits about two-thirds of the handsets that rely on the OS.

“They need a better patching system,” Keith told The Register. “They do a good job of repairing future releases, but I think a better patching system needs to be set up for Android.”

The bug Keith’s code exploits was fixed in Android 2.2, but according to figures supplied by Google, only 36 percent of users have the most recent version. That means the remainder are susceptible to the attack.

Google has claimed that they are changing the architecture with the upcoming release of Gingerbread, many of the system apps will be pushed to the Marketplace – meaning they can push out updates much faster and easier than if everything is integrated in the OS image.

Of course core problems with the kernel or underlying OS will still have to be addressed via firmware updates, but still like this – which effects the browser – could be negated if a new browser version could be pushed out from the Android Marketplace.

The same goes for the recent Critical Zero Day Abobe Flash Flaw Which Put Android Phones At Risk.


What’s more, Keith said he had no trouble finding other documented Webkit vulnerabilities that have yet to be fixed in version 2.2.

“I found about four or five and I wasn’t trying to [do] an exhaustive search,” he said.

A Google spokesman declined to comment for this post. To be fair, Android’s design does a good job of segregating the functions of one application from those of another. That would make it hard for someone exploiting the bug Keith demonstrated to gain root privileges or access to many of the targeted handset’s resources. But it still would allow an attacker to access anything the browser can read, including a phone’s Secure Digital memory card.

The bigger point, Keith said, is that most users have no idea their devices are vulnerable to bugs that were patched long ago on other platforms.

“I wanted to demonstrate that nobody’s being notified that their Android phone is vulnerable to this stuff,” he explained. Google “wants to pretend it’s not there.”

It is a serious problem that Android is facing right now and I hope Google do more to address this and work alongside with the handset vendors so OS updates can be pushed out in a more efficient and timely manner.

The exploit code can be found here:

Android 2.0-2.1 Reverse Shell Exploit

Source: The Register

Posted in: Exploits/Vulnerabilities, Hardware Hacking

Topic: Exploits/Vulnerabilities, Hardware Hacking


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


GNS3 – Graphical Network Simulator


GGNS3 is a graphical network simulator that allows simulation of complex networks. It’s an excellent complementary tool to real labs for network engineers, administrators and people wanting to pass certifications such as CCNA, CCNP, CCIP, CCIE, JNCIA, JNCIS, JNCIE. It can also be used to experiment features of Cisco IOS, Juniper JunOS or to check configurations that need to be deployed later on real routers.

To allow complete simulations, GNS3 is strongly linked with:

  • Dynamips, the core program that allows Cisco IOS emulation.
  • Dynagen, a text-based front-end for Dynamips.
  • Qemu, a generic and open source machine emulator and virtualizer.

Features Overview

  • Design of high quality and complex network topologies.
  • Emulation of many Cisco IOS router platforms, IPS, PIX and ASA firewalls, JunOS.
  • Simulation of simple Ethernet, ATM and Frame Relay switches.
  • Connection of the simulated network to the real world!
  • Packet capture using Wireshark.

This project is an open source, free program that may be used on multiple operating systems, including Windows, Linux, and MacOS X.

You can download GNS3 v0.7.2 here:

Windows All-in-one – GNS3-0.7.2-win32-all-in-one.exe
Windows Binary – GNS3-0.7.2-bin-win32.zip
Mac DMG Package – GNS3-0.7.2-intel-x86_64.dmg
Linux/Source – GNS3-0.7.2-src.tar.gz

Or read more here.

Posted in: Hardware Hacking, Networking Hacking

Topic: Hardware Hacking, Networking Hacking


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


Sophos Launches FREE Anti-Virus Software For Mac


Well most Apple users would tell you they don’t need anti-virus anyway, viruses and malware are a Windows problem – not something the hi-tech hipsters need to worry about.

And let’s face it, even if you run Windows you don’t really need to run anti-virus either if you practice good web-habits. But with the amount of idiots running OSX on their shiny Macbooks – malware may well become a problem for the platform.

It’s not a problem right now, the stats for malicious software on Apple platforms are still minuscule compared to the threats on Windows and even on Linux.

Sophos released a free of charge Mac anti-virus product for consumers on Tuesday in a bid to highlight the growing security risk against the platform and to shake fanbois out of their complacency.

The business-focused internet security firm is making Sophos Anti-Virus Home Edition for Mac available for download at no charge – with no time limit, and requiring no registration. The technology is a cut-down version of Sophos’s pre-existing anti-virus software for Macs and will ship with detection of thousands of malware strains including Trojans and rootkits. Sophos has no plans to release an equivalent free of charge Windows anti-malware scanner.

Three well-established freebie security scanners (AVG, Avast, Avira) already exist even without considering Microsoft’s own Security Essentials software. Although commercial anti-virus packages for Macs have been sold for some time by the likes of Intego and Symantec – and more recently by Kaspersky and Panda – Sophos’s software one of very few freebie scanners for Macs available to date.

It’s a pretty interesting move from Sophos tho, business wise, as they have no plans into strong-arming users into paying for a commercial version by releasing a crappy crippled version under the guise of ‘free’ software.

Sophos has always been a company with strong technology, so even as freeware I’d expect this to be fairly capable software. There are other commercial AV systems out their for Mac – but this is the first one from a reputable vendor that is free. I mean there’s ClamAV – but in all honestly who would want to rely on that?


It’s not the first freebie scanner for Macs currently available, contrary to claims in the first version of this article. Others including, most notable, ClamAV exist.

Past threats to Mac users have included malware disguised as pirated software and uploaded onto P2P file-sharing networks, supposed video codecs that actually contain a Mac-specific Trojan horse and strains of Windows malware capable of infecting virtual installations of Windows running on a Mac.

Apple acknowledged the malware problem by integrating rudimentary protection against a handful of Mac Trojans in Snow Leopard, Sophos notes, arguing that users running its software are provided with more comprehensive protection against potential threats.

Carole Theriault, senior security consultant at Sophos, explained that while the picture is different in enterprise environments, “home Mac users aren’t protecting themselves from malware”.

Theriault admitted that Windows threats counted in their millions dwarf the number of strains of Mac malware, which can be counted in their thousands, but maintained there was a need for protection, whatever sales people in Apple Stores might say to the contrary. “We want to raise awareness,” she explained.

Either way it’s an interesting move from Sophos and we’ll have to see where it goes from here. They claim they won’t charge for it, but who knows? And will this pressure other AV vendors that have paid versions for Mac to release free versions for Home users. Much like the Windows vendors do (Avira, Avast!, AVG etc).

More on the software, together with hardware compatibility information, can be found out from a download micro-site here:

Sophos Anti-Virus for Mac Home Edition

Source: The Register

Posted in: Apple, Countermeasures, Malware, Security Software

Topic: Apple, Countermeasures, Malware, Security Software


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


WATOBO – The Web Application Toolbox


WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities. WATOBO has no attack capabilities and is provided for legal vulnerability audit purposes only.

How Does It Work?

WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite.

Additionally, WATOBO supports passive and active checks. Passive checks are more like filter functions. They are used to collect useful information, e.g. email or IP addresses. Passive checks will be performed during normal browsing activities. No additional requests are sent to the (web) application.

Active checks instead will produce a high number of requests (depending on the check module) because they do the automatic part of vulnerability identification, e.g. during a scan.

WATOBO Advantages


  • Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
  • Can perform vulnerability checks out of the box.
  • Supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
  • Smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
  • Written in (FX)Ruby and enables you to define your own checks
  • Free software ( licensed under the GNU General Public License Version 2)

There is an ‘unofficial’ manual here:

WATOBO – the unofficial manual

And some video tutorials to get you started here.

You can download WATOBO 0.9.5 here:

watobo_0.9.5rev226.zip

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).