In the last period of time malware authors started focusing more and more on exploiting Adobe Reader (and ultimately users computers) via maliciously crafted documents. And vulnerabilities in Adobe Reader have been quite a few lately. Adobe Reader oriented attack was also the malicious injection on my last hosting service…
In the recent issue of (in)SECURE Magazine, namely issue 21, there is an article named “Malicious PDF: Get owned without opening” by Didier Stevens which shown an exploit in an Adobe Reader filter which made possible successful exploitation without file opening.
When a PDF document is listed in a Windows Explorer window, the PDF column handler shell extension will be called by Windows Explorer when it needs the additional column info. The PDF column handler will read the PDF document to extract the necessary info, like the Title, Author, etc. (…) Under the right circumstances, a Windows Explorer Shell Extension will read the PDF document to provide extra information, and in doing so, it will execute the buggy code and trigger the vulnerability
Other ways how the exploit could be launched (from the explorer window) where by: selecting the pdf (left click), hovering over it and changing the folder view to “Thumbnail”.
All these previous exploitation scenarios required minimal user interaction, but the author had another card in his pocket. The JBIG2Decode vulnerability could be exploited by the Windows Indexing Service alone, the only difference being that this way the exploit would run with less privileges; namely with Local System ones… There you have it, another reason to switch to a pdf reader alternative. UPDATE: a resourceful article about pdf exploitation can be found here.
Passwords are DEAD! (Long live passwords?) - Following a brief history and definition of passwords, this paper will show three properties of passwords that render passwords risky or unsuitable for use.
A Concept for Universal Identification - The goal of this paper is to provide a detailed look at a new perspective for a unified, secure and consolidated form of personal identification. The advanced yet inexpensive technology exists today to step up modern identification to the next level.
Biometrics and User Authentication - The purpose of this paper will be to look at the use of biometrics technology to determine how secure it might be in authenticating users, and how the users job function or role would impact the authentication process or protocol. We will also examine personal issues of privacy in the methods used for authentication; the cost of implementing a biometrics authentication system; the efficiency of biometrics authentication; and the potential for false positive or negative recognition of individual users.
SSLSmart - Smart SSL Cipher Enumeration - Whitepaper called SSLSmart - Smart SSL Cipher Enumeration. This document focuses on the SSLSmart tools uses and applications.
Netbios Share Scanner 0.3 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
Changes: IP mask and range support.
GetHTTPStatus Scanning Script - GetHTTPStatus is a simple python script that scans a set of provided URLs and returns the status codes provided. It has the ability to use cookies if needed.
Packetstorm Last 10 Files
Core Security Technologies Advisory 2010-1001 - Core Security Technologies Advisory - There are stack overflows on WebEx that can be exploited by sending maliciously crafted .atp and .wrf files to a vulnerable WebEx user. When opened, these files trigger a reliably exploitable stack based buffer overflow. Code execution is trivially achieved on the .wrf case because WebEx Player allocates a function pointer on the stack that is periodically used in what seems to be a callback mechanism, and also because DEP and ASLR are not enabled. In the .atp case an exception handler can be overwritten on the stack, and most registers can be trivially overwritten.
Zero Day Initiative Advisory 11-037 - Zero Day Initiative Advisory 11-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The specific flaw exists within the ScheduleTask method exposed by the IMAdminSchedTask.asp page hosted on the web interface. This function does not properly sanitize user input from a POST variable before passing it to an eval call. An attacker can abuse this to inject and execute arbitrary ASP under the context of the user visiting the malicious link.
SSLSmart - Smart SSL Cipher Enumeration - Whitepaper called SSLSmart - Smart SSL Cipher Enumeration. This document focuses on the SSLSmart tools uses and applications.
SSLSmart SSL Testing Tool 1.0 - SSLSmart is an open source, highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed by initiating only an SSL socket connection with one cipher suite at a time, an inefficient approach that leads to false positives and often does not provide a clear picture of the true vulnerability of the server. SSLSmart is designed to combat these shortcomings.
Zero Day Initiative Advisory 11-036 - Zero Day Initiative Advisory 11-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is not required to exploit this vulnerability. The flaw exists within the db2dasrrm component which listens by default on TCP port 524. When allocating a buffer within receiveDASMessage a user supplied length is used as a parameter to malloc(). This buffer is later copied into without any bounds checking and can be made to overflow. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the das user user.
Netbios Share Scanner 0.3 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
Clam AntiVirus Toolkit 0.97rc - Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
Zero Day Initiative Advisory 11-035 - Zero Day Initiative Advisory 11-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the db2dasrrm process responsible for handling queries to the com.ibm.db2.das.core.DasSysCmd function. While processing a request, the username supplied is copied into a fixed-length stack buffer. By providing a large enough string the copy operation can overflow leading to remote code execution.
Zero Day Initiative Advisory 11-034 - Zero Day Initiative Advisory 11-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Performance Insight Server. Authentication is not required to exploit this vulnerability. The specific vulnerability is due to a hidden account present within the com.trinagy.security.XMLUserManager Java class. Using this account a malicious user can access the com.trinagy.servlet.HelpManagerServlet class. This is defined within the piweb.jar file installed with Performance Insight. This class exposes a doPost() method which an attacker can use to upload malicious files to the server. Accessing these files can then lead to arbitrary code execution under the context of the SYSTEM user.
Packetstorm Tools
Netbios Share Scanner 0.3 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
GetHTTPStatus Scanning Script - GetHTTPStatus is a simple python script that scans a set of provided URLs and returns the status codes provided. It has the ability to use cookies if needed.
NIELD (Network Interface Events Logging Daemon) 0.10 - Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), route, FIB rules.
Nmap Port Scanner 5.50 - Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
Packet Fence 2.0.1 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
OATH Toolkit 1.4.5 - The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
Netbios Share Scanner 0.2 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
Malmon Detection Tool 0.1b - Malmon is a real-time exploit/backdoor detection tool for Linux that audits the integrity of files in a given directory.
Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20110119 - Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20110119 - Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
A keylogger sometimes called a spying software is a small program which is used to monitor a local or a Remote PC, Keyloggers now a days are so easy to use that a person with even a basic knowledge of computers can use keylogger.Once a keylogger is installed in your computer it can monitor each and every keystroke typed on your computer, thus you can see how dangerous a keylogger can be. Types of Keylogger
There are two types of Keyloggers:
1.Hardware keylogger 2.Software keylogger
Hardware keyloggers are rarely used now a days since you can monitor a Remote computer, Software keyloggers are the most widely used keyloggers as some of them support remote installaiton which means that you can monitor any computer anywhere in the World.
Can the victim detect it's presence once keylogger is installed in his/her computer?
Well it's really difficult for the victim to detect keylogger's presence as it runs in complete stealth mode, It hides it self from task manager, startup etc
Can I the victim trace you back?
Once the keylogger is installed, I think it's almost impossible for the victim to trace you back
How can I protect my self from keylogger?
A simple keylogger can be detected by even a lame antivirus, but sometimes the attacker can use methods like Crypting,Binding,Hexing etc, that make it harder for the Antivirus to detect the keylogger. So to counter that you should use a piece of software called sandboxie, Sandboxie runs the choosen computer program in an Isolated space so if the file you receive is a keylogger, You need no to worry because it won't affect your other programs, Firefox users can use the free version of keyscrambler which encrypts each and every keystrokes you type, so even if a keylogger is installed in your computer, You need not to worry as the attacker will receive the encrypted keystroke
Which Keylogger is the best?
With my experience of more than 4 years in the field of Ethical Hacking and security I suggest only two keyloggers which I think are best and have a comparatively low antivirus detection rate:
1.Sniperspy 2.Winspy
How do I find if a file is binded with a keylogger?
Keylogger can be binded with almost any file so how do you know if the file is binded?, You can use Bintext or Hex editor to find out, But Bintext and Hex editing method do not work effectively if the server is crypted so alternatively there is a great piece of software named asas "Resource hacker" that can tell you if the file is binded or not
THIS SPACE IS AVAILABLE FOR ADVERTISING!!!
CONTACT US : ads.hackinverse@gmail.com
Ask Us!!!
Want help! R u frustrated with the working of your system ? Searching for tweaks regarding Windows n Linux ? Want to know about things which are new to you ?
If Yes! we will help u. u can send ur queries at hackinverse@gmail.com
0
comments
In the last period of time malware authors started focusing more and more on exploiting Adobe Reader (and ultimately users computers) via maliciously crafted documents. And vulnerabilities in Adobe Reader have been quite a few lately.
