UK Cops Gave Warning To hacktivist Via Twitter

Posted by Avik Sarkar On 8/04/2011 07:21:00 pm


After arresting several suspected members of high-profile hackers’ groups, the UK police issued their latest warning to other hackers – via a tweet.
In a message on its Twitter account, the UK Metropolitan Police reminded people against computer misuse, adding the probe into the criminal activity of hacktivist groups continues.
 
"The investigation into the criminal activity of so-called ‘hacktivist’ groups #Anonymous and #LulzSec continue(s)," it said.

 
A link on the tweet led to a longer statement, where the Metropolitan Police reiterated anyone considering accessing a computer without authority risk imprisonment.
Hacker groups had taken to using Twitter to inform the public of their latest acts.
Under UK law, “it is an offence if a person acts from within the UK upon a computer anywhere else in the world. It is also an offence if someone anywhere else in the world to criminally affect a computer within the UK," the police tweet said.
The tweet also said UK law penalizes unauthorized access to personal accounts, Distributed Denial of Service (DDOS) Attacks and intrusive hacks where data is taken or systems changed.
"Other jurisdictions have similar law," it said in the extended tweet.
In past weeks, UK police had arrested “Topiary," the suspected spokesman of hacker group Lulz Security, which had joined forces with Anonymous to hack government and corporate sites.
But “Topiary" a.k.a. Jake Davis, 18, was released on bail after he was charged with five offenses relating to computer attacks and break-ins by LulzSec and Anonymous.
Anonymous had issued a press release to free “Topiary" and hinted at getting back at those who led to his arrest.
It called on its Anons in the UK "to revolt and wash this shame brought upon them by a band of traitors and bandits who sold out to Anonymous’ enemies and disparaged the sentiment of this noble, lulzy people."

The group also called on Anons "to revolt altogether to cleanse the world of the ProSec filth who spread mischief in the land."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

6 Website Including Indian Newspaper Defaced By ZHC Toshiro & ZHC Unknown

Posted by Avik Sarkar On 8/04/2011 07:05:00 pm

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Famous Framework Metasploit v4.0.0

Posted by Avik Sarkar On 8/04/2011 06:55:00 pm

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

New Exploit Modules:

VSFTPD v2.3.4 Backdoor Command Execution
Java RMI Server Insecure Default Configuration Java Code Execution
HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow
HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow
Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability
Black Ice Cover Page ActiveX Control Arbitrary File Download
Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview
RealWin SCADA Server DATAC Login Buffer Overflow
Siemens FactoryLink vrn.exe Opcode 9 Buffer Overflow
Iconics GENESIS32 Integer overflow version 9.21.201.01
Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
Sielco Sistemi Winlog Buffer Overflow
Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow
HP OmniInet.exe Opcode 20 Buffer Overflow
HP OmniInet.exe Opcode 27 Buffer Overflow
Citrix Provisioning Services 5.6 streamprocess.exe Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview

New Post-Exploitation Modules:

Winlogon Lockout Credential Keylogger
Windows Gather Microsoft Outlook Saved Password Extraction
Windows Gather Process Memory Grep
Windows Gather Trillian Password Extractor
Windows PCI Hardware Enumeration
Windows Gather FlashFXP Saved Password Extraction
Windows Gather Local and Domain Controller Account Password Hashes
Windows Gather Nimbuzz Instant Messenger Password Extractor
Windows Gather CoreFTP Saved Password Extraction
Internet Download Manager (IDM) Password Extractor
Windows Gather SmartFTP Saved Password Extraction
Windows Gather Bitcoin wallet.dat
Windows Gather Service Info Enumeration
Windows Gather IPSwitch iMail User Data Enumeration

New Auxiliary Modules:

John the Ripper Password Cracker Fast Mode
Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
Kaillera 0.86 Server Denial of Service
2Wire Cross-Site Request Forgery Password Reset Vulnerability
SIPDroid Extension Grabber
MSSQL Password Hashdump

Notable Features & Closed Bugs:-

Feature #4982 – Support for custom executable with psexec
Feature #4856 – RegLoadKey and RegUnLoadKey functions for the Meterpreter stdapi
Feature #4578 – Update Nmap XML parsers to support Nokogiri parsing
Feature #4417 – Post exploitation module to harvest OpenSSH credentials
Feature #4015 – Increase test coverage for railgun
Bug #4963 – Rework db_* commands for consistency
Bug #4892 – non-windows meterpreters upload into the wrong filename
Bug #4296 – Meterpreter stdapi registry functions create key if one doesn’t exist
Bug #3565 – framework installer fails on RHEL (postgres taking too long to start)

Armitage integrates with Metasploit 4.0 to:-

Take advantage of the new Meterpreter payload stagers
Crack credentials with the click of a button
Run post modules against multiple hosts
Automatically log all post-exploitation activity
Revision Information:
Framework Revision 13462
Several import parsers were rewritten to use Nokogiri for much faster processing of large import files. Adding to Metasploit’s extensive payload support, Windows and Java Meterpreter now both support staging over HTTP and Windows can use HTTPS. In a similar vein, POSIX Meterpreter is seeing some new development again. It still isn’t perfect nor is it nearly as complete as the Windows version, but many features already work. Java applet signing is now done directly in Ruby, removing the need for a JDK for generating self-signed certificates. The Linux installers now ship with ruby headers, making it possible to install native gems in the Metasploit ruby environment.

Another flexibility improvement comes in the form of a consolidated pcap interface. The pcaprub extension ships with the Linux installers as of this release and support for Windows will come soon. Modules that used Racket for generating raw packets have been converted to Packetfu, which provides a smoother API for modules to capture and inject packets.

To download Metasploit Framework v4.0.0 Click Here
For more information abous MSF click here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

60 China Government Sites Hacked By Hitcher

Posted by Avik Sarkar On 8/04/2011 04:22:00 pm


Hitcher strikes again and this time 60 website of Chinese Government hacked.

Hacked Sites & Mirror Links:-
http://pastebin.com/imeGjPdj

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Indian Cyber Army (Indishell) Facebook Page Hacked and defaced By Albanian Cyber Army

Posted by Avik Sarkar On 8/04/2011 04:13:00 pm


Indian Cyber Army (Indishell) Official Facebook Page Hacked and defaced By Albanian Cyber Army. 

Hacked Facebook Page:-

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoftestore.com Hacked By Innocent_Hacker from Team TEAM PAKLEETS

Posted by Avik Sarkar On 8/04/2011 03:39:00 pm


Microsoftestore.com Hacked by Innocent_Hacker from team TEAM PAKLEETS

Hacked Site:-


Mirror Link:-



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Image-Based Zero-day Vulnerability in WordPress

Posted by Avik Sarkar On 8/04/2011 02:14:00 am


Bilocating technology blogger Mark Maunder - he claims to live in Seattle and Cape Town concurrently, though I suspect he means consecutively, and I'll wager he wisely avoids winter in both of them - recently wrote about an intrusion to his WordPress site.
It turns out the backdoor was a previously-unexploited, or at least a previously-undocumented, flaw in a useful little WordPress addon, shared by many WordPress themes, called timthumb.
Timthumb is an 864-line PHP script which assists with automatic image resizing, thumbmailing and so forth. (It doesn't squeeze the image manipulation code into those 864 lines, but uses the third-party GD library.)
If you run WordPress and you have a file named timthumb.php, sometimes renamed to thumb.php, in your installation, you may be at risk.
Tracking down the mechanism behind his intrusion, Maunder identified three main problems with timthumb.php: poor default settings; poor verification of input data; and poor choice of file permissions for temporary files.
By default, the vulnerable version of timthumb allowed images from external sites to be accessed from your server. The default list is probably unsurprising: 

// external domains that are allowed to be displayed on your website
$allowedSites = array (
    'flickr.com',
    'picasa.com',
    'img.youtube.com',
    'upload.wikimedia.org',
);

But a better default would be an empty list, so that users who want to allow external files to be sourced by their own servers need to take steps to enable that capability.
If you use WordPress and timthumb and you don't need this capability, Maunder suggests simply editing the timthumb.php code to say $allowedSites = array(); in order to prevent remote file trickery.
Secondly, timthumb.php checked the sanity of remote URLs - to verify they really were in the list of allowed sites - by looking for the permitted domains somewherewere the hostname part:
in the hostname part of the URL, rather than making sure they

$isAllowedSite = false;
foreach ($allowedSites as $site) {
        if (strpos (strtolower ($url_info['host']), $site) !== false) {
                $isAllowedSite = true;
        }
}
This code meant that a dodgy website name such as picasa.com.badsite.example would pass the test, simply because it contains the string picasa.com. Clearly, that is not what was intended.
Lastly, timthumb.php stored the files it generated in a cache directory which is inside the PHP directory tree. This is bad, because files generated from untrusted external content - files only ever intended to be displayed - needlessly became executable.
So if the cached file isn't an innocent image, but a remote access PHP Trojan (in Maunder's case, the attacker used a malicious remote console tool called Alucar), you're owned


If you are a web developer:

* Don't trust externally-sourced content by default. Force your users to think about what they really want.
* Check, test, check, test, check and test again your URL sanitisation code. Build a decent test suite and verify your code against it every time you release an update.
* Keep files which are only ever supposed to be used as data - especially remotely-sourced files - outside the directory tree where your server-side executable code lives.

If you run a WordPress installation:-

Check if any of the blogs you host use timthumb.php, and upgrade to the latest version. The dodgy strpos above has been replaced with a tighter match based on a regular expression, like this:

$isAllowedSite = false;
foreach ($allowedSites as $site) {
    if (preg_match ('/(?:^|\.)' . $site . '$/i', $url_info['host'])) {
        $isAllowedSite = true;
    }
}
This doesn't fix all of the issues Maunder describes, but it's better than having a known hole in your site.
Many thanks to Mr Maunder for turning an attack on his site into a training tool to help the rest of us avoid a similar problem!

-News Source (NS)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search