Archive | February, 2016

Veil Framework – Antivirus Evasion Framework

The New Acunetix V12 Engine


The Veil-Framework is a collection of red team security tools that implement various attack methods focused on antivirus evasion and evading detection.

Antivirus ‘solutions’ don’t often catch the bad guys, but they do often catch pen-testing during assignment. This tool came about as a way to execute existing shellcode in a way that could evade AV engines without rolling a new backdoor each time.

Veil Antivirus Evasion Framework

It currently consists of:

  • Veil-Evasion: a tool to generate antivirus-evading payloads using a variety of techniques and languages
  • Veil-Ordnance: a tool that can be used to quickly generate valid stager shellcode
  • Veil-Catapult: a psexec-style payload delivery system that integrates Veil-Evasion
  • Veil-Pillage: a modular post-exploitation framework that integrates Veil-Evasion
  • Veil-PowerView: a powershell tool to gain network situational awareness on Windows domains

The Approach

Veil Evasion does its’ work by:

  • Using an aggregation of various shellcode injection techniques across multiple languages
  • Having a focus on automation, usability, and developing a true framework
  • Using some shellcodeless Meterpreter stagers and “auxiliary” modules as well

One new payload is released each month with 30+ published payload modules.

You can download Veil Framework here (this is the ‘super’ project that will pull down the latest version of each tool):

Veil-Framework-Install.sh

Or read more here.

Posted in: Hacking Tools, Malware

Topic: Hacking Tools, Malware


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


13 WordPress Security Tips From Acunetix

Use Netsparker


WordPress has a pretty poor reputation when it comes to security, so here are some WordPress security tips from Acunetix. The WordPress security perception is mostly unfounded sadly, as core WordPress is pretty secure – as long as it’s updated.

WordPress Security Tips

The same goes for plug-ins and themes, if poorly maintained they are an easy ingress for an attacker. The below guide can help you cover most of the main angles to protect your site and includes some fairly advanced tips too.

WordPress sites are notoriously lacking when it comes to security. Be it due to an insufficient security expertise of the developer, or the use of one of the many plugins available (of which the security cannot be guaranteed).

With WordPress running on 1 in 5 sites on the Internet, it is no surprise that they are a very popular target for both experienced hackers and script-kiddies alike. In 2013 around 90,000 WordPress sites were hijacked for use in a botnet. They are also a popular target for malware.

This is why we’ve taken some time to detail some measures which can be taken to address the basic security holes or malpractices that are commonly present in thousands of WordPress sites.

Check out the excellent and very thorough list of WordPress security tips here:

WordPress Security: Top tips to secure your WordPress Application

Posted in: Countermeasures

Topic: Countermeasures


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Linset Download – Evil Twin Attack Hacking Tool

The New Acunetix V12 Engine


Linset is an Evil Twin Attack Hacking Tool with everything built in (multi-lingual web page, DHCP, DNS server with redirect fake AP etc) so it has a bunch of dependencies, and it’s in Spanish. But other than that, it’s pretty cool.

Linset Download - Evil Twin Attack Hacking Tool


It’s also a recursive acronym – Linset Is Not a Social Enginering Tool. There are some other cool Evil Twin tools like Infernal Twin – Automatic Wifi Hacking Tool and the protection tool EvilAP Defender – Detect Evil Twin Attacks.

Features of Linset Evil Twin Hacking Tool

  • Scan the networks.
  • Select network.
  • Capture handshake (can be used without handshake)
  • We choose one of several web interfaces tailored for me (thanks to the collaboration of the users)
  • Mounts one FakeAP imitating the original
  • A DHCP server is created on FakeAP
  • It creates a DNS server to redirect all requests to the Host
  • The web server with the selected interface is launched
  • The mechanism is launched to check the validity of the passwords that will be introduced
  • It deauthentificate all users of the network, hoping to connect to FakeAP and enter the password.
  • The attack will stop after the correct password checking

Requirements for Linset

As it’s a BASH script, there’s quite a list of external apps required to run Linset successfully:


Aircrack-ng
– Aireplay-ng
– Airmon-ng
– Airodump-ng
– Awk
– Curl
– Dhcpd
– Hostapd
– Iwconfig
– Lighttpd
– Macchanger
– Mdk3
– Php5-cgi
– Pyrit
– Python
– Unzip
– Xterm

Any standard Linux install will have quite a number, something like Kali will have even more but most likely you’ll need to install DHCPd, HostAPd, LigHTTPd and PHP5-cgi.

Linset Download

You can download Linset here:

linset.sh

Or read more here.

Posted in: Wireless Hacking

Topic: Wireless Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


The Linux glibc Exploit – What You Need To Know

The New Acunetix V12 Engine


So the Internet exploded this week with news of a pretty serious glibc exploit, something that everyone pays attention to as every Linux server uses this library and in some cases it can yield remote code execution.

In basic terms the glibc DNS client (libresolv) is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used and plenty of stuff could trigger the exploit including SSH, sudo, curl, PHP, Rails and more.

glibc Exploit

The bug was actually reported last July here – In send_dg, the recvfrom function is NOT always using the buffer size of a newly created buffer (CVE-2015-7547) but was marked as ‘P2 Normal’ priority – which is clearly not very important even though this is a classic buffer overflow which could be exploited remotely.

Windows, OS X and Android devices are not vulnerable as they use different libraries. uClibc for example had this same bug fixed 6 years ago.

Technical Details

It was reported publicly by Google, here’s the technical summary:

glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query.

Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.

Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.

The vectors to trigger this buffer overflow are very common and can include ssh, sudo, and curl. We are confident that the exploitation vectors are diverse and widespread; we have not attempted to enumerate these vectors further.

SourceCVE-2015-7547: glibc getaddrinfo stack-based buffer overflow

Most actual exploit vectors are covered by protective technologies like ASLR (good discussion on Reddit) and non-executable stack protection, but there’s still a lot of potential and this has been in the wild for 8 years (since 2.9) – so it’s pretty likely the bad guys have jumped on it long ago.


And well this is not the first time is it, if you remember the GHOST Vulnerability In glibc from early last year.

The post from Redhat with mitigation solutions and an extremely detailed analysis of the actual code is here:

[PATCH] CVE-2015-7547 — glibc getaddrinfo() stack-based buffer overflow

You can also find a PoC on Github here – Proof of concept for CVE-2015-7547

Mitigations

Our suggested mitigation is to limit the response (i.e., via DNSMasq or similar programs) sizes accepted by the DNS resolver locally as well as to ensure that DNS queries are sent only to DNS servers which limit the response size for UDP responses with the truncation bit set.

Specifically you can prevent the attack by limiting all TCP DNS replies to 1024 bytes, and dropping UDP DNS packets larger than 512 bytes.

This will effectively stop the buffer from overflowing in the first place, so..no stack smashing.

Solution

Upgrade your packages and reboot!

To check your version on Ubuntu type:

It affects:

– Ubuntu 15.10 – fixed version is 2.21-0ubuntu4.1
– Ubuntu 14.04 LTS – fixed version is 2.19-0ubuntu6.7
– Ubuntu 12.04 LTS – fixed version is 2.15-0ubuntu10.13

So get it up to date, rebooted and you’ll be fine.

Posted in: Exploits/Vulnerabilities, Linux Hacking

Topic: Exploits/Vulnerabilities, Linux Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


LNHG – Massive Web Fingerprinter (mwebfp)

The New Acunetix V12 Engine


The LowNoiseHG (LNHG) Massive Web Fingerprinter was conceived in July 2013 after realizing the usefulness of webserver screenshots to pentesters, during an engagement with large external or internal IP address ranges, as a quick means of identification of critical assets, easily-exploitable services, forgotten/outdated servers and basic network architecture knowledge of the target.

LNHG - Massive Web Fingerprinter (mwebfp)

The basic operation of mwebfp consists of the processing of an input (targets and TCP ports) that is then used to identify open web server ports with the help of a powerful portscanner (nmap). All ports found open are then analyzed (on HTTP and HTTPS) and all relevant webserver information is recorded, as well as a screenshot of the rendered webpage (as if it is seen from a broswer).

Features

  • Input
    • Target(s) can be IP address(es), IP address range(s), server name(s), etc.
    • Target(s) can be provided directly on the command-line or on a file
  • Port Definition
    • Default ports are 80 (HTTP) and 443 (HTTPS), but any port can be easily configured at runtime
  • Output
    • All output files and related support files for the scan are saved on a directory configured at runtime by the user
    • Currently, mwebfp exports results on a CSV file (Easily usable on MS Excel) only
  • Virtual Hosts
    • If requested at runtime, mwebfp will find all virutally hosted domains and webpages for the target server
  • Webserver Screenshots
    • If requested at runtime, mwebfp will grab screenshots of all found web pages (Graphical UI under Linux is required)

Usage

Requirements

In order to run mwebfp “out-of-git”, with all options enabled, you will need:

  • Python – Programming language (sudo apt-get instal python)
  • nmap – Port Scanner (sudo apt-get install nmap)
  • python-nmap – Python module (apt-get install python-nmap)
  • requests – Python module (apt-get install python-requests)
  • cutycapt – Qt WebKit Capture Utility (You will need the latest version to be able to capture HTTPS pages – do NOT do apt-get !!!)
  • A graphical interface (GUI) on the *nix server you are running the script (I assume Linux)

You can download mwebfp here:

mwebfp-master.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking

Topic: Hacking Tools, Networking Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Darknet Moving Servers & Upgrades Etc

The New Acunetix V12 Engine


So way back, this was the site 10 years ago when it launched in 2006 – not ALL that much different from today to be honest.

Darknet Site - 2006

The current theme you see here has been in use since April 2010, so almost 6 years as of February 2016 – and it’s come time to change. Which is apt, as the one before that was used since the beginning of the site in 2006.

Darknet Site - 2010

The current theme is pretty cool but it’s not mobile friendly at all, it’s kinda old, it’s no longer supported and probably not utterly efficient. So over the coming few days I’ll be upgrading everthing:

– Fresh install Server OS (to Ubuntu 14.04 LTS)
– Fresh install and configure all server software (nginx, PHP, MySQL etc)
– Theme
– Plugins

And hopefully end up with a faster, more efficient, more stable and importantly mobile responsive site.

I’ll be sticking with Linode, because well it’s been really good (despite the pesky DDoS attacks).

Anyway, the point of this post is to let you know – you may well see some weirdness over the next few days as the DNS flip-flops, there may be some periods of downtime and things might look odd or keep shifting as I make changes to the new theme and functions of the site.

I hope to be all finished by Monday 15th Feb, so if it goes to plan – it should be business as usual then. Wish me luck.

And drop a comment below or on Facebook or contact me direct if you have any feature requests (within reason, like Facebook comments etc).

Posted in: Site News

Topic: Site News


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.