Monday, 3. October 2011
PuttyHijack
PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.

The injected DLL installs hooks and creates a socket in guest operating system for a callback connection that is then used for input/output redirection.

PuttyHijack does not kill the current connection, and will cleanly uninject if the socket or process is stopped. Leaves no race for further analysis.

Download
http://www.insomniasec.com/tools/PuttyHijackV1.0.rar

Permalink

 


killapache - PHP
How does above mentioned code works in killapache.

killapache sends GET requests with multiple “byte ranges” that will claim large portions of the system’s memory space. A “byte range” statement allows a browser to only load certain parts of a document, for example bytes 500 to 1000. It is normally used while downloading large files. This method is used by programs such as download clients to resume downloads that have been interrupted; it is designed to reduce bandwidth requirements. However, it appears that stating multiple unsorted components in the header can cause an Apache server to malfunction.

Download
http://pastebin.com/gWB76qmj

Permalink

 


DarkComet-RAT
DarkComet-RAT (Remote Administration Tool) is software design to control in the best condition and confort possible any kind of Microsoft Windows machine since Windows 2000.
This software allow you to make hundreds of functions stealthly and remotely without any kind of autorisation in the remote process.

Download
http://www.darkcomet-rat.com/process_download.php?id=7


DarkComet RAT Remover

DarkComet RAT Remover will detect any kind of instance of darkcomet running in memory even if an hacker try to obfuscate the loader to be undetected by common Antivirus softwares, also it detects registry threats and keyloggers logs.

Download
http://darkcomet-rat.com/downloads/DarkCometRemover.zip

DarkComet Analysis
http://resources.infosecinstitute.com/darkcomet-analysis-syria/

Permalink

 


QR codes - Android Malware?
Once a user scans the QR code, the code redirects them to a site that will install a Trojan on their Android smart phones. Kaspersky's SecureList blog has a report of a malicious QR code on a web site which when scanned directs the user to a URL; the linked site doesn't have a file matching the name in the URL, but it does redirect the browser to another site where the file jimm.apk is downloaded. The file is a trojanised version of the Jimm mobile ICQ client, infected with Trojan-SMS.AndroidOS.Jifake.f which sends a number of SMS messages to a $6 a message premium rate service.

Once installed, the Trojan will send a number of SMS messages to premium-rate numbers, which will end up costing the victim some money, depending on how quickly she is able to find and remove the Trojan.

Kaspersky’s Denis Maslennikov reports that the malware itself is a Trojanized Jimm application (mobile ICQ client) which sends several SMS messages to premium rate number 2476 (US$6.00 each).

Permalink

 


Whisker - Linux
Whisker is an advanced CGI vulnerability scanner. It is scriptable and has many good features, such as querying for system type and basing scans on the information gathered (ie, determining between IIS and Apache webservers)

Download
ftp://ftp.usa.openbsd.org/pub/OpenBSD/distfiles//whisker-2.1.tar.gz

Permalink