Archive for the ‘Vulnerability’ Category

Cyborg Linux, based on ubuntu, was developed by Team Cyborg, led by Vaibhav Singh and Shahnawaz Alam from Ztrela Knowledge Solutions. Cyborg Hawk has more than 700 tools, the most complete tool, can be used for network security and auditing and digital forensics, but also for mobile security and wireless network security testing. Cyborg Hawk’s interface is also quite beautiful, and is considered to be the most advanced, powerful and beautiful penetration test release ever.

Features

  • More than 750+ penetration testing tools included.
  • Cyborg Hawk is totally Free and always will be.
  • Can be used as live OS with full capability.
  • Exploitation Toolkit, Stress Testing, Reverse Engineering, Forensics, Mobile Security & Wireless Security.
  • Full virtual machine support in version v1.1.
  • Now comes with its own repository.
  • Reliable and stable.
  • Various Wireless devices support.
  • Well sorted menu, everything organised in a logical manner.
  • The kernel is patched from injection.

Tool Categories

The 750 or so tools are grouped roughly in the menu in the following categories:

  • Information Gathering
  • Vulnerability Assessment
  • Exploitation
  • Privilege Escalation
  • Maintaining Access
  • Documentation & Reporting
  • Reverse Engineering
  • Stress Testing
  • Forensics
  • Wireless Security
  • RFID/NFC
  • Hardware Hacking
  • VoIP Analysis
  • Mobile Security
  • Malware Analysis

Download Cyborg 

Documentation Cyborg LINUX

Cyborg tutorials

 

 

Yet another Flash Zero-Day released last night, again this exploit is coming from the data hackers obtained from breaching ‘The Hacking Team’.Adobe-Logo-psd64589

Previous issue: CVE-2015-5119 that affected Adobe Flash Player versions 9.0 through version 18.0.0.194.

All the data obtained from this breach has been made available on a Mirror site: https://ht.transparencytoolkit.org and now WikeLeaks :https://wikileaks.org/hackingteam/emails/emailid/45977 has also uploaded this data and made it easier to investigate by allowing users to search for Keywords.

I would think there could also be more on the way!

New Zero-Day: CVE-2015-5122

Affected software versions

Adobe Flash Player 18.0.0.203 and earlier versions for Windows and Macintosh
Adobe Flash Player 18.0.0.204 and earlier versions for Linux installed with Google Chrome
Adobe Flash Player Extended Support Release version 13.0.0.302 and earlier 13.x versions for Windows and Macintosh
Adobe Flash Player Extended Support Release version 11.2.202.481 and earlier 11.x versions for Linux

Adobe Security Bulletin

https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

WikiLeaks Reference – New Zero-Day

https://wikileaks.org/hackingteam/emails/emailid/45977

Link to the New POC

http://pastebin.com/QiMumzqx

Link to the Old POC

http://pastebin.com/CcJQRxhy

POC

Public POC when ran in the Browser the exploit opens the Calc.exe on Windows.

Picture compliments of @dummys1337

tv-300x2241

There are a large number of websites and programs that prompt end users to save passwords on their personal computer(s). Popular web browsers such as Mozilla Firefox, Internet Explorer, Google Chrome, and instant messaging software like Windows Live Messenger are capable of saving user logins and passwords on the local computer. A common task that arises for the end-user is to find stored passwords on a computer in order to recover lost or forgotten access information. Depending on the application being used, operating system, and specific user permissions, the task can be as easy as choosing some options in the OS or having to download specific tools to crack the password file hash.

How to Find Stored Passwords in Windows XP

Microsoft Windows has the capability to manage stored user names and passwords for individual users so unique software may not be required for this purpose.

Step 1 – Click on the “Start” menu button and launch the “Control Panel”.

Step 2 – Locate the “Pick a category” menu label the select “User Accounts” menu option.

Step 3 – Open the “Stored User Names and Passwords” menu option by selecting “Manage my network passwords” beneath the “Related Tasks” menu label. If you are logged in as an administrator, select your user account. Then under related tasks choose the “Manage my network passwords.”

Step 4 – View the list of stored usernames and passwords.

How to Find Stored Passwords in Windows 7

Step 1 – Click on the “Start” menu button and launch “Control Panel”.

Step 2 – Click on “User Accounts and Family Safety”, then on “User Accounts”

Step 3 – In the left pane, click “Manage your network passwords”.

How to Find Stored Passwords in Windows 8

Step 1 – Click on the “Start” menu button and launch “Control Panel”.

Step 2 – Click on “User Accounts and Family Safety”, then on “Credential Manager”

How to View Stored Passwords on a MAC

On computers than run the Mac OS X operating system, when a user tells their computer to store a password associated with an application, website, or wireless network, the information is saved on the computer’s hard drive. OS X uses the Keychain Access utility to help Mac users to look-up and manage their stored passwords.

Step 1 – Launch the OS X “Finder” by clicking the menu icon on the computer’s dock. Then, navigate to the “Utilities” folder which is located under the “Applications” section on the Mac hard drive.

Step 2 – Open the “Keychain Access” program icon to launch the password utility application. Then, select “Passwords” from the options located in the lower left corner of the program window.

Step 3 – From the list find the application, web site or network name associated with the password you want to view and double click on it. A new window showing information about it will display.

Step 4 – Click on the “Show password” checkbox to reveal the password. You will be asked to enter your user password, and click “Allow”, in order to see it. Once you do it will be visible in the “Show password” field.

How to Find Stored Passwords in Firefox

The Mozilla FireFox Password Manager application stores user names and passwords on your computer’s hard drive and will automatically enter the data when visiting websites that require the information.

Steps to Use the Mozilla FireFox Password Manager

Step 1 – Launch Mozilla Firefox by double clicking the program icon on your computer’s desktop.

Step 2 – Select the “FireFox” menu button and then click the “Options” menu choice.

Step 3 – Select the “Security” menu tab that is located at the upper portion of the “Options” window.

Step 4 – Select the “Remember Passwords for Sites” check box if not already selected.

Step 5 – Log into a website that requires a username and password. Choose the “Remember” menu button on the subsequently displayed dialog box to save a new password in the FireFox Password Manager. Alternatively, you can choose the “Never for This Site” menu option to add an exception to the Password manger.

Step 6 – Choose the “Exceptions” menu button in FireFox to view the current exception list that the web browser is configured to never save a password. Sites can be removed from this list by clicking the “Remove All” menu button (removes all exceptions) or individually by selecting a site and choosing the “Remove” button.

Step 7 – View the saved passwords in the Password Manager by selecting the “Saved Passwords” menu button. You can also remove passwords from this window by clicking the “Remove All” or “Remove” menu buttons.

Steps to Change the FireFox Password Manager Master Password

The FireFox master password is used to protect the master key for the FireFox browser on your computer. The master key is used to encrypt email passwords, web site passwords, and other potentially sensitive information stored by the Form and Password Manager on your computer.

Step 1 – Launch Mozilla FireFox by double clicking the program icon.

Step 2 – Select the “FireFox” menu button, then click the “Options” menu choice, and choose the “Security” tab.

Step 3 – If the “Use a master password” checkbox is not selected you don’t have a master password. If it is selected then click on the “Change Master Password” button.

Step 4 – Enter your current password, and then in the fields below enter and re-enter the new password you wish to set.

How to Recover Passwords Hidden Behind Asterisks

A common problem that arises for end-users is determining what passwords are saved by their web browser if they do not have access to the Password Manager or equivalent application on their computer. The BulletsPassView utility is one of the most used freeware applications capable of performing this task. The program is a tool that is designed to reveal the passwords stored behind the asterisks in the standard password text box on the Windows operating system and Internet Explorer web browsers.

Improvements made to the BulletsPassView application from the legacy Asterisk Logger utility include support for Windows 7/8/Vista, support for Internet Explorer password text boxes, improved command line support, Unicode support to properly capture non-English language passwords, and not revealing the password inside of the password text-box itself (inside of the main window of the application only). The new version of BulletsPassView does have limitations; however, as it is not able to retrieve passwords displayed in the Chrome, FireFox, or Opera web browsers as well as the network and dial-up passwords on Windows. This is due to the fact that these applications do not save the password stored behind the asterisks to improve security.

Steps to Use BulletsPassView

Step 1 – Download the appropriate version of BulletsPassView for your computer. Please note that if you are using a 64 bit Windows computer there is a different version of the software than for 32 bit computers. You can tell if your Windows computer is a 64 bit by selecting “Start,” “Control Panel,” and “System” menu options and the OS type will be listed about half-way down the subsequently displayed screen.

Step 2 – Double-click the executable file downloaded to launch the application. The BulletsPassView program does not require an installation process. On launch, the program will make a first scan to locate any password text-boxes actively displayed and show the result on the program’s main window.

Step 3 – Open a website in Internet Explorer that has a password saved which you need to recover. Then click the “Refresh” menu button on BulletsPassView or press the “F5” key on your computer to display the password. Alternatively, the application supports an “Auto Refresh” option that is selectable under the “Options” menu to automatically scan for new passwords every few minutes.

Step 4 – Open the Windows command prompt by selecting the “Start” menu button and entering “CMD” in the search text field. Then, enter the fully qualified path to the BulletsPassView application and include “/stext <Filename>” followed by pressing the “Enter” key. This will save the list of passwords currently displayed on the computer’s screen to save the information in a simple text file.

BulletsPassView Command Line Options

BulletsPassView supports a number of command line options to save on-screen data into a number of formats to include text, XML, HTML, CSV.

/stext <Filename>       Save the list of bullet passwords into simple text file.

/stab <Filename>         Save the list of bullet passwords into a tab-delimited text file.

/scomma <Filename> Save the list of bullet passwords into a comma-delimited text file (csv).

/stabular <Filename>   Save the list of bullet passwords into a tabular text file.

/shtml <Filename>      Save the list of bullet passwords into HTML file (Horizontal).

/sverhtml <Filename>  Save the list of bullet passwords into HTML file (Vertical).

/sxml <Filename>        Save the list of bullet passwords into XML file.

 

Find Stored Passwords Using Cain & Abel

Cain & Abel is able to disclose or recover stored passwords on computers using the Windows operating system (OS). The application is distributed as freeware and includes the capability to conduct password-box revealing, network sniffing, brute-force, and dictionary attacks. The application does not exploit software bugs or vulnerabilities to ensure a higher quality of service. The primary purpose of the software is to simplify the recovery of passwords and credentials for network administrators, security professionals, and security software vendors. The current version of the software is faster than previous versions and provides support for encrypted protocols such as SSH-1 and HTTPS.

Find Stored Passwords in ZIP Files Using ALZip

ALZip is freeware produced by ESTSoft and is designed to recover lost or forgotten passwords from ZIP files. ALZip allows end-users to compress, uncompress, and recover lost passwords for zip file archives. The application has a “Password Recovery” menu option that when selected will recover the lost information for the end-user.

Other Popular Password Recovery Tools

Some of the other popular password recovery tools found are the freeware utilities produced by NirSoftFreeware, Ultimate ZIP Cracker, and the Password Recovery Tool for MS Access 1.

NirSoftFreeware has a number of handy freeware utilities for recovering lost passwords from IE, Outlook, and various Instant Messaging clients.

Ultimate ZIP Cracker (shareware from VDGSoftware) recovers passwords from ZIP, ARJ, MS Word, and MS Excel formats. The program supports Brute Force attacks, Smart, Dictionary, Date, and Customized searches when recovering passwords associated with the supported file formats.

Password Recovery Tool for MS Access 1 (from Hongxin Technology & Trade) is a free tool to recover MS Access passwords. The application provides support for MS Access database files through the 2003 version. The ability to recover passwords for newer versions of Access is not stated to be supported.

 

tv crime2Internet users have need to protect themselves against the GameOver Zeus and CryptoLocker viruses being used by criminal gangs to extort millions of pounds, US and UK security agencies announced on Monday.

The warning came after the FBI successfully disrupted a major cybercriminal network in the US from using the viruses to infect computers and steal data.

GameOver Zeus, also known as P2PZeuS, was designed by Russia and Ukrainian gangs to find and harness computer files that give access to banking and financial information, while Cryptolocker encrypts all files on a target’s computer and demands the user pays around £300 to unlock the file.

Almost 250,000 computers worldwide have been infected with CryptoLocker since it emerged in April and it has so far been used to extort payments of more than $27m (£16m), according to the FBI.

Industry experts have been quick to back up the stern message from the National Crime Agency, whose advice to visit internet awareness group Get Safe Online’s‘s website led to the site going down for 15 hours.

Below are some methods experts recommend to protect yourself from GameOver Zeus and CryptoLocker, and remove it if you suspect your computer is infected.

Protect your passwords
Unencrypted passwords should not be stored on your computer in case they are found by GameOver Zeus or another similarly aggressive malware programme, recommends Hugh Boyes, the head of the cyber security team at the Institution of Engineering and Technology’s (IET).

“If there is a need to store passwords, then use a good password manager application, which backs up and shares with your smartphone or tablet computer.”

Beware of suspicious emails
Do not open email attachments unless you are certain they are authentic. Potentially harmful emails generally have some or all of the following characteristics according the Get Safe Online:

– You don’t know the sender.
– The message contains misspellings (for example using a zero instead of an ‘o’) designed to fool spam filters.
– It makes an offer that seems too good to be true.
– The subject line and contents do not match.
– Contains an urgent offer end date (for example “Buy now and get 50% off”).
– Contains a request to forward an email to multiple people, and may offer money for doing so.
– Contains a virus warning.
– Contains attachments, which could include .exe files.

Back up your files 
All of your files, including photos and documents, should be regularly saved to an external piece of hardware, such as a USB stick or an external hard drive. This means it will not be lost if your computer is attacked, or if it breaks.

Update your computer programmes – especially anti-virus software
The NCA has advised that people ensure their security software is installed and updated, and that they run scans. Users should also check that their computer operating systems and applications in general are up to date.

Microsoft users can do this by using the ‘Check for Updates’ function on Windows Update, while Mac users can choose go to ‘Software Update’ on the System Preferences menu.

We have found that the Trojan seems to be using ports TCP 22222 and UDP 11111 to propagate through your network. As such for the less technical people I have created an executable that will close the ports in/out

DOWNLOAD: ZeusGameOverBlocker.exe  

For those who wish to do this manually copy the below text into a command prompt:

netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=TCP dir=out remoteport=22222 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=UDP dir=out remoteport=11111 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=TCP dir=in remoteport=22222 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=UDP dir=in remoteport=11111 action=block

This will create four rules called ZeusGameOver. If you wish to remove the rule for any reason paste the below line on text in the command line.

netsh advfirewall firewall delete rule name=”ZeusGameOver”

Current Status and Infection Rate

http://www.us-cert.gov/ncas/alerts/TA14-150A

zeus

 

tv heart

It is not just websites and routers that are vulnerable to the web-wide bug Heartbleed — certain Android models are at risk too.

As Google noted in its own Heartbleed disclosures on Wednesday, Android devices running Android 4.1.1 Jelly Bean are vulnerable to Heartbleed. Google said patching information is being distributed to its Android partners.

So how many phones are still running Android 4.1.1? That’s difficult to determine. Although 34.4% of Android devices are running Android Jelly Bean, Google does not break out how what percentage of users are on its various versions — 4.1.1 and 4.1.2.

The latest version of Jelly Bean is 4.1.2, which was released in October 2012.

A Google spokesperson confirmed to Bloomberg that there are “millions” of devices running Android 4.1.1.

Because Android updates are controlled by phone manufacturers and wireless carriers, it can be challenging to determine what versions of Android are available for various devices. We do know, however, that the HTC One S is running Android 4.1.1.

Heartbleed underscores what has long been one of Android’s biggest problems: pushing out software updates to its myriad vendors. Android updates are the responsibility of the device maker, and often need to be approved by wireless carriers. The only exceptions are Google-made devices, such as the Nexus series and Google Play Edition phones.

Previous attempts at getting phone manufacturers and carriers to adopt Android updates have not met with success. If there is a positive aspect to Heartbleed, it is that this might scare device makers into pay more attention to versions (and to put in better processes for security updates).

If you know your Android device is running Android 4.1.1, let us know the model and manufacturer in the comments, along with your wireless carrier. That will give us all a better sense of which companies are falling behind in the battle to patch Heartbleed.

tv crime2

Facebook has several security measures to protect users’ account, such as a user “access token” is granted to the Facebook application (like Candy Crush Saga, Lexulous Word Game), when the user authorizes it, it provides temporary and secure access to Facebook APIs.

To make this possible, users have to ‘allow or accept’ the application request so that an app can access your account information with the required permissions.

The Access Token stores information about permissions that have been granted as well as information about when the token will expire and which app generated it. Approved Facebook apps can publish or delete content on your behalf using the access tokens, rather than your Facebook password.

Access tokens are pretty sensitive, because anyone who knows the access token of a user can access the user’s data and can perform any actions on behalf of the user, till the token is valid.

In Past years, Many Security Researchers reported various Oauth vulnerabilities to the Facebook Security team, but if the app traffic is not encrypted, you are not protected from the man-in-the middle attack and the attacker could steal your private information, using ‘access token’.

Thus, access token is enough to allow a hacker to do all that the app authorized to do. The vulnerability is not new, it has already been known for a year, but Facebook is still vulnerable to hackers and surveillance specialized agencies like the NSA.The Facebook Security team has acknowledged the vulnerability claimed by Ahmed Elsobky, a penetration tester from Egypt, “We’d actually received an earlier report from another researcher regarding this same issue. In response to that report, we’ve been working on limiting this behavior when it comes to our official apps, since they’re pre-authorized. For other apps, unfortunately, fully preventing this would mean requiring any site integrating with Facebook to use HTTPS, which simply isn’t practical for right now.“He demonstrated that ‘How to hack a Facebook account by hijacking access token with Man-in-the-Middle attack‘, as shown:

saccount
Facebook apps must be protected from man-in-the middle attacks, and this can be done effectively by using HTTPS to encrypt any traffic that contains sensitive information or authentication credentials.
If You are a Facebook app developer, you should never send an ‘access token’ over unencrypted channels and Facebook users should only trust the encrypted apps and use “HTTPS Everywhere” Browser Extension for automated security.

TheHackerNews

tv Snort

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Official Release Note of Snort 2.9.1:- 

  • Protocol aware reassembly support for HTTP and DCE/RPC pre-processors. Updates to Stream5 allowing Snort to more intelligently inspect HTTP and DCE/RPC requests and responses. See README.stream5 subsection related to Protocol Aware Flushing (PAF).
  • SIP pre-processor to identify SIP call channels and provide rule access via new rule option keywords. Also includes new pre-processor rules for anomalies in the SIP communications. See the Snort Manual and README.sip for details.
  • POP3 & IMAP pre-processors to decode email attachments in Base64, Quoted Printable, and uuencode formats, and updates to SMTP pre-processor for decoding email attachments encoded as Quoted Printable and uuencode formats. See the Snort Manual, README.pop, README.imap, and README.SMTP for details.
  • Support for reading large pcap files.
  • Logging of HTTP URL (host and filename), SMTP attachment filenames and email recipients to unified2 when Snort generates events on related traffic.
  • IP Reputation pre-processor, allowing Snort to blacklist or whitelist packets based on their IP addresses. This pre-processor is still in an experimental state, so please report any issues to the Snort team. See README. Reputation for more information.

To download Snort Click Here

tv crime2

Microsoft Windows contains vulnerability (CVE-2013-3660) that could allow an local attacker to gain elevated privileges on a targeted system. The vulnerability classified as critical has been found in Microsoft Windows XP/Vista/7/2000/Server 2003/2008. This affects the function win32k!EPATHOBJ::pprFlattenRec of the component Kernel. The vulnerability is due to improper handling of certain objects in kernel memory by the affected software. A local attacker with access to a targeted system could exploit this vulnerability by running a malicious program that is designed to cause the Windows kernel to perform improper memory operations on certain objects. If successful, the attacker could execute arbitrary code on the system with the privileges of the kernel, resulting in a complete system compromise. Proof of concept code that exploits this vulnerability is publicly available.

CVE: CVE-2013-3660
Remote: No
Local: Yes
Updated: Jul 02 2013 08:21AM
Credit: Tavis Ormandy
Vulnerable: Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows Vista SP2
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 R2 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows 8 0
Microsoft Windows 7 Professional 0
Microsoft Windows 7 for 32-bit Systems SP1

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

http://cvedetails.com/cve/CVE-2013-3660

 

facebookTV

The BBC reported today

Facebook has rewarded a British man with $20,000 (£13,000) after he found a bug which could have been exploited to hack into users’ accounts.

Jack Whitton, a security researcher, discovered a flaw in the social network’s text messaging system.

Facebook thanked Mr Whitton, 22, who is part of the site’s “responsible disclosure” hall of fame.

The company, like many on the web, encourages experts to report bugs to them rather than cybercriminals.

To make it worth their while, rewards are offered of varying amounts depending on the severity of the flaw.

Such programmes are known as “bug bounties”, with similar schemes being run at the likes of Microsoft, Paypal and Google.

“Facebook’s White Hat programme is designed to catch and eradicate bugs before they cause problems,” Facebook told the BBC.

“Once again, the system worked and we thank Jack for his contribution.”

The bug, which has now been fixed, allowed Mr Whitton to spoof Facebook’s text message verification system into sending a password reset code for an account that was not his.

Using this, he could go to Facebook, reset a target user’s password, and access the account.

TV PayPal

A 17-year-old German student contends PayPal has denied him a reward for finding a vulnerability in its website.

Robert Kugler said he notified PayPal of the vulnerability on May 19. He said he was informed by email that because he is under 18 years old, he did not qualify for its Bug Bounty Program. He will turn 18 next March.

PayPal, which is owned by auction site eBay, outlines the terms and conditions for its Bug Bounty Program on its website, but does not appear to have an age guideline. PayPal officials did not have an immediate comment.

Many companies such as Google and Facebook have reward programs. The programs are intended to create an incentive for researchers to privately report issues and allow vendors to release fixes before hackers take advantage of flaws.

Facebook pays a minimum of $500 for qualifying bugs, while Google pays from $100 up to $20,000 depending on the severity of the issue. Neither has an age restriction listed on their websites. Microsoft does not pay for security vulnerability information, but instead publicly acknowledges the work. PayPal does not list what it will pay a researcher for a bug.

Kugler is listed as a contributor in a Microsoft list from April of security researchers. He said he received rewards for finding vulnerabilities in the past. Mozilla paid him $1,500 for finding a problem in the Firefox browser last year and $3,000 earlier this year for another bug.

PayPal requires that those reporting bugs have a verified PayPal account. Kugler said he asked PayPal that any bounty be paid into his parent’s account.

At minimum, Kugler would like PayPal to acknowledge his finding and send him some documentation “that I can use in a job application,” he wrote via email. So far, he hasn’t received anything.

The details of the vulnerability, a cross-site scripting flaw (XSS), is posted on Full Disclosure section Seclists.org, a forum for disclosing security vulnerabilities.

An XSS attack occurs when a script drawn from another Web site is allowed to run but should not. The type of flaw can be used to steal information or potentially cause other malicious code to run.

For Security Researchers – PayPal

Source: www.pcworld.com