Thursday, February 24, 2011

Spyware compromises 150,000+ Symbian devices

A new variant of spyware "Spy.Felxispy" on Symbian devices causing privacy leakage has recently been captured by the National Computer Virus Emergency Response Centre of China.

According to NetQin Mobile, there are more than a dozen variants of the spyware since the first was spotted, and the latest has affected 150,000+ devices.

Once installed, the spyware will turn on the Conference Call feature of the device without users' awareness. When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation.

"The Conference Call feature allows more than two parties to join a conversation, and it's easily available to most smart-phone users. The privacy stealers exploit the vulnerability of this feature for financial purposes. The privacy protection on mobile devices becomes more important than ever," said Dr. Zou Shihong, Vice President of R&D from NetQin.

NetQin Cloud Security Centre detects that the spyware can remotely turn on the speaker on the phone to monitor sounds around users without the users' awareness. Apart from that, the spyware is also capable of synchronizing the messages the user received and delivered to the monitoring phone. These performances will compromise users' privacy.

The privacy stealers usually install the spyware on the phone or send MMS containing the spyware to users to lure them to click. As the spyware is artfully disguised, users will easily be trapped.

NetQin warns that smart-phone users are exposed to more mobile security threats than ever and users should always be cautious whenever performing operations on their mobile devices.

To stay safe, NetQin experts give the following tips in using your phone:

1. Never click open MMS from unknown numbers as they may get your phone infected. Instead, delete them upon receipt.
2. Be on alert for unusual behavior on your phone, such as unusual SMS.
3. Don't leave your phone out of your sight in public environments.
4. Install a trusted security application to protect your phone from security threats.

Article taken from HELP NET SECURITY

Arachni v0.2.2.1 is out!

Updated: Added link to CDE package.
Update #2: Watch the new WebUI v0.1-pre screencast on Vimeo.

Hello good people,
I’m very glad to announce the release of the v0.2.2.1 version of the Arachni framework which bears a lot of new features, improvements, optimizations and a brand new, although experimental, Web user interface.
There are new plugins, new modules, new system components, support for high-level meta-analysis using meta-module components, a brand new HTML report and much more.
Acknowledgements

Before continuing, I’d like to thank all the people who helped make this release as good as it turned out to be.
First and foremost, I’d like to thank Christos Chiotis (of Survive the Internet ) for volunteering his time, designer talent and good taste in order to create the new HTML scan report.
I’d also like to thank Matt and Michelangelo for their relentless testing and plethora of feature suggestions.

If you don’t feel like installing anything at all you can download the self-contained Linux CDE package from the downloads section.
The CDE package will allow you to run Arachni out of the box without requiring installation or any sort of root access.
ChangeLog
- Web UI v0.1-pre (Utilizing the Client - Dispatch-server XMLRPC architecture) (New)
   - Basically a front-end to the XMLRPC client
   - Support for parallel scans
   - Report management
   - Can be used to monitor and control any running Dispatcher
- Changed classification from "Vulnerabilities" to "Issues" (New)
- Improved detection of custom 404 pages.
- Reports updated to show plug-in results.
- Updated framework-wide cookie handling.
- Added parameter flipping functionality ( cheers to Nilesh Bhosale )
- Major performance optimizations (4x faster in most tests)
   - All modules now use asynchronous requests and are optimized for highest traffic efficiency
   - All index Arrays have been replaced by Sets to minimize look-up times
   - Mark-up parsing has been reduced dramatically
   - File I/O blocking in modules has been eliminated
- Crawler
   - Improved performance
   - Added '--spider-first" option  (New)
- Substituted the XMLRPC server with an XMLRPC dispatch server  (New)
   - Multiple clients
   - Parallel scans
   - Extensive logging
   - SSL cert based client authentication
- Added modules  (New)
   - Audit
      - XSS in event attributes of HTML elements
      - XSS in HTML tags
      - XSS in HTML 'script' tags
      - Blind SQL injection using timing attacks
      - Blind code injection using timing attacks (PHP, Ruby, Python, JSP, ASP.NET)
      - Blind OS command injection using timing attacks (*nix, Windows)
   - Recon
      - Common backdoors    -- Looks for common shell names
      - .htaccess LIMIT misconfiguration
      - Interesting responses   -- Listens to all traffic and logs interesting server messages
      - HTML object grepper
      - E-mail address disclosure
      - US Social Security Number disclosure
      - Forceful directory listing
- Added plugins  (New)
   - Dictionary attacker for HTTP Auth
   - Dictionary attacker for form based authentication
   - Cookie collector    -- Listens to all traffic and logs changes in cookies
   - Healthmap -- Generates sitemap showing the health of each crawled/audited URL
   - Content-types -- Logs content-types of server responses aiding in the identification of interesting (possibly leaked) files
   - WAF (Web Application Firewall) Detector
   - MetaModules -- Loads and runs high-level meta-analysis modules pre/mid/post-scan
      - AutoThrottle -- Dynamically adjusts HTTP throughput during the scan for maximum bandwidth utilization
      - TimeoutNotice -- Provides a notice for issues uncovered by timing attacks when the affected audited pages returned unusually high response times to begin with.
           It also points out the danger of DoS attacks against pages that perform heavy-duty processing.
      - Uniformity -- Reports inputs that are uniformly vulnerable across a number of pages hinting to the lack of a central point of input sanitization.
- New behavior on Ctrl+C
   - The system continues to run in the background instead of pausing
   - The user is presented with an auto-refreshing report and progress stats
- Updated module API
   - Timing/delay attacks have been abstracted and simplified via helper methods
   - The modules are given access to vector skipping decisions
   - Simplified issue logging
   - Added the option of substring matching instead of regexp matching in order to improve performance.
   - Substituted regular expression matching with substring matching wherever possible.
- Reports:
   - Added plug-in formatter components allowing plug-ins to have a say in how their results are presented (New)
   - New HTML report (Cheers to Christos Chiotis for designing the new HTML report template.) (New)
   - Updated reports to include Plug-in results:
      - XML report
      - Stdout report
      - Text report

I sincerely hope that you enjoy and find it useful, if you have any suggestions or problems don’t hesitate to open a ticket @ https://github.com/Zapotek/arachni/issues.

Cheers,
Tasos “Zapotek” Laskos (Lead Developer)

To download this tool, please click this link:
https://github.com/Zapotek/arachni/zipball/v0.2.2.1
To watch a video about this tool:
http://vimeo.com/19928281

Tuesday, February 22, 2011

Emergency Message to all Inj3ct0r Users

Dear Inj3ct0r users =]

Inj3ct0r blocked the domain again. =\
Nothing! Inj3ct0r Team will live forever. Our new domain : http://www.1337day.com/
Official sources with Inj3ct0r.com is:
http://twitter.com/inj3ct0r
http://www.facebook.com/inj3ct0rs

mr.inj3ct0r@gmail.com
if the domain is unavailable, Inj3ct0r project is available at http://77.120.120.218/
------------------------------------------------

Unavailable :
inj3ct0r.com , inj3ct0r.org , inj3ct0r.net , 0xr00t.com , 0x0day.com, 1337db.com
------------------------------------------------

Help us financially. We will be very happy.
As more domains will be closed the more we'll register ;)
Please distribute this message on their blogs!
Underground h4x0r forever!

//r0073r
# 1337day.com [2011-02-21]

Monday, February 21, 2011

How to Get Rapidshare Premium Account

Today I will show how you can earn money online and that too without much difficulty. Just follow the steps given below:

1. Create a Paypal Premium Account( Don’t Worry its free) https://www.paypal.com/ . When asked for credit card details simply say cancel. You do not need to fill it.

2. Then Go to the following link:

3. On joining this website, you will get 27 USD just for writing 7 simple surveys which will take not more than 30 minutes.

4. Now the only problem is that the minimum payout limit for this website is 75 USD. But you can earn 1.25 USD on referring this website to your friend.

5. So you just take the referral link from this website and paste it on your facebook status. Don’t forget to mention about it benefits so that your friends register through that link.

6. Suppose you have 500 friends on facebook and out of them only 10% register through your link then also you earn 62.5 USD which gets added to 27 USD that you had earned from surveys. Thus the total 89.5 USD crosses the Payout limit.

7. Now you can get that money into your Paypal Account use it not only to buy your own Rapidshare premium account but also for buying other stuff online.

8. That’s it. So Simple and I swear it works.

Update: Some people have a compliant that Awsurveys doesn’t pay them what they have earned and that it is a SPAM. I would like to tell you that I have already used this website earlier and I had received the payment every time. I am not saying that these guys are lying about their experience with Awsurveys but there are few reasons why they may not have received the payment. The only problem with this website is that it doesn’t communicate with the user if he is violating any terms and conditions instead of that it just cancels their payments. When you request some payout from this website, they have a policy to verify if the accounts that were referred by the user are not fraudulent and they remove the amount gained from these fraudulent accounts from the total amount in your account. Sometimes the reduced amount is less than the amount redeemed by the user and their harsh policy is to cancel the whole payment without even reimbursing the remaining amount. Now you might be thinking how to avoid this? One advice i would give you is to keep atleast 20-25 USD in excess when you are redeeming the amount. In this way you are making sure that even if there were 15 accounts which the website found to be fraudulent still the total wont get below the amount requested by you. Another condition is  of the maximum amount that one can redeem in a year. A user can redeem at max 550 USD in one year if you request for payout more than that then hey will just cancel that payment without reimbursing the money in your account. I already faced the latter one which indicates that I have atleast earned upto 550 USD

Sunday, February 20, 2011

Pyrit Tool- GPU Cracker for Attacking WPA/WPA2 PSK Protocols

Pyrit allows to create massive databases, pre-computing part of the IEEE 802.11 WPA/WPA2-PSK authentication phase in a space-time-tradeoff. Exploiting the computational power of Many-Core- and other platforms through ATI-StreamNvidia CUDAOpenCL and VIA Padlock, it is currently by far the most powerful attack against one of the world's most used security-protocols.
WPA/WPA2-PSK is a subset of IEEE 802.11 WPA/WPA2 that skips the complex task of key distribution and client authentication by assigning every participating party the same pre shared key. This master key is derived from a password which the administrating user has to pre-configure e.g. on his laptop and the Access Point. When the laptop creates a connection to the Access Point, a new session key is derived from the master key to encrypt and authenticate following traffic. The "shortcut" of using a single master key instead ofper-user keys eases deployment of WPA/WPA2-protected networks for home- and small-office-use at the cost of making the protocol vulnerable to brute-force-attacks against it's key negotiation phase; it allows to ultimately reveal the password that protects the network. This vulnerability has to be considered exceptionally disastrous as the protocol allows much of the key derivation to be pre-computed, making simple brute-force-attacks even more alluring to the attacker. For more background see this article on the project's blog.
The author does not encourage or support using Pyrit for the infringement of peoples' communication-privacy. The exploration and realization of the technology discussed here motivate as a purpose of their own; this is documented by the open development, strictly sourcecode-based distribution and 'copyleft'-licensing.
Pyrit is free software - free as in freedom. Everyone can inspect, copy or modify it and share derived work under the GNU General Public License v3+. It compiles and executes on a wide variety of platforms including FreeBSD, MacOS X and Linux as operation-system and x86-, alpha-, arm-, hppa-, mips-, powerpc-, s390 and sparc-processors.
Attacking WPA/WPA2 by brute-force boils down to to computing Pairwise Master Keys as fast as possible. Every Pairwise Master Key is 'worth' exactly one megabyte of data getting pushed through PBKDF2-HMAC-SHA1. In turn, computing 10.000 PMKs per second is equivalent to hashing 9,8 gigabyte of data with SHA1 in one second. The following graph shows various performance numbers measured on platforms supported by Pyrit.

You can see Youtube how to use this tool:
http://www.youtube.com/watch?v=HY9Y99bOyhE

To download the latest Pyrit 0.40, please see this link:

For more information about this Pyrit  tool, please see the link below:

Thursday, February 10, 2011

Inguma - Penetration Testing Toolkit

Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits.
While the current exploitation capabilities in Inguma may be limited, this program provides numerous tools for information gathering and target auditing. Inguma is still being heavily developed so be sure to stay current and check back for news and updates.
You can see more details about Inguma and documentations here:
http://code.google.com/p/inguma/

Mantra - Free and Open Source Browser Based Security Framework

The Mantra is a powerful set of tools to make the attacker's task easier. The beta version of Mantra Security Toolkit contains following tools built onto it. You can also always suggest any tools/ scripts that you would like see in the next release.

  • Access Me
  • Add N Edit Cookies+
  • Chickenfoot
  • CookieSwap
  • DOM inspector
  • Domain Details
  • Firebug
  • Firebug Autocompleter
  • Firecookie
  • FireFTP
  • Firesheep
  • FormBug
  • FoxyProxy
  • Google Site Indexer
  • Greasemonkey
  • Groundspeed
  • HackBar
  • Host Spy
  • HttpFox
  • iMacros
  • JavaScript Deobfuscator
  • JSview
  • Key Manager
  • Library Detector
  • Live HTTP Headers
  • PassiveRecon
  • Poster
  • RefControl
  • Refspoof
  • RESTClient
  • RESTTest
  • Resurrect Pages
  • Selenium IDE
  • SQL Inject ME
  • Tamper Data
  • URL Flipper
  • User Agent Switcher
  • Vitzo WHOIS
  • Wappalyzer
  • Web Developer
  • XSS Me
You can download Mantra from this link:
http://www.getmantra.com/download/index.html