Archive | December, 2016

dnsteal – DNS Exfiltration Tool


dnsteal is a DNS exfiltration tool, essentially a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.

dnsteal - DNS Exfiltration Tool

dnsteal is coded in Python and is available on Github.

Features

dnsteal currently has:

  • Support for multiple files
  • Gzip compression supported
  • Supports the customisation of subdomains
  • Customise bytes per subdomain and the length of filename

Usage

You can download dnsteal here:

dnsteal.py

Or read more here.

Posted in: Hacking Tools, Networking Hacking

Topic: Hacking Tools, Networking Hacking


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


PowerShellArsenal – PowerShell For Reverse Engineering


PowerShellArsenal is basically PowerShell for reverse engineering in a module format. The module can be used to disassemble managed and unmanaged code, perform .NET malware analysis, analyse/scrape memory, parse file formats and memory structures, obtain internal system information, etc.

PowerShellArsenal - PowerShell For Reverse Engineering

PowerShellArsenal is comprised of the following tools:

Disassembly – Disassemble native and managed code.
MalwareAnalysis – Useful tools when performing malware analysis.
MemoryTools – Inspect and analyze process memory.
Parsers – Parse file formats and in-memory structures.
WindowsInternals – Obtain and analyze low-level Windows OS information.
Misc – Miscellaneous helper functions.
Lib – Libraries required by some of the RE functions.


Usage

To install this module, drop the entire PowerShellArsenal folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.

To use the module, type:

To see the commands imported, type:

For help on each individual command, Get-Help is your friend.

You can download PowerShellArsenal here:

PowerShellArsenal-master.zip

Or read more here.

Posted in: Forensics, Secure Coding

Topic: Forensics, Secure Coding


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


Microsoft Breaks Network Connectivity For Windows 8 & 10 Users


Microsoft breaks network connectivity for many Windows 8 and 10 users just in time for Christmas – what a lovely gift.

Microsoft Breaks Network Connectivity For Windows 8 & 10 Users

It’s related to the network stack (obviously) but seems to be specific to DHCP, so if you statically assign your LAN addresses (like most of us probably do) then you’ll be alright. And if this happens to you, just manually assign your IP/gateway/DNS servers etc and you should be fine.

A broken software update for Windows 8 and 10 is knackering internet connectivity for users of several ISPs in the UK, Europe and quite likely beyond.

Virgin Media in Blighty is the latest provider to confirm the dodgy code is knocking a number of its customers offline. Proximus in Belgium also says a Windows 10 update is breaking network access.

The problem emerged last week, when BT and Plusnet in the UK admitted that computers running Microsoft’s latest patches are losing network connectivity due to what appears to be a problem with their Dynamic Host Configuration Protocol (DHCP) clients.

Essentially, the PCs cannot automatically pick up their LAN-side IP address, router address and DNS settings from their broadband routers, causing them to drop off the internet and disappear from other devices on their network.

This happens regardless of ISP and broadband box, and is understood to be caused by a bad automatically installed Windows Update patch.


Microsoft do seem to be aware of it, and the volume of users seems to be relatively small (but not insignificant) – so I don’t think they’ll rush out a hotfix for this. And well even if they do, how are the people who can’t connect to the Internet supposed to get it?

Tricky situation you’ve gotten yourself into again Microsoft.

In a message to subscribers on Sunday, Virgin Media advised that some Windows 10 users were experiencing difficulty connecting to the internet after installing the latest update.

“Microsoft are aware and investigating,” it said.

One reader, Adam Comben, got in touch with The Register to report: “We run a retail repair shop and have seen around 25 instances of this since Thursday. It doesn’t matter what ISP or router they’ve been using – we’ve had TalkTalk, BT, Plusnet, Sky, you name it. All with the same problem, they will not obtain an IP via DHCP.”

He said the issue is definitely a DHCP problem caused by a broken Windows Update, “although we’ve not been able to identify the cause, it’s an extremely quick fix.”

He added: “It’s caused a great deal of disruption for our business customers as it required a site visit for those we couldn’t talk through it on the phone.”

At least they are investigating it, which means it will most likely be fixed at some point.

So if you know someone suffering from this problem, you know what to do.

Source: The Register

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


Fern Wifi Cracker – Wireless Security Auditing Tool


Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.

Fern Wifi Cracker - Wireless Security Auditing Tool


The Software runs on any Linux machine with prerequisites installed, and it has been tested on Ubuntu KDE/Gnome, BackTrack Linux and BackBox Linux.

What is a Wifi Cracker

A Wifi Cracker is a tool or piece of software designed to help with the recovery of Wireless Access Point (WAP) keys from WPA2 or WPS secured networks.

There are various Wifi Cracker tools available such as:

Infernal Twin – Automated Wireless Hacking Suite
FruityWifi – Wireless Network Auditing Tool
wifite – Mass Wifi WEP/WPA Key Cracking Tool
Kismet – Wireless Network Hacking, Sniffing & Monitoring

Features of Fern Wifi Cracker

Fern currently supports:

  • WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack
  • WPA/WPA2 Cracking with Dictionary or WPS based attacks
  • Automatic saving of key in database on successful crack
  • Automatic Access Point Attack System
  • Session Hijacking (Passive and Ethernet Modes)
  • Access Point MAC Address Geo Location Tracking
  • Internal MITM Engine
  • Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)
  • Update Support

Prerequisites for Fern Wifi Cracker

Fern requires the following to run properly:

  • Aircrack-NG
  • Python-Scapy
  • Python Qt4
  • Python
  • Subversion
  • Xterm
  • Reaver (for WPS Attacks)
  • Macchanger

You can download Fern Wireless Cracker here:

fern-wifi-cracker-v2.4.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Wireless Hacking

Topic: Hacking Tools, Networking Hacking, Wireless Hacking


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


sslscan Download – Detect SSL Versions & Cipher Suites (Including TLS)


sslscan is a very efficient C program that allows you to detect SSL versions & cipher suites (including TLS version checker) and also checks for vulnerabilities like Heartbleed and POODLE.

sslscan - Detect SSL Versions & Cipher Suites (Including TLS)


A useful tool to keep around after you’ve set-up a server to check the SSL configuration is robust. Especially if you’re in an Internet limited environment and you can’t use an Online tool like the excellent Qualsys SSL Labs – https://www.ssllabs.com/ssltest/

sslscan Features – TLS Version Checker

sslscan has fairly complete support to detect all versions and ciphers for both SSL and TLS, including vulnerabilities (like Heartbleed and Poodle).

  • Highlight SSLv2 and SSLv3 ciphers in output.
  • Highlight CBC ciphers on SSLv3 (POODLE).
  • Highlight 3DES and RC4 ciphers in output.
  • Highlight PFS+GCM ciphers as good in output.
  • Check for OpenSSL HeartBleed (CVE-2014-0160).
  • Flag expired certificates.
  • Flag weak DHE keys with OpenSSL >= 1.0.2.
  • Experimental Windows & OS X support.
  • Support for scanning PostgreSQL servers.
  • StartTLS support for LDAP.

ssl scan Command Usage


You can download sslscan cipher detector here:

sslscan-1.11.0-rbsec.tar.gz

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


Malware Writers Using Exclusion Lists To Linger


It seems malware writers using exclusion lists is not something new, but it’s still concerning people. To me it’d be a pretty obvious avenue, especially if you were crafting something a little more nefarious than average – like APT malware (Advanced Persistent Threat) tools.

Malware Writers Using Exclusion Lists To Linger

Definitely a chicken and egg problem, especially with Windows if you don’t exclude the OS and a bunch of system directories (including loads of ‘known’ software) you will have endless false positives. But then in this case, it can be abused.

Advanced malware writers are using anti-virus exclusion lists to better target victims, researchers say.

Software vendors use exclusion lists to explain the files and directories that antivirus software should ignore to avoid false positives and ensure an application’s proper operations.

Such lists are common: Citrix published one last week while it doesn’t take much Googling to find more. For example, here’s one from SolarWinds, and a few more from VMware, Microsoft, SAP, CA , Veritas and Sage.

When Citrix’s list emerged, The Reg pondered the lists’ possible use as a handy guide to the process names and directory locations hackers could target to take down users. Once you know, for example, that thisprocess.exe is whitelisted, creating an attack that runs as thisprocess.exe looks like an obvious tactic.

We were right: an independent malware researcher who prefers to be known as by his hacker handle “UnixFreakxjp” says some advanced malware writers are exploiting these published exclusions to produce malware targeted to particular enterprises.

“There are malware writers using whitelisted exclusion files, mostly APT (advanced persistent threat) and targeted infection groups rather than public malware operators,” he says.


The exclusion lists are actually really handy documents for malware authors as they even give executable names which are whitelisted to run. Plus directories that are exempt for scanning where you can stash your dodgy binaries.

It’s not like Windows needs more information out there on how to make it less secure..

He says the file exclusions are necessary to mitigate the “annoying” false positives caused by antivirus platforms, adding that many businesses are impacted by the erroneous flags.

Exclusions are, however, a band-aid fix and do not address core malware diagnosis problems.

Another respected security researcher requesting anonymity says he has not seen malware targeting exclusion lists but imagines it would be useful to advanced attackers.

He says the Locky ransomware actors, who tend to compromise corporates over individuals, could use a vendor’s recommended antivirus exclusion list to target clients.

“It would be interesting for attackers who know their victim is indeed using Citrix,” he says. Or known to be using any other exclusion-list-using vendor.

“The [exclusion] paths could be a nice place to store malware payloads before execution.”

He notes that organisations should have multi-layered defences and not rely solely on antivirus.

I don’t think most common garden malware floating around the web will use these kind of techniques, plus the average computer wont have software like Citrix installed on it anyway – but for corporates it’s something to be aware of.

And as mentioned above, and always, security is best treated with an onion approach of many layers (including security through obscurity) – so be on guard.

Source: The Register

Posted in: Malware

Topic: Malware


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).