Archive | December, 2010

FBI Investigating Gawker Media User Database Password Ownage

Outsmart Malicious Hackers


After the non-stop action with WikiLeaks last week, the big news this week is the hack carried out on Gawker Media which exposed their users e-mail addresses and passwords. More than 200,000 password hashes (very lightly encrypted with DES) and e-mail combos can be downloaded on-line as a torrent file.

Now this has had some epic fall-out as we all know many people use the same passwords for all their online services, so a whole bunch of Twitter accounts were owned and used for spamming Acai berries – causing Twitter to block/delete these accounts and reset a whole lot of passwords.

Now if you search through the files, there are a whole lot of major corporate domains inside – including some government organizations. This is the fact that is obviously worrying to the FBI and is leading them to carry out an investigation.

The FBI confirmed to PC World that it is investigating the recent intrusion by a group of hackers into Gawker Media’s servers last weekend. The hack exposed more than 200,000 reader e-mail addresses and passwords, and the data is now circulating online as a peer-to-peer torrent file. An FBI representative declined to comment further about the ongoing investigation; however, Gawker Media founder and CEO Nick Denton was scheduled to meet with federal authorities on Monday, according to The New York Post .

On Sunday, an online hacker collective calling itself Gnosis broke into the servers of Gawker Media, which owns a variety of popular online blogs including Deadspin, Fleshbot, Gawker, Gizmodo, Jezebel, io9, Jalopnik, Kotaku and Lifehacker. The hackers obtained the e-mail addresses and passwords for the company’s employees, and the source code for Gawker Media’s content management system. Gnosis hackers also obtained the login credentials for readers who were registered to leave comments on Gawker Media websites.

Gawker Media said most user login information was encrypted, but Gnosis managed to crack the credentials for more than 200,000 accounts. The exposed login information is now part of a data dump contained in a torrent file available on peer-to-peer file sharing networks.

It’s a pretty serious breach as Gawker is one of the major on-line media owners and their network reach is wide. 200,000 accounts with exposed passwords is not a small number and do remember just because people aren’t tech savvy (use weak passwords) it doesn’t mean they don’t hold some high position in some huge MNC.

There’s a big debate going on at Hacker News too about the ethics of e-mailing all the users in the file to notify them their passwords may have been breached. Apparently some people are already doing it, and other are writing scripts to extract the e-mail addresses and notify everyone to ensure no-one gets left behind.


It’s not entirely clear what inspired the attack against Gawker, but a person claiming to represent Gnosis recently told the blog Mediaite that the hacker group broke into the company’s servers because of Gawker’s “outright arrogance.” Previously, it was suggested the Gawker hack was related to the company’s ongoing feud with members of 4chan, an online message board. The Gnosis representative said there was no connection between the hacker group and 4chan.

Despite the potentially criminal acts perpetrated by Gnosis hackers, more high-minded hackers (among software engineers the term hacker refers to someone who is a programming expert) were coming to the defense of Gawker Media users. Readers of Y Combinator’s Hacker News — a news aggregator and discussion thread for technology start-up entrepreneurs and software engineers — banded together to create an automated e-mail program to alert the 200,000 people whose e-mails and passwords were exposed by Gnosis.

You can find a CSV of the file online here where you can check if your details are inside – gawker.csv

There is also another service which will help you hash your username/email and search through the hashes – http://gawkercheck.com/

Source: Network World

Posted in: Exploits/Vulnerabilities, Legal Issues, Privacy, Web Hacking

Topic: Exploits/Vulnerabilities, Legal Issues, Privacy, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


SQLInject-Finder – Intelligent SQL Injection Detection Script

Keep on Guard!


SQLInject-Finder is a simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format.

The output includes:

  • The suspicious IP address
  • The attacked webpage
  • The parameter and value used
  • The frame number of the packet within the pcap (can be used to find exactly where the packet is in Wireshark)
  • The reason why the request was flagged

Requirements

This script was tested using Python 2.6.5. Other versions are not guaranteed to work.

This script depends on the dpkt libraries.

You can download SQLInject-Finder here:

sqlinject-finder.py

Or read more here.

Posted in: Database Hacking, Hacking Tools, Web Hacking

Topic: Database Hacking, Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


WikiLeaks Attacks Cause Rival DDoS Retaliation

Outsmart Malicious Hackers


The biggest news by far for the past week or so has been the attacks on WikiLeaks infrastructure after posting tens of thousands of classified cables online in a categorized form.

Just a few days ago their DNS provider (EveryDNS) pulled the plug – apparently due to pressure from the US government, and also because of the ongoing DDoS attacks against WikiLeaks which also effected them.

The latest development is that ‘Anonymous’ has joined the WikiLeaks side of the argument and start attacking those it sees as detrimental to WikiLeaks.

An anonymous, loosely affiliated group that has been responsible for a series of recent Distributed Denial of Service (DDOS) attacks against entertainment industry Web sites over copyright issues, has started attacking organizations viewed as being hostile to WikiLeaks, says a PandaLabs researcher.

The group, dubbed Anonymous, launched a DDOS attack on Monday that knocked Swiss payment transaction firm PostFinance’s Web site offline. The attack was in apparent retaliation for the firm’s freezing of an account set up by WikiLeaks founder Julian Assanage, PandaLabs threat researcher Sean-Paul Correll said.

The bank’s main Web site was unavailable for several hours but appeared to have been restored by late Monday afternoon. The attack on PostFinance was preceded by one against PayPal’s blog site over the weekend, Correll said. That attack was apparently prompted by PayPal’s decision to cut off money services to WikiLeaks last week.

The PayPal attack began at 4.00 a.m PST on Saturday and resulted in the blog being unavailable for a total of more than 8 hours, Correll said. Meanwhile, anonops.net, a site used by Anonymous to announce their attack plans, came under a massive DDOS attack earlier on Monday, apparently by those opposed to WikiLeaks. In an ironic twist, users attempting to reach the site were being redirected to PostFinance’s Website late Monday evening.

The first target I became aware of was PayPal, due to the fact they froze the WikiLeaks account and ceased processing donations for them. More info on that here:

PayPal Announces It Will No Longer Handle Wikileaks Donations

It seems there are other targets on the list such as the payment processor PostFinance who froze an account set up for Julian Assange the WikiLeaks founder.


A lengthy statement posted on the anonymous group’s Web site listed several organizations that the group claimed had stifled WikiLeaks’ effort to release the documents. “We will find and will attack those who stand against Wikileaks and we will support WikiLeaks in everything they need,” the statement said.

The group said it will offer WikiLeaks an additional site for mirroring the leaked documents. It will also create ‘counter-propaganda’ and organize DDoS attacks on “various targets related to censorship” the group claimed.

Anonymous’ campaign over copyright enforcement issues, Operation:Payback, has resulted in several DDOS attacks being launched against and knocking off sites belonging to the Recording Industry Association of America, the Motion Picture Association of America and others.

In the statement announcing support for Assange, the organizers of Anonymous declared that “Operation:Payback has come out in support of WikiLeaks and has declared war on the entities involved in censoring there information.”

The online tussle between those opposed to WikiLeaks’ campaign and those supporting it highlights how the Internet is increasingly becoming the battleground for all sorts of causes, Correll said.

“People are starting to figure out they can use technology to fight back,” he said. “They have realized they don’t have to just stand in a picket line. This has been going on for a few years, but its getting more organized.”

WikiLeaks has been having a bad time recently, as just before they lost their DNS service – they got kicked off from the Amazon platform.

All in all it seems freedom of speech really isn’t free. If you want to read more about this, there are a LOT of articles – so knock yourselves out.

Source: Network World

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


TwitterPasswordDecryptor – Instantly Recover Twitter Account Passwords

Outsmart Malicious Hackers


TwitterPasswordDecryptor is the FREE tool to instantly recover Twitter account passwords stored by popular web browsers. Most web browsers store the login credentials for visited websites so that user don’t have to remember and enter the password every time. Each of these web browsers use their own proprietary encryption mechanism to store the login passwords including Twitter account passwords.TwitterPasswordDecryptor automatically crawls through each of these browsers and instantly recovers all of the stored Twitter passwords.

TwitterPasswordDecryptor presents both GUI interface as well as command line version, the later is more helpful for Penetration testers in their work. Apart from normal users who can use it to recover their lost password, it can come in handy for Forensic officials who can get hold of any stored Twitter account passwords and then use that Twitter profile information to further extend their investigation.


TwitterPasswordDecryptor is fully Portable tool which can be directly run anywhere without installing locally. It also comes with Installer for those who wants to install it locally and use it on regular basis. It works on wide range of platforms starting from Windows XP to latest operating system Windows 7.

Features

Currently supports recovering of the stored Twitter account password from following popular Internet browsers:

  • Internet Explorer (all versions from 4 to 8)
  • Firefox
  • Google Chrome
  • Opera Browser

You can download TwitterPasswordDecryptor here:

TwitterPasswordDecryptor.zip

Or read more here.

Posted in: Hacking Tools, Password Cracking, Privacy

Topic: Hacking Tools, Password Cracking, Privacy


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


India Central Bureau of Investigation (CBI) Site Still Down

Keep on Guard!


There has been quite a lot of chatter online about this case, politically there are long standing disputes between India and Pakistan and naturally these also extend to online wars – which inevitably end in defacement.

The latest target from the group calling themselves the Pakistani Cyber Army was the site for the Central Bureau of Investigation in India – http://cbi.nic.in/.

Almost 4 days after the defacement, the site still appears to be down.

Close to four days after the site of India’s key investigation agency, the Central Bureau of Investigation (CBI), was hacked and defaced, the web site is still inaccessible to users.

The CBI is doing a thorough security audit, and plugging all holes to prevent another hack, Vinita Thakur, a spokeswoman said on Tuesday. She didn’t say when that would be complete, and the site restored.

The web site of the CBI was hacked and defaced on Friday night. The hackers calling themselves the “Pakistani Cyber Army” left a message saying that the attack was in revenge for similar Indian attacks on Pakistani sites.

The CBI’s IT systems were not compromised by the hack, as the web site and the CBI’s computer systems are separate, Thakur said.

They say they are doing a thorough audit and they are going to plug all the holes, but in reality – we know that’s not true because it’s not possible. They both seem to be stuck in a catch 22 situation as both the Indian and Pakistani sides continue with revenge attacks for the previous defacement.

Almost immediately after this attack the Indian Cyber Army executed another hack and deface job to retaliate. And well, whatever happens after this – it’s not going to be pretty for either side.


The information that the hackers had access to was public information, she added.

The border dispute between India and Pakistan over Kashmir has often spilled online, with both sides attempting to hack each other’s web sites.

The web site of Pakistan’s Oil & Gas Regulatory Authority was hacked on Saturday by a group called “Indian Cyber Army” in retaliation for the CBI web site hack, according to media reports from Pakistan.

The web site which displayed the message “This Account has been suspended” late Saturday, has since been restored.

The Pakistani site that was attacked is back up and accessible to the public again, but as of now I’m still seeing some database access error messages in the sidebar and at the top of the page – http://www.ogra.org.pk/.

My guess would be that this is not going to stop any time soon.

Source: Network World

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)

Outsmart Malicious Hackers


There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI).

A new simple tool was released recently which focuses purely on LFI attacks.

Functions

  • Automatically find the root of the file system
  • Detect default files outside of the web folder
  • Attempts to detect passwords inside the files
  • Supports basic authentication
  • Can use null byte to bypass some controls
  • Writes a report of the scan to a file

You can download LFIMAP 1.4.3 here:

lfimap-1.4.3.tar.gz

Or read more here.

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking

Topic: Exploits/Vulnerabilities, Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.