Thursday, September 22, 2011

Lilith: Perl script to audit web applications

Lilith tool analyses webpages and looks for htmltags , which often refer to dynamic pages that might be subject to SQL injection or other flaws.Lilith basic function is to spider and analyses pages, following hyperlinks, injecting special characters that have a special meaning to any underlying platform. As most of us know web applications scanner can never perform a full 100% correct audit. A manual re-check eliminates most of the false positve. Features and changes made in lilith got rid of many many false positives (that’s good) when SQL error is found, it now goes onto next var improved (i hope) scanning engine (anti) coldfusion support better cookie handling and cookie tampering omitted perl HTML::Form limitation better verbose output extensive logging detects directory indexing recursive URL dissection cleaned up this pasta code

Download Lilith Here

Aldi Bot - Buy a Botnet just in 10 Euros

Researchers of German security firm G Data have discovered that a bot builder dubbed "Aldi Bot" is currently being offered for that much on underground forums. The Aldi Bot Builder appears to be based on the ZeuS source code. The malware has nothing to do with the discount supermarket chain and it is not clear why its author chose to name the bot after Aldi – it is thought it may relate to the bot's discount pricing. Company says "We’ve encountered a bot sale, which, in case it finds followers, can cause a massive glut of malware all over. The so-called “Aldi Bot” first appeared in late August and has been sold for the initial price of €10! Parts of the bot’s code oddly look like ZeuS code…"
The Aldi Bot can read (saved) passwords from the Firefox web browser, Pidgin IM client and JDownloader download tool, and send them to a command and control server which is included in the €10 price tag. The Aldi Bot can also carry out Distributed Denial-of-Service (DDoS) attacks, as the bot's author demonstrates with a YouTube video showing an attack on the German Bundeskriminalamt (equivalent to the UK CID) web site. The bot can also be set up as a SOCKS proxy to use infected computers as proxies for protocols of the bot herder's choosing. Infecting systems with the discount malware does, however, require additional measures, such as exploit packs on infected web sites.

Alleged LulzSec member arrested in Sony breach




The FBI arrested a 23-year-old Arizona man today on charges of stealing data from Sony Pictures Entertainment earlier this year.

Cody Andrew Kretsinger of Phoenix was indicted September 2 by a federal grand jury on charges of conspiracy and unauthorized impairment of a protected computer, the FBI said in a statement. Kretsinger could not be reached for comment.

Meanwhile, Fox News reported that a hacker who is believed to be homeless was arrested in San Francisco on charges of participating in attacks allegedly carried out by activist group Anonymous on Santa Cruz County government Web sites, and that search warrants were being executed in New Jersey, Minnesota, and Montana. An FBI spokesman told CNET that the agency does not typically comment on search warrants. FBI officials in San Francisco did not immediately return a call seeking comment.

Kretsinger is accused of using proxy services via the hidemyass.com site, designed to offer anonymous Internet access, to probe Sony Pictures Entertainment's computer systems in May, according to the indictment, which was unsealed in U.S. District Court in Los Angeles today.

He and others co-conspirators looked for vulnerabilities and exploited them by means of a SQL injection attack between May 27 and June 2, the indictment says. They then allegedly compromised the Sony system, making "tens of thousands of requests for confidential data," and released the information from Sony on a public Web site and on Twitter.

Kretsinger permanently erased the hard drive of the computer he used to conduct the attack, the indictment alleges. He is due to make an initial appearance in federal court in Phoenix today. The U.S. government will request that he be transferred to Los Angeles to face prosecution. He faces up to 15 years in prison if convicted.

He is alleged to have used the hacker handle "recursion" and is believed to be a member of the LulzSec hacker group.

The LulzSec group, believed to be a spin-off of the Anonymous group of online activists, had bragged about breaking into Sony Pictures' system, posting a statement on the Pastebin on June 2 and proof of their attack. "We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," the statement said. "Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons.'"

A week later, Sony said that actually personally identifable information of 37,500 customers had been exposed in the breach. The breach was one of a series of attacks targeting Sony and its affiliate sites globally that started in May following a legal spat Sony had with a hacker who had modified his Sony PlayStation 3.

Read more: here

Saturday, June 4, 2011

ACER hacked by Pakistan Cyber Army



Yes ! you read right , ACER hacked because of their own stupidity. Yesterday we report that Pakistan Cyber Army hacked Acer Europe Server and 40,000 Users Data, Source Codes & Server Compromised .http://www.blogger.com/img/blank.gif


Today we investigate on this and try to find out that how exactly Pakistan hackers got the FTP access . Here in above image you can see the screenshot taken by us from a ASP forum of Acer-Euro. Acer ASP Support Team posted some Hot Fix Release and give FTP access to other members , so that they can download that Hot Fix. This was posted on January 11, 2008 . Pakistan hackers got this and explore the FTP and In "PB" directory they get "Country Wise Customer Data.zip" file, which include the 40000 users data managed according to country wise.


Now this Data breach is only because of ACER's own Stupidity. The link of Forum post is "http://asp.acer-euro.com/FORUM/Topic472-8-1.aspx".

Friday, May 27, 2011

Internet Explorer vulnerable to Cookie-jacking



A security researcher has devised an attack that remotely steals digital credentials used to access user accounts on Facebook and other websites by exploiting a flaw in Microsoft's Internet Explorer browser.

Independent researcher Rosario Valotta demonstrated his “cookiejacking” proof of concept last week at the Hack in the Box security conference in Amsterdam. It exploits a flaw that's present in all current versions of IE to steal session cookies that Facebook and other websites issue once a user has entered a valid password and corresponding user name. The cookie acts as a digital credential that allows the user to access a specific account.

The proof of concept code specifically targets cookies issued by Facebook, Twitter and Google Mail, but Valotta said the technique can be used on virtually any website and affects all versions of Windows. “You can steal any cookie,” he told The Register. “There is a huge customer base affected (any IE, any Win version).”

NIIT Technologies GIS subsidiary’s server hacked by Tigers of Indian Cyber (TIC)



A server belonging to NIIT GIS Limited, an NIIT Technologies subsidiary, was compromised last week using a SQL injection attack by a hacking group calling itself the ‘Tigers of Indian Cyber’ (TIC). TIC posted the disclosure in an open security forum giving proof of concept, and a complete list of account credentials. It has since come to light that NIIT GIS’ server was compromised — not the servers at NIIT Technologies.

The breach was independently verified by Omair, a security consultant with Network Intelligence India (NII). Omair said that the hack was genuine, and was verified with the link posted by TIC as proof of concept. “The executed query enumerates expected information from the database tables,” says Omair.

Initial communication with NIIT Technologies revealed that the company was ignorant of the situation. After being informed by SearchSecurity.in of the particulars, the breach was detected by NIIT Technologies and the server was subsequently taken offline.

The NIIT Technologies spokesperson confirmed this security breach. He clarified that the server is not part of NIIT-Tech’s network. The server belongs to a department in one of NIIT Technologies’ subsidiaries, namely NIIT GIS — a joint venture between NIIT-Tech and ESRI USA. The company provides GIS mapping, as well as solutions.

According to the source, the compromised server is an internal departmental server, primarily meant for internal employees and sales force to access training and marketing collateral. The GIS server is a stand-alone server hosted in NIIT’s Noida data center. It’s not hosted with the rest of the NIIT Technologies network. This server has been online for the past eight years.

Calls to Pugmarks Interweb, NIIT Technologies’ hosting service provider confirmed that the NIIT GIS server is not hosted with Pugmarks. Most of NIIT Technologies’ IT infrastructure is hosted on servers located in the US — NIIT GIS is not part of these.

A ticker on the NIIT GIS Website informs that the site is also undergoing maintenance. NIIT Technologies has declined further comments on the technical aspects, pursuant to a forensic investigation of the server’s logs.

Thursday, May 26, 2011

NaijaCyberHacktivists Strikes Again (Takes down NAPEP & NDDC)

I published a story earlier today where the same group that took down NDDC threatened to hack again.

They seem to have done as threatened by taking down NDDC and NAPEP.

In the same style, leaving a message behind.

A letter from HELL

Mr President

With great sadness in our heart we bring you this message.
The Nigerian General Elections of April 2011 have come and gone. But, yet again, like all important functions of the Nigerian political system, they have provoked violent uprisings in parts of Nigeria - this time, mostly in the Northern States of Nigeria - and they have left a legacy of blood and tears, and of inter-group animosity and hate.
Nigerians have endured it all - usually assured by political self-seekers and false prophets that such problems are temporary birth pangs of a new country. But the events of the past April, and of recent months, have at last blown away all this self-deception and we are saying ENOUGH IS ENOUGH!

To worsen the matter, the FG is to spend N1b on Jonathan inauguration

An inauguration is simply an induction into office, the formal transfer of power to an individual AND NOT a costly long-running festival nor a series of open-ended events organized into convoluted books and chapters.

We, NaijaCyberHactivists are therefore joining voice with other well-meaning Nigerians and WE SAY "ENOUGH IS ENOUGH"! WE ARE WATCHING and we promise that

1.) If the FG decides to go on with the N1b budget
2.) If the FOI Bill is not passed before May 29

WE WILL

1.) Launch an attack against ALL financial institutions
2.) Launch an attack against the epayment bodies in the country
3.) Take down the Networks
4.) Cripple the telecommunication companies
5.) Take down all government sites.


Napep's Hacklog and NDDC's Hacklog

Screenshots below

NAPEP



NDDC



NAPEP Hacklog

Wednesday, May 25, 2011

NaijaCyberHacktivists threatens to strike Again

After successfully hacking and defacing NDDC Site yesterday, the same hackers using the twitter handle @NaijaCyberHack have threatened to strike again.



Are they just bluffing or will they eventually strike again?

Security Alert: vBulletin 4.X vulnerable to SQL Injection & CSRF/XSRF Exploits!



Two Serious Security Flaws are detected in vBulletin 4.X Versions and also their Security SQL Injection & CSRF/XSRF Exploits are now also available.

Impact of these Flaws:
Lots of big Forums are on vBulletin 4.X version and these Forums can be hacker easily using the exploits by any hacker. We would like to Request Admins to Patch their Forums as soon as possible.


vBulletin 4.X Security Patch
http://www.vbulletin.com/forum/showthread.php/376995-vBulletin-4.X-Security-Patch?AID=804495&PID=564936

Exploits are available at
SQL Injection : http://www.1337day.com/exploits/16147
CSRF/XSRF : http://www.1337day.com/exploits/16160

Tuesday, May 24, 2011

Government Website Hacked by NaijaCyberHacktivists (Protest against 1bn Inauguration budget)



Niger Delta Development Committee - http://www.nddc.gov.ng/

Apparently not pleased with the FG's decision to spend 1 Billion Naira tax payers money on our president's inauguration, hackers with the Codename "NaijaCyberHacktivists" have actually taken a step to protest.

In a 9-paragraphed page titled "A Visit from Hell", i quote verbatim as written by the hackers

A Visit from HELL

Mr President, With great sadness in our heart we bring you this message.


The Nigerian General Elections of April 2011 have come and gone. But, yet again, like all important functions of the Nigerian political system, they have provoked violent uprisings in parts of Nigeria - this time, mostly in the Northern States of Nigeria - and they have left a legacy of blood and tears, and of inter-group animosity and hate.


Nigerians have endured it all - usually assured by political self-seekers and false prophets that such problems are temporary birth pangs of a new country. But the events of the past April, and of recent months, have at last blown away all this self-deception and we are saying ENOUGH IS ENOUGH!



To worsen the matter, the FG is to spend N1b on Jonathan inauguration


An inauguration is simply an induction into office, the formal transfer of power to an individual AND NOT a costly long-running festival nor a series of open-ended events organized into convoluted books and chapters.



We, NaijaCyberHactivists are therefore joining voice with other well-meaning Nigerians and WE SAY "ENOUGH IS ENOUGH"! WE ARE WATCHING and we promise that



1.) If the FG decides to go on with the N1b budget

2.) If the killers of "Mr. Tochukwu Uzukwu" aint fished out

3.) All those detained with the arrest and detention of Prof. Steve Torkuma Ugbah are not released



WE WILL



1.) Launch an attack against ALL financial institutions

2.) Launch an attack against the epayment bodies in the country

3.) Take down the Networks

4.) Cripple the telecommunication companies

5.) Take down all government sites.




We are not bluffing. .We are watching with interest and we give you till saturday to meet our TERMS.


"In source code we trust

We fighting for a cause

To make them account for all OUR money in their purse

MISSION: Hand over the whip to the horse".


Naijacyberhactivists@yahoo.com





This is actually sounding interesting 'cos an ultimatum to meet their demands have been given too.



The hacklog can be viewed here.



UPDATE: The site has gone offline

Sony Ericsson Got Hacked [Hackers :10 VS Sony: 0]




Again, DAMN ... Whats Going on with Sony ?.. Idahca (Lebanese hacker Group) hack The database of ca.eshop.sonyericsson.com with a simple sql injection. Two attacks on Sony in one day. Today's Morning LulzSec Leak Sony's Japanese websites Database and Now Sony Ericsson's Eshop Database Hacked. Email, Password and names of 1000's of users are exposed via text file on pastebin. The news is provided by Hacker via email that they have extract the whole database and they leak the data online via their Facebook/Twitter Accounts. The Pastebin link is http://pastebin.com/4YGAWxQZ .



Now Its 10th Attack on Sony. Well Sony getting Free of cost Auditing by several hackers ,I think sony should be the most secure brand in future because their security holes out, and Now its Sony's Duty to Fix them as soon as possible.


Even Now every hacker is trying to hack various Sony's sites just to get fame, because now it becomes the Hot Topic !


Score Board --> Sony : 0 | Hackers : 10

Monday, May 23, 2011

Sony Music Japan hacked through SQL injection flaw



Another day, another attack on Sony. I reported yesterday on the SQL injection attack exposing user information on SonyMusic.gr and today attackers have found flaws in SonyMusic.co.jp.

The Hacker News sent us a tip this evening documenting a couple of vulnerable web pages on SonyMusic.co.jp that allowed hackers to access their contents through SQL injection.

The good news? The database information that was published does not contain names, passwords or other personally identifiable information. The attackers noted that there are two other databases on the site that are vulnerable and it remains unclear whether they contain sensitive information.

It isn't clear whether the hackers are able to inject data into the database, or simply access the tables and records it contains. If they are able to alter the records, this could be used to insert malicious code that could be used to compromise people browsing the site.

The attackers appear to be the same crew who targeted Fox.com earlier this month. Known as Lulz Security, the group appears to attack sites primarily for fun and political reasons, not to steal credit cards and commit other types of fraud.

This doesn't change the criminality of their behavior. Accessing systems without authorization is still a crime in most countries.

Will Sony stop the bleeding? The attackers stated in their message "This isn't a 1337 h4x0r, we just want to embarrass Sony some more."

While there is an enormous target on Sony's back as a result of these very public attacks it is unclear why this is happening. Is Sony taking security seriously or are there simply so many flaws from the past that exist in their public facing sites that it will take them a long time to patch them all?

I hope this is the last time I have to report on a flaw at Sony. Sony has announced they are working with several professional organizations to get their security house in order and for their sake I hope this happens sooner rather than later.

Microsoft/ Yahoo's CAPTCHA busted


Computer scientists have developed software that easily defeats audio CAPTCHAs offered on account registration pages of a half-dozen popular websites by exploiting inherent weaknesses in the automated tests designed to prevent fraud.

Decaptcha is a two-phase audio-CAPTCHA solver that correctly breaks the puzzles with a 41-percent to 89-percent success rate on sites including eBay, Yahoo, Digg, Authorize.net, and Microsoft's Live.com. The program works by removing background noise from the audio files, allowing only the spoken characters needed to complete the test to remain.

In virtually all of the tests, Decaptcha was able to correctly solve the puzzle at least once in every 100 attempts, making the technique suitable for botmasters with large armies of compromised computers. The high success rate was largely the result of the ease in removing sound distortions known as background noise, intermediate noise, and constant noise inserted into the background to throw off speech-recognition programs. Most audio-based CAPTHA systems are wide open to the attack with the notable exception of the Google-owned Recaptcha.net, which uses a different approach known as semantic noise.

"Our results indicate that non-continuous audio captcha schemes built using current methods (without semantic noise) are inherently insecure," the scientists wrote in a recently published research paper. "As a result, we suspect that it may not be possible to design secure audio captchas that are usable by humans using current methods. It is therefore important to explore alternative approaches."

Decaptcha uses a supervised algorithm that must be trained for each CAPTCHA scheme being targeted. Training requires feeding a set of puzzles with their answers into the program. Eventually, Decaptcha was able to identify the sound shapes in the underlying audio file by comparing them to a large sample of sounds already cataloged. The researchers generated 4.2 million audio CAPTCHAs.

The paper is only the latest reminder of the flaws in CAPTCHAs, which are designed to prevent scripts from registering email accounts, and carrying out other automated attacks, by presenting the user with a problem that's hard for computers to solve. Real-world attacks against audio-CAPTCHAs from Microsoft have already been used by the Pushdo spam botnet to create fraudulent email accounts on Live.com. More traditional CAPTCHAs, which require a user to recognize a word buried in a distorted image, have been successfully defeated for years, with one of the more recent examples being an optical character recognition attack on Google.

After attacks come to light, website operators typically make changes that block specific technique. Researchers then revise their attacks, requiring more changes to be made in the targeted CAPTCHA schemes.

The latest research suggests web developers may have to make permanent changes to the audio CAPTCHAs, which are offered for visually impaired users.

"Our experiments with commercial and synthetic captchas indicate that the present methodology for building audio captchas may not be rectifiable," they wrote. "Besides Recaptcha, all of the commercial schemes we tested used combinations of constant and regular noise as distortions. All in all, computers may actually be more resilient than humans to constant and regular noise so any schemes that rely on these distortions will be inherently insecure."

The paper was authored by Elie Bursztein, Hristo Paskov, and John Mitchell of Stanford University, Romain Beauxis of Tulane University, Daniele Perito of INRIA and Celine Fabry. A PDF of the report is here. ®

How Secured Is Your Password?

Hacker attack to cost Sony $172 million, almost as much as initial Japanese earthquake damage




Financially speaking, the effects of the hacker attack on Sony Corp. cost the Japanese media conglomerate nearly as much as initial damage from the country's devasting earthquake and tsunami.

The consumer electronics giant estimated Monday that it will have spent $171.7 million this year to repair the damages wreaked by hackers who infiltrated its computers and accessed the account information of hundreds of millions of consumers who used its PlayStation Network and Qriocity online services.

By comparison, the earthquake and tsunami on March 11 caused an estimated $208.5-million hit on the company's profit for the fiscal year ended March 31.

Largely because of the earthquake, Sony said it would have to take a non-cash charge of about $4.4 billion for its fiscal year for deferring tax credits in Japan. Sony amassed the Japanese tax credits over the last three years and had expected to use them over the next several years to offset profits it had projected prior to the earthquake.




But the disaster crippled the Japanese economy for years to come, making it unlikely that Sony would be able to make a profit in its home country, at least for the next year or two.

The one-time write-off wiped out $1.2 billion in profit that the company would have made in the fiscal year that just ended.

As a result, Sony said it is likely to report a $3.2-billion net loss for the fiscal year when it posts its quarterly and annual financials Thursday. Sony also estimated that sales would be $88.3 billion, or $233 million shy of the forecast it issued in February.

The loss would be the third consecutive year in which Sony failed to post a profit. The year before last, Sony reported a $500-million net loss on roughly $88.5 billion in sales.

This fiscal year, which began April 1, Sony will face the additional challenge of recovering from a broad attack on its computers last month, which exposed the names, addresses and, potentially, credit card information for millions of customers.

Sony said it expected the cost of rebuilding its computers, paying for credit protection services for its customers and compensation to customers, including free products and services, would be $172 million.

The estimate does not include potential liabilities resulting from at least two lawsuits filed by consumers who claim to have been affected by the attacks. Sony said the cases were in "a preliminary stage," too early to determine their probable impact on the company's financials.

Shares of Sony fell 46 cents, or 1.7%, to $26.59.

DNA-Stuxnet.in Hacked & Database Leaked By Shadow008 (PakCyberArmy)




Sites Hacked : http://dna-stuxnet.in/home/
Mirror : http://zone-h.com/mirror/id/14090295
Database BackUp - http://www.multiupload.com/180BT14ZGK

Hackers hack into Norwegian Military Company


The Norwegian security police is investigating a hacker attack that zoned in on military computers shortly after Norway joined the Libya air campaign in March.

The army says about a hundred computers were targeted in the attack, where staff received a fake email from a Norwegian government agency containing a malicious code

The unidentified hackers only managed to access non-classified information from one computer before the security systems fended them off.

The army would not disclose more details about the type of data the hackers were trying to access.

Facebook Vulnerable to HTML Injection

Well lemme go straight to the point.

Facebook IS again vulnerable, this time to a HTML Injection vulnerability.

The exploit actually allows a malicious user to insert malicious HTML-based content within client web requests.

Let's take a look at the P.O.C. below



I actually have this in the url

http://www.facebook.com/connect/connect_to_node_error.php?title=I%20am%20Slyr0x%20and%20i%20have%20evil%20intent%20NOT.

Lets take a look at the body



https://www.facebook.com/connect/connect_to_node_error.php?body=My%20nam3%20is%20Slyr0x..and%20i%20have%20evil%20intent.%20NOT.

Now, lets see a combination of the Title & Body using the famous Peter Attah Nigerian Scam Letter



The malicious user's imagination is his/her only limit!

Thursday, May 5, 2011

How to Secure your Website




Well, Protecting a website is possible only by continued efforts. . .It doesn't work like an AV system whereby you can just get to Run a Scan and get a virus removed. .At present, there are 1000 and 1 ways of protecting a Site but i came up with few important tips that can help you lay the foundation for web security.


Download the ebook here