Jun
27
2012
A new Distributed Denial of Service (DDoS) crimeware bot known as “Zemra” and detected by Symantec as Backdoor.Zemra. Lately, this threat has been observed performing denial-of-service attacks against organizations with the purpose of extortion. Zemra first appeared on underground forums in May 2012 at a cost of €100.
This crimeware pack is similar to other crime packs, such as Zeus and SpyEye, in that is has a command-and-control panel hosted on a remote server. This allows it to issue commands to compromised computers and act as the gateway to record the number of infections and bots at the attacker’s disposal.
Similar to other crimeware kits, the functionality of Zemra is extensive:
- 256-bit DES encryption/decryption for communication between server and client
- DDoS attacks
- Device monitoring
- Download and execution of binary files
- Installation and persistence in checking to ensure infection
- Propagation through USB
- Self update
- Self uninstall
- System information collection
However, the main functionality is the ability to perform a DDoS attack on a remote target computer of the user’s choosing.
Initially, when a computer becomes infected, Backdoor.Zemra dials home through HTTP (port 80) and performs a POST request sending hardware ID, current user agent, privilege indication (administrator or not), and the version of the OS. This POST request gets parsed by gate.php, which splits out the information and stores it in an SQL database. It then keeps track of which compromised computers are online and ready to receive commands.
Inspection of the leaked code allowed us to identify two types of DDoS attacks that have been implemented into this bot:
Symantec added detection for this threat under the name Backdoor.Zemra, which became active on June 25, 2012. To reduce the possibility of being infected by this Trojan, Symantec advises users to ensure that they are using the latest Symantec protection technologies with the latest antivirus definitions installed.
Tags: Backdoor, Backdoor Trojan, Backdoor.Zemra, Bot, Botnet, DDoS, DDoS Attack, DDoS Attack Tool, DDoS Bot, DDoS Botnet, DDoS Tool, DDoS Trojan, DoS, DoS Attack, Hacking Tool, Hacktools, Trojan, Trojan Horse, Zemra, Zemra Bot, Zemra Botnet, Zemra DDoS, Zemra DDoS Bot
Filed in DoS Attacks, Hacking Tools, Stories/News | Prasanna Sherekar | Comments Off
May
22
2012
Most popular open source network discovery and security auditing tool Nmap has reached version 6.0.
The new code hit the Net last Monday, complete with a message from coder Gordon Lyon, aka Fyodor, that the new version represents “almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009.”
Fyodor recommends all users upgrade to the new version, so they can get their hands on 289 new scripts and a host of new features.
Top Improvements:
- Enhanced Nmap Scripting Engine (NSE)
- Better Web Scanning
- Full IPv6 Support
- New Nping Tool
- Better Zenmap GUI and Results Viewer
- Faster Scans
Download:
Linux: nmap-6.00.tar.bz2
Windows: nmap-6.00-win32.zip
Tags: Hacking Tool, IP Scanner, Network Scanner, News, Nmap, Nmap 6, Nmap Scanner, OS Detection Tool, OS Fingerprinting Tool, Port Scanner, Scanner, Security Scanner, Zenmap
Filed in Hacking Tools, Security Tools, Stories/News | Prasanna Sherekar | Comments Off
Jan
27
2012
theHarvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers.
This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.
The sources supported are:
– Google – emails,subdomains/hostnames
– Google profiles – Employee names
– Bing search – emails, subdomains/hostnames,virtual hosts
– Pgp servers – emails, subdomains/hostnames
– Linkedin – Employee names
– Exalead – emails,subdomain/hostnames
New features:
– Time delays between requests
– XML and HTML results export
– Search a domain in all sources
– Virtual host verifier
– Shodan computer database integration
– Active enumeration (DNS enumeration,DNS reverse lookups, DNS TLD expansion)
– Basic graph with stats
Some Examples:
Searching emails accounts for the domain microsoft.com, it will work with the first 500 google results:
./theharvester.py -d microsoft.com -l 500 -b google
Searching emails accounts for the domain microsoft.com in a PGP server, here it’s not necessary to specify the limit.
./theharvester.py -d microsoft.com -b pgp
Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:
./theharvester.py -d microsoft.com -l 200 -b linkedin
Searching in all sources at the same time, with a limit of 200 results:
./theHarvester.py -d microsoft.com -l 200 -b all
Download: https://code.google.com/p/theharvester
Tags: emails gathering tool, Hacking Tool, Hacking Tools, Hacktools, Information Gathering, Information Gathering Tool, sub domains gathering tool, theHarvester
Filed in Hacking Tools, Information Gathering, Privacy Attacks, Security Tools | Prasanna Sherekar | Comments Off
Jan
23
2012
Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.
Multiple vulnerabilities have been discovered in Tor:
- When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
- When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
- An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).
Impact:
A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user’s connection.
Vulnerable Versions:
< 0.2.2.35
Workaround:
There is no known workaround at this time.
Resolution:
All Tor users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=net-misc/tor-0.2.2.35″
References:
– CVE-2011-2768
– CVE-2011-2769
– CVE-2011-2778
Tags: Bugs, Tor, Tor Bugs, Tor Project, Tor Project Vulnerability, Tor Vulnerabilities, Tor Vulnerability, Vulnerabilities, Vulnerability
Filed in Exploits, Hacking Tools, Security Tools, Vulnerabilities | Prasanna Sherekar | Comments Off
Jan
20
2012
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Currently it supports the following modules:
- ftp_login : Brute-force FTP
- ssh_login : Brute-force SSH
- telnet_login : Brute-force Telnet
- smtp_login : Brute-force SMTP
- smtp_vrfy : Enumerate valid users using the SMTP VRFY command
- smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
- http_fuzz : Brute-force HTTP/HTTPS
- pop_passd : Brute-force poppassd (not POP3)
- ldap_login : Brute-force LDAP
- smb_login : Brute-force SMB
- mssql_login : Brute-force MSSQL
- oracle_login : Brute-force Oracle
- mysql_login : Brute-force MySQL
- pgsql_login : Brute-force PostgreSQL
- vnc_login : Brute-force VNC
- dns_forward : Forward lookup subdomains
- dns_reverse : Reverse lookup subnets
- snmp_login : Brute-force SNMPv1/2 and SNMPv3
- unzip_pass : Brute-force the password of encrypted ZIP files
- keystore_pass : Brute-force the password of Java keystore files
Download: patator_v0.3.py
Project Home: http://code.google.com/p/patator/
Tags: Brute Force, Brute Force Attack, Brute Force Attack Tool, Brute Forcer, Brute Forcing Tool, BruteForce, Hacking Tool, Hacking Tools, Hacktools, Password Cracker, Password Hacking Tool, Patator
Filed in Hacking Tools, Password Hacking | Prasanna Sherekar | Comments Off