Archive for the ‘Vulnerability’ Category

Cyborg Linux, based on ubuntu, was developed by Team Cyborg, led by Vaibhav Singh and Shahnawaz Alam from Ztrela Knowledge Solutions. Cyborg Hawk has more than 700 tools, the most complete tool, can be used for network security and auditing and digital forensics, but also for mobile security and wireless network security testing. Cyborg Hawk’s interface is also quite beautiful, and is considered to be the most advanced, powerful and beautiful penetration test release ever.

Features

  • More than 750+ penetration testing tools included.
  • Cyborg Hawk is totally Free and always will be.
  • Can be used as live OS with full capability.
  • Exploitation Toolkit, Stress Testing, Reverse Engineering, Forensics, Mobile Security & Wireless Security.
  • Full virtual machine support in version v1.1.
  • Now comes with its own repository.
  • Reliable and stable.
  • Various Wireless devices support.
  • Well sorted menu, everything organised in a logical manner.
  • The kernel is patched from injection.

Tool Categories

The 750 or so tools are grouped roughly in the menu in the following categories:

  • Information Gathering
  • Vulnerability Assessment
  • Exploitation
  • Privilege Escalation
  • Maintaining Access
  • Documentation & Reporting
  • Reverse Engineering
  • Stress Testing
  • Forensics
  • Wireless Security
  • RFID/NFC
  • Hardware Hacking
  • VoIP Analysis
  • Mobile Security
  • Malware Analysis

Download Cyborg 

Documentation Cyborg LINUX

Cyborg tutorials

 

 

Advertisements

Yet another Flash Zero-Day released last night, again this exploit is coming from the data hackers obtained from breaching ‘The Hacking Team’.Adobe-Logo-psd64589

Previous issue: CVE-2015-5119 that affected Adobe Flash Player versions 9.0 through version 18.0.0.194.

All the data obtained from this breach has been made available on a Mirror site: https://ht.transparencytoolkit.org and now WikeLeaks :https://wikileaks.org/hackingteam/emails/emailid/45977 has also uploaded this data and made it easier to investigate by allowing users to search for Keywords.

I would think there could also be more on the way!

New Zero-Day: CVE-2015-5122

Affected software versions

Adobe Flash Player 18.0.0.203 and earlier versions for Windows and Macintosh
Adobe Flash Player 18.0.0.204 and earlier versions for Linux installed with Google Chrome
Adobe Flash Player Extended Support Release version 13.0.0.302 and earlier 13.x versions for Windows and Macintosh
Adobe Flash Player Extended Support Release version 11.2.202.481 and earlier 11.x versions for Linux

Adobe Security Bulletin

https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

WikiLeaks Reference – New Zero-Day

https://wikileaks.org/hackingteam/emails/emailid/45977

Link to the New POC

http://pastebin.com/QiMumzqx

Link to the Old POC

http://pastebin.com/CcJQRxhy

POC

Public POC when ran in the Browser the exploit opens the Calc.exe on Windows.

Picture compliments of @dummys1337

tv-300x2241

There are a large number of websites and programs that prompt end users to save passwords on their personal computer(s). Popular web browsers such as Mozilla Firefox, Internet Explorer, Google Chrome, and instant messaging software like Windows Live Messenger are capable of saving user logins and passwords on the local computer. A common task that arises for the end-user is to find stored passwords on a computer in order to recover lost or forgotten access information. Depending on the application being used, operating system, and specific user permissions, the task can be as easy as choosing some options in the OS or having to download specific tools to crack the password file hash.

How to Find Stored Passwords in Windows XP

Microsoft Windows has the capability to manage stored user names and passwords for individual users so unique software may not be required for this purpose.

Step 1 – Click on the “Start” menu button and launch the “Control Panel”.

Step 2 – Locate the “Pick a category” menu label the select “User Accounts” menu option.

Step 3 – Open the “Stored User Names and Passwords” menu option by selecting “Manage my network passwords” beneath the “Related Tasks” menu label. If you are logged in as an administrator, select your user account. Then under related tasks choose the “Manage my network passwords.”

Step 4 – View the list of stored usernames and passwords.

How to Find Stored Passwords in Windows 7

Step 1 – Click on the “Start” menu button and launch “Control Panel”.

Step 2 – Click on “User Accounts and Family Safety”, then on “User Accounts”

Step 3 – In the left pane, click “Manage your network passwords”.

How to Find Stored Passwords in Windows 8

Step 1 – Click on the “Start” menu button and launch “Control Panel”.

Step 2 – Click on “User Accounts and Family Safety”, then on “Credential Manager”

How to View Stored Passwords on a MAC

On computers than run the Mac OS X operating system, when a user tells their computer to store a password associated with an application, website, or wireless network, the information is saved on the computer’s hard drive. OS X uses the Keychain Access utility to help Mac users to look-up and manage their stored passwords.

Step 1 – Launch the OS X “Finder” by clicking the menu icon on the computer’s dock. Then, navigate to the “Utilities” folder which is located under the “Applications” section on the Mac hard drive.

Step 2 – Open the “Keychain Access” program icon to launch the password utility application. Then, select “Passwords” from the options located in the lower left corner of the program window.

Step 3 – From the list find the application, web site or network name associated with the password you want to view and double click on it. A new window showing information about it will display.

Step 4 – Click on the “Show password” checkbox to reveal the password. You will be asked to enter your user password, and click “Allow”, in order to see it. Once you do it will be visible in the “Show password” field.

How to Find Stored Passwords in Firefox

The Mozilla FireFox Password Manager application stores user names and passwords on your computer’s hard drive and will automatically enter the data when visiting websites that require the information.

Steps to Use the Mozilla FireFox Password Manager

Step 1 – Launch Mozilla Firefox by double clicking the program icon on your computer’s desktop.

Step 2 – Select the “FireFox” menu button and then click the “Options” menu choice.

Step 3 – Select the “Security” menu tab that is located at the upper portion of the “Options” window.

Step 4 – Select the “Remember Passwords for Sites” check box if not already selected.

Step 5 – Log into a website that requires a username and password. Choose the “Remember” menu button on the subsequently displayed dialog box to save a new password in the FireFox Password Manager. Alternatively, you can choose the “Never for This Site” menu option to add an exception to the Password manger.

Step 6 – Choose the “Exceptions” menu button in FireFox to view the current exception list that the web browser is configured to never save a password. Sites can be removed from this list by clicking the “Remove All” menu button (removes all exceptions) or individually by selecting a site and choosing the “Remove” button.

Step 7 – View the saved passwords in the Password Manager by selecting the “Saved Passwords” menu button. You can also remove passwords from this window by clicking the “Remove All” or “Remove” menu buttons.

Steps to Change the FireFox Password Manager Master Password

The FireFox master password is used to protect the master key for the FireFox browser on your computer. The master key is used to encrypt email passwords, web site passwords, and other potentially sensitive information stored by the Form and Password Manager on your computer.

Step 1 – Launch Mozilla FireFox by double clicking the program icon.

Step 2 – Select the “FireFox” menu button, then click the “Options” menu choice, and choose the “Security” tab.

Step 3 – If the “Use a master password” checkbox is not selected you don’t have a master password. If it is selected then click on the “Change Master Password” button.

Step 4 – Enter your current password, and then in the fields below enter and re-enter the new password you wish to set.

How to Recover Passwords Hidden Behind Asterisks

A common problem that arises for end-users is determining what passwords are saved by their web browser if they do not have access to the Password Manager or equivalent application on their computer. The BulletsPassView utility is one of the most used freeware applications capable of performing this task. The program is a tool that is designed to reveal the passwords stored behind the asterisks in the standard password text box on the Windows operating system and Internet Explorer web browsers.

Improvements made to the BulletsPassView application from the legacy Asterisk Logger utility include support for Windows 7/8/Vista, support for Internet Explorer password text boxes, improved command line support, Unicode support to properly capture non-English language passwords, and not revealing the password inside of the password text-box itself (inside of the main window of the application only). The new version of BulletsPassView does have limitations; however, as it is not able to retrieve passwords displayed in the Chrome, FireFox, or Opera web browsers as well as the network and dial-up passwords on Windows. This is due to the fact that these applications do not save the password stored behind the asterisks to improve security.

Steps to Use BulletsPassView

Step 1 – Download the appropriate version of BulletsPassView for your computer. Please note that if you are using a 64 bit Windows computer there is a different version of the software than for 32 bit computers. You can tell if your Windows computer is a 64 bit by selecting “Start,” “Control Panel,” and “System” menu options and the OS type will be listed about half-way down the subsequently displayed screen.

Step 2 – Double-click the executable file downloaded to launch the application. The BulletsPassView program does not require an installation process. On launch, the program will make a first scan to locate any password text-boxes actively displayed and show the result on the program’s main window.

Step 3 – Open a website in Internet Explorer that has a password saved which you need to recover. Then click the “Refresh” menu button on BulletsPassView or press the “F5” key on your computer to display the password. Alternatively, the application supports an “Auto Refresh” option that is selectable under the “Options” menu to automatically scan for new passwords every few minutes.

Step 4 – Open the Windows command prompt by selecting the “Start” menu button and entering “CMD” in the search text field. Then, enter the fully qualified path to the BulletsPassView application and include “/stext <Filename>” followed by pressing the “Enter” key. This will save the list of passwords currently displayed on the computer’s screen to save the information in a simple text file.

BulletsPassView Command Line Options

BulletsPassView supports a number of command line options to save on-screen data into a number of formats to include text, XML, HTML, CSV.

/stext <Filename>       Save the list of bullet passwords into simple text file.

/stab <Filename>         Save the list of bullet passwords into a tab-delimited text file.

/scomma <Filename> Save the list of bullet passwords into a comma-delimited text file (csv).

/stabular <Filename>   Save the list of bullet passwords into a tabular text file.

/shtml <Filename>      Save the list of bullet passwords into HTML file (Horizontal).

/sverhtml <Filename>  Save the list of bullet passwords into HTML file (Vertical).

/sxml <Filename>        Save the list of bullet passwords into XML file.

 

Find Stored Passwords Using Cain & Abel

Cain & Abel is able to disclose or recover stored passwords on computers using the Windows operating system (OS). The application is distributed as freeware and includes the capability to conduct password-box revealing, network sniffing, brute-force, and dictionary attacks. The application does not exploit software bugs or vulnerabilities to ensure a higher quality of service. The primary purpose of the software is to simplify the recovery of passwords and credentials for network administrators, security professionals, and security software vendors. The current version of the software is faster than previous versions and provides support for encrypted protocols such as SSH-1 and HTTPS.

Find Stored Passwords in ZIP Files Using ALZip

ALZip is freeware produced by ESTSoft and is designed to recover lost or forgotten passwords from ZIP files. ALZip allows end-users to compress, uncompress, and recover lost passwords for zip file archives. The application has a “Password Recovery” menu option that when selected will recover the lost information for the end-user.

Other Popular Password Recovery Tools

Some of the other popular password recovery tools found are the freeware utilities produced by NirSoftFreeware, Ultimate ZIP Cracker, and the Password Recovery Tool for MS Access 1.

NirSoftFreeware has a number of handy freeware utilities for recovering lost passwords from IE, Outlook, and various Instant Messaging clients.

Ultimate ZIP Cracker (shareware from VDGSoftware) recovers passwords from ZIP, ARJ, MS Word, and MS Excel formats. The program supports Brute Force attacks, Smart, Dictionary, Date, and Customized searches when recovering passwords associated with the supported file formats.

Password Recovery Tool for MS Access 1 (from Hongxin Technology & Trade) is a free tool to recover MS Access passwords. The application provides support for MS Access database files through the 2003 version. The ability to recover passwords for newer versions of Access is not stated to be supported.

 

tv crime2Internet users have need to protect themselves against the GameOver Zeus and CryptoLocker viruses being used by criminal gangs to extort millions of pounds, US and UK security agencies announced on Monday.

The warning came after the FBI successfully disrupted a major cybercriminal network in the US from using the viruses to infect computers and steal data.

GameOver Zeus, also known as P2PZeuS, was designed by Russia and Ukrainian gangs to find and harness computer files that give access to banking and financial information, while Cryptolocker encrypts all files on a target’s computer and demands the user pays around £300 to unlock the file.

Almost 250,000 computers worldwide have been infected with CryptoLocker since it emerged in April and it has so far been used to extort payments of more than $27m (£16m), according to the FBI.

Industry experts have been quick to back up the stern message from the National Crime Agency, whose advice to visit internet awareness group Get Safe Online’s‘s website led to the site going down for 15 hours.

Below are some methods experts recommend to protect yourself from GameOver Zeus and CryptoLocker, and remove it if you suspect your computer is infected.

Protect your passwords
Unencrypted passwords should not be stored on your computer in case they are found by GameOver Zeus or another similarly aggressive malware programme, recommends Hugh Boyes, the head of the cyber security team at the Institution of Engineering and Technology’s (IET).

“If there is a need to store passwords, then use a good password manager application, which backs up and shares with your smartphone or tablet computer.”

Beware of suspicious emails
Do not open email attachments unless you are certain they are authentic. Potentially harmful emails generally have some or all of the following characteristics according the Get Safe Online:

– You don’t know the sender.
– The message contains misspellings (for example using a zero instead of an ‘o’) designed to fool spam filters.
– It makes an offer that seems too good to be true.
– The subject line and contents do not match.
– Contains an urgent offer end date (for example “Buy now and get 50% off”).
– Contains a request to forward an email to multiple people, and may offer money for doing so.
– Contains a virus warning.
– Contains attachments, which could include .exe files.

Back up your files 
All of your files, including photos and documents, should be regularly saved to an external piece of hardware, such as a USB stick or an external hard drive. This means it will not be lost if your computer is attacked, or if it breaks.

Update your computer programmes – especially anti-virus software
The NCA has advised that people ensure their security software is installed and updated, and that they run scans. Users should also check that their computer operating systems and applications in general are up to date.

Microsoft users can do this by using the ‘Check for Updates’ function on Windows Update, while Mac users can choose go to ‘Software Update’ on the System Preferences menu.

We have found that the Trojan seems to be using ports TCP 22222 and UDP 11111 to propagate through your network. As such for the less technical people I have created an executable that will close the ports in/out

DOWNLOAD: ZeusGameOverBlocker.exe  

For those who wish to do this manually copy the below text into a command prompt:

netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=TCP dir=out remoteport=22222 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=UDP dir=out remoteport=11111 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=TCP dir=in remoteport=22222 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=UDP dir=in remoteport=11111 action=block

This will create four rules called ZeusGameOver. If you wish to remove the rule for any reason paste the below line on text in the command line.

netsh advfirewall firewall delete rule name=”ZeusGameOver”

Current Status and Infection Rate

http://www.us-cert.gov/ncas/alerts/TA14-150A

zeus

 

tv heart

It is not just websites and routers that are vulnerable to the web-wide bug Heartbleed — certain Android models are at risk too.

As Google noted in its own Heartbleed disclosures on Wednesday, Android devices running Android 4.1.1 Jelly Bean are vulnerable to Heartbleed. Google said patching information is being distributed to its Android partners.

So how many phones are still running Android 4.1.1? That’s difficult to determine. Although 34.4% of Android devices are running Android Jelly Bean, Google does not break out how what percentage of users are on its various versions — 4.1.1 and 4.1.2.

The latest version of Jelly Bean is 4.1.2, which was released in October 2012.

A Google spokesperson confirmed to Bloomberg that there are “millions” of devices running Android 4.1.1.

Because Android updates are controlled by phone manufacturers and wireless carriers, it can be challenging to determine what versions of Android are available for various devices. We do know, however, that the HTC One S is running Android 4.1.1.

Heartbleed underscores what has long been one of Android’s biggest problems: pushing out software updates to its myriad vendors. Android updates are the responsibility of the device maker, and often need to be approved by wireless carriers. The only exceptions are Google-made devices, such as the Nexus series and Google Play Edition phones.

Previous attempts at getting phone manufacturers and carriers to adopt Android updates have not met with success. If there is a positive aspect to Heartbleed, it is that this might scare device makers into pay more attention to versions (and to put in better processes for security updates).

If you know your Android device is running Android 4.1.1, let us know the model and manufacturer in the comments, along with your wireless carrier. That will give us all a better sense of which companies are falling behind in the battle to patch Heartbleed.

tv crime2

Facebook has several security measures to protect users’ account, such as a user “access token” is granted to the Facebook application (like Candy Crush Saga, Lexulous Word Game), when the user authorizes it, it provides temporary and secure access to Facebook APIs.

To make this possible, users have to ‘allow or accept’ the application request so that an app can access your account information with the required permissions.

The Access Token stores information about permissions that have been granted as well as information about when the token will expire and which app generated it. Approved Facebook apps can publish or delete content on your behalf using the access tokens, rather than your Facebook password.

Access tokens are pretty sensitive, because anyone who knows the access token of a user can access the user’s data and can perform any actions on behalf of the user, till the token is valid.

In Past years, Many Security Researchers reported various Oauth vulnerabilities to the Facebook Security team, but if the app traffic is not encrypted, you are not protected from the man-in-the middle attack and the attacker could steal your private information, using ‘access token’.

Thus, access token is enough to allow a hacker to do all that the app authorized to do. The vulnerability is not new, it has already been known for a year, but Facebook is still vulnerable to hackers and surveillance specialized agencies like the NSA.The Facebook Security team has acknowledged the vulnerability claimed by Ahmed Elsobky, a penetration tester from Egypt, “We’d actually received an earlier report from another researcher regarding this same issue. In response to that report, we’ve been working on limiting this behavior when it comes to our official apps, since they’re pre-authorized. For other apps, unfortunately, fully preventing this would mean requiring any site integrating with Facebook to use HTTPS, which simply isn’t practical for right now.“He demonstrated that ‘How to hack a Facebook account by hijacking access token with Man-in-the-Middle attack‘, as shown:

saccount
Facebook apps must be protected from man-in-the middle attacks, and this can be done effectively by using HTTPS to encrypt any traffic that contains sensitive information or authentication credentials.
If You are a Facebook app developer, you should never send an ‘access token’ over unencrypted channels and Facebook users should only trust the encrypted apps and use “HTTPS Everywhere” Browser Extension for automated security.

TheHackerNews

tv Snort

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Official Release Note of Snort 2.9.1:- 

  • Protocol aware reassembly support for HTTP and DCE/RPC pre-processors. Updates to Stream5 allowing Snort to more intelligently inspect HTTP and DCE/RPC requests and responses. See README.stream5 subsection related to Protocol Aware Flushing (PAF).
  • SIP pre-processor to identify SIP call channels and provide rule access via new rule option keywords. Also includes new pre-processor rules for anomalies in the SIP communications. See the Snort Manual and README.sip for details.
  • POP3 & IMAP pre-processors to decode email attachments in Base64, Quoted Printable, and uuencode formats, and updates to SMTP pre-processor for decoding email attachments encoded as Quoted Printable and uuencode formats. See the Snort Manual, README.pop, README.imap, and README.SMTP for details.
  • Support for reading large pcap files.
  • Logging of HTTP URL (host and filename), SMTP attachment filenames and email recipients to unified2 when Snort generates events on related traffic.
  • IP Reputation pre-processor, allowing Snort to blacklist or whitelist packets based on their IP addresses. This pre-processor is still in an experimental state, so please report any issues to the Snort team. See README. Reputation for more information.

To download Snort Click Here