Darknet - The Darkside - Ethical Hacking, Penetration Testing & Computer Security

Prisoners Hack Prison From Inside Prison

April 12, 2017 | 2,004 views

Prisoners Hack Prison! Sounds exciting right? This time it’s actually pretty entertaining with the prisoners managing to hack a prison network from INSIDE the prison using scavenged PC parts from a rehabilitation class. Some pretty resourceful guys managing to build 2 functional PCs from scrapped parts AND connect to the prison network AND try and […]

Tags: hack a prison, hacking a prison, hacking from inside prison, hacking prison, odrc, ohio prison hack, prison, prison hacking, prison security, prisoners hacking

Posted in: General Hacking, Legal Issues | Add a Comment

spectrology – Basic Audio Steganography Tool

April 10, 2017 | 1,775 views

spectrology is a Python-based audio steganography tool that can convert images to audio files with a corresponding spectrogram encoding, this allows you to hide hidden messages via images inside audio files. Using this tool you can select range of frequencies to be used and all popular image codecs are supported. Usage

usage: spectrology.py [-h] [-o OUTPUT] [-b BOTTOM] [-t TOP] [-p PIXELS]
                      [-s SAMPLING]
                      INPUT

positional arguments:
  INPUT                 Name of the image to be converted.

optional arguments:
  -h, --help            show this help message and exit
  -o OUTPUT, --output OUTPUT
                        Name of the output wav file. Default value: out.wav).
  -b BOTTOM, --bottom BOTTOM
                        Bottom frequency range. Default value: 200.
  -t TOP, --top TOP     Top frequency range. Default value: 20000.
  -p PIXELS, --pixels PIXELS
                        Pixels per second. Default value: 30.
  -s SAMPLING, --sampling SAMPLING
                        Sampling rate. Default value: 44100.

usage: spectrology.py [-h] [-o OUTPUT] [-b BOTTOM] [-t TOP] [-p PIXELS]

[-s SAMPLING]

INPUT

positional arguments:

INPUT Name of the image to be converted.

optional arguments:

-h, --help show this help message and exit

-o OUTPUT, --output OUTPUT

Name of the output wav file. Default value: out.wav).

-b BOTTOM, --bottom BOTTOM

Bottom frequency range. Default value: 200.

-t TOP, --top TOP Top frequency range. Default value: 20000.

-p PIXELS, --pixels PIXELS

Pixels per second. Default value: 30.

-s SAMPLING, --sampling SAMPLING

Sampling rate. Default value: 44100.

Example

python spectrology.py test.bmp -b 13000 -t 19000

1	python spectrology.py test.bmp -b 13000 -t 19000

You […]

Tags: audio steganography, audio steganography tool, Python, spectrology, steg, steganography, steganography tool

Posted in: Cryptography, Hacking Tools, Privacy | Add a Comment

PowerMemory – Exploit Windows Credentials In Memory

April 8, 2017 | 3,609 views

PowerMemory is a PowerShell based tool to exploit Windows credentials present in files and memory, it levers Microsoft signed binaries to hack Windows. The method is totally new. It proves that it can be extremely easy to get credentials or any other information from Windows memory without needing to code in C-type languages. In addition, […]

Tags: crack aes, crack des-x, des-x, extract windows passwords, hacking-windows, kerberos, powermemory, powershell, powershell hacking, windows-security

Posted in: Exploits/Vulnerabilities, Hacking Tools, Password Cracking, Windows Hacking | Add a Comment

Microsoft Azure Web Application Firewall (WAF) Launched

April 6, 2017 | 1,868 views

Not too long after Amazon launched their cloud protection WAF the Microsoft Azure Web Application Firewall (WAF) has been made generally available in all public Azure DCs. It’s a good move with the majority of websites and services moving into one of the big 3 cloud providers (AWS, Google or Azure) and the vast majority […]

Tags: azure, azure firewall, azure security, azure waf, cloud, cloud security, microsoft azure, waf, web application firewall

Posted in: Countermeasures, Web Hacking | Add a Comment

HashData – A Command-line Hash Identifying Tool

April 3, 2017 | 1,642 views

HashData is a Ruby-based command-line REPL Hash Identifying Tool with support for a lot of different (most popular) hash types. Installation

$ gem install hashdata

1	$ gem install hashdata

Usage Command Line When installed, run hashdata and paste in hashes when prompted. Library Example Script:

require 'hashdata'
hash = HashData.new
puts(hash.check_type("1111111111111",'DES'))

require 'hashdata'

hash = HashData.new

puts(hash.check_type("1111111111111",'DES'))

The above should output true. The library only matches the start of your second input, this […]

Tags: audit hashes, hash, hash identifying tool, hash identity, hashdata, hashes, identify hash, identify hash type, identify password hash, password hash identifier, password-hash, ruby

Posted in: Cryptography, Hacking Tools, Password Cracking | Add a Comment

European Commission Pushing For Encryption Backdoors

March 31, 2017 | 708 views

The debate surrounding encryption backdoors has been raging on for years with governments (that typically don’t really understand the things they are pushing for) requesting all software have government ‘secured’ backdoor keys. This is now getting more serious in Europe with the EC actually forcing the issue (in a passive aggressive kind of way for […]

Tags: cryptography legislation, ec, encryption backdoor, encryption security, end to end encryption, european commission, european encryption law

Posted in: Cryptography, Legal Issues, Privacy | Add a Comment

HashPump – Exploit Hash Length Extension Attack

March 27, 2017 | 1,490 views

HashPump is a C++ based command line tool to exploit the Hash Length Extension Attack with various hash types supported, including MD4, MD5, SHA1, SHA256, and SHA512. There’s a good write-up of how to use this in practical terms here: Plaid CTF 2014: mtpox Usage

$ hashpump -h
HashPump [-h help] [-t test] [-s signature] [-d data] [-a additional] [-k keylength]
    HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack.
    -h --help          Display this message.
    -t --test          Run tests to verify each algorithm is operating properly.
    -s --signature     The signature from known message.
    -d --data          The data from the known message.
    -a --additional    The information you would like to add to the known message.
    -k --keylength     The length in bytes of the key being used to sign the original message with.
    Version 1.2.0 with CRC32, MD5, SHA1, SHA256 and SHA512 support.
    <Developed by bwall(@botnet_hunter)>

$ hashpump -h

HashPump [-h help] [-t test] [-s signature] [-d data] [-a additional] [-k keylength]

HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack.

-h --help Display this message.

-t --test Run tests to verify each algorithm is operating properly.

-s --signature The signature from known message.

-d --data The data from the known message.

-a --additional The information you would like to add to the known message.

-k --keylength The length in bytes of the key being used to sign the original message with.

Version 1.2.0 with CRC32, MD5, SHA1, SHA256 and SHA512 support.

You can download HashPump here:

$ git clone https://github.com/bwall/HashPump.git
$ apt-get install g++ libssl-dev
$ cd HashPump
$ make
$ make install

$ git clone https://github.com/bwall/HashPump.git

$ apt-get install g++ libssl-dev

$ cd HashPump

$ make

$ make install

Or read more […]

Tags: c, cpp, hash length, hash length attack, hash length extension, hash length extension attack, hashpump, Python

Posted in: Cryptography, Exploits/Vulnerabilities, Hacking Tools | Add a Comment

Kadimus – LFI Scanner & Exploitation Tool

March 25, 2017 | 1,955 views

Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion. Installation

$git clone https://github.com/P0cL4bs/Kadimus.git
$ cd Kadimus

1 2	$git clone https://github.com/P0cL4bs/Kadimus.git $ cd Kadimus

Then you can run the configure file:

./configure

1	./configure

Then:

$ make

$ make

Features Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support […]

Tags: detect lfi, detect local file inclusion, exploit lfi, exploit local file inclusion, kadimus, lfi, lfi exploit, lfi scanner, local file inclusion, scan for lfi

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment

LastPass Leaking Passwords Via Chrome Extension

March 23, 2017 | 6,291 views

LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a […]

Tags: google project zero, lastpass, lastpass hack, lastpass leak, lastpass security, password management, password manager, password-security, project zero, tavis ormandy

Posted in: Exploits/Vulnerabilities, Password Cracking, Web Hacking | Add a Comment

SessionGopher – Session Extraction Tool

March 20, 2017 | 1,580 views

SessionGopher is a PowerShell Session Extraction tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. The tool can find and decrypt saved session information for remote access tools. It has WMI functionality built in so it can be run remotely, its […]

Tags: extract filezilla session, extract putty session, filezilla, filezilla security, fireeye, hack putty, powershell, powershell hacking, powershell session extraction, putty hacking, putty session extract, sessiongopher