Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Software Release
DDOS Tools Software Release

HULK - Web Server DoS Tool

Barry Shteiman, a principal security engineer at Imperva, has released a Python-based web server denial-of-service (DOS) tool called HULK (Http Unbearable Load King).

HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

Some Techniques
  • Obfuscation of Source Client – this is done by using a list of known User Agents, and for every request that is constructed, the User Agent is a random value out of the known list
  • Reference Forgery – the referer that points at the request is obfuscated and points into either the host itself or some major prelisted websites.
  • Stickiness – using some standard Http command to try and ask the server to maintain open connections by using Keep-Alive with variable time window
  • no-cache – this is a given, but by asking the HTTP server for no-cache , a server that is not behind a dedicated caching service will present a unique page.
  • Unique Transformation of URL – to eliminate caching and other optimization tools, I crafted custom parameter names and values and they are randomized and attached to each request, rendering it to be Unique, causing the server to process the response on each event.
More details can be found here.

Read more »
Web Application Scanner
Software Release Web Application Scanner

Web-Sorrow v1.3.6 : a remote web scanner

A perl based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. I will build more Functionality in the future. what is's NOT: Vulnerably scanner, inspection proxy, DDoS tool, exploitation framework. It's entirely focused on Enumeration and collecting Info on the target server.


CURRENT functionality:

-S - stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language detection (should be obvious), robots.txt, and 200 response testing (some servers send a 200 ok for every req)

-auth - looks for login pages with a list of some of the most common login files and dirs and admin consoles. don't need to be very big list of URLs because what else are going to name it? notAlogin.php???

-Cp - scan with a huge list of plugins dirs. the list is a bit old (2010)

-I - searches the responses for interesting strings

-Ws - looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info

-Fd - look for generally things people don't want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting.

-Fp - FingerPrint server based on behavior (unrefined as of yet)

-ninja - A light weight and undetectable scan that uses bits and peaces from other scans

-Sd - BruteForce Sub Domains

-Db - BruteForce Directories with the big dirbuster Database

-ua - use a custom UserAgent. PUT UA IN QUOTES if theres spaces

-proxy - send all http reqs via a proxy. example: 255.255.255.254:8080

-e - run all the scans in the tool

web-sorrow also has false positives checking on most of it's requests (it pretty accurate but not perfect)

EXAMPLES:

basic: perl Wsorrow.pl -host scanme.nmap.org -S

look for login pages: perl Wsorrow.pl -host 192.168.1.1 -auth

CMS intense scan: perl Wsorrow.pl -host 192.168.1.1 -Ws -Cp all -I

most intense scan possible: perl Wsorrow.pl -host 192.168.1.1 -e -ua "I come in peace"

Download it from here:
http://code.google.com/p/web-sorrow/downloads/list
Read more »
DDOS Attacks
Anonymous Hackers Anti Anonymous DDOS Attacks

Anti-Anonymous hacker takes credit for The Pirate Bay DDoS attack

After 72 hours of being hit with a massive Distributed Denial of Service (DDoS) attack, the Pirate Bay is back and Wikileaks are back to online. An Anonymous hater who goes by the name AnonNyre took credit for the attack.

It was initially thought that the hacktivist group Anonymous is responsible for the attack , because The Pirate Bay openly criticized Anonymous' DDoS attacks against Virgin Media, a UK ISP that blocked access to the popular torrent site.But Anonymous denied it, and The Pirate Bay confirmed that they were not on its Facebook page.

Now, an Anonymous hater has claimed he is behind the attack.

" You must be wondering why did I attacked The Pirate Bay.. I am Nyre. I am highly against Anonymous. I do not support Anonymous anymore. I sometimes help the feds. The Pirate Bay was a press-release website for Anonymous, then I had a idea, why not take it down? Why not make it impossible for Anonymous? " Hacker explained in the pastebin.

Hacker doesn't doesn’t mention anything about Wikileaks, which was also under a DDoS attack, and for much longer. Now, The Pirate Bay and Wikileaks are back online.
Read more »
XSS Vulnerability
XSS Vulnerability

xss vulnerability found in more than 120 sites

Indian hacker Akshay discovered XSS vulnerability in more than 100 websites and listed the POC in tinypaste.

The vulnerable sites includes IndiaTimes,wikia.com, seagate, placementindia. After analyzing the paste, most of the sites are subdomain of wikia website.

Some other sites that are vulnerable to xss attack are dialabook.in, junglee.com, antya.com,t3.com,independent.co.uk

In past, he found xss vulnerability in lot of high profile sites.

http://pastebin.com/tLXTZDvP
Read more »
Nyro Hacker
Nyro Hacker

5 sites hacked by nyro hacker and shorty 420 from indian cyber pirates

5 sites hacked by nyro hacker and shorty 420 from indian cyber pirates.
list of defaced sites and mirrors given below

sites
http://education4students.com/
http://royalstandardevents.com/
http://www.berthuriel.com/
http://singleserve-coffemachines.com/
http://healingmybrokenheart.com/

Mirrors
http://arab-zone.net/mirror/89784/healingmybrokenheart.com/
http://arab-zone.net/mirror/89783/berthuriel.com/
Read more »
Anonymous Hackers
Anonymous Hackers

Anonymous take down Department of Telecomm & other Govt. sites : #opindia

 

Anonymous hackers launched cyber attack against the Indian Government sites to protest Internet Censorship.

Hackers take down the site of Department of Telecomm(dot.gov.in) & copyrightlabs.in All India Congress Committee ( aicc.org.in) , Indian Supreme court(supremecourtofindia.nic.in).

Indian Internet service providers (ISP) have started timidly with torrent sites, Vimeo and Pastebin, but now they’ve extended the blockades to DailyMotion, and even Xmarks, a harmless bookmark sync service.

“Namaste India - We see you've met some of the #Anonymous battle fleet's infamous cannon fire. Tsk tsk for censoring #TPB & others. ,” Anonymous hacktivists wrote on Twitter.
Read more »
Malware Report
Malware Report

Worm distributed via Facebook PMs and Instant Messengers(IM)

Trend Micro researchers recently received a report about the malicious link distributed via Facebook Private messages. A shortened URL pointing to an archive file called "May09-Picture18.JPG_www.facebook.com.zip".

This archive contains a malicious file named “May09-Picture18.JPG_www.facebook.com” and uses the extension “.COM”(an executable file format).

Once executed, this malware terminates services and processes related to antivirus software, effectively disabling AV software from detection or removal of the worm.


Trend Micro solution detect this malware as WORM_STECKCT.EVL. this worm downloads and executes another worm, one detected as WORM_EBOOM.AC.


WORM_EBOOM.AC is capable of monitoring an affected user’s browsing activity such as message posting, deleted posted messages and private messages sent on the following websites such as Facebook, Myspace, Twitter, WordPress, and Meebo. It is also capable of spreading through the mentioned sites by posting messages containing a link to a copy of itself.

"Facebook and IM applications are tools to share and connect. Cybercriminals’ use of these tools is nothing new, but there are users who fall prey to these schemes. We recommend users to be conscious with their online behavior, in particular on social media sites." The Trend Micro report reads.
Read more »
Security News
Security News

Sophos released Free AntiVirus application for Android

Sophos have published a mobile security for Android after they found that 39% of its users are using smartphone running Android.

Sophos Mobile Security is avialable in Google Play as a Beta version.

what does this app actually do?
  • Scans apps you install to ensure they don’t contain malicious code
  •  Scans previously installed apps both on your device or on an SD card
  •  Gray-lists apps which could pose a potential threat
  •  Uses our SophosLabs threat intelligence from the cloud with up-to-the-minute information.
  • Lock or locate a device which is lost or stolen
  •  Performs a remote lock on any Android device which you have lost or stolen
  •  Uses tracking technology to attempt to find your device (optional feature)
  • Use our Privacy Advisor to stay safe
  •  Detect apps which access personal data such as your address book or your short messages
  •  Lets you easily identify apps which could create costs by sending text message or making calls
Requested permissions:
  • SEND SMS MESSAGES: When you do a remote lock or locate, the app sends a confirmation that thelock was successful or an SMS with the position (latitude/longitude) of your device.
  • READ CONTACT DATA: Access to contacts is required as you can specify which other phone numbers you want to use to remotely lock/locate your missing Android device. This permission allows you to choose those numbers from your contacts.

The Sophos mobile security[BETA] detects even the recent fake anti-virus nasty, which attempts to send expensive SMS messages to premium-rate services .

Read more »
Security News
Security News

More than 600 High profile sites listed in Google malware blacklist

Google safe browsing is one of the most popular malware blacklist. While visiting an infected site , browser such as Firefox , chrome, safari displays malware warning based on the Google blacklist. The service is very helpful for internet users to stay secure. But, what happens when a legitimate site infected? It is nightmare for legitimate sites when they blacklisted. If Google display a warning message , it results in loss of traffic and reputation.

Zscaler researcher have scanned the top 1 million websites according to alexa rank. He found that more than 600 websites has been blacklisted by google.

The high profile site such as totalpad.com, creativebookmark.com,subtitleseeker.com, has been compromised to serve malicious contents.



According to the report, Most of the blacklisted sites are hosted in the US. Western Europe (especially Germany, France and the Netherlands) is number two, followed by China (8%).
Read more »
Database Leaked
Database Leaked

Arizona State Legislature website (azleg.gov) hacked by MalSec

 Hackers from Malicious Security, or MalSec, have managed to breach the systems of the Arizona State Legislature (azleg.gov), leaking more than 300 record sets from a table called “standing transactions.”

The data consists of bill numbers, descriptions, document names, document types, FTP URLs, HTTP URLs, session IDs and other information.

While this may not exactly look like sensitive data, the hackers also leaked a couple of user names, IDs, and their associated passwords (in clear text.)

According to the message posted by the hackers, this breach is a form of protest against the US government.

[Expletive] u, and [expletive] ur gov! We still are Anonymous! We do not forgive. We do not forget! U should have expected us!” they wrote next to the data dump.
Read more »
UGNazi
Database Leaked UGNazi

Government of Anguilla Hacked By #UGNazi Hackers Team

The Hackers group "UGNazi", break into the Government of Anguilla website (www.gov.ai).  The attack carried out and announced by @UG.

Hacker dumped the database details in the pastebin(http://pastebin.com/Bm46PQZL).

The leaked data contains server/network information and contains user and administration details including email id, username, encrypted passwords.

The user accounts appear to belong to different divisions of the government as well as some other sites and providers as well.



"By trusting any government is the same as working for the CIA for the USA, We distrust every form of government in the world." – UGNazi Hackers said.

Hackers also claimed in the twitter that cia.gov and visa.com is down.
Read more »
Subscribe to: Comments (Atom)