Ardamax Keylogger

Posted by Bijay | 7:43 PM | | 0 comments »




ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Use this tool to find out what is happening on your computer while you are away, maintain a backup of your typed data automatically or use it to monitor your kids. Also you can use it as a monitoring device for detecting unauthorised access. Logs can be automatically sent to your e-mail address, access to the keylogger is password protected. Besides, Ardamax Keylogger logs information about the Internet addresses the user has visited.

This invisible spy application is designed for Windows 98, ME, NT4, 2000, XP and 2003.



Keylogger Features:

* Remote Installer - creates a customized Ardamax Keylogger engine file. You can email this file to your target for remote monitoring.
* Invisible mode makes it absolutely invisible to anyone. Ardamax Keylogger is not visible in the task bar, system tray, Windows 98/2000/XP/2003/Vista Task Manager, process viewers (Process Explorer, WinTasks etc.), Start Menu and Windows Startup list.
* Email log delivery - keylogger can send you recorded logs through e-mail delivery at set times - perfect for remote monitoring!
* FTP delivery - Ardamax Keylogger can upload recorded logs through FTP delivery.
* Network delivery - sends recorded logs through via LAN.
* Clipboard logging - capture all text copied to the Windows Clipboard.
* Visual surveillance - periodically makes screenshots and stores the compressed images to log.
* Chat monitoring - Ardamax Keylogger is designed to record and monitor both sides of a conversation in following chats:
o MSN Messenger, Windows Live Messenger
o ICQ Pro, ICQ Lite
o Skype
o Windows Messenger
o Google Talk
o Yahoo Messenger
o Miranda
o QiP
* Security - allows you to protect program settings, Hidden Mode and Log file.
* Web Update - Ardamax Keylogger can check the availability of updates, download and install them automatically. Thus, the latest version of Ardamax Keylogger will always be installed on your computer.
* Application monitoring - keylogger will record the application that was in use that received the keystroke!
* Time/Date tracking - it allows you to pinpoint the exact time a window received a keystroke!
* Powerful Log Viewer - you can view and save the log as a HTML page or plain text with keylogger Log Viewer.
* Small size – Ardamax Keylogger is several times smaller than other programs with the same features. It has no additional modules and libraries, so its size is smaller and the performance is higher.
* Ardamax Keylogger fully supports Unicode characters which makes it possible to record keystrokes that include characters from Japanese, Chinese, Arabic and many other character sets.
* It records every keystroke. Captures passwords and all other invisible text.

Other Features:

* Windows 2000/XP/Vista support
* Monitors multi-user machines
* Automatic startup
* Friendly interface
* Easy to install

Free Download
Image and video hosting by TinyPic

Ardamax Keylogger

Serial :-
Name: nGen 2oo6
Key: RTHUUGQVAWDFOQT


Read more on this article...

Display Grabber

Posted by Bijay | 7:34 PM | | 0 comments »


Size / OS:392 KB / Windows All


Free Download
Image and video hosting by TinyPic

Display Grabber
Read more on this article...



Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.

It is widely used by network administrators and just curious users around the world, including large and small enterprises, banks, and government agencies.

It runs on Linux, Windows, and Mac OS X, possibly supporting other platforms as well.

Read more on this article...



This is a package of tons and tons of hacking tools(more than 100!)...Its better to freeze your pc with deep freeze while using this and unfreeze while you dont you this tool.As this tool contains a lot and lot of hacker tools,your Anti-virus may detect it as a virus.Dont Panic!

found this AIO did download just posting
This AIO is with viruses cos these are hacking tools and AV detect as viruses!
I think it's better to use deep freeze and than u can freeze ur pc when u use this tools and than u can unfreeze it when u don't use !


Includes:

AddrView.rar
AnonFTP.zip
AOL new.rar
AppToService.rar
arpinject.zip
aspack21.zip
Astaroth Joiner v2.rar
atk-2.1.zip
BankOfAmerica.rar
bios_pass_remover.zip
BlasterW32.zip
blue.zip
bmpripper.zip
brutus.zip
Cable Modem Sniffer.rar
CapKeys_DIGITAL.rar
CASXM138.zip
CAYZODQF.zip
CGI Founder v1.043.zip
cgis4.zip
CGISscan.zip
cia10.zip
cports.rar
craagle.zip
Crackftp.zip
CreditCardGjenerator.rar
Davs_TR_REtail.zip
DDL Sites.rar
DeepUnFreez.zip
DrVBS.zip
eBay.rar
EESBinder.zip
egold.rar
E-mail Cracker.rar
ezDataBase_Defacer.rar
F.B.I - Binder.rar
FTP Brute Forcer.rar
ftpbr.zip
~Censored~ Mail Bomber 2.3.rar
G00B3RS_phpBB_exploit_pack.rar
genxe-beta-0.9.0.zip
Google_Hacker_1.2.rar
grinder1.1.zip
Hack FLASH Template.zip
Hack MY Space.zip
Hack Photoshop CS2.zip
HackersAssistant.zip
HackTheGame.zip
hck.zip
hlboom.zip.zip
Hook Tool Box.rar
Hotmail Email Hacker.rar
Hotmail HAcker Gold.rar
Hotmail ScamPage.zip
HotmailHack.rar
HSBC-US.rar
hydra-4.6-win.zip
iecv.rar
IP2.rar
ipnetinfo.rar
john-17w.zip
Key Changer.rar
Key_Logger.zip
Legion NetBios Scanner v2.1.zip
Mail Boomb_2.0 YAHOO.zip
MIDNITEmassacre.zip
MooreR Port Scanner.rar
MSN Flooder 2.0.rar
MSN Messenger Account Cracker v2.0.rar
MSNLoader.rar
NET BIOS Scaner.rar
NetBIOS Name Scanner.rar
NetResView.rar
NFO Maker 1.0.zip
Nimda.zip
nkedb.zip
nolimitcracker.rar
NTPacker.zip
nts.zip
NullAddFrontend.zip
On-Off MSN.rar
OS Update Hack.rar
P0kes WormGen 2.0.zip
panther.zip
PayPal.rar
PCAnyPass.rar
Php Nuke Hacker v11.0.rar
phpBB Annihilator.rar
phpbb attack.rar
phpbb bruteforcer.rar
PhpBB pass extractor.zip
phpBB_DoS.rar
phpbb_spammer.rar
phpBBAttacker.rar
phpBBAttacker.zip
phpBBcracker.rar
PhpBuGScan.rar
~censored~.rar
PhpNuke_bypass.rar
Ping & Nukes.rar
Port Listener XP.rar
pqwak2.zip
procexp.rar
ProMo.rar
ProxyPro.zip
Pure phpBB Email harvester.rar
rainbowcrack-1.2-src win-lin.zip
Remote Shut Down.rar
ResHacker.zip
Rocket.zip
rpc.zip
RpcScan101.zip
Sasser.zip
SendMailer.zip
Server 2003 Keygen.rar
Server Killer.rar
showpassv10.zip
sitedigger2.zip
smbat-win32bin-1.0.4.zip
SMBdie.zip
smbproxy-win32bin-1.0.0.zip
Source Checker.rar
source codes.rar
sprut.zip
SQLScan v1.0.rar
Stealth - HTTP Scanner v1.0 build 23.zip
super.zip
SuperScan4.rar
tftpd32.273.zip
thunter.zip
TinaSoft KILL.zip
traceroute.rar
UC.Forum Spam.rar
udpflood.zip
Ultra Dos.zip
USBank.rar
Visa Spam.zip
Warez Sites.rar
Web Cracker 2.0.rar
WebCracker 4.0.rar
whoistd.rar
Win XP Activator.rar
WindowHide.rar
Windows XP Corperate Keygen.rar
Windows XP KeyGen.rar
Windows XP Product Key Changer.rar
Windows XP Product Key Checker.rar
Windows XP Product Key Viewer.rar
WindowsAdminpasswordHack.rar
wwwhack.rar
xpass.zip
xplizer.rar
Yahoo Password.zip
yahooUltraCracker.rar
zehir.zip


Read more on this article...



Includes:
-Atentator v1.0
-Bifrost 1.2.1 + TORplugin
-ConsoleDevil 1.2
-Crossbow RAT 2.0Beta
-Evilutus 1.3
-exe2html
-Hav-Rat 1.2 Private Version
-Nuclear RAT v1.0 Public Beta9
-OptixPro 1.33
-PoisonIvy 2.2.0
-Remote File Transfer 1.0
-Shark 0.6
-Shark 2 Public Beta 2
-SKD Rat 2.0
-Slh 2.0
-SpyOne v1.0.1
-Xploit 1.4.5


Read more on this article...



Size: 5.85 MB

Free Download
Image and video hosting by TinyPic

AIO Addon Searchers 6 in 1

Password: www.4down.info


Read more on this article...



Size / OS: 12.4 MB / Windows NT / 2K / XP / 2003 / Vista


Advanced HostMonitor is a network monitor program. You can create a list of jobs and tests in advance on a 'set and forget' basis. Among the many checks it can do, it can monitor any TCP service, ping a host, retrieve an URL, check the available disk space, and more. It checks network servers at regular intervals and takes pre-defined actions if a device does not respond. It can provide a visual and sound warning, send an E-mail message to a mailbox, pager or mobile phone, execute another program, etc. All this allowing you to respond to a problem before your users start to complain.


Features :

HostMonitor is a highly scalable network monitoring software
suitable for small and enterprise-level networks
Probably you will say "There are dozens of programs like this"? That is right! But please check what HostMonitor offers and compare its power and flexibility to surprisingly low price:
using 60 test methods our software can check almost any parameter of your servers;
highly flexible action profiles allow you to start actions in predefined order depending on the test results;
HostMonitor creates various log files using different detail levels and file formats (Text, HTML, DBF and ODBC);
built-in Report Manager allows you to create and customize reports to your liking in a variety of ways;
using Remote Monitoring Agents for Windows, FreeBSD, Linux, NetBSD, OpenBSD and Solaris you may easily monitor remote networks;
Web Service, Telnet Service and Remote Control Console simplifies remote management;
and this is not all...



60 test methods!

HostMonitor can check any TCP service, ping a host, check a route, monitor Web, FTP, Mail, DNS servers. It can check the available disk space, monitor size of a file or folder, check integrity of your files and web site; it tests your SQL servers, monitors network traffic and much, much more. See complete test list.

But what is of no less importance is how you can manage monitoring tasks ("test items" in our terminology). Test items can be organized into different groups (folders), each folder has its own settings such as color palette, list of reports, different statistic information, etc.

Tests can be performed on regular intervals (e.g. every 5 min) or on schedule (e.g. every Friday between 6pm and 9pm); tests can be performed directly by HostMonitor or they can be performed by Remote Monitoring Agents installed on remote network. Some tests may depend on another, e.g. you may easily configure HostMonitor to check 10 web servers when your primary router is up, and check another (backup) server when your primary router is down.

30 alert methods

HostMonitor is a network administration software, it provides different ways to respond on failed services. Audio and visual notifications alert people near the machine. E-mail and pager notifications inform a wider range of remote operators. HostMonitor can take actions that are designed to recover from a failure automatically without human intervention (e.g. "restart service", "reboot computer" or "dial-up to the network" actions). See complete actions list.

Highly flexible Action Profiles allow you to start actions in predefined order depending on the test results:
- E.g. you may start some action only when both primary and backup mail servers do not respond.
- Or an action profile can be set up to page both the IT manager and the network administrator during regular office hours, and to page the administrator alone the rest of the time, while doing nothing else but writing to the log on weekends.
- Another example: when some critical service fails HostMonitor may reboot the server. If that does not help, HostMonitor will send e-mail to the on-call technician. If, however, the server remains silent during the next three probes, the network administrator is to be paged until the server is brought back up.



Install HostMonitor and you will see how easy it is to implement all of the above with even more sophisticated behavior patterns.
And yes, various macro variables allow you to use the same action profile for hundreds or thousands of monitoring tasks (test items). E.g. If you monitor 10 different services on each of 100 servers, you may use single action to restart any failed service on any of these systems.

Powerful Report Manager and Log Analyzer

HostMonitor can generate test result log files and reports. HostMonitor creates various log files using different detail levels and file formats (Text, HTML, DBF and ODBC) and can be configured to suit your needs.

The highly flexible built-in Report Manager allows you to create and customize reports to your liking in a variety of ways. For example, a report designed for the IT manager might have an entirely different look and feel as compared to the one intended for use by the network administrator. Also note that separate groups of tests may contain its own list of reports, and each of the reports may be set up with a launching schedule specific to that group.

Also Advanced Host Monitor package includes a Log Analyzer which can illustrate separate information for each tested host. The Log Analyzer can collect statistical information and show graphs of all response times for specific time periods for all or individual servers. Using the statistical information, an administrator can analyze request times for specific servers over a period of time.

Remote Monitoring Agents for Windows, FreeBSD, Linux, NetBSD, OpenBSD and Solaris

HostMonitor can check remote hosts directly or using Remote Monitoring Agents (RMA) installed in another network. RMA is small application that accepts requests from HostMonitor, performs test and provides information about test result back to HostMonitor.
RMA increases security of the network, decreases network traffic, simplifies network administration, and allows to monitor systems that are impossible to monitor directly from HostMonitor (e.g. using RMA HostMonitor can check a number of running processes on Linux system).

Web service, Telnet service, Remote Control Console

Web Service works like an HTTP server and provides web interface for HostMonitor. Telnet Service works like Telnet server and allows you to control HostMonitor remotely using any telnet client. These applications allow you to check brief or detailed status of any test, start or stop monitoring process, enable or disable alerts, change global macro variables, etc. Also you will be able to disable and enable tests, reset statistics, force tests to execution and even change some parameters of the tests.
RCC allows you to work with HostMonitor which is running on a remote system just like you work with HostMonitor when it is started on your local system. Several operators may start RCC on different systems and work with the same instance of HostMonitor at the same time.

Read more on this article...

Advance ip scanner 1.5

Posted by Bijay | 7:25 AM | | 0 comments »



OS:Win95, Win98, WinME, WinXP, WinNT 4.x, Windows2000, Windows2003

Size:307Kb

Advanced IP Scanner is a fast, robust, and easy-to-use LAN scanner for Windows. It lets you have various types of information about local network computers in a few seconds. It gives you one-click access to many useful functions such as remote shutdown and wake-up, Radmin (remote control software) integration, and more. Powered with multithread scan technology, this program can scan hundreds of computers per second, allowing you to scan C or B class networks even with a modem connection.

Free Download
Image and video hosting by TinyPic

Advance ip scanner 1.5 Read more on this article...

Aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact aircrack is a set of tools for auditing wireless networks.

Free Download
Image and video hosting by TinyPic

AirCrack-ng 0.6.2
Read more on this article...



Quite a few people seem to be interested in this tool, so here is the latest revision - Inguma 0.0.6.

For those that don’t know, Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

In this new version various things have been added like new modules and improvements in the existing ones. For example the Oracle modules. The Oracle payloads now uses the Cursor Injection method when possible so CREATE PROCEDURE system privilege is not needed to become DBA.

The support for InlineEgg, added in version 0.0.5.1, have been removed and a new completely free library have been added (PyShellCodeLib).

The static analysis framework OpenDis have been enhanced and now you can use the API exposed by OpenDis to write your own binary static analysis tools. As an example of the API, a tool to make binary diffs have been added. Take a look to the file $INGUMA_DIR/dis/asmdiff.py and to the README stored in the same directory.

New 5 exploits for Oracle Databases have been added and the module “sidguess” have been enhanced to retrieve the SID of the database instance from the Enterprise Manager/Database Control banner when possible.

The new modules added to the discover, gather and brute sections are the following:

* brutehttp: A brute forcer for HTTP servers.
* extip : A tool to known your external IP address. Very useful to check anonymous proxies.
* nmbstat : A tool to gather NetBIOS information.
* ipscan : A tool to make IP protocol scans. The tool check what IP protocols are enabled in the target.
* arppoison: A tool to poison target’s ARP cache

Free Download
Image and video hosting by TinyPic

Inguma 0.0.6

[Source: Darknet ]
Read more on this article...

Bruter 1.0 BETA 1 has been released. Bruter is a parallel login brute-forcer. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.

PROTOCOL SUPPORT

It currently supports the following services:

* FTP
* HTTP (Basic)
* HTTP (Form)
* IMAP
* MSSQL
* MySQL
* POP3
* SMB-NT
* SMTP
* SNMP
* SSH2
* Telnet

Free Download
Image and video hosting by TinyPic

Bruter_1.0_beta1.zip

[Source: Darknet ]
Read more on this article...

I quite often get people asking me where to get Wordlists, after all brute forcing and password cracking often relies on the quality of your word list.

Do note there are also various tools to generate wordlists for brute forcing based on information gathered such as documents and web pages (such as Wyd - password profiling tool) These are useful resources that can add unique words that you might not have if your generic lists.

Also add all the company related words you can and if possible use industry specific word lists (chemical names for a lab, medical terms for a hospital etc).

And always brute force in the native language.

You can find a simple wordlist generator in PERL here.

Although old, one of the most complete wordlist sets is here (easily downloadable by FTP too):

Oxford Uni Wordlists

There’s a good set of lists here including many european languages and topic specific lists:

The Argon Wordlists

Here we have 50,000 words, common login/passwords and African words (this used to be a great resource):

Totse Word Lists

There’s a good French word list here with and without accents, also has some other languages including names:

Wordlists for bruteforce crackers

One of the most famous lists is still from Openwall (the home of John the Ripper) and now costs money for the full version:

Openwall Wordlists Collection

Some good lists here organized by topic:

Outpost9 Word lists

Packetstorm has some good topic based lists including sciences, religion, music, movies and common lists.

Packetstorm word lists

Free Download

Image and video hosting by TinyPic


[Source: Darknet ] Read more on this article...

The major change is both tools now support 64-bit targets! Good news for us.

pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, and should be stable on XP SP2 and 2K3. If you have had LSASS crash on you using older tools, this should fix that.

fgdump is a more powerful version of pwdump6. pwdump tends to hang and such when antivirus is present, so fgdump takes care of that by shutting down and later restarting a number of AV programs. It also can dump cached credentials and protected storage items, and can be run in a multithreaded fashion very easily.

I strongly recommend using fgdump over pwdump6, especially given that fgdump uses pwdump6 under the hood! You’ll get everything pwdump6 gives you and a lot more.

fgdump now has:

* Better 32/64 bit detection. This is not as easy as it sounds, at least not remotely! If someone has a sure-fire way for 100% reliably detecting the target OS, please let me know. In the mean time, if fgdump is unsure, it will report it and default to 32-bit.
* The -O [32|64] flag will manually override the target OS architecture. So, for example if fgdump is reporting a host as 32-bit and you KNOW it is 64-bit, you can use -O 64 (or vice-versa, of course). Note that this flag will apply to ALL hosts you are dumping! You might want to single out any hosts you need to override.


Read more here and here.

[Source: Darknet ] Read more on this article...

This is a tool that has been around quite some time too, it’s still very useful though and it’s a very niche tool specifically for brute forcing Windows Terminal Server.

TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel to the TS logon process sure helps to keep IDS from catching the attempts.

TSGringer is a “dictionary” based attack tool, but it does have some interesting features like “l337″ conversion, and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same connection, and allows you to specify how many times to try a
username/password combination within a particular connection.

Free Download
Image and video hosting by TinyPic

tsgrinder-2.03.zip

Note that the tool requires the Microsoft Simulated Terminal Server Client tool, “roboclient,” which may be found here:

roboclient.zip

[Source: Darknet ]
Read more on this article...

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

* Support for XP SP 3 for whosthere/iam (whosthere-alt/iam-alt work on xp sp3 without requiring any update)
* New -t switch for whosthere/whosthere-alt: establishes interval used by the -i switch (by default 2 seconds).
* New -a switch for whosthere/iam: specify addresses to use.
* New -r switch for iam/iam-alt: Create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)
* genhash now outputs hashes using the LM HASH:NT HASH format

Free Download
Image and video hosting by TinyPic

pshtoolkit_v1.4-src.tgz

Windows Binaries

pshtoolkit_v1.4.tgz

[Source: Darknet ]

Read more on this article...

SIPcrack is a suite for sniffing and cracking the digest authentication used in the SIP protocol.

The tools offer support for pcap files, wordlists and many more to extract all needed information and bruteforce the passwords for the sniffed accounts.

If you don’t have OpenSSL installed or encounter any building problems try ‘make no-openssl’ to build with integrated MD5 function (which is slower than the OpenSSL implementation).

Usage

Use sipdump to dump SIP digest authentications to a file. If a login is found, the sniffed login is written to the dump file. See ’sipdump -h’ for options.

Use sipcrack to bruteforce the user password using the dump file generated by sipdump. If a password is found, the sniffed login in the dump file is updated See ’sipcrack -h’ for options.

Free Download
Image and video hosting by TinyPic

SIPcrack-0.3

[Source: Darknet ] Read more on this article...

So it turns out you don’t need any fancy password cracking software like John the Ripper or Cain and Abel you just need a handful of £5 gift vouchers for Marks and Spencers!

But we had discussed this in part before, some people will give out their passwords if you just ask, some if you offer chocolate and this time in the guise of a ’survey’ for a gift voucher.

Although the majority (60 percent) of 207 London residents were happy to hand over computer password data which might be useful to potential ID thieves in exchange for a £5 M&S gift voucher, the public at large take a hard line on firms who fail to keep tight hold of customer data.

In exchange for the voucher, a number of those quizzed during a street survey in Covent Garden earlier this week went on to explain how they remember their password and which online websites (from a range of email, shopping, banking and social networking sites) they most frequently use. A sizeable chunk of those surveyed (45 per cent) said they used either their birthday, their mother’s maiden name or a pet’s name as a password.

Perhaps it’s just as well that stolen identities are worth a lot less than £5, fetching as little as 50p on the underground black market, according to Symantec.

It seems like rather than giving out the actual password they answered questions put together in such a way that a profiler could easily work out what their password was and which sites they used it on.

Pretty sneaky methinks, it’s a good way to test how paranoid people are about their data security…it’s ironic really seeing how much they complain but at the end of it they are their own worst danger.

ine in ten (89 per cent) of 1,000 Brits quizzed during a wider survey, commissioned by Symantec and price comparison site moneysupermarket.com, expressed the opinion that “reckless and repeated” data breaches ought to be punished by criminal prosecutions. Sanctions should include the ability to incarcerate directors of negligent firms in jail. Eight out of ten of those quizzed agreed there should be a “one strike and you’re out” rule for data loss.

Almost four in five of those polled reckon their personal data is not secure in the hands of companies that hold it, a finding that probably stems from the steady drip of data breach stories that have followed from the massive HMRC child benefit lost disc bungle last year. Three in four consumers are concerned about the amount of information organisation hold on them, regardless of whether or not this information is held online or offline. Online payments were perceived as the single greatest risk for losing data.

The general public are pretty harsh too when it comes to dishing out punishment, but then again that is human nature and that is why there’s jury service.

It’s not surprising either that people have very little faith in data stored by the government and their greatest fear is carrying out online transactions.

I think we all know well enough to keep ourselves safe…but sadly as always it seems the rest of the world don’t.

[Source: Darknet ]


Read more on this article...

It seems that people are truly shocked when their identities get exposed, and the vast majority use the same single password for ALL of their online accounts. That’s just crazy!

A ‘kind-hearted’ hacker recently exposed a bunch of online accounts (with passwords) to gain himself more status in a hacker forum (l33t sk1llz dudebro!).

WHEN Australian web users learned from the Herald that details of their online accounts had been posted on a hacker’s website for all to see, they were suspicious, then alarmed, then furious at the hacker who compromised their identities.

Email addresses, matched with user names and passwords for online memberships, were offered by the hacker for anyone wanting to try their hand at identity theft or even financial fraud.

The Herald stumbled across the site during its investigations into online fraud. “It’s obviously startling,” said Lachlan Yee, a research associate in biotechnology at the University of NSW and one of those whose details were exposed by the hacker.

Identity fraud is big business now and generally online info is hot, if you have someones e-mail address and general password…you can withdraw all their money from Paypal for example.

You may be able to login into their online bank account if the details are contained in their e-mail and so on.

There are endless possibilities for the creative.

Many of the accounts were generic accounts for Hotmail, Yahoo! and Gmail. But more than 50 were clearly Australian-based, and all were alerted to the breach. “To be honest the whole thing has me a bit spooked,” said one victim, Jonathan Eyles.

“They definitely got me,” said Eyles, a graphic designer in Ultimo. He said the compromised password had been used for many purposes, although online banking was not one of them.

A Victorian man who asked that only his first name, Ben, be used, said he would need to change passwords for about 20 sites because of the breach.

If people want a solution I suggest they use something like this - passhash - they can still have one secure, strong master password but then have unique hashed passwords for every site they use.

This has the advantage that if one site is compromised (and they aren’t using hashed passwords in the DB - it’s stored in plaintext) the hacker won’t have your password to every site as they will all be unique.


[Source: Darknet ]
Read more on this article...

We have covered quite a lot of Password Cracking tools and it’s not often a new one comes out, this one is for quite a specialised purpose (not a general all-purpose password cracker like John the Ripper or Cain & Abel), although you do need to use it alongside JTR.

This tool is for instantly cracking the Microsoft Windows NT Hash (MD4) when the LM Password is already known, you might be familiar with LM Cracking tools such as LCP.

The main problem is you’ve got the LM password, but it’s in UPPERCASE because LM hashes are not case sensitive, so you need to find the actual password for the account.

Example : Password cracker output for “Administrator” account

* LM password is ADMINISTRAT0R.
* NT password is ?????????????.

We aren’t lucky because the case-sensitive password isn’t “administrat0r” or “Administrat0r”. So you cannot use this to connect to the audited Windows system.

This password contains 13 characters but launching my password cracker on the NT hash is a waste of time and there is a poor chance of success.

Note :

* Password length : 13 characters.
* Details : 1 number + 12 case-sensitives letters.
* Possibilities : 2^12 = 4096 choices.

In this example, lm2ntcrack will generate the 4096 possibilities for the password ADMINISTRAT0R and, for each one, the associated NT MD4 hash. Then, search for matching with the dumped hash.

Free Download
Image and video hosting by TinyPic

lm2ntcrack-current.tgz

[Source: Darknet ]
Read more on this article...

Now this is an interesting twist on an oldschool method of hacking, the monitoring of electromagnetic radiation.

You’d think it’d be easier to sniff the traffic from a wireless keyboard, but generally it’s not as they tend to be encrypted. Where as the electromagnetic radiation given off by a wired keyboard is not shielded or protected it any way.

All you need to do is have the equipment and the know-how to decipher it.

Swiss researchers have demonstrated a variety of ways to eavesdrop on the sensitive messages computer users type by monitoring their wired keyboards. At least 11 models using a wide range of connection types are vulnerable.

The researchers from the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne are able to capture keystrokes by monitoring the electromagnetic radiation of PS/2, universal serial bus, or laptop keyboards. They’ve outline four separate attack methods, some that work at a distance of as much as 65 feet from the target.

In one video demonstration, researchers Martin Vuagnoux and Sylvain Pasini sniff out the the keystrokes typed into a standard keyboard using a large antenna that’s about 20 to 30 feet away in an adjacent room.

It appears to work on both the older PS/2 keyboards and new USB keyboards and even laptop keyboard from a distance of up to 65 feet! That’s easily far enough to jack the data from a carpark, adjacent office or nearby hotel room.

I’d imagine the equipment required is quite bulky though.

“We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design),” they write here. “Hence they are not safe to transmit sensitive information.”

No doubt, electromagnetic eavesdropping dates back to the mid 1980s, if not earlier. But Vuagnoux says many of today’s keyboards have been adapted to prevent those attacks from working. The research shows that even these keyboards are vulnerable to electromagnetic sniffing.

The video demonstrations show a computer that reads input from antennas that monitor a specified frequency. In both cases, the computer was able to determine the keystrokes typed on keyboards connected to a laptop and power supply and LCD monitors were disconnected to prevent potential power transmissions or wireless communications. Vuagnous said in an email that the attacks would still work even if the power supplies and monitors were plugged in.

It seems the modifications made to keyboards to prevent this kind of sniffing has either been removed to save cost or was never tested properly in the first place.
Read more on this article...

BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec. You may check benchmarks of all known good MD5 bruteforcers here.

Changes in 0.8

* Added checks for errors when calling CUDA kernel.
* Now you can specify custom characters for charset using -X switch.
* You may specify minimal password length using -min_len.
* Save/restore feature added. State is being stored to barswf.save every 5 minutes or on exit. You may continue computation using -r switch. You may manually edit .save file to distribute job on several computers (but this is up to you - it is quite simple and non-documented ). BarsWF will also write found password into barswf.save at the end.
* Improved speed for cards GTX260, GTX280, 8800GT, 9600GSO, 8800GS, 8800GTS - by approximately 10%, all other cards will get just 1-2%.

System Requirements

* CUDA version only:nVidia GeForce 8xxx and up, at least 256mb of video memory.
* LATEST nVidia-driver with CUDA support.Standard drivers might be a bit older (as CUDA 2.0 is still beta)
* CPU with SSE2 support (P4, Core2Duo, Athlon64, Sempron64, Phenom).
* Recommended 64-bit OS (WinXP 64 or Vista64). 32-bit version is also available.

Read more on this article...

You may remember some time back we did a fairly exhaustive post on Password Cracking Wordlists and Tools for Brute Forcing.

Wyd the Password Profiling Tool also does something similar to AWLG but it’s a PERL script rather than being based online.

AWLG

The Associative Word List Generator (AWLG) is a tool that generates a list of words relevant to some subjects, by scouring the Internet in an automated fashion.

Inclusion Example: A search string including the words (without quotes): “steve carell” would give us a word list with lots of words associated with the actor Steve Carell. This includes all of the words from his MySpace page, words from the Wikipedia article on him, etc.

Exclusion Example: We know that Steve Carell is an actor for lots of things, including a show called “The Office”. A search string: “steve carell” with omissions: “office” and “michael scott” would find words from websites that mention Steve Carell, but do not mention the word “office”, “michael”, or “scott”.

Privacy policy

AWLG.org does not record any transmitted search strings or user information. AWLG.org does record statistical information such as total site usage, total number of words generated per search, etc.

You can get cracking with AWLG here:

http://awlg.org/index.gen

[Source: Darknet ]
Read more on this article...

It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic.

This application is more towards creating custom word lists from a specific domain by crawling it for unique words. Basically you give the application a spidering target website and it will collect unique words. The application is written in Ruby and is called CeWL, the Custom Word List generator. The app can spider a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

IF you combine the info output by CeWL and AWLG with the standard wordlists for password cracking - you should have a fairly comprehensive set.

By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behaviour can be changed by passing arguments. Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains. All words of three characters and over are output to stdout. This length can be increased and the words can be written to a file rather than screen so the app can be automated.

Version 2 of CeWL can also create two new lists, a list of email addresses found in mailto links and a list of author/creator names collected from meta data found in documents on the site. It can currently process documents in Office pre 2007, Office 2007 and PDF formats. This user data can then be used to create the list of usernames to be used in association with the password list.

Installation

CeWL needs the rubygems package to be installed along with the following gems:

* http_configuration
* mime-types
* mini_exiftool
* rubyzip
* spider

FREE DOWNLOAD
Image and video hosting by TinyPic

cewl_2.0.tar.bz2

[Source: Darknet ] Read more on this article...

Read more on this article...

Read more on this article...

Read more on this article...

I saw a pretty interesting article a few days attempting to reverse engineer the mosaic tool used often online to obscure sensitive or confidential information.

The article shows that the mosaic isn’t actually very random, and in a way you can brute force reverse engineer the mosaic to reveal the contents before they were obscured.

It’s ok for faces, but when it comes to letters/numbers and text it can be uncovered.

For the most part this is all fine with peoples’ faces as there isn’t a convenient way to reverse the blur back into a photo so detailed that you can recognise the photo. So that’s good if that is what you intended. However, many people also resort to blurring sensitive numbers and text. I’ll illustrate why that is a BAD idea.

Suppose someone posted a photo of their check or credit card online for whatever awful reason (proving to Digg that I earned a million dollars, showing something funny about a check, comparing the size of something to a credit card, etc.), blurring out the image with the far-too-common mosaic effect to hide the numbers.

Which is true, it is very common.

There is some ubermath geek stuff after this, analysing the brightness vector of the mosaic areas.

In this case, the account number 0000001 creates mozaic brightness vector a(0000001)=[213,201,190,...]. We find the mozaic brightness vector for every account number in a similar fashing using a script to blur each image and read off the brightnesses. Let a(x) be the function of the account number x. a(x)_i denotes the ith vector value of the mozaic brightness vector a obtained from account number x. Above, a(0000001)_1 = 213.

We now do the same for the original check image we found online or wherever, obtaining a vector we hereby call z=[z_1,z_2,...z_n]:

Anyway go ahead and check the article out, a very interesting read and a real example of proper hacking, thinking of a solution to something, thinking how to break something..
[Read More - Why Blurring or Mosaicing Important]

[Source: Darknet ]
Read more on this article...

Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs.

A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment.

So if you are running Google Desktop we suggest you update it ASAP.

The attack, outlined in a paper (PDF) released by the firm, uses a cross-site scripting (XSS) flaw in the Google Desktop application in conjunction with any other XSS flaw in the Google.com domain to install malicious JavaScript on the user’s computer. Using the technique, an attacker could create a JavaScript program that Google Desktop repeatedly runs, allowing the attacker to search a victim’s computer using terms most likely to dredge up interesting data.

Google released an updated version of Google Desktop that fixes the local cross-site scripting flaw earlier this month, but many users may not have gotten the patch, said Danny Allan, director of security research for Watchfire. Because of the popularity of Google Desktop, there could be a large number of users with vulnerable systems.

Read More:

Google Desktop flaw allows data theft
Google patches critical desktop flaw
Serious Flaw in Google Desktop Prompts Patch

[Source: Darknet ]



Read more on this article...

This is a pretty cool new development, something straight out of a Tom Clancy thriller or a spy/hacker movie.

Introducing Spy Coins! People are actually being warned about picking up stray coins as they might have surveillance devices inside.

Can the coins jingling in your pocket trace your movements? The Defense Department is warning its American contractor employees about a new espionage threat seemingly straight from Hollywood: It discovered Canadian coins with tiny radio frequency transmitters hidden inside.

In a U.S. government report, it said the mysterious coins were found planted on U.S. contractors with classified security clearances on at least three separate occasions between October 2005 and January 2006 as the contractors traveled through Canada.

It’s not the best way to hide a surveillance device though as someone might actually spend it…then your plan is foiled, they could also easily lose it, leave it on a desk, put it in a donation box or simply give it away.

“It wouldn’t seem to be the best place to put something like that; you’d want to put it in something that wouldn’t be left behind or spent,” said Jeff Richelson, a researcher and author of books about the CIA and its gadgets. “It doesn’t seem to make a whole lot of sense.”

Canada’s physically largest coins include its $2 “Toonie,” which is more than 1-inch across and thick enough to hide a tiny transmitter. The CIA has acknowledged its own spies have used hollow, U.S. silver-dollar coins to hide messages and film.

The government’s 29-page report was filled with other espionage warnings. It described unrelated hacker attacks, eavesdropping with miniature pen recorders and the case of a female foreign spy who seduced her American boyfriend to steal his computer passwords.

CIA Archive - Hollow Coin

[Source: Darknet ]
Read more on this article...

SHA-1 Cracked

Posted by Bijay | 5:33 AM | , | 0 comments »

A paper about cracking SHA-1 originally surfaced in 2005, from a fairly reputable scientific source in China, it was widely publicised nor talked about much.

But then recently, just last month China managed to make a wave out of it, almost 2 years after the initial ‘report’.

It was even Slashdotted on January 20th 2007, the article states the following:

These two main algorithms are currently the crucial technology that electronic signatures and many other password securities use throughout the international community. They are widely used in banking, securities, and e-commerce. SHA-1 has been recognized as the cornerstone for modern Internet security. According to the article, in the early stages of Wang’s research, there were other data encryption researchers who tried to crack it. However, none of them succeeded. This is why in 15 years Hash research had become the domain of hopeless research in many scientists’ minds.

SHA-1 Broken

Cryptanalysis of SHA-1


[Source: Darknet ] Read more on this article...

Recently a fairly huge credit card breach occurred involving a large retail company called TJX, with more than 2,000 retail stores.

Some pretty well known brands there, I know I’ve used some of them…the sad part is they themselves still haven’t worked out the extent of the damage done to their information.

For me this has serious integrity implications.

The TJX Companies, a large retailer that operates more than 2,000 retail stores under brands such as Bob̢۪s Stores, HomeGoods, Marshalls, T.J. Maxx and A.J. Wright, said on Wednesday that it suffered a massive computer breach on a portion of its network that handles credit card, debit card, check and merchandise transactions in the United States and abroad.

The company does not know the extent of the breach, which was first discovered in December 2006. However, hackers may have made off with credit and debit information from transactions in the United States, Canada and Puerto Rico in 2003 as well as transactions between May and December 2006, according to a company statement.

Hopefully the retailer and the credit card companies will bear the brunt of the hack attack and not pass the costs onto the customers.

I really believe customers shouldn’t be penalized for sloppy company security.

The TJX breach recalls other recent hacks, including BJ̢۪s wholesale club and another, reportedly at OfficeMax in 2005. Those breaches, as well as incidents like the hacking of card processor Card Systems, prompted the payment card industry to issue new rules, dubbed the PCI, about how sensitive data is stored and transmitted on internal systems.

However, Spitzer of the MBA said that banks still bore the brunt of security breaches at retailers because they have to pay to reissue cards to customers and absorb the financial losses from unauthorized account withdrawals. Small banks and credit unions often have trouble absorbing those costs, though they are not at fault in the breach itself, Spitzer said.

[Source: Darknet ]

Read more on this article...

Some sneaky hacker got into the Wordpress download server and placed a backdoor in the latest available version (2.1.1).

Luckily within a day someone reported the exploit to the Wordpress team and they took the site down to investigate.

This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

If you downloaded 2.1.1 as soon as it came out it should be ok, but a few days after that the compromised version was available.

Do install 2.1.2 and upgrade ASAP just to be safe.

If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.

If you are a web host or network administrator, block access to â€Å“theme.php” and â€Å“feed.php”, and any query string with â€Å“ix=” or â€Å“iz=” in it. If you’re a customer at a web host, you may want to send them a note to let them know about this release and the above information.

I’m thankful that the Wordpress team has dealt with this situation so efficiently and professionally and it just gives me more faith in their team.

[Source: Darknet ]
Read more on this article...

Ah, FBI slammed again, it’s not the first time this has happened.

Remember when a Consultant Breached FBI’s Computers?

It also reminds me of when Homeland Security Scored an F for Internal Security AGAIN.

The Government Accountability Office, the federal government’s watchdog agency, Thursday released a report critical of the FBI’s internal network, asserting it lacks security controls adequate to thwart an insider attack.

In the report, titled “Information Security: FBI Needs to Address Weaknesses in Critical Network,” the authors — Gregory Wilshusen, GAO’s director of information security issues, and Chief Technologist Keith Rhodes — said the FBI lacks adequate network security controls.

The FBI “has an incomplete security plan,” the report concluded.

The bureau, which had the opportunity to review the GAO’s findings before publication, responded that it wasn’t arguing with some of the technical observations expressed in the GAO report, but disagreed that the FBI is open to unacceptable risk of an insider attack.

In a letter of response to the GAO, Dean Hall, the FBI’s deputy CIO, and Zalmal Azni, the FBI’s CIO, noted, “The FBI concurs with many of the GAO’s technical recommendations and the programmatic recommendation to continue the implementation of information security activities in order to fully establish a comprehensive Information Assurance Program.”

[Source: Darknet ]
Read more on this article...

An interesting snippet from last month, AOL seems to have a strangely configued password system.

Users can enter up to 16 characters as a password, but the system only reads the first 8 and discards the rest. They are basically truncating the password at 8 characters.

A reader wrote in Friday with an interesting observation: When he went to access his AOL.com account, he accidentally entered an extra character at the end of his password. But that didn’t stop him from entering his account. Curious, the reader tried adding multiple alphanumeric sequences after his password, and each time it logged him in successfully.

It turns out that when someone signs up for an AOL.com account, the user appears to be allowed to enter up to a 16-character password. AOL’s system, however, doesn’t read past the first eight characters.

How is this a bad set-up, security-wise? Well, let’s take a fictional AOL user named Bob Jones, who signs up with AOL using the user name BobJones. Bob — thinking himself very clever — sets his password to be BobJones$4e?0. Now, if Bob’s co-worker Alice or arch nemesis Charlie tries to guess his password, probably the first password he or she will try is Bob’s user name, since people are lazy and often use their user name as their password.

And she’d be right, in this case, because even though Bob thinks he created a pretty solid 13-character password — complete with numerals, non-standard characters, and letters — the system won’t read past the first eight characters of the password he set, which in this case is exactly the same as his user name. Bob may never be aware of this: The AOL system also will just as happily accept BobJones for his password as it will BobJones$4e?0 (or BobJones + anything else, for that matter).

[Source: Darknet ]
Read more on this article...

SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. It can be distributed only in the form of the original non-modified PDF document.

DOWNLOAD - PDF document

* Microsoft Windows Vista: significant security improvement?
* Review: GFI Endpoint Security 3
* Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
* Top 10 spyware of 2006
* The spam problem and open source filtering solutions
* Office 2007: new format and new protection/security policy
* Wardriving in Paris
* Interview with Joanna Rutkowska, security researcher
* Climbing the security career mountain: how to get more than just a job
* RSA Conference 2007 report
* ROT13 is used in Windows? You’re joking!
* Data security beyond PCI compliance - protecting sensitive data in a distributed environment

[Source: Darknet ]
Read more on this article...

Ubuntu Ultimate Edition

Posted by Bijay | 7:07 AM | | 0 comments »



Basically Ubuntu Ultimate Edition is Ubuntu Edgy Eft with a whole lot of software pre-added.

Sadly the author had to removed Java, Flash and Acrobat reader due to licensing agreements. But don’t worry as there is a custom repository in the release which includes all of these and much more.

* SMP Support (dual core CPUS) / works with single core as well
* 121 Additional Updates
* New Grub boot screen
* New theme and animated bootscreen
* New GDM theme
* New splash screen & wallpaper
* Updated Beryl
* Capture card support - TVTime / ATI-All-in-wonder
* Gaim Beta 6 - prebuilt with plugins.
* GKRealm - Realtime hardware monitor
* MGM - Moaning Goat Meter
* Newer Amarok then can be obtained from edgy repos
* Hardinfo - System information
* GTKPod - Ipod Sync software
* HTop - Process viewer
* Sysinfo - System information
* IPodder - Ipod sync software
* XSensors - Hardware sensor software
* Addition networking and wireless tools
* Gpixpod - Photo sync software for Ipod
* IPodslave - an iPod IO slave
* Xpenguins - Thanks Maddog

use torrents if you can or mirror first, unfortunately Ubuntu Ultimate 1.2 can not be downloaded locally due to bandwidth consumption, if you have some space to host a mirror please let the authors know.

Ubuntu Ultimate Edition

Ubuntu Ultimate 1.2 TORRENT

Ubuntu Ultimate 1.2 Mirror

Read more on this article...






Read more on this article...

Read more on this article...

Read more on this article...

The latest big news is that on February 6th the Kaspersky Customer Records database was hacked through a simple SQL injection flaw on the website. The hacker claimed it was possible to expose all customer data including users, activation codes, lists of bugs, admins, shot and so on. The anonymous hacker hasn’t actually posted any of the data, but has listed the database tables exposed here.

Later Kaspersky has stated that no data was actually exposed, apparently there was a flaw to do with data validation and perhaps only the database table names were exposed - not the data within.

So far though it’s all speculation unless the hacker releases the actual data and Kaspersky comfirms it there’s no way we can know what has actually transpired.

Anti-virus vendor Kaspersky Lab denies any data was stolen during a SQL injection attack launched Feb. 6. Well-known database security expert David Litchfield of NGSSoftware is doing a third-party review for Kaspersky.

Officials at anti-virus vendor Kaspersky Lab are adamant that no data was stolen during a hack of its U.S. support site over the weekend.

According to Kaspersky Lab, on Feb. 6, a hacker exploited a flaw on the Web site to launch a SQL injection attack. After Kaspersky officials received word of the breach Feb. 7, they took down the vulnerable site and replaced it.

The security company maintained in a press conference Feb. 9 that no data had been leaked. However, the anonymous hacker behind the attack publicized table names purportedly taken from a Kaspersky database the hacker accessed.

Kaspersky has already commissioned a 3rd party audit from well-known specialist in Database Security, David Litchfield the principal consultant with NGS Software.

I wonder if Mr. Litchfield will publish his findings publicly or they will be vetted through Kaspersky first, I’d imagine the latter - which again means we might never know the true extent of the vulnerability.

According to the company, the problem was due to the site not properly validating user input. Roel Schouwenberg, senior anti-virus researcher at Kaspersky, confirmed that the names of the tables are accurate. However, having the names of the tables does not mean the hacker actually accessed them, he noted.

Schouwenberg added that no credit card data was stored on the server targeted by the hacker, though there were product activation codes and 2,500 e-mail addresses for people who signed up for a product trial.

“This shouldn’t have happened,” Schouwenberg said, adding he was worried about the impact the hack would have on Kaspersky’s reputation.

The vulnerable code the hacker took advantage of to launch the attack was developed externally and did not go through Kaspersky’s normal code review process, Schouwenberg said.

It shouldn’t have happened? What insight these people have!

They are blaming the vulnerability on code developed externally, and it seems that from the story it’s limited data to do with some kind of software trial. It’s not the full customer records database.

Still I think we need to wait a little longer to get a clearer picture of what is going on, either way it looks like this might be an interesting story for us to follow.

[Source: Darknet ]

Read more on this article...

It seems a new, fairly serious flaw has been discovered in Internet Explorer 7 - and as accounts go it’s been around for a couple of months in the underground.

The worrying part is, patch Tuesday was yesterday and after testing it’s been discovered that this flaw WAS NOT patched in the updates.

ISC reports that it’s not currently widely used, but it has been found in the wild.

Microsoft said it is investigating reports that a new exploit is going around that takes advantage of an unpatched security hole in Internet Explorer 7.

The SANS Internet Storm Center, which tracks hacking trends, said today that while the exploit does not appear to be widely in use at the moment, that situation is likely to change soon, since instructions showing criminals how to take advantage of this flaw have been posted online.

SANS emphasizes that this vulnerability is not one that was fixed in the massive bundle of patches that Microsoft issued yesterday. It is not clear what steps users can take to protect themselves against this threat, other than to browse the Web with something other than IE, such as Mozilla Firefox or Opera. This appears to be the type of vulnerability that could be used to give attackers complete control over an affected system merely by convincing users to browse to a specially-crafted hacked or malicious Web site.

It seems the safest thing is not to use IE, which I personally have been doing since about 1998 anyway. But still, some people claim they have problems with Java or JavaScript or AJAX enabled sites with Firefox.

There’s always Opera, or even the new Google Chrome.

This exploit is a serious one as someone only needs to visit the site and remote code can be injected into their OS and executed.

According to SANS, the exploit works against fully-patched Windows XP and Windows 2003 systems with Internet Explorer 7.

In a statement e-mailed to Security Fix, Microsoft said once it is done with its investigation, the company “will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.”

Once again it’s demonstrated how stupid ‘Patch Tuesday’ is and how half of the people on the Internet are going to be vulnerable to this serious flaw until the first Tuesday in January.

I really hope Microsoft pushes out an emergency patch outside their schedule ASAP.

You can find a list of the sites known to be distributing the code on Shadowserver here.

[Source: Darknet ]
Read more on this article...

I’m sure you’ve heard about the Microsoft IE7 Exploit that allows Remote Code Execution on XP & Vista, it turns out it’s actually much worse than first expected.

The exploit also affects IE5.01, IE6 and IE8 on all OS versions! That’s a pretty worrying turn of events for MS especially as they are seemingly leaving it unpatched.

You can find a clarification of the various workarounds for the IE flaw on Technet here.

Researchers are warning that the unpatched security vulnerability in Microsoft’s Internet Explorer affects more versions of the browser than previously thought, and that steps users must take to prevent exploitation are harder than first published.

According to an updated advisory from Redmond, the bug that’s been actively exploited since Tuesday bites versions 5.01, 6, and 8 of the browser, which is by far the most widely used on the web. A previous warning from Microsoft only said that IE 7 was susceptible to the attacks. IE is susceptible when running on all supported versions of the Windows operating systems, Microsoft also says.

What’s more, while there is some protection from Vista’s User Account Control, the measure doesn’t altogether prevent the attack, according to this post on the Spyware Sucks blog. Microsoft and others have suggested that those who must use IE in the next few weeks set the security level to high for the internet security zone or disable active scripting. These are sensible measures, but they don’t guarantee you won’t be pwned, according to this post from the Secunia blog.

Once again Firefox users for the win, this is a flaw in the whole family of Internet Explorer and must effect a shocking amount of users. I guess setting your Security Zone to high and disabling Active Scripting helps but then it also disables a lot of features on a lot of sites.

So you are losing out on the user experience of the web just to be more secure, mostly because Microsoft doesn’t want to release an ad-hoc patch.

Well Google Chrome final version is out now too, so there’s another option for people.

Secunia goes on to revise what it says is the cause of the vulnerability. Contrary to earlier reports that pinned the blame on the way IE handles certain types of data that use the extensible markup language, or XML, format, the true cause is faulty data binding, meaning exploit code need not use XML.

Microsoft has yet to say whether it plans to issue a fix ahead of next month’s scheduled release. For the moment, the volume of in-the-wild attacks remains relatively modest and limited mostly to sites based in China. But because attackers are injecting exploits into legitimate sites that have been compromised, we continue to recommend that users steer clear of IE until the hole has been closed.

Plenty of other researchers have weighed in with additional details about the flaw. Links from SANS, Sophos and Hackademix.

I think an imminent danger is if people start using iframe vulnerabilies and XSS to inject this exploit into some more prominent sites - that could cause a huge spread of infections!

Anyway just let people using IE know that this is another reason they shouldn’t be using it! Show them how to download and install Firefox and please teach them to use Tabs!

[Source: Darknet ]


Read more on this article...

Well it has happened before, quite recently in fact - back in October Microsoft rushed out a patch for the RPC exploit, which was the first time in 18 months they had issued an out of band patch.

Now just a couple of months later they are releasing another one (which should be available today - Wednesday December 17th 2008) for the recent remote code execution vulnerability in almost all versions of IE.

It’s the right thing to do though and in terms of PR they had to do it as the mainstream news had gotten hold of this story and they weren’t going to let go.

Microsoft will push out an emergency security patch for Internet Explorer on Wednesday, addressing a critical security hole currently being exploited in the wild.

Redmond issued advanced notice for tomorrow’s fix, describing the out-of-cycle patch as protection from “remote code execution.”

Unscheduled updates are pretty rare for Microsoft, stressing the potentially serious nature of the flaw. Although the last time Microsoft broke it’s update cycle was in late October – it was the first time it had done so in about 18 months.

I guess they caved in after the media pressure and the panic starting amongst consumers as the exploit was actually being used in the wild (even though mostly from China sites) it’s still a risk.

It seems like if a vulnerability allows for remote code execution they will issue an adhoc patch to address the issue.

The latest zero-day vulnerability stems from data binding bugs that allows hackers access to a computer’s memory space, allowing attackers to remotely execute malicious code as IE crashes, Microsoft has said.

Although the exploit was at first contained to warez and porn sites hosted on a variety of Chinese domains, the malicious JavaScript code has since spread to more trusted sites though SQL injection. The flaw is primarily being used to steal video game passwords at present, but could potentially be used to retrieve more critical sensitive data from users as well.

The vulnerability is specifically targeted at surfers running IE 7, but it’s also known to affect versions 5, 6, and 8 of the browser as well. All IE users are advised to install the update.

The patch will become available Wednesday at 1 PM EST from auto-update and the Microsoft Download Center. A separate patch will be made available for those running IE8 Beta 2.

[Source: Darknet ]
Read more on this article...



Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis is developed and maintained by Jeff Nathan .

Nemesis can natively craft and inject packets for:

* ARP
* DNS
* ETHERNET
* ICMP
* IGMP
* IP
* OSPF
* RIP
* TCP
* UDP

Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.

Unix-like systems require: libnet-1.0.2a, and a C compiler (GCC)
Windows systems require: libnetNT-1.0.2g and either WinPcap-2.3 or WinPcap-3.0





[Read More]
[Source: Darknet ] Read more on this article...

Foundstone Blast v2.0 is a small, quick TCP service stress test tool. Blast does a good amount of work very quickly and can help spot potential weaknesses in your network servers.

Features:

/trial switch adds the ability to see how the buffer looks before sending it
/v switch adds verbose option - off by default
/nr switch turns off initial receive after initial connect - HTTP services don’t send and initial response, Mail services do
The /nr switch fixes the effect of HTTP timeouts when sending GET strings
/dr adds double LF/CR’s to buffers(useful for GET requests) off by default

Examples:

blast 134.134.134.4 110 600 680 /t 7000 /d 300 /b user
blast 134.134.134.4 110 600 680 /t 7000 /d 300 /b user /e endchars
blast 134.134.134.4 110 600 680 /noret

/t == timeout delay in milliseconds to wait for server response
/d == delay before each send
/noret means to send raw data with no newline chars that a pop server expects at end
/b is a way to add cust text to begin of buf
/e is an alternate way to end each buf
/v switches on verbose output - off by default
/nr turns off initial receive after initial connect (useful for HTTP GET)
/dr adds double LF/CR’s to buffers (useful for HTTP GET)

Read More & Download - Foundstone Blast v2.0

[Source: Darknet ]
Read more on this article...