Showing posts sorted by relevance for query FTP. Sort by date Show all posts
Showing posts sorted by relevance for query FTP. Sort by date Show all posts

Another Fake Publicity stunt of The Hacker News (THN) get exposed, This time by PCA

Posted by Avik Sarkar On 6/18/2011 12:20:00 am



Another Fake Publicity stunt of The Hacker News (THN) get exposed, This time by Pakistan cyber Army (PCA). Today THN published that ftp of HP get hacked and their Data Base will be licked also they specific the space of that DB and that was around 9 GB. But the reality is that ftp of HP is not at all hacked. It is a rumor, created to get fake attention.  
Today the Official Authority of PCA inform the VOGH team about this stuff. They also want to expose these hole story in front of the world. 


According to PCA:- 
"...Dear All,


This is PCA yea yea you know us Pakistan Cyber Army with "mission Exposed". Copy Cats are around every where in the world. We have just read a story of "HexCode" hacking into HP ftp. He calim to have GB's of DATA from the HP server. "HexCode" script kiddie so called l33t forgot that the folder he is showing is a "public" folder "/pub" and it is mainly use to download update patches. Go on and just access "ftp://ftp.hp.com/pub/" from your ftp client or firefox LOL..... HP Hacked ROFL

Acer ftp was critical because it exposes user information about the "packerd Bell" Users. "HexCode" grow up kiddoz you cant be a hacker realize this reality ROFL. Fake stuff by a kid... and .... Ahhh forget it LOL.... "HexCode" another script kiddie expose by PCA ROFL........ ROFL.......  PCA will keep exposing kids like before.... Grow Up and drink RedBull ROFL..



Thehackernews is posting fake news LOL... "








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Serv-U FTP Server Added In RHEL Catalog As A Secure File Transfer Application

Posted by Avik Sarkar On 2/18/2012 12:16:00 am

Serv-U FTP Server Added In RHEL Catalog As A Secure File Transfer Application & Will Also Support  Ubuntu, OpenSUSE, Mint
Red Hat enhancing more security in RHEL. After RhinoSoft joined the Red Hat partner program as an independent software vendor soon Serv-U FTP Server was added to the official Red Hat Linux product catalog as a secure file transfer application. Not only Red Hat Enterprise Linux (RHEL), Serv-U will also supports Fedora, Ubuntu, OpenSUSE, Mint, CentOS and the Amazon Linux AMI for its EC2 cloud computing deployment.
"When we ported Serv-U to Linux last year it gave Linux administrators new capabilities like web-based administration, mobile transfers and integration with third-party portals," said RhinoSoft President Mark Peterson. "This year we reaffirmed our commitment to the Linux community by aligning with its largest platform provider."
"Our solutions make secure file transfer affordable to businesses, especially those facing budget challenges," said RhinoSoft VP of Product Management Jonathan Lampe. "Supporting Serv-U on a wide variety of platforms helps our customers save money through reduced training and overhead costs."
Brief About RhinoSoft:-
RhinoSoft is the global leader in affordable file transfer, with more than 90,000 business customers, including nine of the Fortune 10, in 90 different countries. Its award-winning and U.S. Department of Defense-certified Serv-U FTP Server and FTP Voyager client products support FTP, SFTP, FTPS and web-based HTTP/S transfers over FIPS 140-2 validated channels while continuing to incorporate emerging technologies such as mobile computing, IPv6, native 64-bit computing and UTF-8/Unicode internationalization.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FTP Server of Horde Breached, Hackers Installed Back-door in Horde Groupware & Webmail

Posted by Avik Sarkar On 2/16/2012 05:02:00 pm

FTP Server of Horde Breached, Hackers Installed Back-door in Horde Groupware & Webmail
Horde faced cyber attack. Developpers at Horde open source community confirmed that one of their FTP server has been breached. Attacker also infected various files stored on that ftp server. In their official statement Horde said :- "A few days ago we became aware of a manipulated file on our FTP server. Upon further investigation we discovered that the server has been hacked earlier, and three releases have been manipulated to allow unauthenticated remote PHP execution," they explained. "We have immediately taken down all distribution servers to further analyze the extent of this incident, and we have worked closely with various Linux distributions to coordinate our response."
The three files that were modified to include a backdoor are Horde 3.3.12, Horde Groupware 1.2.10 and Horde Groupware Webmail Edition 1.2.10., and users who have downloaded any of those since the start of November 2011 until February 7 (when the breach was discovered) are advised to download new, clean versions and reinstall their machines, or to upgrade to the more recent versions. For those who would like to be sure whether they were affected, the developers advise searching their Horde directory tree for the following signature: $m[1]($m[2]). Horde 4 users can breathe safely, as that file has not been manipulated. The developers also made sure to point out that they have replaced all the FTP and PEAR servers, and uploaded clean files.


-Source (Horde & Net-Security)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

BBC Server Compromised! Russian Hackers Broke Into FTP & Tried to Sell Unauthorized Access

Posted by Avik Sarkar On 1/02/2014 11:09:00 pm

BBC Server Compromised! Russian Hackers Hacked Into FTP & Tried to Sell Unauthorized Access on The X-Mass Evening 
Earlier we have seen world renowned media houses like CNN, NBC, Fox News, Washington Post, NY Times, NDTV and so on have fallen victim to hackers and cyber criminals. Now it was the turn for world’s largest and oldest broadcaster -British Broadcasting Corporation, widely known to us as BBC. Sources revealed that cyber criminals have managed to breach the security system of BBC and secretly took over a computer server at the BBC and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. The attack was first identified by a cyber security firm named Hold Security LLC, in Milwaukee that monitors underground cyber crime forums in search of stolen information. However, it is still not clear whether the hacker stole any information or data or caused any damage to the site. In conversation with press Alex Holden, founder and Chief Information Security Officer of Hold Security told -"So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC.” So far the identity of hacker has not been confirmed, but the firm researchers observed a notorious Russian hacker known by the monikers "HASH" and "Rev0lver," attempting to sell access to the BBC server on December 25. However, BBC's security team managed to secure the site on Saturday, claims a person close to clean up efforts. One of the BBC spokesman refused to comment on the issue, he said, “We do not comment on security issues.” On the other hand, Justin Clarke, a principal consultant for the cyber security firm Cylance, said that while "accessing that server establishes a foothold within BBC's network which may allow an attacker to pivot and gain further access to internal BBC resources.” So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC. But we all know that  ftp systems are typically used to manage the transfer of large data files over the Internet. That's why the chances of data breach cant not be denied at this time. For updates on this piece of news and other hot information of the cyber & tech world stay tuned with VOGH


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pytbull: An IDS/IPS Testing Framework

Posted by Avik Sarkar On 5/01/2011 12:14:00 am




Pytbull is an Intrusion Detection/Prevention System (IDS/IPS)testing framework for Snort and Suricata. We all know the greatness of these two projects. Even though it concentrates on Snort and Suricata, it can possibly be used to test the detection and blocking capabilities of other IDS/IPS also. You can also use it to compare IDS/IPS, or compare their configuration modifications or to simply check/validate configurations. The framework is well equipped with about 300 tests grouped in 8 testing modules, such as:
  • clientSideAttacks: This module uses a reverse shell to provide the server with instructions todownload remote malicious files. It tests the ability of the IDS/IPS to protect against client-side attacks.
  • testRules: It is a basic rules testing module. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.
  • badTraffic: This module transmits non RFC compliant packets to the server to test how packets are processed and responded to.
  • fragmentedPackets: This module transmits various fragmented payloads to a server to test its ability to recompose them and detect the attacks.
  • multipleFailedLogins: This module tests the ability of the server to track multiple failed logins (e.g. FTP). It makes use of custom rules on Snort and Suricata.
  • evasionTechniques: This module employs various evasion techniques to check if the IDS/IPS can detect them.
  • shellCodes: This module transmits various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.
  • denialOfService: This module transmits tests the ability of the IDS/IPS to protect against simple DoS attempts.
Pytbull is easily configurable and could integrate new modules in the future. After downloading you need to edit the config.cfg file that accompanies the tool. It basically contains path information about a few settings and other tools such as NiktoHPING and Snort and Suricata alerts files. You can even prevent a few tests from running. How do you do that? Simply set 0 or 1 in the config.cfg file. As always, 0 means that the test will be ignored and 1 means that it will be added to the tests queue. Pytbull can run basically 5 types of tests:
  • Socket: open a socket on a given port and send the payloads to the remote target on that port.
  • Command: send command to the remote target with the subprocess.call() python function.
  • Scapy: send special crafted payloads based on the Scapy syntax
  • Multiple failed logins: open a socket on port 21/TCP (FTP) and attempt to login 5 times with bad credentials.
  • Client side attacks: use a reverse shell on the remote target and send commands to it to make them processed by the server (typically wget commands).
Before running the tests, pytbull will cleverly perform a basic checks too. That’s not all, it also supports reporting! You can also have it report to a custom .html file. Its pre-requisites are:
Download Pytbull v0.3 (pytbull-0.3.tar.bz2here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

ProFTPD Zero Day Vulnerability Fixed

Posted by Avik Sarkar On 11/11/2011 05:57:00 pm



The Zero Day Initiative in ProFTPD closed. The Project developers have released versions 1.3.3g and 1.3.4 of their open source FTP server. Previously ProFTPD 1.3.4 addresses a critical use-after-free memory corruption error in the response API code. In the official release note The ProFTPD Project developers has confirmed that Telnet IAC stack overflow vulnerability has been fixed.

Brief About The Vulnerability:- 
This vulnerability is located within the ProFTPd daemon and occurs due to the way the server manages pools that are used for responses send by the server to the client. When attempting to handle an exceptional condition the server will fail to restore a pointer that is used to contain an ftp response, and as such can be used to trigger a controlled memory corruption. 
The core of this vulnerability is described in the following function which is located in src/main.c. The r_cmd_dispatch_phase function is responsible for dispatching calls to any of the commands that are registered in the proftpd modules/ list. Upon entry of this function, the server essentially pushes the state of the resp_pool for it to be restored upon return. However, if an error occurs while executing a precmd the server will fail to restore the state. These are done with the pr_response_get_pool() and pr_response_set_pool(...)
functions.

Now the new Versions of ProFTPD, I mean 1.3.3g and 1.3.4 of ProFTPD are available. 

To download them click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

new version of pytbull is now available

Posted by Avik Sarkar On 5/22/2011 06:27:00 pm



Pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. There's a new version available: v1.3


Changelog for v1.3:
Bug fix 3305244
Error while using reverse shellMinor changes (check new version) due to migration of pytbull on Sourceforge

The framework is shipped with about 300 tests grouped in 9 testing modules:


  1. clientSideAttacks: this module uses a reverse shell to provide the server with instructions to download remote malicious files. This module tests the ability of the IDS/IPS to protect against client-side attacks.
  2. testRules: basic rules testing. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.
  3. badTraffic: Non RFC compliant packets are sent to the server to test how packets are processed.
  4. fragmentedPackets: various fragmented payloads are sent to server to test its ability to recompose them and detect the attacks.
  5. multipleFailedLogins: tests the ability of the server to track multiple failed logins (e.g. FTP). Makes use of custom rules on Snort and Suricata.
  6. evasionTechniques: various evasion techniques are used to check if the IDS/IPS can detect them.
  7. shellCodes: send various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.
  8. denialOfService: tests the ability of the IDS/IPS to protect against DoS attempts
  9. pcapReplay: enables to replay pcap files
It is easily configurable and could integrate new modules in the future.
There are basically 6 types of tests:
  1. socket: open a socket on a given port and send the payloads to the remote target on that port.
  2. command: send command to the remote target with the subprocess.call() python function.
  3. scapy: send special crafted payloads based on the Scapy syntax
  4. multiple failed logins: open a socket on port 21/tcp (FTP) and attempt to login 5 times with bad credentials.
  5. client side attacks: use a reverse shell on the remote target and send commands to it to make them processed by the server (typically wget commands).
  6. pcap replay: enables to replay traffic based on pcap files
There's a new version available: v1.3. You can download it from here: https://downloads.sourceforge.net/project/pytbull/pytbull-1.3.tar.bz2


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FreeBSD 8.3 Released With Gnome 2.32.1, KDE 4.7.4 & Many More

Posted by Avik Sarkar On 4/20/2012 06:43:00 pm

FreeBSD 8.3 Released With Gnome 2.32.1, KDE 4.7.4 & Many More 
Earlier in this year we got FreeBSD 9 and now FreeBSD Release Engineering Team announced the availability of FreeBSD 8.3. This is the fourth release from the 8-STABLE branch which improves on the functionality of FreeBSD 8.2 and introduces some new features. Some of the highlights:
  • usb(4) now supports the USB packet filter
  • TCP/IP stack now supports the mod_cc(9) pluggable congestion control framework
  • graid(8) GEOM class added to support various BIOS-based software RAID controllers (replacement for ataraid(4))
  • ZFS subsystem updated to SPA version 28
  • Gnome version 2.32.1, KDE version 4.7.4

FreeBSD 8.3 can be installed from bootable ISO images or over the network. Some architectures (currently amd64 and i386) also support installing from a USB memory stick. The required files can be downloaded via FTP or BitTorrent as described in the sections below. While some of the smaller FTP mirrors may not carry all architectures, they will all generally contain the more common ones such as amd64 and i386. For a complete list of new features and known problems click here.

To Download FreeBSD 8.3 Click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Gawker Media's Web-server, DB, Online Accounts Hacked By Gnosis (#operationpayback)

Posted by Avik Sarkar On 8/02/2011 07:23:00 pm


A hacker group (Gnosis) has claimed to have successfully carried out an attack on Gawker Media, the parent company of sites like Gizmodo, Lifehacker, Kotaku, and Gawker. The group has posted an extensive list of usernames and passwords of Gawker Media accounts, including the company's founder Nick Denton. According to the information on PasteBin, Denton uses the same password for many of his accounts across the Internet. In addition, FTP information was taken in the attack.
At this point in time, it's unclear which hacker group is responsible for the attack. The PasteBin was filed by someone going by the name "Gnosis," as seen in the ASCII art at the top of the document. In addition, the name carries the tagline "Where is your god now!?!?" With that being said, the person who filed the PasteBin document does make some references to renowned hacker group "Anonymous." However, it's unclear if he/she is associated with Anonymous or is just using that name. 
This is the second time Gawker Media has been hacked in the last year. The first time was in early December 2010, where thousands of accounts were compromised.  

To see the exposed credentials including FTP information, DB, user a/c and so on click here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hackers Hit DreamHost, Password Changes Made Mandatory After The Breach

Posted by Avik Sarkar On 1/23/2012 12:03:00 am

Hackers Hit DreamHost, Password Changes Made Mandatory By The Company After The Breach

Yet another victim targeted by hackers. This time the target was Los Angeles-based hosting provider DreamHost, a provider of shared and dedicated hosting. The company isn’t divulging much information as to the nature of the hack, beyond that they “don’t have evidence that customer passwords were taken at this time”. Still, they’re requiring password resets for all Shell/FTP accounts (read: not the account that DreamHost customers use to login to the billing/backend system, but the user accounts they use to access and maintain their actual websites.) for what seems to be all DreamHost customers. If you find yourself having trouble logging into your DreamHost FTP accounts today, it’s because your password has already been disabled.
Unfortunately, DreamHost is not alone among an epidemic of intrusions by hackers in recent days; shoe retailer Zappos had an intrusion issue about a week ago where user information was exposed. Also if you dig the decent history you will find big data breaches, security breaches and many more.

According to DreamHost’s Status Blog:-
"Last night we detected some unauthorized activity within one of our databases. While we don’t have evidence that customer passwords were taken at this time, we’re forcing a change out of caution. Please login to our web panel and change any passwords you may have with us. We’ll keep this post updated as we get more information."
According to their last official update DreamHost said that the security issue has been resolved. Brian H official authority of DreamHost said "We’re going to set this post to resolved. We have been sending out update emails to every account owner we have, letting them know what happened, and how to proceed from here on out. As a precaution, we advise every user to change all email passwords as well. We are not forcing this change, however, so make sure you take care of that ASAP."




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Posted by Avik Sarkar On 2/24/2012 10:32:00 pm

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage
Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 
Brief About Metasploit:- 
The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.
Module Changes:-
  •     Novell eDirectory eMBox Unauthenticated File Access
  •     JBoss Seam 2 Remote Command Execution
  •     NAT-PMP Port Mapper
  •     TFTP File Transfer Utility
  •     VMWare Power Off Virtual Machine
  •     VMWare Power On Virtual Machine
  •     VMWare Tag Virtual Machine
  •     VMWare Terminate ESX Login Sessions
  •     John the Ripper AIX Password Cracker
  •     7-Technologies IGSS 9 IGSSdataServer.exe DoS
  •     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion
  •     DNS and DNSSEC fuzzer
  •     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
  •     CorpWatch Company ID Information Search
  •     CorpWatch Company Name Information Search
  •     General Electric D20 Password Recovery
  •     NAT-PMP External Address Scanner
  •     Shodan Search
  •     H.323 Version Scanner
  •     Drupal Views Module Users Enumeration
  •     Ektron CMS400.NET Default Password Scanner
  •     Generic HTTP Directory Traversal Utility
  •     Microsoft IIS HTTP Internal IP Disclosure
  •     Outlook Web App (OWA) Brute Force Utility
  •     Squiz Matrix User Enumeration Scanner
  •     Sybase Easerver 6.3 Directory Traversal
  •     Yaws Web Server Directory Traversal
  •     OKI Printer Default Login Credential Scanner
  •     MSSQL Schema Dump
  •     MYSQL Schema Dump
  •     NAT-PMP External Port Scanner
  •     pcAnywhere TCP Service Discovery
  •     pcAnywhere UDP Service Discovery
  •     Postgres Schema Dump
  •     SSH Public Key Acceptance Scanner
  •     Telnet Service Encyption Key ID Overflow Detection
  •     IpSwitch WhatsUp Gold TFTP Directory Traversal
  •     VMWare ESX/ESXi Fingerprint Scanner
  •     VMWare Authentication Daemon Login Scanner
  •     VMWare Authentication Daemon Version Scanner
  •     VMWare Enumerate Permissions
  •     VMWare Enumerate Active Sessions
  •     VMWare Enumerate User Accounts
  •     VMWare Enumerate Virtual Machines
  •     VMWare Enumerate Host Details
  •     VMWare Web Login Scanner
  •     VMWare Screenshot Stealer
  •     Capture: HTTP JavaScript Keylogger
  •     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
  •     Asterisk Manager Login Utility
  •     FreeBSD Telnet Service Encryption Key ID Buffer Overflow
  •     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow
  •     Java Applet Rhino Script Engine Remote Code Execution
  •     Family Connections less.php Remote Command Execution
  •     Gitorious Arbitrary Command Execution
  •     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
  •     OP5 license.php Remote Command Execution
  •     OP5 welcome Remote Command Execution
  •     Plone and Zope XMLTools Remote Command Execution
  •     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit
  •     Support Incident Tracker <= 3.65 Remote Command Execution
  •     Splunk Search Remote Code Execution
  •     Traq admincp/common.php Remote Code Execution
  •     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection
  •     Mozilla Firefox 3.6.16 mChannel Use-After-Free
  •     CTEK SkyRouter 4200 and 4300 Command Execution
  •     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
  •     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute
  •     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
  •     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
  •     Java MixerSequencer Object GM_Song Structure Handling Vulnerability
  •     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution
  •     MS12-004 midiOutPlayNextPolyEvent Heap Overflow
  •     Viscom Software Movie Player Pro SDK ActiveX 6.8
  •     Adobe Reader U3D Memory Corruption Vulnerability
  •     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow
  •     BS.Player 2.57 Buffer Overflow
  •     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow
  •     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow
  •     McAfee SaaS MyCioScan ShowReport Remote Command Execution
  •     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow
  •     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
  •     Ability Server 2.34 STOR Command Stack Buffer Overflow
  •     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow
  •     Serv-U FTP Server < 4.2 Buffer Overflow
  •     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
  •     XAMPP WebDAV PHP Upload
  •     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow
  •     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow
  •     HP Diagnostics Server magentservice.exe Overflow
  •     StreamDown 6.8.0 Buffer Overflow
  •     Wireshark console.lua Pre-Loading Script Execution
  •     Oracle Job Scheduler Named Pipe Command Execution
  •     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow
  •     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57
  •     OpenTFTP SP 1.4 Error Packet Overflow
  •     AIX Gather Dump Password Hashes
  •     Linux Gather Saved mount.cifs/mount.smbfs Credentials
  •     Multi Gather VirtualBox VM Enumeration
  •     UNIX Gather .fetchmailrc Credentials
  •     Multi Gather VMWare VM Identification
  •     UNIX Gather .netrc Credentials
  •     Multi Gather Mozilla Thunderbird Signon Credential Collection
  •     Multiple Linux / Unix Post Sudo Upgrade Shell
  •     Windows Escalate SMB Icon LNK dropper
  •     Windows Escalate Get System via Administrator
  •     Windows Gather RazorSQL Credentials
  •     Windows Gather File and Registry Artifacts Enumeration
  •     Windows Gather Enumerate Computers
  •     Post Windows Gather Forensics Duqu Registry Check
  •     Windows Gather Privileges Enumeration
  •     Windows Manage Download and/or Execute
  •     Windows Manage Create Shadow Copy
  •     Windows Manage List Shadow Copies
  •     Windows Manage Mount Shadow Copy
  •     Windows Manage Set Shadow Copy Storage Space
  •     Windows Manage Get Shadow Copy Storage Info
  •     Windows Recon Computer Browser Discovery
  •     Windows Recon Resolve Hostname
  •     Windows Gather Wireless BSS Info
  •     Windows Gather Wireless Current Connection Info
  •     Windows Disconnect Wireless Connection
  •     Windows Gather Wireless Profile
For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LG Electronics Pakistan & 3 More Pak Sites Hacked By Optik fiber (ICF)

Posted by Avik Sarkar On 11/14/2011 05:48:00 pm


Optik fiber, an Indian hacker from Indian Cyber force has hacked & defaced a few Pakistani high profile websites including LG Electronics Pakistan, HiKarachi, Pakistani Business Center Dubai & My.com.pk. The hacker said that he has hacked into the ftp and thus the websites get compromised. 

Here are some screen shots submitted by the Hacker:-

 

 

 

Hacked Sites:-
http://www.lge.com.pk
http://www.my.com.pk
http://www.pbcdubai.com
http://www.hikarachi.com


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Patator -A Multi-Purpose Brute-Forcer

Posted by Avik Sarkar On 1/17/2012 06:42:00 pm


Earlier we have several times talked about Brute forcer tool like THC-Hydra, Cain & Abel, Rainbow Crack and many more. Today we will discuss about Patator is a multi-purpose brute-forcer, written in pyton language, with a modular design and a flexible usage. Can be modified and rewritten as per our environment requirement. Patator is licensed GPLv2.

Modules Supported:-
ftp_login : Brute-force FTP
ssh_login : Brute-force SSH
telnet_login : Brute-force Telnet
smtp_login : Brute-force SMTP
smtp_vrfy : Enumerate valid users using the SMTP VRFY command
smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
http_fuzz : Brute-force HTTP/HTTPS
pop_passd : Brute-force poppassd (not POP3)
ldap_login : Brute-force LDAP
smb_login : Brute-force SMB
mssql_login : Brute-force MSSQL
oracle_login : Brute-force Oracle
mysql_login : Brute-force MySQL
pgsql_login : Brute-force PostgreSQL
vnc_login : Brute-force VNC
dns_forward : Forward lookup subdomains
dns_reverse : Reverse lookup subnets
snmp_login : Brute-force SNMPv1/2 and SNMPv3
unzip_pass : Brute-force the password of encrypted ZIP files
keystore_pass: Brute-force the password of Java keystore files

Features of Patator:-
  • No false negatives, as it is the user that decides what results to ignore based on:
  • status code of response
  • size of response
  • matching string or regex in response data
  • Modular design
  • not limited to network modules (eg. the unzip_pass module)
  • not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing)
  • Interactive runtime
  • show verbose progress
  • pause/unpause execution
  • increase/decrease verbosity
  • add new actions & conditions during runtime in order to exclude more types of response from showing
  • Use persistent connections (ie. will test several passwords until the server disconnects)
  • Multi-threaded
  • Flexible user input
  • Any part of a payload is fuzzable:
  • use FILE[0-9] keywords to iterate on a file
  • use COMBO[0-9] keywords to iterate on the combo entries of a file
  • use NET[0-9] keywords to iterate on every host of a network subnet

To Download Patator Click Here 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DarkComet-RAT v3.3 Released

Posted by Avik Sarkar On 4/27/2011 12:23:00 am


DarkComet-RAT (Remote Administration Tool) is software design to control in the best condition and confort possible any kind of Microsoft Windows machine since Windows 2000.This softwareallow you to make hundreds of functions stealthly and remotely without any kind of autorisation in the remote process.This software is a long time project , started the August 2008 , DarkComet-RAT is now one of the best and one of the most stable RAT ever made and totally free.
Features added and bugs fixed.
  • Button sidebar back with a nicer gui , for my chinese friends that prefer buttons 
  • [Active Ports] Now process name always display correctly
  • Active Ports added to client in Socket list to help you to figure some problemes or be sure all working fine
  • Melt function totally recoded using another way via FWB++ work 100% of the time on 32 and 64bit systems.
  • Uninstall function is more stable if not using persistance
  • Persistance totally recoded using FWB++ working on 32 and 64bit.
  • Process Manager refresh 2x faster
  • Remote shell is now better
  • File transfer is now more stable
  • Webcam more stable
  • Webcam can be stetch now
  • Delete folder work fine now ( recursive too )
  • File creation added in remote list of file manager
  • File modification added in remote list of file manager
  • File attrib added in remote list of file manager (click on file attrib colum for more info)
  • I reinstall Delphi 2010 in english this time, so all label might be in english now 
  • Now client keep is size when restored from tray
  • Now when you stop capture of desktop, last captured window picture stay
  • New toast design
  • FixComet available on http://darkcomet-rat.com/
  • Mini Download (FASM) is now working 100% fine (no more “not Win32 valid…”)
  • Startup been optimized
  • Startup use fwb++ to install
  • Startup persistance use now fwb++ too
  • upload logs to FTP now working fine
  • Now you can choose wich monitor to capture if the user got multi monitors (thanks mjord5 for the idea)
  • synthax highlighters was updated
  • A big prob fix (now you can for example capture two desktop at the same time without any prob)
Download DarkComet-RAT v3.3 here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous Exposed The Private Information of The Special Agent, Officers, Cyber Crime Investigators Of Department Of Justice

Posted by Avik Sarkar On 11/26/2011 04:08:00 pm


The hacktivists claim to have hacked into Baclagan's Gmail account and to have accessed his voicemails and SMS message logs using unspecified techniques as part of their ongoing campaign against law enforcement officials and their "allies" in the computer security industry.
The email dump, released as a torrent last Friday in part of what has become the group's regular FuckFBIFriday release, is also said to contain personal information including Baclagan's home address and phone number. The cache of emails – which according to AntiSec are from the account of Fred Baclagan, a retired special agent supervisor of the Californian Department of Justice – includes 38,000 emails detailing various computer forensic techniques and cybercrime investigation protocols. 
Baclagan told that he was nobody special in the Justice Department ... which is what he would say, of course. He said that he had specialised in identity theft before he retired last year. "I'm really just a nobody," he told the Post, "just a local investigator, not involved in anything dynamic or dramatic

In the Press Release Anon Said:-

################################################################################
#        ANTISEC LEAKS DOJ SPECIAL AGENT SUPERVISOR'S PRIVATE EMAILS,         #
#               IACIS CYBERCRIME INVESTIGATOR COMMUNICATIONS                              #
#         care of the #OCCUPYWALLST CRACKDOWN RETALIATION TASK FORCE         #       
################################################################################

Greetings Pirates, and welcome to another exciting #FuckFBIFriday release.

As part of our ongoing effort to expose and humiliate our white hat enemies, we
targeted a Special Agent Supervisor of the CA Department of Justice in charge of
computer crime investigations. We are leaking over 38,000 private emails which
contain detailed computer forensics techniques, investigation protocols as well
as highly embarrassing personal information. We are confident these gifts will 
bring smiles to the faces of our black hat brothers and sisters (especially 
those who have been targeted by these scurvy dogs) while also making a mockery 
of "security professionals" who whore their "skills" to law enforcement to 
protect tyrannical corporativism and the status quo we aim to destroy.

We hijacked two gmail accounts belonging to Fred Baclagan, who has been a cop
for 20 years, dumping his private email correspondence as well as several dozen 
voicemails and SMS text message logs. While just yesterday Fred was having a 
private BBQ with his CATCHTEAM high computer crime task force friends, we were 
reviewing their detailed internal operation plans and procedure documents. We 
also couldn't overlook the boatloads of embarrassing personal information about 
our cop friend Fred. We lulzed as we listened to angry voicemails from his 
estranged wives and ex-girlfriends while also reading his conversations with 
girls who responded to his "man seeking woman" craigslist ads. We turned on his 
google web history and watched him look up linux command line basics, golfing 
tutorials, and terrible youtube music videos. We also abused his google 
voice account, making sure Fred's friends and family knew how hard he was owned.

Possibly the most interesting content in his emails are the IACIS.com internal
email list archives (2005-2011) which detail the methods and tactics cybercrime 
units use to gather electronic evidence, conduct investigations and make 
arrests. The information in these emails will prove essential to those who want 
to protect themselves from the techniques and procedures cyber crime 
investigators use to build cases. If you have ever been busted for computer 
crimes, you should check to see if your case is being discussed here. There are 
discussions about using EnCase forensic software, attempts to crack TrueCrypt 
encrypted drives, sniffing wireless traffic in mobile surveillance vehicles, how 
to best prepare search warrants and subpoenas, and a whole lot of clueless 
people asking questions on how to use basic software like FTP. In the end, we
rickrolled the entire IACIS list, causing the administrators to panic and shut
their list and websites down.

These cybercrime investigators are supposed to be the cream of the crop, but we
reveal the totality of their ignorance of all matters related to computer
security. For months, we have owned several dozen white hat and law enforcement
targets-- getting in and out of whichever high profile government and corporate
system we please and despite all the active FBI investigations and several
billion dollars of funding, they have not been able to stop us or get anywhere
near us. Even worse, they bust a few dozen people who are allegedly part of an
"anonymous computer hacking conspiracy" but who have only used 
kindergarten-level DDOS tools-- this isn't even hacking, but a form of
electronic civil disobedience. 

We often hear these "professionals" preach about "full-disclosure," but we are
sure these people are angrily sending out DMCA takedown notices and serving
subpoenas as we speak. They call us criminals, script kiddies, and terrorists, 
but their entire livelihood depends on us, trying desperately to study our 
techniques and failing miserably at preventing future attacks. See we're cut 
from an entirely different kind of cloth. Corporate security professionals like
Thomas Ryan and Aaron Barr think they're doing something noble by "leaking" the
public email discussion lists of Occupy Wall Street and profiling the "leaders"
of Anonymous. Wannabe player haters drop shitty dox and leak partial chat logs
about other hackers, doing free work for law enforcement. Then you got people 
like Peiter "Mudge" Zatko who back in the day used to be old school l0pht/cDc 
only now to sell out to DARPA going around to hacker conventions encouraging 
others to work for the feds. Let this be a warning to aspiring white hat 
"hacker" sellouts and police collaborators: stay out the game or get owned and 
exposed. You want to keep mass arresting and brutalizing the 99%? We'll have to 
keep owning your boxes and torrenting your mail spools, plastering your personal 
information all over teh internets.

Hackers, join us and rise up against our common oppressors - the white hats, the 
1%'s 'private' police, the corrupt banks and corporations and make 2011 the year 
of leaks and revolutions! 

We are Anti-Security,
We are the 99%
We do not forgive.
We do not forget.
Expect Us!

For More information Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search