Archive | March, 2012

Goofile v1.5 – Search For A Specific File Type In A Given Domain.


Use this tool to search for a specific file type in a given domain – inspired by TheHarvester.

Usage

-d: domain to search
-f: filetype (ex. pdf)

Written in Python and tested on 2.5 and 2.7.

Please submit any bug reports or requests to the author.

You can download Goofile v1.5 here:

goofilev1.5.zip

Or read more here.

Posted in: Hacking Tools, Privacy, Web Hacking

Topic: Hacking Tools, Privacy, Web Hacking


Latest Posts:


Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process


Hacker On Hacker Action – Zeus Botmaster Targets Anonymous Supporters


It somehow reminds me of the oldskool game Spy vs Spy, anyone remember that? Anyhow, that’s off-topic right now.

The news is, some smart malware pimp managed to dupe a whole bunch of Anonymous supporters into installing the Zeus botnet – when they thought they were getting a DDoS tool.

It’s a pretty big base to go after, plus people would generally ignore any malware warnings their Anti-Virus might pop-up when they were running the tool as most DDoS tools and hacking kits are flagged by AV software – smart move if you ask me.

Hackers have duped supporters of the Anonymous group into installing the Zeus botnet, which steals confidential information from PCs, including banking usernames and passwords, security researchers said last week.

According to Symantec, someone modified a link to a popular distributed denial-of-service (DDoS) attack tool to direct users to a Zeus bot Trojan instead.

The replacement of a Zeus client for the “Slowloris” DDoS tool took place on the day after Anonymous launched strikes against websites operated by the U.S. Department of Justice, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), and others in retaliation for the arrest of four men associated with the popular Megaupload “cyberlocker” site on charges of copyright infringement, money laundering and racketeering.

In a post last Friday to the Symantec security response team’s blog, the firm described how unknown hackers modified a message on PasteBin, changing the link to a Trojanized version of Slowloris.

Anonymous supporters have, unwittingly or not, pointed others to altered PasteBin message that includes the link to the Zeus bot. The Twitter account “YourAnonNews,” which has almost 550,000 followers, was just one of many that tweeted a link to the altered PasteBin message, said Symantec.

Through mid-February, Symantec had counted over 26,000 views of the PasteBin message and over 400 individual tweets referencing its URL.

There were some pretty big pimps of the malicious link too with the Twitter account @YourAnonNews being one of the major ones (over half a million followers).

With over 400 tweets referencing the URL and over 25,000 views – the person who pulled this off probably masterminded a whole bunch of fresh infections.

And as Zeus targets banking details, he could have gotten a pile of cash out of it too.


While the Trojanized Slowloris does conduct DDoS attacks — at times under the behest of the hackers who control the botnet — it also steals website cookies, login information for financial institutions and other user account credentials from infected PCs, then transmits the information to a command-and-control (C&C) server.

“Not only will supporters be breaking the law by participating in attacks on Anonymous hacktivism targets, but [they] may also be at risk of having their online banking and email credentials stolen,” said Symantec.

The Zeus ploy wasn’t the first time that Anonymous supporters have been tricked.

In January, hard on the heels of the retaliatory attacks against the Department of Justice website, U.K.-based security company Sophos said members of Anonymous distributed links via Twitter and elsewhere that when clicked automatically launched a Web version of LOIC, or Low Orbit Ion Cannon, another DDoS tool.

Many of those messages said nothing about LOIC or that clicking the link shanghaied the user into the then-ongoing DDoS attack, said Sophos.

Authorities have staged numerous arrests of Anonymous members and supporters on charges that they participated in DDoS attacks against targets in the U.S. and other countries.

Last week, an Interpol-organized sweep netted 25 suspected members of the hacking group in Argentina, Chile, Columbia and Spain.

Anonymous supports are getting arrested all over the World and now they are being targeted by malware pushers. As if we didn’t already know, being a supporter of the Anonymous movement is risky business – so if you do participate – please be careful.

On another note, some of the new versions of LOIC are pretty damn cool – some people are coding the hell out of it. Check this one out on Github (which also got owned recently coincidentally):

Download LOIC Low Orbit Ion Cannon

Source: Network World

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process