The Hack o blog
Reinventing the weel
Monthly Archives: February 2011
Bash scripts, for making the Wireless Hacking process easier.
I know of two Bash scripts for making the Wireless Hacking process easier. but there are probably allot more, both scripts have their pros and cons.
WiPhire by middlewifi
WiPhire makes cracking wireless networks so easy, even a caveman could do it.
And
wifite by WakingLife
Designed for Backtrack4 RC1 distribution of Ubuntu. Linux only; no windows or osx support.
An Anonymous hacker decompiles Stuxnet, posts on Github.
Image via Wikipedia
An Anonymous hacker de-compiles StuxNet, and posts source code on Github.
Stuxnet is a Windows computer worm discovered in July 2010 that targets industrial software and equipment While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.
How to get root on rootkit.com, a step-by-step of how Anonymous gained root access.
Image via Wikipedia
This brief text file shows how simple it was for anonymous to get access to Greg Hoglands website rootkit.com:
VOIP Hacking / Phreaking program [ VoIP Hopper ]
Image via Wikipedia
oIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments. VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security.
In Cisco IP Phone networks, it first dissects either IEEE 802.3 or Ethernet II for Cisco Discovery Protocol (CDP) packets. If CDP is enabled on the switch port and the Voice VLAN feature is enabled, it will determine the Voice VLAN ID (VVID). This will allow the tool to create a new Ethernet interface on the PC that tags the 802.1q VLAN header in the Ethernet packet. After VoIP Hopper has created the new Ethernet device, it will send a DHCP client request. It can also generate CDP messages just as an IP Phone based on CDP would do. It will send two CDP packets, requesting the Voice VLAN ID. After creating the new interface, it will then iterate between sleeping for 60 seconds, and sending a CDP packet.
In Avaya IP Phone environments, it sends an Option 55 parameter request list, requesting Option 176. When the DHCP server sends Option 176, it decodes the L2QVLAN reply field for the Voice VLAN ID. It then creates a new voice interface and sends a DHCP request.
In Nortel IP Phone networks, VoIP Hopper sends an Option 55 parameter request list, requesting Option 191. When the DHCP Server sends Option 191 data, it decodes the VLAN-A: string for the Voice VLAN ID. It then creates a new voice interface and sends a DHCP request.
http://voiphopper.sourceforge.net/
Researchers steal iPhone passwords in six minutes
Image via CrunchBase
The paper highlights risks that accompany losing a locked iOS device regarding confidentiality of passwords stored in the key chain. It presents results of Handson tests that show the possibility for attackers to reveal some of the key chain entries. For the described approach, the knowledge of the user’s secret pass code is not needed, as the protection provided by the pass code is bypassed.
Researchers at the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) can jailbreak and decrypt passwords from the iPhone‘s for your Mail account, corporate VPN, WiFi, among others.
EasyHook – The reinvention of Windows API Hooking
Project Description
EasyHook starts where Microsoft Detours ends.
This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software.
Dump utility to dump process/binary SAFESEH handlers
Image via Wikipedia
This utility will dump the SAFESEH exception handlers in a process or binary. It is intended for the vulnerability researcher trying to exploit a vulnerability that requires bypassing SAFESEH.
How hackers hack their way out of a speeding ticket.
How hackers hack there way out of a speeding ticket.
If you ever wondered how hackers hack their way out of a speeding ticket, well wonder no longer. So next time you need to get out of a speeding ticket….
cuckoobox automated open source malware analysis.
Cuckoo is a very simple automated malware analysis sandbox.
It started as a project developed during Google Summer of Code 2010 within The Honeynet Project organization. During that period, under the guidance of my mentor Felix Leder, the basis were thrown to what Cuckoo has grown to be now.
The ideas behind the development of Cuckoo are:
• provide a completely Open Source product to be released under GPL, both in order to allow everyone to customize it as much as possible, as well as in order to make it grow to what could become a community-effort designed tool.
• provide an instrument able to analyze any kind of malicious file and get the best behavioral analysis out of it.
• provide a sandbox which can be configured to run both on virtual machines as well as on metal.
• make it able to be distributed.
Cuckoo still has a long road ahead before achieving all the goals that were initially set, but it is on the right path ;-).
- Retrieve files from remote URLs and analyze them.
- Trace relevant API calls for behavioral analysis.
- Recursively monitor newly spawned processes.
- Dump generated network traffic.
- Run concurrent analysis on multiple machines.
- Support custom analysis package based on AutoIt3 scripting.
- Intercept downloaded and deleted files.
- Take screenshots during runtime.
Hotmail exploit that allows changing of a large percentage of peoples passwords.
Image via Wikipedia
It is now fixed, but here is the Hotmail exploit.
The link: https://maccount.live.com/ac/resetpwdmain.aspx
How it worked:
- Type in the Hotmail email you want to change the password for.
- Fill out the captcha.
- View page source on the next page and see what the users secondary email is (if it exists).
- Check to see if the email is registered (alot of people don’t even bother registering them). If it is, do the same thing you just did and keep going back until you have control over the first account you can.
- Reset passwords to those emails address in a daisy-chain fashion until you have control.
The old email used to be a hidden input element on the password reset form, but they just fixed it.
(source)
The Hack o blog 