RSS
Loading...

Adobe Reader > MAY DOOM YOU

0 comments

In the last period of time malware authors started focusing more and more on exploiting Adobe Reader (and ultimately users computers) via maliciously crafted documents. And vulnerabilities in Adobe Reader have been quite a few lately.
Adobe Reader oriented attack was also the malicious injection on my last hosting service…

In the recent issue of (in)SECURE Magazine, namely issue 21, there is an article named “Malicious PDF: Get owned without opening” by Didier Stevens which shown an exploit in an Adobe Reader filter which made possible successful exploitation without file opening.

When a PDF document is listed in a Windows Explorer window, the PDF column handler shell extension will be called by Windows Explorer when it needs the additional column info. The PDF column handler will read the PDF document to extract the necessary info, like the Title, Author, etc. (…) Under the right circumstances, a Windows Explorer Shell Extension will read the PDF document to provide extra information, and in doing so, it will execute the buggy code and trigger the vulnerability
Other ways how the exploit could be launched (from the explorer window) where by: selecting the pdf (left click), hovering over it and changing the folder view to “Thumbnail”.

 All these previous exploitation scenarios required minimal user interaction, but the author had another card in his pocket. The JBIG2Decode vulnerability could be exploited by the Windows Indexing Service alone, the only difference being that this way the exploit would run with less privileges; namely with Local System ones…

There you have it, another reason to switch to a pdf reader alternative.
UPDATE: a resourceful article about pdf exploitation can be found here.


Hack Tools/Exploits

0 comments
Astalavista Tools and Utilities
  1. Passwords are DEAD! (Long live passwords?) - Following a brief history and definition of passwords, this paper will show three properties of passwords that render passwords risky or unsuitable for use.
  2. A Concept for Universal Identification - The goal of this paper is to provide a detailed look at a new perspective for a unified, secure and consolidated form of personal identification. The advanced yet inexpensive technology exists today to step up modern identification to the next level.
  3. Biometrics and User Authentication - The purpose of this paper will be to look at the use of biometrics technology to determine how secure it might be in authenticating users, and how the users job function or role would impact the authentication process or protocol. We will also examine personal issues of privacy in the methods used for authentication; the cost of implementing a biometrics authentication system; the efficiency of biometrics authentication; and the potential for false positive or negative recognition of individual users.
  4. Authentication and Authorization: The Big Picture with IEEE 802.1X - This paper explores how Auth-x brings authentication and authorization down to a port level, enabling true privilege-based management of network services.
  5. SSLSmart - Smart SSL Cipher Enumeration - Whitepaper called SSLSmart - Smart SSL Cipher Enumeration. This document focuses on the SSLSmart tools uses and applications.
  6. Microsoft Excel Spreadsheets Expose User PIN Used For Confidential/Secure Printing - Whitepaper called Microsoft Excel Spreadsheets Expose User PIN Used For Confidential/Secure Printing.
  7. Antivirus / Firewall Evasion Techniques : Evolution of Download Deploy Shellcode - Whitepaper called Antivirus / Firewall Evasion Techniques : Evolution of Download Deploy Shellcode.
  8. Effectiveness of Antivirus in Detecting Web Application Backdoors - Whitepaper called Effectiveness of Antivirus in Detecting Web Application Backdoors.
  9. Netbios Share Scanner 0.3 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
    Changes: IP mask and range support.
  10. GetHTTPStatus Scanning Script - GetHTTPStatus is a simple python script that scans a set of provided URLs and returns the status codes provided. It has the ability to use cookies if needed.

Packetstorm Last 10 Files

  1. Core Security Technologies Advisory 2010-1001 - Core Security Technologies Advisory - There are stack overflows on WebEx that can be exploited by sending maliciously crafted .atp and .wrf files to a vulnerable WebEx user. When opened, these files trigger a reliably exploitable stack based buffer overflow. Code execution is trivially achieved on the .wrf case because WebEx Player allocates a function pointer on the stack that is periodically used in what seems to be a callback mechanism, and also because DEP and ASLR are not enabled. In the .atp case an exception handler can be overwritten on the stack, and most registers can be trivially overwritten.
  2. Zero Day Initiative Advisory 11-037 - Zero Day Initiative Advisory 11-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The specific flaw exists within the ScheduleTask method exposed by the IMAdminSchedTask.asp page hosted on the web interface. This function does not properly sanitize user input from a POST variable before passing it to an eval call. An attacker can abuse this to inject and execute arbitrary ASP under the context of the user visiting the malicious link.
  3. SSLSmart - Smart SSL Cipher Enumeration - Whitepaper called SSLSmart - Smart SSL Cipher Enumeration. This document focuses on the SSLSmart tools uses and applications.
  4. SSLSmart SSL Testing Tool 1.0 - SSLSmart is an open source, highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed by initiating only an SSL socket connection with one cipher suite at a time, an inefficient approach that leads to false positives and often does not provide a clear picture of the true vulnerability of the server. SSLSmart is designed to combat these shortcomings.
  5. Zero Day Initiative Advisory 11-036 - Zero Day Initiative Advisory 11-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is not required to exploit this vulnerability. The flaw exists within the db2dasrrm component which listens by default on TCP port 524. When allocating a buffer within receiveDASMessage a user supplied length is used as a parameter to malloc(). This buffer is later copied into without any bounds checking and can be made to overflow. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the das user user.
  6. Netbios Share Scanner 0.3 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
  7. CMS WebManager-Pro 7.4.3 Code Execution / Cross Site Request Forgery - CMS WebManager-Pro version 7.4.3 suffers from code execution and cross site request forgery vulnerabilities.
  8. Clam AntiVirus Toolkit 0.97rc - Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
  9. Zero Day Initiative Advisory 11-035 - Zero Day Initiative Advisory 11-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the db2dasrrm process responsible for handling queries to the com.ibm.db2.das.core.DasSysCmd function. While processing a request, the username supplied is copied into a fixed-length stack buffer. By providing a large enough string the copy operation can overflow leading to remote code execution.
  10. Zero Day Initiative Advisory 11-034 - Zero Day Initiative Advisory 11-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Performance Insight Server. Authentication is not required to exploit this vulnerability. The specific vulnerability is due to a hidden account present within the com.trinagy.security.XMLUserManager Java class. Using this account a malicious user can access the com.trinagy.servlet.HelpManagerServlet class. This is defined within the piweb.jar file installed with Performance Insight. This class exposes a doPost() method which an attacker can use to upload malicious files to the server. Accessing these files can then lead to arbitrary code execution under the context of the SYSTEM user.

Packetstorm Tools

  1. Netbios Share Scanner 0.3 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
  2. GetHTTPStatus Scanning Script - GetHTTPStatus is a simple python script that scans a set of provided URLs and returns the status codes provided. It has the ability to use cookies if needed.
  3. NIELD (Network Interface Events Logging Daemon) 0.10 - Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), route, FIB rules.
  4. Nmap Port Scanner 5.50 - Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
  5. Packet Fence 2.0.1 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
  6. OATH Toolkit 1.4.5 - The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
  7. Netbios Share Scanner 0.2 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
  8. Malmon Detection Tool 0.1b - Malmon is a real-time exploit/backdoor detection tool for Linux that audits the integrity of files in a given directory.
  9. Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20110119 - Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
  10. Tor-ramdisk i686 UClibc-based Linux Distribution x86 20110119 - Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Packetstorm Exploits

  1. CMS WebManager-Pro 7.4.3 Code Execution / Cross Site Request Forgery - CMS WebManager-Pro version 7.4.3 suffers from code execution and cross site request forgery vulnerabilities.
  2. Joomla Clan Members SQL Injection - The Joomla Clan Members component suffers from a remote SQL injection vulnerability.
  3. AOL 9.5 .rtx Local Buffer Overflow - AOL version 9.5 suffers from a .rtx buffer overflow vulnerability.
  4. NetZip Classic Buffer Overflow - NetZip Classic version 7.5.1.86 suffers from a buffer overflow vulnerability.
  5. Joomla VirtueMart 1.1.6 Blind SQL Injection - Joomla VirtueMart component versions 1.1.6 and below suffer from a remote blind SQL injection vulnerability.
  6. eSyndiCat Directory Software Cross Site Scripting - eSyndiCat Directory Software versions 2.2 and 2.3 suffer from a cross site scripting vulnerability.
  7. SDP Downloader Buffer Overflow - SDP Downloader http_response remote buffer overflow exploit.
  8. Joomla Front End User Access Local File Inclusion - The Joomla Front End User Access component suffers from a local file inclusion vulnerability.
  9. Harvard.edu Local File Inclusion - www.hcs.harvard.edu appears to suffer from a local file inclusion vulnerability.
  10. Maxthon Browser 3.0.20.1000 Denial Of Service - Maxthon Browser version 3.0.20.1000 .ref .replace denial of service exploit.

Securiteam Exploits

  1. Symantec Web Gateway Management Interface USERNAME Blind SQL Injection Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway.
  2. HP-UX Running Java Runtime Environment (JRE) or Java Developer Kit (JDK) Multiple Vulnerabilities - Remote execution of arbitrary code, disclosure of information and other vulnerabilities affecting HP-UX.
  3. RealNetworks RealPlayer MLTI Stream Number Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
  4. Apple QuickTime PICT File PackBits Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime.
  5. Apple QuickTime PICT directBitsRect Pack3 Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime.
FEEL FREE TO COMMENT....



KEY-LOGGERS FAQ

0 comments
A keylogger sometimes called a spying software is a small program which is used to monitor a local or a Remote PC, Keyloggers now a days are so easy to use that a person with even a basic knowledge of computers can use keylogger.Once a keylogger is installed in your computer it can monitor each and every keystroke typed on your computer, thus you can see how dangerous a keylogger can be.
Types of Keylogger

There are two types of Keyloggers:

1.Hardware keylogger
2.Software keylogger

Hardware keyloggers are rarely used now a days since you can monitor a Remote computer, Software keyloggers are the most widely used keyloggers as some of them support remote installaiton which means that you can monitor any computer anywhere in the World.


Can the victim detect it's presence once keylogger is installed in his/her computer?

Well it's really difficult for the victim to detect keylogger's presence as it runs in complete stealth mode, It hides it self from task manager, startup etc

Can I the victim trace you back?

Once the keylogger is installed, I think it's almost impossible for the victim to trace you back

How can I protect my self from keylogger?

A simple keylogger can be detected by even a lame antivirus, but sometimes the attacker can use methods like Crypting,Binding,Hexing etc, that make it harder for the Antivirus to detect the keylogger. So to counter that you should use a piece of software called sandboxie, Sandboxie runs the choosen computer program in an Isolated space so if the file you receive is a keylogger, You need no to worry because it won't affect your other programs, Firefox users can use the free version of keyscrambler which encrypts each and every keystrokes you type, so even if a keylogger is installed in your computer, You need not to worry as the attacker will receive the encrypted keystroke


Which Keylogger is the best?

With my experience of more than 4 years in the field of Ethical Hacking and security I suggest only two keyloggers which I think are best and have a comparatively low antivirus detection rate:

1.Sniperspy
2.Winspy


How do I find if a file is binded with a keylogger?

Keylogger can be binded with almost any file so how do you know if the file is binded?, You can use Bintext or Hex editor to find out, But Bintext and Hex editing method do not work effectively if the server is crypted so alternatively there is a great piece of software named asas "Resource hacker" that can tell you if the file is binded or not



>>FEEL FREE TO COMMENT
ANY MORE QUESTIONS..ASK US..


Wikileaks- will the whistle blower now blow India?

0 comments
The dirty game is on both on the shelf and of the shelf.
With the arrest of wikileaks founder in London has arouse a tremor both in the cyberspace and in the real world . The whistle blower has really brought u a big issue in front now. The website has brought out many classified documents infront of public  and exosed the other face of the "big brother".
WikiLeaks has been under intense pressure since it began publishing some 250,000 secret U.S. diplomatic cables, with attacks on its websites and threats against its founder, Julian Assange, who is now in a British jail fighting extradition to Sweden on sex crime allegations.


Google Vulnerability Reward Program

0 comments
Back in January of this year, the Chromium open source project launched a well-received vulnerability reward program. In the months since launch, researchers reporting a wide range of great bugs have received rewards — a small summary of which can be found in the Hall of Fame. They’ve seen a sustained increase in the number of high quality reports from researchers, and their combined efforts are contributing to a more secure Chromium browser for millions of users.


DOWNLOAD!! UR ENTIRE FACEBOOK HISTORY

0 comments
Now it is possible to download every single bit of information you have put on Facebook, including pictures, status updates, events and messages. This is undoubtedly the control many users have been looking for, and provides a nice “grab and go” option for those fed up with the service.
The feature should have rolled out to most accounts by now, but if it’s still not working for you then you’ll just have to be patient and wait your turn.


Popular sites caught sniffing user browser history

0 comments
This summary is not available. Please click here to view the post.


How to disable or enable USB port or device

0 comments
USB Devices are portable enough to carry the data from one computer to another , It is always risky to enable USB ports of computers in large organizations , data center and cyber cafes since it can be the gateway for virus and malwares. You can disable or enable USB port or device in three ways

Enable / Disable USB port and device in BIOS
It can be enabled or disabled in BIOS where the peripheral device setting is configured. While booting the system you will be getting an option to configure BIOS settings. But only problem is you will not be able to use those USB ports for any purpose like connecting USB keyboards or mouse or any devices.
Enable / Disable USB port and device using registry hack in windows
Another effective way to enable or disable USB port or device is to hack registry entry in windows , it will allow you to use your USB port for other functions like connecting keyboard or mouse but you can restrict the data storage through USB port


A. Click on Start –> Run –> regedit [enter]
B. Search for the key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor



“h4x0r 1n m3″ – Developing a Hacker’s Behaviour

0 comments
To obtain the status of a Hacker, You Have To Want It, and You Have To Earn It. It is not something that can really be taught, it is only something you can learn for yourself, although I can attempt to help guide you.

Although hackers are substantially different people with unique personalities, they mysteriously all seem to lead similar lifestyles.

 Dressing Style: Clothes can range from your typical nerdy suit with pocket protectors and suspenders as if their mom still dresses them, to a gothic/techno-rave homemade looking getup. Considering the fact that hackers exist all over the world, you can’t really place their style of clothing into a particular group; the most famous however is hoodies and shades, kind of like a gangster as it makes one appear very incognito (even though the paleness from lack of sunlight gives them away).


Linux isn’t exactly the same as Windows.

0 comments
You’d be amazed how many people make this complaint. They come to Linux, expecting to find essentially a free, open-source version of Windows. Quite often, this is what they’ve been told to expect by over-zealous Linux users. However, it’s a paradoxical hope.

The specific reasons why people try Linux vary wildly, but the overall reason boils down to one thing: They hope Linux will be better than Windows. Common yardsticks for measuring success are cost, choice, performance, and security. There are many others. But every Windows user who tries Linux, does so because they hope it will be better than what they’ve got.
Therein lies the problem.
It is logically impossible for any thing to be better than any other thing whilst remaining completely identical to it. A perfect copy may be equal, but it can never surpass. So when you gave Linux a try in hopes that it would be better, you were inescapably hoping that it would be different. Too many people ignore this fact, and hold up every difference between the two OSes as a Linux failure.


 
Copyright © 2010 | Flash News Converted into Blogger Template by HackTutors