Darknet https://www.darknet.org.uk Hacking Tools, Hacker News & Cyber Security Mon, 12 Feb 2018 10:02:30 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.4 https://www.darknet.org.uk/images/darknet_logo_small.jpghttps://www.darknet.org.uk/images/darknet_logo_small.jpgdf6f0b BootStomp – Find Android Bootloader Vulnerabilities https://www.darknet.org.uk/2018/02/bootstomp-find-android-bootloader-vulnerabilities/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/02/bootstomp-find-android-bootloader-vulnerabilities/#respond Mon, 12 Feb 2018 09:59:51 +0000 https://www.darknet.org.uk/?p=4640 BootStomp – Find Android Bootloader Vulnerabilities

BootStomp is a Python-based tool, with Docker support that helps you find two different classes of Android bootloader vulnerabilities and bugs. It looks for memory corruption and state storage vulnerabilities.

Note that BootStomp works with boot-loaders compiled for ARM architectures (32 and 64 bits both) and that results might slightly vary depending on angr and Z3’s versions. This is because of the time angr takes to analyze basic blocks and to Z3’s expression concretization results.

Read the rest of BootStomp – Find Android Bootloader Vulnerabilities now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/02/bootstomp-find-android-bootloader-vulnerabilities/feed/ 0
Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 https://www.darknet.org.uk/2018/02/google-chrome-marking-non-https-sites-insecure-july-2018/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/02/google-chrome-marking-non-https-sites-insecure-july-2018/#respond Fri, 09 Feb 2018 18:08:35 +0000 https://www.darknet.org.uk/?p=4952 Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018

Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68. It’s a pretty strong move, but Google and the Internet, in general, has been moving in this direction for a while.

It started with suggestions, then forced SSL on all sites behind logins, then mixed-content warnings, then showing HTTP sites are not-secured and now it’s going to be outright marked as insecure.

Read the rest of Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/02/google-chrome-marking-non-https-sites-insecure-july-2018/feed/ 0
altdns – Subdomain Recon Tool With Permutation Generation https://www.darknet.org.uk/2018/02/altdns-subdomain-recon-tool-with-permutation-generation/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/02/altdns-subdomain-recon-tool-with-permutation-generation/#respond Tue, 06 Feb 2018 17:07:07 +0000 https://www.darknet.org.uk/?p=4769 altdns – Subdomain Recon Tool With Permutation Generation

Altdns is a Subdomain Recon Tool in Python that allows for the discovery of subdomains that conform to patterns. The tool takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.

From these two lists that are provided as input to altdns, the tool then generates a massive output of “altered” or “mutated” potential subdomains that could be present.

Read the rest of altdns – Subdomain Recon Tool With Permutation Generation now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/02/altdns-subdomain-recon-tool-with-permutation-generation/feed/ 0
0-Day Flash Vulnerability Exploited In The Wild https://www.darknet.org.uk/2018/02/0-day-flash-vulnerability-exploited-in-the-wild/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/02/0-day-flash-vulnerability-exploited-in-the-wild/#respond Sat, 03 Feb 2018 11:54:08 +0000 https://www.darknet.org.uk/?p=4944 0-Day Flash Vulnerability Exploited In The Wild

So another 0-Day Flash Vulnerability is being exploited in the Wild, a previously unknown flaw which has been labelled CVE-2018-4878 and it affects 28.0.0.137 and earlier versions for both Windows and Mac (the desktop runtime) and for basically everything in the Chrome Flash Player (Windows, Mac, Linux and Chrome OS).

The full Adobe Security Advisory can be found here:

– Security Advisory for Flash Player | APSA18-01

Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers.

Read the rest of 0-Day Flash Vulnerability Exploited In The Wild now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/02/0-day-flash-vulnerability-exploited-in-the-wild/feed/ 0
dorkbot – Command-Line Tool For Google Dorking https://www.darknet.org.uk/2018/02/dorkbot-command-line-tool-for-google-dorking/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/02/dorkbot-command-line-tool-for-google-dorking/#respond Thu, 01 Feb 2018 14:33:18 +0000 https://www.darknet.org.uk/?p=4777 dorkbot – Command-Line Tool For Google Dorking

dorkbot is a modular command-line tool for Google dorking, which is performing vulnerability scans against a set of web pages returned by Google search queries in a given Google Custom Search Engine.

How dorkbot works

It is broken up into two sets of modules:

  • Indexers – modules that issue a search query and return the results as targets
  • Scanners – modules that perform a vulnerability scan against each target

Targets are stored in a local database file upon being indexed.

Read the rest of dorkbot – Command-Line Tool For Google Dorking now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/02/dorkbot-command-line-tool-for-google-dorking/feed/ 0
USBPcap – USB Packet Capture For Windows https://www.darknet.org.uk/2018/01/usbpcap-usb-packet-capture-windows/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/01/usbpcap-usb-packet-capture-windows/#comments Wed, 24 Jan 2018 10:14:05 +0000 https://www.darknet.org.uk/?p=4853 USBPcap – USB Packet Capture For Windows

USBPcap is an open-source USB Packet Capture tool for Windows that can be used together with Wireshark in order to analyse USB traffic without using a Virtual Machine.

Currently, the live capture can be done on “standard input” capture basis: you write a magic command in cmd.exe and you get the Wireshark to capture raw USB traffic on Windows.

USBPcapDriver has three “hats”:

  • Root Hub (USBPCAP_MAGIC_ROOTHUB)
  • Control (USBPCAP_MAGIC_CONTROL)
  • Device (USBPCAP_MAGIC_DEVICE)

What you won’t see using USBPcap

As USBPcap captures URBs passed between functional device object (FDO) and physical device object (PDO) there are some USB communications elements that you will notice only in hardware USB sniffer.

Read the rest of USBPcap – USB Packet Capture For Windows now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/01/usbpcap-usb-packet-capture-windows/feed/ 1
OWASP ZSC – Obfuscated Code Generator Tool https://www.darknet.org.uk/2018/01/owasp-zsc-obfuscated-code-generator-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/01/owasp-zsc-obfuscated-code-generator-tool/#comments Mon, 15 Jan 2018 18:05:01 +0000 https://www.darknet.org.uk/?p=4779 OWASP ZSC – Obfuscated Code Generator Tool

OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.

Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malware, bypassing antivirus software, obfuscating code for protection and so on.

This software can be run on Windows/Linux/OSX under Python.

Why use OWASP ZSC Obfuscated Code Generator Tool

Another good reason for obfuscating files or generating shellcode with ZSC is that it can be used for pen-testing assignments.

Read the rest of OWASP ZSC – Obfuscated Code Generator Tool now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/01/owasp-zsc-obfuscated-code-generator-tool/feed/ 2
A Look Back At 2017 – Tools & News Highlights https://www.darknet.org.uk/2018/01/look-back-2017-tools-news-highlights/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/01/look-back-2017-tools-news-highlights/#respond Sun, 14 Jan 2018 15:20:48 +0000 https://www.darknet.org.uk/?p=4932 A Look Back At 2017 – Tools & News Highlights

So here we are in 2018, taking a look back at 2017, quite a year it was. We somehow forgot to do this last year so just have the 2015 summary and the 2014 summary but no 2016 edition.

2017 News Stories

All kinds of things happened in 2017 starting with some pretty comical shit and the MongoDB Ransack – Over 33,000 Databases Hacked, I’ve personally had very poor experienced with MongoDB in general and I did notice the sloppy defaults (listen on all interfaces, no password) when I used it, I believe the defaults have been corrected – but I still don’t have a good impression of it.

Read the rest of A Look Back At 2017 – Tools & News Highlights now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/01/look-back-2017-tools-news-highlights/feed/ 0
Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux https://www.darknet.org.uk/2018/01/spectre-meltdown-checker-vulnerability-mitigation-tool-linux/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/01/spectre-meltdown-checker-vulnerability-mitigation-tool-linux/#respond Wed, 10 Jan 2018 18:04:15 +0000 https://www.darknet.org.uk/?p=4930 Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux

Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs that were made public early 2018.

Without options, it’ll inspect you currently running kernel. You can also specify a kernel image on the command line, if you’d like to inspect a kernel you’re not running.

The script will do its best to detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number.

Read the rest of Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/01/spectre-meltdown-checker-vulnerability-mitigation-tool-linux/feed/ 0
Hijacker – Reaver For Android Wifi Hacker App https://www.darknet.org.uk/2018/01/hijacker-reaver-android-wifi-hacker-app/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/01/hijacker-reaver-android-wifi-hacker-app/#respond Tue, 02 Jan 2018 16:02:39 +0000 https://www.darknet.org.uk/?p=4780 Hijacker – Reaver For Android Wifi Hacker App

Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.

It offers a simple and easy UI to use these tools without typing commands in a console and copy & pasting MAC addresses.

Features of Hijacker Reaver For Android Wifi Hacker App
Information Gathering

  • View a list of access points and stations (clients) around you (even hidden ones)
  • View the activity of a specific network (by measuring beacons and data packets) and its clients
  • Statistics about access points and stations
  • See the manufacturer of a device (AP or station) from the OUI database
  • See the signal power of devices and filter the ones that are closer to you
  • Save captured packets in .cap file

Reaver for Android Wifi Cracker Attacks

  • Deauthenticate all the clients of a network (either targeting each one or without specific target)
  • Deauthenticate a specific client from the network it’s connected
  • MDK3 Beacon Flooding with custom options and SSID list
  • MDK3 Authentication DoS for a specific network or to every nearby AP
  • Capture a WPA handshake or gather IVs to crack a WEP network
  • Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)

Other Wifi Hacker App Features

  • Leave the app running in the background, optionally with a notification
  • Copy commands or MAC addresses to clipboard
  • Includes the required tools, no need for manual installation
  • Includes the nexmon driver and management utility for BCM4339 devices
  • Set commands to enable and disable monitor mode automatically
  • Crack .cap files with a custom wordlist
  • Create custom actions and run them on an access point or a client easily
  • Sort and filter Access Points and Stations with many parameters
  • Export all gathered information to a file
  • Add a persistent alias to a device (by MAC) for easier identification

Requirements to Crack Wifi Password with Android

This application requires an ARM Android device with an internal wireless adapter that supports Monitor Mode.

Read the rest of Hijacker – Reaver For Android Wifi Hacker App now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/01/hijacker-reaver-android-wifi-hacker-app/feed/ 0