All posts by Darknet

CHIPSEC – Platform Security Assessment Framework For Firmware Hacking

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/10/chipsec-platform-security-assessment-framework-for-firmware-hacking/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

CHIPSEC – Platform Security Assessment Framework For Firmware Hacking

CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.

It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell.

You can use CHIPSEC to find vulnerabilities in firmware, hypervisors and hardware configuration, explore low-level system assets and even detect firmware implants.

Read the rest of CHIPSEC – Platform Security Assessment Framework For Firmware Hacking now! Only available at Darknet.

How To Recover When Your Website Got Hacked

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/10/how-to-recover-when-your-website-got-hacked/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

How To Recover When Your Website Got Hacked

The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don’t know what to do, or even where to start.

Acunetix has come out with a very useful post with a checklist of actions to take and items to prepare to help you triage and react in the event of a compromise on one of your servers or websites.

Read the rest of How To Recover When Your Website Got Hacked now! Only available at Darknet.

HTTrack – Website Downloader Copier & Site Ripper Download

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/10/httrack-website-downloader-copier-site-ripper-download/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

HTTrack – Website Downloader Copier & Site Ripper Download

HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.

HTTrack Website Downloader & Site Ripper

HTTrack allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting all the HTML, images, and other files from the server to your computer.

HTTrack arranges the original site’s relative link-structure, which allows you to simply open a page of the “mirrored” website in your browser, and you can browse the site from link to link as if you were viewing it online.

Read the rest of HTTrack – Website Downloader Copier & Site Ripper Download now! Only available at Darknet.

sshLooter – Script To Steal SSH Passwords

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/10/sshlooter-script-to-steal-ssh-passwords/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

sshLooter – Script To Steal SSH Passwords

sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in rather than via strace which is not so reliable.

It also comes with an installation script install.sh to install all dependencies on a target host machine.

ssHLooter was inspired to steal SSH passwords via another script using Python to implement a PAM module to log failed attempts, the author just had to change the location where passwords were logged.

Read the rest of sshLooter – Script To Steal SSH Passwords now! Only available at Darknet.

Intercepter-NG – Android App For Hacking

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/08/intercepter-ng-android-app-for-hacking/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Intercepter-NG – Android App For Hacking

Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.

Specifically referring to Intercepter-NG Console Edition which works on a range of systems including NT, Linux, BSD, MacOSX, IOS and Android.

The Windows version is the one with the most powerful feature-set, but the Android app is fairly handy too.

Read the rest of Intercepter-NG – Android App For Hacking now! Only available at Darknet.

dcipher – Online Hash Cracking Using Rainbow & Lookup Tables

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/08/dcipher-online-hash-cracking-using-rainbow-lookup-tables/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

dcipher – Online Hash Cracking Using Rainbow & Lookup Tables

dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.

The capacity to programmatically crack passwords is also a function of the number of possible passwords per second which can be checked. If a hash of the target password is available to the attacker, this number can be in the billions or trillions per second, since an offline attack is possible.

In this case dcipher uses online hash checking services, which have extremely large Rainbow Table sets of pre-computed hashes, to rapidly find hash collisions.

Read the rest of dcipher – Online Hash Cracking Using Rainbow & Lookup Tables now! Only available at Darknet.

HTTP Security Considerations – An Introduction To HTTP Basics

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/08/http-security-considerations-an-introduction-to-http-basics/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

HTTP Security Considerations – An Introduction To HTTP Basics

HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.

HTTP is the protocol that powers the web and to penetrate via a web service it pays to have a good solid foundational understanding of HTTP, how it works and the common response codes – many of which can lead to some kind of vulnerability which is exploitable.

Read the rest of HTTP Security Considerations – An Introduction To HTTP Basics now! Only available at Darknet.

Cangibrina – Admin Dashboard Finder Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/08/cangibrina-admin-dashboard-finder-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Cangibrina – Admin Dashboard Finder Tool

Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists, Google, Nmap and robots.txt.

It is multi-threaded, supports modifying your user agent, using a TOR proxy, custom dorks, Nmap integration and can use both DuckDuckGo and Google.

Cangibrina Admin Dashboard Finder Requirements

  • Python 2.7
  • mechanize
  • PySocks
  • beautifulsoup4
  • html5lib
  • Nmap
  • TOR

Cangibrina Usage to Find Admin Dashboards

usage: cangibrina.py [-h] -u U [-w W] [-t T] [-v] [–ext EXT] [–user-agent]
[–tor] [–search] [–dork DORK] [–nmap [NMAP]]

Fast and powerful admin finder

optional arguments:
-h, –help show this help message and exit
-u U target site
-w W set wordlist (default: wl_medium)
-t T set threads number (default: 5)
-v enable verbose
–ext EXT filter path by target extension
–user-agent modify user-agent
–sub-domain search for sub domains instead of directories
–tor set TOR proxy
–search use google and duckduckgo to search
–dork DORK set custom dork
–nmap [NMAP] use nmap to scan ports and services

There are other specific tools in this area like WPScan for WordPress and DruPwn for Drupal – and in those cases the dashboard URLs are already known.

Read the rest of Cangibrina – Admin Dashboard Finder Tool now! Only available at Darknet.

Enumall – Subdomain Discovery Using Recon-ng & AltDNS

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/07/enumall-subdomain-discovery-using-recon-ng-altdns/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Enumall – Subdomain Discovery Using Recon-ng & AltDNS

Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.

This gives you the ability to run multiple domains within the same session. The tool only has one module that needs an API key (/api/google_site) find instructions for that on the recon-ng wiki.

Setting up Enumall for Subdomain Discovery

Install recon-ng from Source, clone the Recon-ng repository:

git clone https://[email protected]/LaNMaSteR53/recon-ng.git

Change into the Recon-ng directory:

cd recon-ng

Install dependencies:

pip install -r REQUIREMENTS

Link the installation directory to /usr/share/recon-ng

ln -s /$recon-ng_path /usr/share/recon-ng

Optionally (highly recommended) download:

– AltDNS
– A good subdomain bruteforce list (example here)

Create the config.py file and specify the path to Recon-ng and AltDNS as it showed in config_sample.py.

Read the rest of Enumall – Subdomain Discovery Using Recon-ng & AltDNS now! Only available at Darknet.

RidRelay – SMB Relay Attack For Username Enumeration

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/07/ridrelay-smb-relay-attack-for-username-enumeration/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

RidRelay – SMB Relay Attack For Username Enumeration

RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.

How RidRelay SMB Relay Attack Works

RidRelay combines the SMB Relay attack, common lsarpc based queries and RID cycling to get a list of domain usernames. It takes these steps:

  1. Spins up an SMB server and waits for an incoming SMB connection
  2. The incoming credentials are relayed to a specified target, creating a connection with the context of the relayed user
  3. Queries are made down the SMB connection to the lsarpc pipe to get the list of domain usernames.

Read the rest of RidRelay – SMB Relay Attack For Username Enumeration now! Only available at Darknet.

NetBScanner – NetBIOS Network Scanner

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/07/netbscanner-netbios-network-scanner/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

NetBScanner – NetBIOS Network Scanner

NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.

For every computer located by this NetBIOS scanner, the following information is displayed:

  • IP Address
  • Computer Name
  • Workgroup or Domain
  • MAC Address
  • Network adapter manufacturer (from MAC address).

NetBScanner also shows whether a computer is a Master Browser.

Read the rest of NetBScanner – NetBIOS Network Scanner now! Only available at Darknet.

Metta – Information Security Adversarial Simulation Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/06/metta-information-security-adversarial-simulation-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Metta – Information Security Adversarial Simulation Tool

Metta is an information security preparedness tool in Python to help with adversarial simulation, this can help you check various detection and control capabilities within your organisation.

This project uses Redis/Celery, python, and vagrant with virtualbox to do adversarial simulation. This allows you to test (mostly) your host based instrumentation but may also allow you to test any network based detection and controls depending on how you set up your vagrants.

Read the rest of Metta – Information Security Adversarial Simulation Tool now! Only available at Darknet.

Powershell-RAT – Gmail Exfiltration RAT

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/06/powershell-rat-gmail-exfiltration-rat/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Powershell-RAT – Gmail Exfiltration RAT

Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.

This RAT will help you during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.

It claims to not need Administrator access and is not currently detected by Anti-virus software.

Read the rest of Powershell-RAT – Gmail Exfiltration RAT now! Only available at Darknet.

SCADA Hacking – Industrial Systems Woefully Insecure

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/06/scada-hacking-industrial-systems-woefully-insecure/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

SCADA Hacking – Industrial Systems Woefully Insecure

It seems like SCADA hacking is still a topic in hacker conferences, and it should be with SCADA systems still driving power stations, manufacturing plants, refineries and all kinds of other powerful and dangerous things.

The latest talk given on the subject shows with just 4 lines of code and a small hardware drop device a SCADA based facility can be effectively DoSed by sending repeated shutdown commands to suscpetible systems.

Read the rest of SCADA Hacking – Industrial Systems Woefully Insecure now! Only available at Darknet.

airgeddon – Wireless Security Auditing Script

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/06/airgeddon-wireless-security-auditing-script/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

airgeddon – Wireless Security Auditing Script

Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.

Airgeddon Wireless Security Auditing Features

  • Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing
  • DoS over wireless networks using different methods. “DoS Pursuit mode” available to avoid AP channel hopping (available also on DoS performed on Evil Twin attacks)
  • Full support for 2.4Ghz and 5Ghz band
  • Assisted Handshake file capturing
  • Cleaning and optimizing Handshake captured files
  • Offline password decrypting on WPA/WPA2 captured files (dictionary, bruteforce and rule based) based on aircrack, crunch and hashcat tools.

Read the rest of airgeddon – Wireless Security Auditing Script now! Only available at Darknet.

Acunetix v12 – More Comprehensive More Accurate & 2x Faster

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/05/acunetix-v12-more-comprehensive-more-accurate-2x-faster/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Acunetix v12 – More Comprehensive More Accurate & 2x Faster

Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled with a new AcuSensor for Java web applications, sets Acunetix ahead of the curve in its ability to comprehensively and accurately scan all types of websites.

With v12 also comes a brand new scanning engine, re-engineered and re-written from the ground up, making Acunetix the fastest scanning engine in the industry.

Read the rest of Acunetix v12 – More Comprehensive More Accurate & 2x Faster now! Only available at Darknet.

CloudFrunt – Identify Misconfigured CloudFront Domains

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/05/cloudfrunt-identify-misconfigured-cloudfront-domains/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

CloudFrunt – Identify Misconfigured CloudFront Domains

CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions. This effectively allows for domain hijacking.

How CloudFrunt Works For Misconfigured CloudFront

CloudFront is a Content Delivery Network (CDN) provided by Amazon Web Services (AWS). CloudFront users create “distributions” that serve content from specific sources (an S3 bucket, for example).

Each CloudFront distribution has a unique endpoint for users to point their DNS records to (ex.

Read the rest of CloudFrunt – Identify Misconfigured CloudFront Domains now! Only available at Darknet.

Airbash – Fully Automated WPA PSK Handshake Capture Script

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/05/airbash-fully-automated-wpa-psk-handshake-capture-script/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Airbash – Fully Automated WPA PSK Handshake Capture Script

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP).

Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng.

Read the rest of Airbash – Fully Automated WPA PSK Handshake Capture Script now! Only available at Darknet.

XXEinjector – Automatic XXE Injection Tool For Exploitation

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/05/xxeinjector-automatic-xxe-injection-tool-for-exploitation/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

XXEinjector – Automatic XXE Injection Tool For Exploitation

XXEinjector is a Ruby-based XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications and the brute forcing method needs to be used for other applications.

Usage of XXEinjector XXE Injection Tool

XXEinjector actually has a LOT of options, so do have a look through to see how you can best leverage this type of attack. Obviously Ruby is a prequisite to run the tool.

Read the rest of XXEinjector – Automatic XXE Injection Tool For Exploitation now! Only available at Darknet.

Yahoo! Fined 35 Million USD For Late Disclosure Of Hack

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/05/yahoo-fined-35-million-usd-for-late-disclosure-of-hack/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Yahoo! Fined 35 Million USD For Late Disclosure Of Hack

Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 years delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public – Massive Yahoo Hack – 500 Million Accounts Compromised.

Yahoo! has been having a rocky time for quite a few years now and just recently has sold Flickr to SmugMug for an undisclosed amount, I hope that at least helps pay off some of the fine.

Read the rest of Yahoo! Fined 35 Million USD For Late Disclosure Of Hack now! Only available at Darknet.