Archive | 2014

SniffPass – Simple Password Sniffer

Use Netsparker


SniffPass is small password monitoring software (basically a password sniffer) that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. SniffPass can capture the passwords of the following Protocols: POP3, IMAP4, SMTP, FTP, and HTTP (basic authentication passwords).

You can use this utility to recover lost Web/FTP/Email passwords via your own network adapter.

SniffPass - Simple Password Sniffer

Requirements

SniffPass can capture passwords on any 32-bit Windows operating system (Windows 98/ME/NT/2000/XP/2003/Vista) as long as WinPcap capture driver is installed and works properly with your network adapter. You can also use SniffPass with the capture driver of Microsoft Network Monitor, if it’s installed on your system.

Under Windows 2000/XP (or greater), SniffPass also allows you to capture TCP/IP packets without installing any capture driver, by using ‘Raw Sockets’ method. However, this capture method has the following limitation:

  • On Windows XP/SP1 passwords cannot be captured at all – Thanks to Microsoft’s bug that appeared in SP1 update…
  • On Windows Vista with SP1, only UDP packets are captured. TCP packets are not captured at all.
  • On Windows 7, it seems that ‘Raw Sockets’ method works properly again, at least for now…

Do note, this software is NOT designed to grab passwords from other machines on the network, and could do so but only if the computers were connected via a simple hub or unecrypted Wireless networks.

You can download SniffPass v1.13 here:

sniffpass.zip

Or read more here.

Posted in: Networking Hacking, Password Cracking

Topic: Networking Hacking, Password Cracking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Rackspace Recovers From Major DNS DDoS

Use Netsparker


So Rackspace has just recovered from a major DNS DDoS attack which rendered some domains inaccessible for over 11 hours. It seems to have been a fairly frequent occurrence lately with Namecheap also undergoing several attacks against its DNS infrastructure.

I got affected again recently on December 18th when they were hit with a massive attack: DDoS Attack against Default DNS System V2

Rackspace DNS DDoS

This wasn’t the only attack with a large portion of the Internt being effected back in February when Namecheap DNS system underwent a heavy and sustained DDoS attack: Namecheap Is In The Middle Of A DDoS Attack.

Rackspace says it has recovered from a nasty distributed denial of service attack that it says may have seen “a portion of legitimate traffic to our DNS infrastructure … inadvertently blocked.”

The trouble started just before lunchtime on Monday, US central time, and persisted until 11 hours later.

Over on the company’s Google+ page Rackspace warned of “intermittent periods of latency, packet loss, or connectivity failures when attempting to reach rackspace.com or subdomains within rackspace.com.”

The company’s status report later confirmed it had “… identified a UDP DDoS attack targeting the DNS servers in our IAD, ORD, and LON data centers [North Virigina, Chicago and London]. As a result of this issue, authoritative DNS resolution for any new request to the DNS servers began to fail in the affected data centers. In order to stabilize the issue, our teams placed the impacted DNS infrastructure behind mitigation services.


Several other services have been hit with heavy, sustained DDoS attacks for no apparent reason including SaaS services like Dropbox which got taken offline.

In this instance (as usual) there doesn’t seem to be any reason so far, perhaps extortion? Gaming services are frequent targets with Steam, Xbox Live and PSN all having been taken offline previously by DDoS attacks.

This service is designed to protect our infrastructure, however, due to the nature of the event, a portion of legitimate traffic to our DNS infrastructure may be inadvertently blocked. Our teams are actively working to mitigate the attack and provide service stability.”

Rackspace is now confident things are back in order, as it has blacklisted DNS servers that were “sending both legitimate and DDoS traffic to Rackspace”. Users may not be entirely out of the woods, as its most recent update says “If you continue to experience adverse impact, please reach out to your support teams and provide trace route information for further investigations.”

A full root cause analysis of the incident is under way.

It can be really serious too, earlier this year Code Spaces was put out of business by a sustained DDoS attack which turned into an intrusion, extortion and eventual deletion of their entire business.

It’ll be interesting to see if any reason comes out for this Rackspace attack, but with the power of botnets now – it might just be for no reason at all.

A recent survey has shown that DNS attacks are putting organizations at risk – so yah, serious business.

Source: The Register

Posted in: Networking Hacking

Topic: Networking Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Acunetix OVS Review (Online Vulnerability Scanner)

Use Netsparker


Introduction

It’s been a while since we’ve looked at any Acunetix products in depth, they’ve always had a solid Web Vulnerability Scanner as we found in our reviews of Acunetix WVS 6 and Acunetix WVS 7. Version 9.5 of the Web Vulnerability Scanner was released earlier this year and late last year Acunetix also announced their Online Vulnerability Scanner or OVS.

OVS is built leveraging the same state-of-the-art and proprietary Acunetix crawling and scanning technologies available in its on-premise solution.

Acunetix OVS Review (Online Vulnerability Scanner)

Acunetix Online Vulnerability Scanner was officially launched in March this year and is responsive, scalable and centralised with unmatched deep crawling and scanning capabilities.

If you compare it to the on-premise solution, it’s simple to use, there’s no maintenance (as it’s cloud based) and it’s very competitively priced (the on-premise offering is understandably a fairly costly enterprise solution).

I’ve spent a few days checking out OVS and it’s features/flow, including both the web scanning functionality and the network scan. So here is our Acunetix OVS review – enjoy.

Features

OVS is accessible via the web at https://ovs.acunetix.com/ – which for me is already a MAJOR benefit as I can easily log-in and check the status from anywhere. Previously with something like Acunetix WVS, you are limited to using the machine that has the software installed and the licence activated – which sometimes limits your mobility.

Feature wise it has:

  • Complete vulnerability management through one holistic dashboard
  • Perimeter server scanning
  • Recurring and scheduled scans
  • Over 35,000 network and 600 web vulnerability checks
  • Easy to interpret and prioritised vulnerability alerts with further information to make remediation easier
  • Complete set of compliance reports including OWASP Top 10, PCI DSS, ISO 27001 and HIPPAA
  • Fully supports HTML5, JavaScript, and thus the detection of DOM based XSS

Useful stuff if you are following any compliance regimes (PCI DSS is a pretty common one if you have anything to do with any kind of payment processing).

Also recently added to OVS are AcuSensor and AcuMonitor.

Acunetix AcuSensor Technology is a new security technology that allows you to identify more vulnerabilities than a traditional Web Application Scanner, whilst generating less false positives. In addition it indicates exactly where in your code the vulnerability is and reports also debug information.

There’s AcuSensor support for both .NET and PHP and you basically add it into your app to also scan from the inside and indicate exactly where in your code the vulnerabilities occur, install info can be found here.

Using OVS

Actually using OVS is pretty straight forward, after signing up you’ll have to do some basic account verification for a web scan. The domain you are scanning also has to be verified by means of a file in the web root (to prove it’s legitimately yours or at least you have access to it).

OVS Verification

You also have various options when adding a target including form based authentication details, you can add a login sequence file, download the AcuSensor file and add SSH credentials.

OVS Target Options

To do the network scan takes a little deeper verification requiring a phone call from Acunetix to confirm your contact number and some other details.

The interface isn’t the prettiest (it’s quite obviously Bootstrap), but it works just fine – starting a scan is easy as long as you’ve verified your domain. You can choose the type of Web Vulnerabilities you want to focus on and the type of Network scan (including if you want to run a safe or invasive network scan).

OVS Scan Options

It’s already really easy to set up scheduled and repeating scans, especially useful for compliance stuff like PCI DSS which requires quarterly scans.

OVS Scheduled Scans

When the scan has completed, you will get a notification via e-mail and you can check it out in the web app. The results are displayed in a fairly regular expanding tree format with the highest risk/impact vulnerabilities shown first. Each one has a title, and it expands to show what it affects, a description, attack details, impact, how to fix it and some web references if available.

OVS Scan Results

A feature I found really useful is the ability to generate reports from scan results in certain formats, the app can generate reports for you in terms of PCI 3.0 Compliance, Sarbanes-Oxley, HIPAA and so on. If that’s part of your job it’s a great value add.

Report Generation

Conclusion

Overall I think it’s a great tool and I’m glad to see a company like Acunetix, who has a great software scanner moving more into a SaaS (Software-as-a-Service) style offering. It suits the mobile pen-testing consultant a lot more, especially with agile teams working together the old methods of generating reports with software on each engineer laptop was cumbersome and hard to scale.

Hence tools were developed just to do report management like Kvasir and MagicTree. With a tool like Acunetix OVS, such issues are a thing of the past.

I do hope they keep developing and improving it, adding more features and making it a more user friendly experience.

If you want to check it out you can do so here:

http://www.acunetix.com/online-vulnerability-scanner/

Remember that there’s a 14 day free trial, which offers 2 full network scans with full results and 2 web scans with overview reports on 2 targets.

Posted in: Advertorial, Countermeasures, Security Software

Topic: Advertorial, Countermeasures, Security Software


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


ICANN Hacked Including Root DNS Systems

Use Netsparker


So another hack has been exposed, this time on ICANN – which is pretty bad. They are the database of the Internet basically, including the root zone system which is the highest authority for DNS requests.

The Internet Corporation for Assigned Names and Numbers (ICANN) is a non-profit organization that is responsible for the coordination of maintenance and methodology of several databases of unique identifiers related to the namespaces of the Internet, and ensuring the network’s stable and secure operation.

ICANN Hacked

Pretty serious business, and this time nothing high-tech went on at all – just some very targeted ‘spear-phishing‘ against employees of ICANN which did eventually yield valid credentials.

Domain-name overseer ICANN has been hacked and its root zone system compromised, the organization has announced.

Attackers sent staff spoofed emails appearing to coming from icann.org. The organization notes it was a “spear phishing” attack, suggesting employees clicked on a link in the messages, and then typed their usernames and passwords into a bogus webpage, providing hackers with the keys to their accounts.

“The attack resulted in the compromise of the email credentials of several ICANN staff members,” the announcement reads, noting that the attack happened in late November and was discovered a week later.

With those details, the hackers then managed to access a number of systems within ICANN, including the Centralized Zone Data System (CZDS), the wiki pages of the Governmental Advisory Committee (GAC), the domain registration Whois portal, and the organization’s blog.

The CZDS provides authorized parties with access to all the zone files of the world’s generic top-level domains. It is not possible to alter those zone files from within the system, but the hackers did manage to obtain all the information of those who are registered with the system, which include many of the administrators of the world’s registries and registrars.

In an email sent to every CZDS user, ICANN has warned that “the attacker obtained administrative access to all files in the CZDS including copies of the zone files in the system. The information you provided as a CZDS user might have been downloaded by the attacker. This may have included your name, postal address, email address, fax and telephone numbers, and your username and password.”


This is by no means a Sony level hack, but well honestly – nothing else is and probably will be for quite some time.

A compromise to ICANN is serious in a different way though as it’s a backbone of the Internet and thankfully the attackers couldn’t alter the root zone files or it could have been chaos. It’s mostly a case of information disclosure in terms of users of the Centralized Zone Data System.

While the hack is nowhere near the same level as the hack on, say, Sony that has seen gigabytes of information leaked onto the internet, it will prove extremely embarrassing to ICANN, which hopes to be handed control of the critical IANA contract next year.

It also comes as the US government revealed yesterday the process by which updates to the internet’s root zone files are done through ICANN. When changing the network addresses for the world’s top-level nameservers, the process relies on a secure email from ICANN, or a request sent through a secure web portal, a standard format change request and self-certification that ICANN has followed its own processes.

With the email addresses of staff with access to root zone records having been compromised and the hack only noticed a week later, there will be significant concern that had the hackers been luckier or if an IANA staffer – who also use icann.org email addresses – had logged in to the fake site the hackers may have gained access to the system used to make changes at the very top of the internet.

ICANN seeks to assure people that it is on top of the situation: “Earlier this year, ICANN began a program of security enhancements in order to strengthen information security for all ICANN systems. We believe these enhancements helped limit the unauthorized access obtained in the attack. Since discovering the attack, we have implemented additional security measures.”

That security program began when ICANN suffered a problem with CZDS system in April. In that case a number of users were wrongly given admin access to the system.

It’s good to see ICANN being a bit more grown up about this as well, disclosing that it happened, what was leaked and how they think the intruders got access to the system – a definite move in the right direction.

ICANN has also stated that disclosed passwords were stored as salted hash values, rather than in plaintext, although the algorithm used is not known. They also confirmed that this hadn’t effected any IANA-related systems and that no other systems have been impacted.

Source: The Register

Posted in: Networking Hacking, Phishing

Topic: Networking Hacking, Phishing


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


BlueMaho Project – Bluetooth Security Testing Suite

Use Netsparker


BlueMaho is GUI-shell (interface) for a suite of tools best used for Bluetooth security testing. It is freeware, opensource, written on python, uses wxPython. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics.

I did get interested in Bluetooth for a while and the security implications of a personal area network protocol which includes discovery/broadcast etc. I ended up only posting one article at the time though which was about Haraldscan – BlueTooth Discovery Scanner.

BlueMaho Project - Bluetooth Security Testing Suite

I have a bunch more Bluetooth related resources to share though, so I’ll be putting them out from time to time. Some (like this) aren’t particularly up to date, but give you a great base to start with and play around.

Features

  • Scan for devices, show advanced info, SDP records, vendor etc
  • Track devices – show where and how much times device was seen, its name changes
  • Loop scan – it can scan all time, showing you online devices
  • Alerts with sound if new device found
  • on_new_device – you can spacify what command should it run when it founds new device
  • It can use separate dongles – one for scaning (loop scan) and one for running tools or exploits
  • Send files
  • Change name, class, mode, BD_ADDR of local HCI devices
  • Save results in database
  • Form nice statistics (uniq devices by day/hour, vendors, services etc)
  • Test remote device for known vulnerabilities (see exploits for more details)
  • Test remote device for unknown vulnerabilities (see tools for more details)
  • Themes! you can customize it

Requirements

The main requirements are:

  • OS (tested with Debian 4.0 Etch / 2.6.18)
  • Python 2.4
  • wxPython
  • BlueZ

You can download BlueMaho here:

bluemaho_v090417.tgz

Or read more here.

Posted in: Hacking Tools, Networking Hacking

Topic: Hacking Tools, Networking Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Oryon C Portable – Open Source Intelligence (OSINT) Framework

Use Netsparker


Oryon C Portable is a web browser designed to assist researchers in conducting Open Source Intelligence investigations. Oryon comes with dozens of pre-installed tools and a select set of links catalogued by category – including those that can be found in the OI Shared Resources.

Oryon C Portable - Open Source Intelligence Framework

  • Based on SRWare Iron version 31.0.1700.0 (Chromium)
  • More than 70 pre-installed tools to support investigators in their everyday work
  • More than 600 links to specialized sources of information and online investigative tools
  • Additional privacy protection features
  • A ready to use opml file containing a sorted collection of information sources in the fields such as: OSINT, Intelligence, online research, InfoSec, defense, and more.

You can download Oryon C Portable here:

Oryon C Portable.exe

Or read more here.

Posted in: Privacy, Security Software

Topic: Privacy, Security Software


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.