Dec 31 2008

Nuclear RAT 2.1.0

Nuclear Rat

* Programmed by: Caesar2k
* Date added / updated: September 4th 2007
* Downloads: 80685
* File size: 1.26MB
* Coded in: Delphi
* Section: Remote Administration Tools & Spy
* Compatibility: Windows NT, 2K, XP, Vista

Download :

Dec 31 2008

Acunetix Web Vulnerability Scanner Enterprise v6.0

Acunetix 6

Download :

Password :

Dec 27 2008

Google Chrome Browser (ChromeHTML://) remote parameter injection POC

Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
tested against: Internet Explorer 8 beta 2, Google Chrome, Microsoft Windows XP SP3
List of command line switches:

Original url:

click the following link with IE while monitoring with procmon
<a href=’”%20–renderer-path=”c:\windows\system32\calc.exe”%20–”‘>click me</a>

# [2008-12-23]

Dec 26 2008

One Hacker’s Audacious Plan to Rule the Black Market in Stolen Credit Cards

“The heat in Max Butler’s safe house was nearly unbearable. It was the equipment’s fault. Butler had crammed several servers and laptops into the studio apartment high above San Francisco’s Tenderloin neighborhood, and the mass of processors and displays produced a swelter that pulsed through the room. Butler brought in some fans, but they didn’t provide much relief. The electric bill was so high that the apartment manager suspected Butler of operating a hydroponic dope farm.

But if Butler was going to control the online underworld, he was going to have to take the heat. For nearly two decades, he had honed his skills as a hacker. He had swiped free calls from local telephone companies and sneaked onto the machines of the US Air Force. Now, in August 2006, he was about to pull off his most audacious gambit yet, taking over the online black markets where cybercriminals bought and sold everything from stolen identities to counterfeiting equipment. Together, these sites accounted for millions of dollars in commerce every year, and Butler had a plan to take control of it all.

Settling into his chair and resting his fingers on his keyboard like a concert pianist, Butler began his attack. Most illegal online loot was fenced through four so-called carder sites—marketplaces for online criminals to buy and sell credit card numbers, Social Security numbers, and other purloined data. One by one, Butler took them down. (This story, like the rest of this article, has been reconstructed using court documents and conversations with friends and associates; Butler declined to be interviewed.) First, he breached their defenses, tricking their SQL database servers into running his own commands or simply slipping in with a hacked password. Once inside, he sucked out their content, including the logins, passwords, and email addresses of everyone who bought and sold through the sites. And then he decimated them, wiping out the databases with the ease of an arsonist flicking a match. He worked for two straight days; when he tired, he crashed out on the apartment’s foldaway bed for an hour or two, then got up and went back at it. Butler sent an email under the handle Iceman to all the thieves whose accounts he had usurped. Whether they liked it or not, he wrote, they were now members of his own site, In one bold stroke, Butler had erected one of the largest criminal marketplaces the Internet had ever seen, 6,000 users strong.”

This is by far one of the most in depth articles following an attackers career and well worth the read.

Source : Wired

Dec 25 2008

Firekeeper – IDS For Firefox


Firekeeper is an Intrusion Detection and Prevention System for Firefox.
It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts.
Rules can also be used to effectively filter different kinds of unwanted content.

Features :
* Ability to scan HTTP(S) request URL, response headers and body, and to cancel processing of suspicious requests
* Encrypted and compressed responses are scanned after decryption/decompression
* Privacy friendly – no data is send to external servers, all scanning is done on the local computer
* Very fast pattern matching algorithm (taken directly from Snort).
* Interactive, verbose alerts that give an ability to choose a response to detected attack attempt.
* A detailed view of suspicious response headers and body
* Event logging
* Ability to use any number of files with rules and to automatically load files from remote locations

Download :