Archive | September, 2016

BBQSQL – Blind SQL Injection Framework

The New Acunetix V12 Engine


BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.

BBQSQL - Blind SQL Injection Framework

Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.

Features

The most important thing to note about BBQSQL is that it doesn’t care about the data or database, whilst most SQL Injection tools are built with specific databases or languages in mind.

  • Exploits Blind SQL Injection Vulnerabilities
  • Semi-Automatic
  • Database Agnostic
  • Versatile
  • Utilises Two Search Techniques (binary_search & frequency_search)
  • Concurrent HTTP requests
  • Config Import/Export
  • Custom Hooks
  • Fast

Usage

Similar to other SQL Injection tools you must provide certain request information for the tool to work, for BBSQL this is:

  • URL
  • HTTP Method
  • Headers
  • Cookies
  • Encoding methods
  • Redirect behavior
  • Files
  • HTTP Auth
  • Proxies

Then specify where the injection is going and what syntax we are injecting.


HTTP Parameters

BBQSQL has many http parameters you can configure when setting up your attack. At a minimum you must provide the URL, where you want the injection query to run, and the method. The following options can be set:

  • files
  • headers
  • cookies
  • url
  • allow_redirects
  • proxies
  • data
  • method
  • auth

You specify where you want the injection query to be inserted by using the template ${injection}. Without the injection template the tool wont know where to insert the query.

You can download BBQSQL here:

bbqsql-v1.1.zip

Or read more here.

Posted in: Database Hacking, Hacking Tools

Topic: Database Hacking, Hacking Tools


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


Two Israeli Men Arrested For Running VDoS-s.com DDoS Service

The New Acunetix V12 Engine


DDoS or Booter services have been around for a while, but VDoS-s.com was a particularly slick (and shameless) one with a content marketing strategy and active social media accounts. Two Israeli men were arrested for running the service after ironically being hacked by a security researcher.

Two Israeli Men Arrested For Running VDoS-s.com DDoS Service

They called their service a ‘Stresser’ and claimed to have up to 216Gbps of bandwidth available (yah that’s a lot, and could take most data centers off-line).

Two Israeli men have been arrested for running a distributed-denial-of service-as-a-service site, after one seemingly claimed to attack the Pentagon.

Itay Huri and Yarden Bidani, released on US$10,000 bonds, were arrested following a tip off from the FBI, local news site TheMarker reports.

A Twitter account using Bidani’s name and handle tweeted last year that parts of the Pentagon site were down after a DDoS.

Their slick DDoS site vDos-s.com charged between US$30 and US$200 a month for DDoS attacks sold as legitimate network stress testing.

“We are not just another booter, we guarantee 10-50Gbps of UDP traffic per stress test using our DNS method, our high end dedicated servers can satisfy even the most power hungry customers,” the pair wrote on their site.


They have also allegedly cashed in over $600,000USD in the past 2 years from running the service, which is some serious coin.

Although, attacking The Pentagon DNS servers was probably a poorly conceived idea.

VDos targeted 150,000 victims according to a stolen database provided to KrebsonSecurity lifted from the site by an anonymous security researcher who exploited a vulnerability.

That database revealed the actors’ identities along with details of paying customers.

The lifted document mentions victim sites including the UK’s Imperial College Model United Nations club, game site GoodGame.co.uk, and anti-DDoS site Zare.com.

KrebsonSecurity says the booter site made some US$600,000 over the last two years.

The pair seemed to have tried to present the company as a legitimate stress testing service, rather than as guns for hire. Customers using the “legitimate stress testing company” are told they “are prohibited from stressing internet connections and/or servers that [they] do not have ownership of or authorisation to test”.

The domain is down now, and both chaps out on bail so I think the idea of them running this as a legitimate stress testing service seems ill-conceived.

It’s pretty impressive what they’ve pulled off in the info in the reports are correct which puts them at 18 years old now, and they have run this service since 2012 which made them 14 years old when they launched a fully formed money making machine (albeit rather illegal).

Source: The Register

Posted in: Legal Issues, Networking Hacking

Topic: Legal Issues, Networking Hacking


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


PunkSPIDER – A Web Vulnerability Search Engine

Use Netsparker


PunkSPIDER is a global-reaching web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly.

PunkSPIDER -  A Web Vulnerability Search Engine

In simple terms, that means the authors have created a security scanner and the required architecture that can execute a large number of web application vulnerability scans: all at the same time. The tool, or rather arsenal, works off an Apache Hadoop cluster and can handle tens of thousands of scans.

How Can I See if a Website I Use is Vulnerable?

Searching for a specific website is easy! If you know the URL of your site you can simply type the URL in the search box (without http or https) and find your website. Once there you will be presented with the number of vulnerabilities present on the site.


Let’s try an example together, let’s say you’re looking to check if our the New York Times website http://www.nytimes.com is vulnerable. You could type in www.nytimes.com in the search bar, and you should receive a result back that looks like the following:

The first line gives you the domain of the result. The timestamp field on line 2 is the time that the site was added to our system. Below that is the interesting part, the total number of vulnerabilities found on the website. If you’re non-technical, you can ignore almost every part of that and just look at the Overall Risk field – this will tell you the risk of visiting a website.

As a rule of thumb anything with an Overall Risk of 1 should make you very wary, anything with an Overall Risk of greater than 1 you should stay away from entirely.

What Types of Vulnerabilities does PunkSPIDER Map?

Check it out here:

https://www.punkspider.org/

Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


DET – Data Exfiltration Toolkit

The New Acunetix V12 Engine


DET is a proof of concept Data Exfiltration Toolkit using either single or multiple channel(s) at the same time.

DET - Data Exfiltration Toolkit

The idea behind DET was to create a generic tool-kit to plug any kind of protocol/service to test implemented Network Monitoring and Data Leakage Prevention (DLP) solutions configurations, against different data exfiltration techniques.

Features

DET already supports encryption and compression and also multiple protocols, listed here:

  • HTTP(S)
  • ICMP
  • DNS
  • SMTP/IMAP (eg. Gmail)
  • Raw TCP
  • PowerShell implementation (HTTP, DNS, ICMP, SMTP (used with Gmail))

And other “services”:

  • Google Docs (Unauthenticated)
  • Twitter (Direct Messages)

The following modules are “experimental”:

  • Skype (95% done)
  • Tor (80% done)
  • Github (30/40% done)

Usage

Installation

Clone the repo:

Then:

In the future the author hopes to add proper data obfuscation and other modules (FTP, Flickr using Steganography and YouTube).

Read more here.

Posted in: Hacking Tools, Networking Hacking

Topic: Hacking Tools, Networking Hacking


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


Linux kernel.org Hacker Arrested After Traffic Stop

Use Netsparker


So it seems the alleged kernel.org hacker has finally been caught, kinda by accident after being stopped for a traffic violation. It was quite a high profile hack, especially in the open source community as anyone downloading kernel files during that period could have theoretically been compromised.

Linux kernel.org Hacker Arrested After Traffic Stop

It’s unlikely the kernel code was actually tampered with due to the hashes for each file being distributed widely, but still – it had people rumbled.

A man who allegedly hacked the Linux Kernel Organization’s kernel.org and the Linux Foundation’s servers has been collared by cops.

Donald Ryan Austin, 27, of El Portal, Florida, will appear in court in San Francisco later this month. He is accused of four counts of “intentional transmission causing damage to a protected computer.” The charges were filed in absentia against Austin.

It is alleged his hacking spree forced the two Linux groups to shut down completely to clean up a malware infection. Austin was stopped on Thursday this week by police in Miami Shores for a traffic offense – and was arrested when he identified himself.

Court documents [PDF] claim that in 2011, Austin managed to steal the credentials of one of the Linux server admins and used these to install the Phalanx malware, a self-injecting kernel rootkit designed for the Linux 2.6 branch that hides files, processes and sockets and includes tools for sniffing a TTY program.


It’s still a pretty hardcore compromise though the reasons for it never seem to have surfaced, nor the in-depth post-mortem kernel.org folks promised to publish.

It’s also a little odd such a technical compromise used off the shelf tools that could easily be detected and identified (Phalanx and Ebury).

Using Phalanx, he is also accused of installing the Ebury trojan, which is designed for Linux, FreeBSD or Solaris hacking, onto numerous servers run by the groups. This harvested login credentials of people using the servers and forwarded them to the attacker.

Austin’s goal, according to the prosecution, was to “gain access to the software distributed through the www.kernel.org website,” presumably to tamper with it. He is also accused of leaving messages on the system for others to find, and of hacking the personal email server of one member of the Linux Foundation.

Some of the Linux servers were offline for almost a month, while administrators picked over files to make sure that the attacker hadn’t left any more nasty surprises in there. It took over five years of sleuthing to find out who could have been responsible, and now the Feds think they have their man.

Austin was released from jail on payment of $50,000 in bail money, and will have to appear in court in San Francisco at 09:30 on September 21 before the Honorable Sallie Kim. If found guilty, he faces a possible sentence of 40 years in prison and $2m in fines.

As usual with these type of cyber-crimes cases in the US, they are VERY strict and the maximum sentence is 40 years in prison plus a $2 Million fine.

A little harsh for something that was non-commercial and didn’t seem to do any long term damage. We will have to wait for the actual sentencing on Sept 21st to see what happens next.

Source: The Register

Posted in: Linux Hacking, Malware

Topic: Linux Hacking, Malware


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


DBPwAudit – Database Password Auditing Tool

Use Netsparker


DBPwAudit is a Java database password auditing tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory.

DBPwAudit - Database Password Auditing Tool

Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.

Compatibility

The tool has been tested and known to work with:

– Microsoft SQL Server 2000/2005
– Oracle 8/9/10/11
– IBM DB2 Universal Database
– MySQL

Requirements

The tool is pre-configured for these drivers but does not ship with them, due to licensing issues. The links below can be used to find some of the drivers. They should all be copied to the jdbc directory.


Links to JDBC Drivers:

MySQL
Microsoft SQL Server 2005
Microsoft SQL Server 2000
Oracle

Usage

Scan the SQL server (-s 192.168.1.130), using the specified database (-d testdb) and driver (-D MySQL) using the root username (-U root) and password dictionary (-P /usr/share/wordlists/nmap.lst):

You can download DBPwAudit here:

dbpwaudit_0_8.zip

Or read more here.

Posted in: Database Hacking, Hacking Tools, Password Cracking

Topic: Database Hacking, Hacking Tools, Password Cracking


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.